Skip to main content
  1. Articles/

Bitcoin 101: past, present and future

··115 mins

In this article I will talk about the most important facts related to Bitcoin, the current state of the protocol and possible future developments. If you want to learn more about these topics, you can listen to the podcast Il Priorato del Bitcoin, with Giacomo Zucco as host.

The priory is benevolent.

Achtung 1: the first part is about the prehistory and includes many articles, papers, books and interviews recounting the origins of the protocol. Although it may seem boring, it is important to understand the context and the reasons why Bitcoin was born. Personally, I find this part very fascinating and I encourage you not to skip it.

Achtung 2: to make the explanation easier, I will treat some passages in a ‘simple’ way. If I had to explain every little detail (such as elliptic curves over finite fields), it would take too long and the focus would be lost. Keep in mind that you will have to take some statements as assumptions, which you can of course verify yourself if you wish.

Achtung 3: the last part, dealing with future developments of LNP/BP is complete and self-consistent but, given the amount of material published in recent months, I plan to update it heavily.

Support me! If you would like to support my work, you can visit the donations page, where you will also find references from people I value in the community. Every contribution, however large or small, helps me to spend more time writing, revising and updating these articles. Thank you for your support.

Step by step #

Bitcoin was not born in 2008. In fact, it is the result of decades of study and research in the field of computing. To best understand the origins of Bitcoin, we have to go back in time to 1933. Its prehistory is full of important events and to understand where we are today, we have to take a not inconsiderable time plunge.

From 1930 to 1940 #

In 1933, Franklin Delano Roosevelt signed Executive Order 6102 that prohibited the private use of money in direct form, such as doubloons and coins, or in indirect form, such as banknotes representing collateral, such as gold. At the time, inflation in America was heavy, the federal public coffers were collapsing, and the economic situation was difficult. Consequently, the government confiscated all the gold of private citizens. This event is important to understand the history of bitcoin, as we are talking about the land of the free, the home of constitutional liberal democracy, not North Korea.

A curious fact is that Satoshi Nakamoto recorded his birthday on April 5, 1975: April 5 is the date Roosevelt signed Executive Order 6102, while the year 1975 coincides with the year President Gerard Ford removed this executive order.

Bitcoin’s difficulty adjustment (discussed below) occurs after 2016 blocks, a number that is obtained by reversing the number of Executive Order 6102.

Jumping forward in time, in 1936, a young Alan Turing published a paper entitled On Computable Numbers, with an Application to the Entscheidungsproblem, which formed the theoretical basis for the practical digital revolution and of course Bitcoin could never have come into being without the digital revolution. Shortly afterwards, in 1938, the first computer working with electromagnetic pulses, called torpedo data computer, was built on top of a submarine. Although it could only perform trigonometric calculations, it was not a all-purpose computer like the ones we are used to today. In 1939, the first digital computer was born, called Z2, built by a German engineer, although there is some controversy as to the actual authorship of this calculator.

From 1970 to 1980 #

In 1971 a very serious event happened, known as the Nixon Shock. Because of the war in Vietnam and the general recession, the US federal government needed money and President Richard Nixon decided to suspend the convertibility of the dollar into gold.

Until then, the entire world economic system was based on the following scheme: all official state currencies were convertible into US dollars and each country’s central bank promised the convertibility of its local currency into US dollars, while the US central bank promised the convertibility of these dollars into gold.

Nixon, claiming to want to protect the dollar from speculators, announced on live television that the convertibility of the dollar into gold would be temporarily suspended. It is now 2022 but Nixon’s suspension is still in full force.


From economics we return once again to technology. In 1974, Cerf and Kahn published a study entitled A Protocol for Packet Network Intercommunication, a protocol that allowed different computer networks to be connected together, known today as IP (Internet Protocol).


In 1976, researchers Diffie and Hellman published the paper New directions in cryptography.

Until then, encryption used a symmetric key, which worked (for example) as follows:

  • Alice has a plaintext that she wants to encrypt and send to Bob;
  • Alice “moves forward” each letter of the text by seven positions, resulting in a block of text with no logical meaning;
  • Alice sends Bob the encrypted text;
  • To recover the original text, Bob must “move back” each letter of the block of text received from Alice by seven positions.

All cryptographic systems until 1976 were of this type and were insecure because they were based on the concept that one can ’turn a key one way’ and ’turn it the other way’ very easily.

In “New directions in cryptography” (asymmetric cryptography) theorised by Diffie and Hellman, it is still very easy to turn a key one way', but virtually impossible to turn the key the other way'.

Example of asymmetric encryption:

  • Each party in a cryptographic exchange has two keys, a public and a private key;
  • Alice generates a private key;
  • Alice mathematically and deterministically calculates the public key associated with the private key;
  • Alice can send her public key to anyone;
  • Bob, who wants to communicate encrypted with Alice, will use Alice’s public key to make a text unreadable;
  • The content of the text can only be decrypted by Alice’s private key.

Example of asymmetric encryption
Example of asymmetric encryption


Two years later, in 1978, Rivest, Shamir and Adleman published a study entitled A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. These three authors developed an algorithm that effectively made the asymmetric key cryptography introduced in 1976 possible, based on the use of prime numbers.

Prime numbers have an important characteristic: if I asked you to multiply the number 3 by the number 5, it would be very simple; but if I asked you for the prime factors of a prime number like 15, this operation is generally more complex. You would probably think it obvious that the prime factors of 15 are 3 and 5, but if you were to move this argument to very large numbers, it would be impossible to determine the solution, since there is no simple algorithm for solving this kind of problem.

The same year, a very influential book by a Nobel Prize winner in economics came out, entitled Denationalisation of Money by F.A. Hayek, an exponent of the Austrian school of economics. Hayek was very much against the state monopoly on money, which in his opinion `has never existed in the history of mankind’. According to Hayek, total monopoly is destructive and the idea he proposed was that money should go back to being issued (and chosen) by market actors, without any form of centralisation that could generate corruption and systemic crises.

In a way, Hayek predicted the immaculate conception of Bitcoin. 😁

In 1979, a mathematician named Claus P. Schnorr patented the idea of the merkle tree. To simplify, the basic idea of the merkle tree is to have a structure used to verify the integrity of a data set. It works by dividing the data into small parts, then creating pairs of these parts and calculating the hash (a unique, unpredictable and non-reversible value) of each pair. This process is repeated until all the parts have been included in a single root, called the merkle root, which summarises all the parts.

When you want to check the integrity of a data set, simply calculate the hash of each part and check that it is the same as the one found in the merkle tree. If the hash of a part is different, it means that the data has been modified or altered in some way. The merkle tree by the way is very efficient because it requires little disk space and allows the integrity of the data to be verified even when it is divided into small parts and distributed over a network.

From 1980 to 1990 #

In 1980, Samuel Konkin III published the New Libertarian Manifesto, in which he advocated agorist thinking, i.e. the idea that:

It is not enough to proclaim the beauty of freedom and the ugliness of the state, but we must act pragmatically and build technical instruments capable of defeating the state.
Samuel Konkin III

This thought would later be adopted by the chyperpunks movement.

In 1981, two significant events occurred:

  1. The Internet Protocol reached version 4, and it is fascinating to think that in 2022 this obsolete version is still being used (for example to read this site), despite the fact that the Internet has become the backbone of the modern world;
  2. Mr. David Chaum imagined an untraceable electronic mail protocol using digital pseudonyms and published the paper Untraceable electronic mail, return addresses, and digital pseudonyms. This publication is very important because it marks the beginning of the use of the concept of asymmetric cryptography to sign messages instead of encrypting texts.

To better understand the difference from the asymmetric encryption example above, let us look at this example:

  • Alice sends a message to Bob and wants to prove that she is the owner of the message;
  • Alice signs the message with her private key;
  • Alice sends Bob the plaintext and the encrypted text with her private key;
  • Bob knows Alice’s public key, so he can decrypt the text with Alice’s public key;
  • If Alice actually signed the message with her private key, then the plaintext and the encrypted text (decrypted by Bob) will be identical.

Alice then certified the communication by proving that she had signed with her private key πŸŽ‰

From 1982 to 1988 there were several key steps:

  • In 1982 there is no real key passage but it is indicative of a general culture that was spreading: the paper The Ethics of Liberty is published in which Murray N. Rothbard (another Austrian economist) suggests the abolition of the US Federal Reserve and a return to market money;
  • In 1983, David Chaum published the paper Blind signatures for untraceable payments and for the first time the idea of using a cryptographic signature system to make untraceable digital payments was introduced;
  • Two years later, in 1985, Koblitz published Elliptic curve cryptography proposing an alternative way to RSA to make public key signatures based on finite-field eliptic curves.
  • Finally, 1988 saw the appearance of the Crypto Anarchist Manifesto by Timothy May, an anarchist agorist like Konkin III. In brutal summary Timothy states:

In the physical world the state controls us, but in the digital world, of the Internet, thanks to cryptography, the state will not be able to control us if we develop the right tools. We could create pseudonyms by exchanging ideas, services and products without necessarily having to be monitored.
Timothy May

In 1989, David Chaum, developed an electronic payment system (with patent) based on asymmetric cryptography and blind signatures, called DigiCash.

The idea behind DigiCash was to provide an electronic means of payment that was secure, anonymous and guaranteed users’ privacy. To achieve this, Chaum used cryptography to protect transactions and to ensure that only the sender and the recipient could see the transaction details, all bundled with a system of ‘digital signatures’ to verify the authenticity of transactions and to prevent forgery.

DigiCash’s system was based on the digital currency ecash, which could be transmitted over the network and used to make online payments. Users could purchase ecash from banks or other financial institutions and use it to make payments quickly and securely.

It’s not Bitcoin yet, but we’re getting closer.

From 1990 to 2000 #

In 1990, Claus Schnorr patented a type of signature using elliptic curve cryptography, which proved to be very effective and possessed certain features such as formal security demonstrability and aggregability of signatures. If Alice and Bob signed a text with their private keys and then summed their signatures, the result was a valid public key signature that was the sum of Alice and Bob’s public keys. Headaches? All in the norm, these technicalities have been important for the recent development of Bitcoin (such as taproot) and we will examine them later.

In 2008, Satoshi Nakamoto did not use Schnorr’s signatures, even though the patent had already expired, as he felt it would be dangerous to put an important system based on a new and untried technology into production without audit, test or peer review. Instead, he chose to use a less efficient algorithm called ECDSA, which among other things did not allow the aggregation of signatures like Schnorr’s.

In 1991, two important events occurred:

  1. Phil Zimmermann invented PGP (Pretty Good Privacy), which basically works by creating a public key and a private key for each user. The public key is used to encrypt messages or documents that are sent to the user, while the private key is used to decrypt messages or documents that are received by the user. In this way, only the user can read the messages or documents he receives, since he alone has the private key to decrypt them;
  2. Researchers Haner and Stornetta published the paper How to time-stamp a Digital Document, also cited by Satoshi Nakamoto in his paper on Bitcoin. In this paper, the two researchers discovered how to prove the existence of a document at a given instant in time, but Bitcoin had to do a bit more: prove, in the same interval, both existence and uniqueness.

In 1992, the chyperpunks were born in San Francisco, libertarian activists who advocated the intensive use of computer cryptography as part of a path of social and political change, for instance by hacking confidential archives to make public certain inconvenient truths.

The famous journalist Julian Assange was part of this movement.

In the following two years, 1993 and 1994, the following were published respectively:

  • A chyperpunk’s Manifesto: the difference cyhperpunks and cryptoanarchists is that the latter advocate the use of cryptographic technology as a means to promote anarchy and individualism in society while chyperpunks are activists who use cryptography to change society and politics;
  • The chypernomicon by Timothy May which in some ways is prophetic as it examines how cryptographic technology can be used to protect the privacy of personal data, to create a network for the exchange of goods and services without the control of government institutions, and to protect freedom of speech and expression in an increasingly interconnected world.
At this time, some chyperpunks were fighting the Crypto Wars in which the US government had declared that cryptographic systems and software for making cryptography were considered weapons and that exporting cryptography was tantamount to carrying ammunition. Hence the famous (and ridiculous) story of the illegal numbers.

Still in 1994, an alternative version of Chaum’s DigiCash called CyberCash was created by Daniel C. Lynch.

CyberCash was also based on fiat currencies like DigiCash, but had something more: a test system with a finite number of dollars. Test dollars had no value, but the fact that they were finite was a point in their favour, as they later became more valuable than CyberCash’s production dollars. The test dollars had become a collector’s item. πŸ’€

Two years later, in 1996, lawyer Barry Downey and oncologist Douglas Jackson founded e-gold in California, because they argued that given the inconvertibility of the US dollar in gold and the lack of limits on the central bank’s printing of money, the state monetary system would be doomed to implode. However, gold was unsuitable for an internet age, so they decided to create a company that would use gold as collateral (subject to strict audits) and someone would pay with e-gold, they would write a digital cheque (using a system very similar to Chaum’s DigiCash) that could be sent to others via email addresses. This idea made it possible to exchange digital securities representing grams of gold.

During the same period, the US NSA also published a paper on how to create an online currency similar to DigiCash/CyberCash, although the actual purposes of this publication are not known.

Three important events took place in 1997:

  1. Adam Back created HashCash to solve the following problem: Adam Back, being a chyperpunk, talked to other people via (anonymous) e-mail and these were disposable. This created a problem, that of spam. To avoid spam, Adam used a very creative method. I explain with an example:
  • Alice creates the e-mail message: Hello, how are you? with today’s date and then hashes the message;
  • Alice sends Bob the text and the hash;
  • Bob decides that if the message hash starts with 0 he will read the message, otherwise he will not read it;
  • If Alice notices that the hash of her email starts with 1, she doesn’t send the message, and will edit the text slightly to create a new hash: if it comes out 0 she’ll send it (and Bob will read it), otherwise she’ll have to try again.
  • And so on.

If Bob notices that he is still receiving too much spam, he can change the difficulty by dictating that he will only read emails if the message hash starts with 00 instead of 0. I only point out that in this way the difficulty does not double, it increases quadratically.

It’s exactly proof-of-work of Bitcoin! πŸ‘Œ

Satoshi Nakamoto cites Adam Back and his HashCash in the paper as the basis for the creation of Bitcoin.
There had already been a similar idea with the ‘92 paper Pricing via Processing or Combatting Junk Mail.

To conclude 1997, two other significant events occurred:

  1. The computer scientist (and chyperpunk) Nick Szabo publishes a text that talks for the first time about smart contracts (this proves that smart contracts are not the invention of some recent shitcoiner). What Nick states in the paper Formalising and Securing Relationships on Public Networks is that not only is it possible to send cash from one public key to another as David Chaum does in DigiCash, but the problem can be generalised and stated that it is possible to use cryptography to secure online communications and transactions, thus protecting sensitive information and digital assets. Szabo mentions smart contracts, automated programmes that perform specific actions according to predefined conditions, to formalise relationships on the network and ensure their security, e.g. by implementing time or multi-signature tests;
  2. The book The Sovereign Individual is published, which is also very prophetic and which we can summarise for simplicity with:

The world of sovereign states is coming to an end because the Internet will bring the possibility of choosing where to live, the sovereign individual will be able to go around with different nationalities, different residences, different passports. In doing so, the individual will be able to shop for the best state, the state will no longer be his ruler but will be his service provider.

After the very hot year of 1997 we come to 1998, which is even hotter because Nick Szabo invents a potentially decentralised version of DigiCash, called BitGold. He describes it in 1998 but does not publish it until 2005 in a complete and formal manner. It can be said that he is very close to the idea of Bitcoin even though there is still a fundamental piece missing.

Meanwhile, a very famous chyperpunk called Wei Dai publishes a paper creating B-Money without presenting any code but proposing the use of a system of smart contracts to manage transactions and ensure the security of the system. The smart contracts would have acted as automatic intermediaries for transactions, verifying that the conditions for their execution were met before executing the transactions. In this way, the system would have been able to function without the need for a central control body. There is, however, one problem that plagues both Nick Szabo and Wei Dai and that is that of double spending.

What happens when a user tries to spend the same unit of digital currency twice in a decentralised system? And how could this be prevented?

To this excellent question, Wei Dai proposes to establish an order for transactions and to do this, one votes to determine which transaction arrived first and which arrived later. However, there is a risk that some fake nodes will vote to make it appear that a transaction arrived earlier or later than it really is. Also, not all nodes in the network have the same voting power. Some may vote with more weight because they have placed digital money as collateral, and the weight of their vote depends on how much money they have placed as collateral (stake).

After various analyses, we come to the conclusion that it cannot work because it is a circular mechanism and to achieve this system the weight of the vote that decides which transaction came first is defined by the possession of the money in stake and the possession of the money in stake depends on previous transactions and their technology which in turn depends on a vote that depends on possession and so on. An endless loop. This logical circularity results in a weak system, which easily leads to attacks and centralisation.

This is exactly the proof-of-stake, already theorised and discarded in 1998 due to obvious architectural weaknesses βœ”

Other important events in 1998:

  • Bernard von NotHaus creates the Liberty dollar, a digital currency based on gold and silver. The Liberty Dollar system provided for the issuance of physical and digital gold and silver coins, as well as credit cards and cheques that could be exchanged as currency. The currency was based on an exchange rate set by the gold and silver market and could be used as an alternative to traditional currencies such as the US dollar. In 2009, the US federal state prosecuted him by sending him to jail, making it clear that there could be no competition in the liberal homeland;
  • Peter Thiel creates Coinfinity, an online payment system for e-commerce, but the way he envisions it is something similar to Bitcoin:

In the physical world you will interact with the currency of your state, but when you are on the internet you are a citizen of cyber space and therefore without borders, boundaries and bureaucracy you will pay in the coinfinity currencyPeter Thiel

In 1999, dear Elon Musk entered the game and created X.com, a payment system with the same basic idea as Peter Thiel’s Coinfinity, and the same year, Milton Freeman delighted us with a prophecy:

I think the Internet will be a huge force in reducing the power of government in people’s lives. But there is one thing that is missing –and will soon be invented– and that will be a digital Internet currency in which A can transfer funds to B without B knowing A. This system does not yet exist, but it will exist and it will make the Internet the ultimate revolution.Milton Freeman

From 2000 to 2007 #

In 2000, there was the merger of Elon Musk’s X.com and Peter Thiel’s Coinfinity, which gave rise to PayPal. As always, the regulator arrived, categorically forbidding the development of the PayPal ideal, because there must be no competition with the US dollar. After a few visits from central bankers and the federal government, PayPal abandoned its ideal of an Internet currency, but became a payment network for traditional currencies (above licensed banks, with all that that entails: bureaucracy, censorship, inflation.

In 2001 we have three important events:

  1. Bram Cohen created BitTorrent, a peer-to-peer protocol with open-source software at its base, impossible to stop due to its decentralised nature. In 2001, Napster already existed to exchange music, films and digital files in general, but it worked in a centralised manner.
Various music groups (e.g. Metallica) and record majors sued Napster, which had to shut down its servers, putting an end to this centralised phenomenon.

With BitTorrent, the fight against pirated music became virtually lost.

  1. After the collapse of the Twin Towers on 11 September, the strictest financial regulation in the history of mankind (under the pretext of terrorism) with many sanctions and preventive surveillance was born. It was decided that politicians and bureaucrats of the federal government should know every movement and reason for the movement of funds of every human being, inside and outside the American jurisdiction. Regulations KYC and AML were introduced everywhere.

  2. In an e-mail exchange between 16-year-old Peter Todd and the famous Adam Back, the latter explained that, as Wei Dai and Nick Szabo had already hypothesised, HashCash could be used not only as an anti-spam, but as the basis for a digital cash money system. However, Peter Todd pointed out a problem to Adam: the way computational power works is such that, if this proof of work were transferable between subjects, it would be hyperinflationary and the rationale is that with the proof of work you prove that you have incurred a computational cost (of machine time and energy) and the pivotal idea is to make this proof of work transferable, to prove that someone else has spent time and machine and I am just reusing their computational cost already incurred:

    • A proof of work done in 2001 would be very different from a proof of work done in 2022, as the power of the machines is exponentially greater and would make the 2001 proof of work ridiculous;
    • If there was a lot of demand for this ‘digital currency’, the price would go up, the profitability would go up and many people would do the job test, creating more supply. With more supply, the price would fall and very negative economic cycles would arise, similar to the fiat system.
The solution is automatic difficulty adjustment and will be solved by Satoshi 😎

In 2003, the video game Second Life became very famous thanks to a mechanic whereby one could buy goods, services and land (coff coff, metaverse? πŸ˜ƒ) within the game with a currency called Linden Dollar, exchangeable both in-game and out-of-game. The game economy was so flourishing –and with monetary policies less stupid than those of the Federal Reserve– that the value of the single Linden Dollar brutally exceeded that of the US Dollar.

A Maltese company run by two Italians creates a trading centre for virtual shares and bonds in Linden Dollar called The Rock Trading. It is the oldest existing exchange, born even before Bitcoin.

As always and by now unsurprisingly, along came the regulator who banned the exchange of the Linden Dollar against the US Dollar and forced the developers of Second Life to peg the Linden Dollar 1:1 against the Dollar. The Linden Dollar then became irrelevant.

Another year goes by, it is 2004, and a chyperpunk called Hal Finney (creator of PGP 2.0) creates the Reusable Proofs of Work (RPOW) finally making HashCash’s proof of work transferable.

The problem of double spending always remained. Simplifying almost incorrectly, it stated that one had to trust the chip (e.g. Intel) that was inside the computer, which would sign the date of the transaction accurately and avoid double spending. It was a trust system of a hardware third party (the Intel chip) that, in theory, should not have colluded with the participants but was not very successful as a solution. We are at the peak because in 2005 Nick Szabo republished bitgold (conceived in 1998) and supposed to solve the problem of double spending not only by generating the currency but also by voting on the transaction history; the concept was similar to Wei Dai’s proof-of-stake, but instead of weighing the votes on the currency staked, he thought of doing it on the basis of the proof-of-work itself. Szabo sought developers, but then in 2006 removed his publication. We are very close to the idea of Bitcoin, almost within a whisker.

Year zero: 2008 #

Two fundamental events happened:

  1. The patent on Schnorr’s signature expired (even though Satoshi would not use it);
  2. Yet another economic crisis created by fiat currency was triggered, namely the Subprime Mortgage crisis, orchestrated by various government entities whose task was to inflate a market of mortgages that could never be repaid, based on the manipulation of interest rates artificially lowered by the Federal Reserve.

On 31 October 2008 came the immaculate conception: Satoshi Nakamoto published the bitcoin paper. Curtain.

Satoshi Nakamoto #

Name, domain and hosting #

The first documented trace of Satoshi Nakamoto dates back to 2008, although in various public posts this anonymous user (or group of users) casually commented around the Internet that he had already started working on a project called Bitcoin in 2007. In 2007, somewhere in the world, someone was already working on Bitcoin.

However, the real documented story begins on 18 August 2008, when the site bitcoin.org (which no longer exists) was registered using the Internet service anonymousspeech, which allowed people to pay to register domains anonymously.

How did Satoshi Nakamoto pay for a domain in 2008 anonymously?

At the time, anonymousspeech accepted cash payments physically sent to their premises or through e-gold payments. As a mere matter of continuity between the experiments carried out up to 2008, many are betting that he used the latter to purchase the domain

An interesting fact is that even though we do not know Satoshi’s legal identity, anonymousspeech assigned an ID to each customer, and so we learned that Satoshi himself had bought another domain, this time called netcoin.org, we can say that he was undecided about what name to give his creature.

How did Satoshi Nakamoto pay for hosting in 2008 anonymously?

The hosting information is still in the hands of anonymousspeech (now closed), but very realistically Satoshi will also have used a similar service to pay for his own hosting; probably self-hosting would have been too dangerous, and in order to maintain absolute anonymity, he also preferred to purchase hosting.

Whitepaper #

On 31 October, Satoshi Nakamoto’s whitepaper was published, presenting for the first time in a practical and technical way how bitcoin works. Satoshi writes on a mailing list called cryptography (the spiritual successor to the chyperpunk mailing list, which has been closed for several years) saying:

I have been working on a new fully peer-to-peer electronic cash system, without a trusted third party. The paper is hosted at bitcoin.org/bitcoin.pdf" – Satoshi Nakamoto

The main properties it describes on the mailing list are:

  • Double spending is prevented thanks to a peer-to-peer network;
  • There is no central mint or other trusted party;
  • Participants can be anonymous;
  • New coins are created through a HashCash-style proof of work;
  • The proof of work used for coin creation also serves the network to avoid double spending.

Satoshi’s first message
Satoshi’s first message

Let us analyse the abstract of the paper:

Abstract. A purely peer-to-peer version of electronic cash would allow online payments to be sent directly from one party to another without going through a financial third party. Digital signatures provide part of the solution, but the main advantages are lost if a trusted third party is needed to avoid double spending. We propose a solution to the double spending problem using a peer-to-peer network. The network marks the time of transactions, placing them in a continuous chain of hash-based proofs of work, forming a record that cannot be changed without redoing all proofs of work. The longest chain not only serves as proof of the sequence of events witnessed, but also as proof that they come from the largest CPU pool. As long as most of the CPU power is controlled by nodes that do not cooperate to attack the network, they will generate the longest chain and outperform the attackers. The network requires minimal structure. Messages are transmitted in best effort and nodes can leave and join the network at will, accepting the longest chain as proof of what happened during their absence.


Satoshi Nakamoto’s whitepaper does not deal with topics such as inflation, central banking or digital gold. It is completely neutral and devoid of political connotations, with a purely commercial narrative. However, in other internet posts Satoshi has expressed his crypto-anarchist roots. Another interesting element is that in the paper Satoshi mainly focuses on solving the double spending problem, taking for granted the necessary technological parts that are taken for granted as:

..digital signatures provide part of the solution…
Satoshi Nakamoto

Satoshi does not explain in this publication important concepts such as bitcoin’s smart contract language, the script, does not discuss the 21 million bitcoin limit, and halving is not mentioned either.

The first responses to Satoshi’s e-mail are very sceptical, like: ’nice but it can’t work, this stuff doesn’t scale enough’.

Timechain and errors #

The term blockchain was not used by Satoshi Nakamoto in his whitepaper. Instead, he used the terms chain of blocks, chains of proofs of works and chain of hash-based proof-of-works to describe what he was talking about. In the code, he often used the term timechain to refer to the sequence of blocks. This name was chosen simply to establish the chronological order of the blocks. However, some, such as Peter Todd, have objected to the use of timechain in relation to Satoshi’s misuse of the term timestamp, which literally means “stamp guaranteeing that a certain piece of information exists” at a certain time, as if it were proof of existence. Bitcoin does not need a proof of existence, but a proof of uniqueness or rather of the existence of non-alternatives.

  1. Satoshi has misused the term timestamp because Bitcoin does not need a stamp that guarantees the existence of a particular piece of information, but a proof of uniqueness. For example, if I sign two transactions, one in which I state that it will rain tomorrow and one in which I state that it will be fine weather tomorrow, and then I disclose the first transaction if it rains tomorrow and the second if it is fine weather tomorrow, I am violating the uniqueness of the transactions, I am double spending. Peter Todd correctly observed that the more appropriate term to use would be single-use-seals instead of timestamps. Giacomo Zucco suggested that the proof of uniqueness should be called timesealing. However, we can forgive Satoshi this error, since in 2008 the literature on cryptographic time evidence was not yet well developed;

  2. Satoshi often mentions the term CPU in his paper. Today, however, it is impossible to do mining using a CPU because it is too unspecialised. CPUs can do anything (emulate any Turing machine), but GPUs are more efficient because they can only do certain things, such as video games or 3D simulations. Subsequently, we moved from GPUs to FPGAs (generically printed programmable boards) to ASICs, which are designed exclusively for bitcoin mining. However, this is not a serious mistake on Satoshi’s part, as he could not have foreseen the technological evolution of the last 14 years.

On 18 July 2010, the first block was mined using a GPU.
  1. Satoshi often talks about the longest chain in his paper, but this is a mistake because if so we would simply take the genesis block, use one of our ASICs to start mining all the blocks every 10 minutes without ever triggering the difficulty adjustment. The result would be that, since the difficulty is low, we could create a chain much longer than the original and present it as such. The solution to this problem (which is also an error in Satoshi’s source code) is to check the heaviest chain, i.e. the one with the highest cumulative amount of work, which is obtained by multiplying the length of the chain by the difficulty coefficient of each block.

  2. Satoshi uses the term node loosely in his paper, describing nodes that do mining, manage wallets, manage consensus, and manage peer-to-peer connections. Over time, nodes have become specialised: for example, nodes that do mining are no longer generic software that does validation, but are software specifically designed for this purpose. The nodes on our computer no longer do hashing, but only validate transactions, while the wallets on our mobile phone no longer do validation, but only generate keys and transactions. Furthermore, signing devices (such as hardware wallets) do not even do transaction composition, fee selection or coin selection, but only do transaction signing.

  3. Regarding the SPV (Simplified Payment Verification), Satoshi believed that it was not necessary for everyone to download all the blocks, but that it was sufficient to download only the header (which contains the merkle root of the transaction). In this way, it was enough to trust that if a transaction existed within the merkle root, it meant it was valid and we could assume this to be true by trusting the miners. However, if someone found an invalid transaction, they would report the error and everyone would download the entire block. The problem is that all it takes is one malicious node that starts reporting all blocks as fake for every light client to start downloading everything and become a full node.

  4. With blockchain, all transactions are public, but the privacy model is new: everyone can see the transactions, but the physical identities connected to the transactions are hidden. It becomes important to hide the relationship between public keys and an individual’s identity. As an additional security measure, it is recommended to use a new set of public and private keys for each transaction. It is also recommended not to reuse addresses. Satoshi says: ‘some linkage is unavoidable when there is a transaction with many inputs, as it indicates that the person who is executing the transaction is the owner of all addresses in the transaction’. In reality, this is untrue, since several people can put together several inputs. We will examine the concept of CoinJoin in more detail later.

  5. The whitepaper does not describe bitcoin as we know it today: there is no mention of the 21 million limit, halving, UTXO set, smart contract scripts or automatic difficulty adjustment. Bitcoin 0.1 does not descend from the whitepaper; the whitepaper was created to solve the main problem, namely double spending.


Genesis block and Patoshi #

A group of cryptographers revealed that in November 2008 Satoshi contacted them to pass them a code dump for a private review, very similar to the public code that was released in January 2009.

Two interesting things about the private code:

  • Implements a peer to peer poker system in the code (removed later to keep the focus on bitcoin);
  • Implements a decentralised market system with a complex merchant reputation system (removed later to keep the focus on bitcoin).

On 3 January 2009, the first Bitcoin block was mined: the source code was released on Sourceforge on 9 January, but it had already been circulating among various figures since November 2008; the genesis block, i.e. the official start, is dated 3 January 2009, and in this first block, Satoshi writes

The Times 03/Jan/ 2009 Chancellor on Brink of Second Bailout for Banks
Satoshi Nakamoto

Front page of The Times of 3 January 2009
Front page of The Times of 3 January 2009

Interesting facts about The Times image:

  • A Gordon Ramsey advert in which he invites people to eat out for just Β£5 (amazing how in 14 years fiat inflation has exploded)
  • A beer at the bottom, purchasable for Β£1;
  • Israel sending troops into Gaza. Eternal war in the Middle East, links to the petrodollar? Perhaps this actually could fall into conspiracy.

What is the purpose of all this on Satoshi’s part? Certainly an interest in the monetary topic and economic crises, another is the proof that he and others started mining on 3 January; the first block was not created weeks before and then the code was released: the genesis block was created exactly on 3 January 2009. A demonstration that neither he nor anyone else executed a hidden proof-of-work for some kind of advantage. To make matters worse, the bitcoins Satoshi allocated himself after mining the first block were not spent because… they were not spendable! All these elements denote a profound transparency towards Satoshi.

Satoshi is said to have mined 1.3 million bitcoins for himself: there is no real proof and this claim is completely gratuitous and improbable. The origin of this legend goes back to researcher Sergio Lerner in 2013, who examined the first blocks and observed how they handled the nonce. Each block in Bitcoin has a header that contains several fields: date, hash of the previous block, difficulty, merkle root of all transactions and the nonce: a random number that the miner must enter and keep changing until the hash matches the current difficulty.

Current Asics no longer use nonce because they would fill that space too quickly; what they do is change the coinbase to have additional variety and entropy.

Sergio examines all the blocks and notices that some consecutive blocks do not have the nonce starting from 0, but continue with respect to the nonce of the block previously validated with respect to the one under examination. Sergio therefore finds it credible that a single entity throughout 2009 mined so many blocks that it obtained around 1.3 million bitcoins. That entity detected a pattern, and so Sergio called it Patoshi.

The main objections are not to the fact that Patoshi exists (very likely), but that Patoshi is in fact Satoshi. Let us analyze the counter evidence:

  1. Satoshi has gone to great lengths to demonstrate the fairness of the genesis block via The Times newspaper page, clearly demonstrating that he did not work ‘alone’;
  2. When the source was not widely circulated (before it was posted on SourceForge) Satoshi did not pre-mine anything;
  3. When Satoshi personally sends bitcoins to Hal Finney from one of his coinbases, he mines them from a block that does not belong (in an obvious way) to Patoshi’s pattern.

Last post, fork and farewell #

On 11 February, Satoshi created a profile on the [P2P Foundation] forum (https://p2pfoundation.net/) with the date of birth the day Roosevelt confiscated the gold and the year of birth the day Nixon ended the gold standard.

In his first post, he explains that he has developed this fully decentralised peer-to-peer ecash system and posts the link to bitcoin.org, adding:

The main problem with conventional currency is all the trust required to function, the central bank must be trusted not to inflate, but the history of fiat currencies is full of betrayals of this trust not to inflate.
Satoshi Nakamoto

Satoshi’s tone begins to be more political than the whitepaper.

The current narrative claims that Satoshi’s idea was only to allow neutral online payments (a sort of PayPal) and then the whole inflation and store-of-value discourse was built. This narrative is absolutely untrue: the whitepaper keeps itself scinetifically elegant, but Satoshi’s real intentions and ideas are scattered all over the internet

On 29 October, Satoshi was convinced by some developers to move Bitcoin’s code from SourceForge to GitHub, a system better suited to Linux operating systems. Gavin Andresen was in charge of the migration and soon other important developers joined them on GitHub. On 22 November, the Bitcoin forum moved to a new forum called BitcoinTalk, run by users theymos and cobra.

Among the developers who intervened at this time was Mike Hearn, a Google developer who began the discussion by proposing the absolute standardisation of Bitcoin as a term of protection against the threat of closure by central state powers. Gavin Andresen also became a strong supporter of this policy.

Satoshi meanwhile makes changes to the source:

  • On 28 July 2010 he performs a soft fork due to a bug in OP_RETURN (not exploited by anyone) that would have allowed anyone to spend any bitcoin. The OP_RETURN is an operation that allows a data message of up to about 100 bytes of data in a transaction;
  • On 31 July 2010 he does another soft fork: some users were having problems with upgrades, Satoshi removes two OP_CODEs and then does a hard fork introducing OP_NOPs which basically do nothing but with a future soft fork could have been used to do something else
  • Another subsequent hard fork is performed to separate the evaluation of scriptSig from scriptPubKey which are two key components of the value transfer system in Bitcoin. The ScriptSig is a string of code within a Bitcoin transaction that contains the digital signatures of the participants in the transaction and other information needed to verify the authenticity of the transaction. ScriptPubKey, on the other hand, is a string of code present within a transaction output that specifies the conditions that must be met in order to spend the money contained in that output. Together, ScriptSig and ScriptPubKey form Bitcoin’s spending mechanism, which ensures that only legitimate Bitcoin owners can transfer funds to other addresses. The bug found by Satoshi allowed everyone to spend bitcoins even if one was not the owner of those funds;
  • On 15 August, a value-overflow bug was discovered. It is very dangerous because entering a higher value than the varaible can hold causes another unpredictable number to appear. This bug is exploited for 51 blocks and 184.5 billion bitcoins are generated. Satoshi notices this, restarts the chain of 51 blocks by rolling back the chain. This is not a justification but this only happens a few months after the launch of bitcoin and is entirely justifiable;
  • On 7 September another fork takes place that adds the limit of signature transactions to 20 thousand, otherwise it would have been possible to create a transaction that blocked a node because it asked to verify a disproportionate number of signatures;
  • On 12 September, Satoshi performed another soft fork, adding a blocksize limit of 1 megabyte to the block;
On November 27, 2010, a developer from the Czech Republic named Slush (one of the creators of Trezor and SatoshiLabs) created the Slush Pool, effectively creating the very concept of a pool. A pool is a system composed of several miners who join forces to work on a block; the first of the group to get proof-of-work shares the reward with the entire pool.

After 12 September, the story of Satoshi’s upgrades stops, but two important facts happen:

  1. On 11 December 2010 comes Satoshi’s penultimate public message: someone reports in a newspaper (Business Insider) an article in which WikiLeaks opens up the possibility of adopting Bitcoin to receive funding, given the block imposed by Visa and Mastercard. Satoshi responds by officially asking WikiLeaks not to make this move:

WikiLeaks has kicked the hornet’s nest, and the swarm is headed towards us. [I make this appeal to WikiLeaks not to try to use Bitcoin. Bitcoin is a small beta community in its infancy. You would not stand to get more than pocket change, and the heat you would bring would likely destroy us at this stage.
Satoshi Nakamoto

Satoshi states that ‘for now’ Bitcoin is too small for a direct battle with the US state.

  1. On 12 December 2010 at 18:22:33 Satoshi gives us his last post in which he says: “there is a lot of work to be done “. In an email dated 23 April 2011 (for which there is no cryptographic proof) Satoshi writes to Mike Hearn that he wants to appoint Gavin Andresen as his spiritual successor.

The puberty of protocol #

Adoption #

In 2011, Bitcoin became popular with its adoption by the Electronic Frontier Foundation, a foundation dedicated to promoting civil liberties on the Internet. However, in June of that year, they stopped accepting Bitcoin due to fears of legal repercussions for receiving donations in cryptocurrency. In February 2011, Austrian school and free market enthusiast Ross Ulbricht founded under the pseudonym Dread Pirate Roberts The Silk Road, an e-commerce site that sold goods and services on the TOR network. The Silk Road had some ethical, but not moral, religious or political restrictions, e.g. no stolen goods or stolen credit cards were allowed, but books or psychotropic substances were allowed.

The Silk Road only accepts Bitcoin, the first real use case is born.

The Silk Road really exists and is a route where merchants around the world exchanged goods from China all the way to Spain, via India, Afghanistan and as far as Japan.

First shitcoin and BIP #

On 17 April 2011 the first utility coin called namecoin was born, which compared to those of 2022 is also quite honest, so it is not a real shitcoin:

  • There is no ICO;
  • There are no marketing departments;
  • There are no lies in the way it is described;
  • There is no super technical crap.

meme

The main purpose of Namecoin was to offer a decentralised alternative to the domain name resolution system (DNS) currently used on the Internet, which is managed by centralised entities such as ICANN (Internet Corporation for Assigned Names and Numbers). It aimed to provide a name resolution system resistant to censorship and tampering by governments or other centralised actors, making it more difficult for Internet users to be excluded or restricted in their access to certain websites or online services. It also offered a certification system for domain names, allowing users to prove ownership of a domain name in a decentralised manner and without the need for centralised third parties. All this with a new termination in the browser: .bit. Given the scalability problems on Bitcoin’s timechain it seemed logical to flood it further, so further was to create another chain from scratch that instead of reinventing mining, merge mining is performed.

The technique of merge mining allows the hash of the secondary chain block (namecoin, in this case) to be embedded in the coinbase of the main chain block (Bitcoin) being mined.The embedded hash is preceded by a short descriptive text called a ’tag’ that allows the secondary chain to easily locate it. Being a separate chain, however, there was a problem, which gave rise to scamcoin:

How to pay the miners for this extra work? Certainly not in .bit domains, the fees must by definition be fungible. Thus was born the real Bitcoin clone, the separate coin that replicates Bitcoin and which –obviously– has no value whatsoever.
Now laugh in the faces of those who use .eth domains feeling original😁

The second most famous shitcoin is litecoin, an entirely different beast to namecoin immediately and demolished by Bitcoin developers. The creators of litecoin asserted a number of completely nonsensical assumptions:

  1. Assertion: Bitcoin is stupid because blocks are created every 10 minutes, we will make quick blocks about 2 seconds.
    Bitcoin developers' response: Satoshi did not set the 10 minutes randomly, but because at the same hashrate if you have a block after 1 minute it is not worth as much as one made every 10 minutes but is logarithmically worth less than 1/10. There is no more security if the blocks come sooner. Secondly, with a higher granularity you have more chances of orphan rate: if blocks are found more frequently, much more often two blocks will be found at the same time and therefore there will be many parallel chains in which one loses and one wins; this means that the profitability of the miner becomes much lower, giving much more incentive to big miners than to small ones because the variance increases.
  2. Statement: we will have lower fees than Bitcoin; Answer: we will discuss this narrative in the next section which will be entirely about the blocksize war.
  3. Statement: it is not ok for Bitcoin to be mined with GPUs, we will not use sha256 and will create an algorithm called GPU resistant script; Bitcoin developers' response: no resistance, script is still an algorithm and a way will be found to make it feasible and scalable for GPUs, albeit slower. Increasing the complexity creates an entry barrier such that the first one to find a way to do it with the GPU will have a competitive advantage over the others.

litecoin has some obvious problems: firstly, more blocks were mined on the first day of launch than might have been expected. Furthermore, litecoin is often referred to as the ‘silver of Bitcoin’, i.e. a less valuable currency than gold. However, this statement makes little sense, as both currencies are digital assets and therefore already divisible by nature. Unlike gold, which is easily transportable but not very divisible, or silver, which is less transportable but very well divisible, digital assets can always be divided and are easily transportable.

On 19 September, a chyperpunk developer called Amir Taaki had a brilliant idea: to create the `BIP (Bitcoin Improvement Proposal) process. This system allowed (and still allows) anyone with a Bitcoin proposal to follow a structured path to submit it. Specifically, the proposal is discussed in a feedback-gathering phase, then structured with an abstract, a preamble, detailed specifications, justifications, compatibility with other systems, and a reference implementation. Once the proposal has been formalised, it is presented to a group of people who maintain the Bitcoin repository without going into the substance of the matter. These people do not decide whether the proposal is valid or not, but simply assign a number to each BIP submitted.

In addition to his contributions on Bitcoin, Amir in Syria served in the YPG army and worked in the Rojava civil society on various economic projects for a year and a half.
In addition to his contributions on Bitcoin, Amir in Syria served in the YPG army and worked in the Rojava civil society on various economic projects for a year and a half.

Benevolent dictator #

The BIP 30 – Duplicate transactions was created to solve the problem of transaction collisions, the phenomenon whereby two transactions can have the same transaction ID. This BIP is nothing malicious or strange but Gavin Andresen, who claims to be Satoshi’s heir apparent is the self-proclaimed head of Bitcoin and decided that at some point (15 March 2012) the soft fork for this BIP would be activated

Who has determined that Gavin is now the new leader?

In January 2012, Gavin proposed the BIP 16 – Pay to Script Hash which allows transactions to be sent to a script hash (addresses starting with 3) instead of a public key hash (addresses starting with 1). The difference is that if I want to pay with a smart contract with two or more public keys, I cannot pay for one address but have to pay for a contract that has several public keys in it. The idea is beginning to circulate that it would be much smarter to also allow payment to the hash of a smart contract. It is complex, but the concept is that instead of paying and in the output writing: “I pay to this key, or to this key, or to this other key” I write all these conditions, I execute the complete hash and in the timechain I write: this money is paid to the hash of this smart contract; when I spend the money, only then will I reveal the smart contract I want to solve with enough signatures to do so. It is an efficient solution both in privacy because smart contracts are more private until they are spent and also in scalability because they are only entered into timechain when they are spent and not when they are created.

However, a strong argument starts because Luke Dashjr analyses BIP 16 and thinks it is very badly done and proposes BIP 17 – OP_CHECKHASHVERIFY (CHV). Luke is insistent because Gavin wants to make a radical change in the way the transaction is validated, which he assumes:

  • The fact that the hash is checked before the script;
  • The fact that the way it is represented is completely changed;
  • The limits of sigops are changed;
  • The new OP_EVAL operator is dangerous because it allows recursive loops to be created.

Luke judges that it is pointless to hash the script, it would be much better to make the merkle tree of the script so that then only certain pieces of the script can be revealed. Gavin disagrees and decides to put a flag date of 1 February 2012.

As a side effect, the developers split into factions and as a first step force Gavin to remove the OP_EVAL because it creates problems with heavy Ethereum-style attacks. They also demand the inclusion of a treshold activation mechanism, with miner signalling. If at least 55% of the miners had given the OK in their blocks there would have been consensus.

Not only miners, all users must reach consensus and in fact this flag date failed miserably and with a post on bitcointalk on 27 February Gavin announced that:

Even if we did not reach 55%, I decide that BIP 16 will be activated from 1 April 2012 anyway (and it is not an April fool’s joke).
Gavin Andresen

In block 170060, a transaction was mined and invalidated because it was not enforcing PS2H. It is estimated that up to December 2012, 45% of the miners continued to have their blocks orphaned because they did not agree with P2SH at all.

In September 2012, the Bitcoin Foundation was created, based in Washington DC and inspired by the hierarchical structure of Linus Torvalds’ Linux Foundation. According to Mike Hearn’s advice, the idea was to give Bitcoin a more organised structure, choosing a benevolent dictator like Gavin, who had been appointed by Satoshi himself via an unverifiable email sent to Mike Hearn. The Bitcoin Foundation also gained prestige in the media, becoming the official point of reference for journalists who wanted to talk to the “leaders of Bitcoin”. However, this also created one of the first major battles within the Bitcoin community, with some trying to present the Bitcoin Foundation as a reassuring institution that avoided talking about tax evasion, money laundering, etc. while others were more interested in explaining the reality as it is. In explaining what Bitcoin really stood for.

Pre blocksize war #

On 11 March 2013, there was a serious problem during Bitcoin’s protocol upgrade, which saw the replacement of the Berkeley DB database with LevelDB. The issue was that Satoshi Nakamoto had set a maximum block size of 1 mb, a limit accepted by the community as of September 2010. However, there was an implicit, unspoken limit smaller than 1mb within Berkeley DB. Consequently, although 1 mb blocks were valid at the consensus level, they were not valid at the database level and were therefore rejected. With the adoption of LevelDB, some nodes started to accept blocks of 0.9/1mb, causing the chain to split. In this general chaos, an unintentional double spending attack was successfully carried out: a transaction that was present on the old chain ended up on the new one by accident, and the merchant who had received about 9000$ saw it disappear under his nose once the chain was reorganised. Everything was caused by a consensus problem due to the change of technology at the database level.

On 14 June 2013, Wikileaks returned to accepting Bitcoin but bad news was not long in coming as on 2 October the creator of the Silk Road after a months-long manhunt was arrested and sentenced to two life sentences without the possibility of parole for creating the e-commerce.

Ross Ulbricht is currently detained in the USP Tucson, a US maximum security penitentiary.
Ross Ulbricht is currently detained in the USP Tucson, a US maximum security penitentiary.

Most likely Ross made some mistake such as using a captcha on TOR that revealed the possible IP and thus allowed the US NSA to trace the hosting server from which the site originated.

As part of the investigation, it was discovered that an FBI agent who had participated in Ross’s arrest had stolen most of his Bitcoins. Furthermore, when Ross was arrested, he was in a public library and was accessing the site’s control panel as an administrator. While he was focused on the screen, some officers staged a fight behind his back, attracting his attention. Meanwhile, other agents handcuffed him. All the Bitcoins on the site were confiscated, but some of them disappeared due to the corruption of two agents, one of whom was later arrested.

How did they confiscate Ross’s bitcoins?

Unfortunately, the bitcoins were managed by a ‘hot wallet’ and were withdrawable from the interface of the site itself.

In 2014, the Bitcoin Meetup was founded in Milan, soon becoming the largest and most influential in Europe. However, shortly afterwards, another blow arrived because in February of that same year, the exchange MtGox suspended withdrawals and declared bankruptcy due to a cyber attack. The closure of MtGox gave rise to the first chain-analysys companies and, in China, led to the banning of bitcoin and Baidoo’s outright ban on accepting bitcoin.

In 2015, Giacomo Zucco founded BlockchainLAB in Milan with the aim of bringing together the world’s best bitcoin experts in one office. Developers were free to work and do whatever they wanted, as long as they shared their knowledge and created reports that BlockchainLAB would then sell to banks and institutions. This took place in the office on via Copernico in Milan, where many important future events would take place.

Blocksize war #

Background and directions #

The blocksize war officially began in 2015, but to fully understand it, a brief excursus is necessary:

  1. On 15 July 2010, Satoshi introduced the 1 mb block size limit, which was activated in September 2010. On 4 October 2010, developer Jeff Garzik released a new client with a patch that removed the block size limit introduced by Satoshi. At this point, Theymos, owner of Bitcointalk and r/reddit, responded by saying not to use Garzik’s patched version because otherwise those who would use it would be cut off from the network. Satoshi replied with “+1 Theymos” and Garzik for his part told Satoshi that it was not so much a question of being forked or not, but was more a question of marketing: if one day there were the transactional levels of Visa, this blockchain limit would limit the amount of transactions. At that point, Satoshi replied that if it was necessary to change the block size, it would be done in the future, but in a controlled and slow manner.
  2. There are three relevant facts in 2011:
    • On 7 March 2011, Mike Hearn was the first Bitcoin developer with a salary. Google had a policy that allowed their employees to devote 20 per cent of their time to personal projects, as long as they were reported in advance. Mike Hearn proposed Google to work on BitcoinJ to bring Bitcoin to Java;
    • On 23 April 2011, Mike Hearn revealed an email exchange with Satoshi stating that Gavin Andreesen would be Satoshi’s spiritual successor;
    • On 5 May 2011, a new user joined bitcointalk: Gregory Maxwell, one of Bitcoin’s most prolific researchers and developers, known as the “ultimate villain” for big blockers. He presented himself with a long post in which he supported the block size imposed by Satoshi, as it not only avoided the risk that blocks might not be downloaded in time or cause the orphan rate to rise, but also as a purely economic matter; if there were no limit the space would be infinite and consequently the miners’ fees would be very low; the inflationary subsidy becomes too low (remember that in 2140 it will reach 0) since we know that the price is only formed on scarce goods, if the space on the block is not scarce it has no price and nobody would want to pay it.
  3. In 2012 the second fully paid employee to work on Bitcoin is Gavin Andresen;
  4. In 2013 Mike Hearn convinces Gavin to rename bitcoin to Bitcoin Core;
  5. In May 2013, Peter Todd became another villain for the big blockers by publishing the website keepbitcoinfree.org, where he posted a video with a Hollywood production explaining that the issue of blocking was not a technical choice, but a moral one, and that there were two visions: one that wanted to centralise Bitcoin by giving miners the opportunity to take control of it, and another that was free and verifiable by everyone;
  6. Shortly afterwards, on 19 August 2013, Gregory Maxwell launched the idea of coin witness by publishing on bitcointalk the article Really Really ultimate blockchain compression: CoinWitness. The first side chain idea. Greg said:

We could have many blockchains and on the bitcoin blockchain we could use something called SNARKs which is used to produce small compact proofs for long histories. We could implement an operator in bitcoin that validates SNARKs and in this way you would have entire blockchains living off bitcoin; the advantage is that we can freeze a bitcoin on the main chain and create a side coin on the side chain and when it comes back our node would only have to validate a compact proof of its history; this would improve scalability it would allow experimentation without creating shitcoins.
Gregory Maxwell

  1. On 14 October, Adam Back published a paper called Bitcoin Staging, in which he explained that it was nice to experiment with bigger or smaller blocks and different privacy tradeoffs, but it was not nice to do so by creating new shitcoins. Maxwell’s idea could be used by creating side chains;
  2. Gavin relinquished control over GitHub and passed the role to Wladimir Van Der Laan; he did not present it as a reduction of his own power, but as the fact that maintaining the repository was a demanding role, while he had to do more important things;
  3. On 23 October 2014, the whitepaper on side chains was written. In this paper, it was stated that the idea of Coin Witness with SNARKs still wasn’t feasible, but with a Satoshi-style “sort of SPV” these separate chains could be created, in which the coins could move around experiencing various trade-offs of privacy, speed and scalability. Signing this whitepaper were Adam Back, Gregory Maxwell, Matt Corallo, Luke Dashjr, Pieter Wuille, Andrew Poelstra, Andrew Miller and Jorge TimΓ³n. All of these developers, however, made a mistake: they created a conglomerate that was too big and with too many names, which created the impression of ‘centralisation’ in Bitcoin;
  4. On 27 December 2014, Mike Hearn launched BitcoinXT, an alternative client that reproduced and completed Bitcoin. The XT version arose because Mike had shortly before created the BIP 64 – getutxo message but this BIP was not implemented in Bitcoin with sufficient speed and here Mike Hearn decided to create an alternative version of the client that contained several small differences with the original, including the BIP 64.

Having said that, we can now start with the blocksize war proper: the main topic will be that of the maximum size of a block in Bitcoin and thus a purely technical topic concerning:

  • The validation time to download a timechain block;
  • The propagation time, which may or may not create orphans;
  • The possibility of selfish mining;
  • The possibility for a large miner to challenge smaller miners;
  • The management of fees.

All these technical questions open up another set of issues such as:

  • How to change the blocksize, fast or slow?
  • Should it be changed with a hard fork that is not backward compatible or with a soft fork?
  • Do we change it dynamically or in a fixed manner?

We will then address the problem of the need to scale large off-chain blocks quickly, then the question of the effectiveness of off-chain practices such as the lightning network or side chains. Two other topics of discussion will concern Satoshi’s original idea that a few large data centres can have real nodes, but that the whole economy remains protected by the SPV protocol, and governance: who decides the changes? The miners? The developers? The Bitcoin Foundation? The exchanges? Or is it the users who decide?

Finally, we will analyse the debate on forum moderation in relation to freedom of expression.

Blockchainlab and the first quarrels #

In January 2015, Giacomo Zucco’s Blockchainlab was founded, a consulting company that would function as an incubator for Zucco`s startups, which at the time had a business model based on losing money by doing cool things on Bitcoin, so that was OK.

Blockchainlab’s business model was to go to all Zucco’s clients, sell advice and training on Bitcoin not offered by Zucco, but by a team that gathered the expertise of the biggest startups and developers on Bitcoin, as well as acting as an incubator for new startups. The first incubated was Riccardo Casatta’s Geobit (who would later create Eternity Wallet) and later other figures joined, including Franco Cimatti, one of the oldest Italian bitcoiners who translated the Italian Bitcoin client receiving credit from Satoshi himself.

Shortly after, the ‘startup incubator’ part goes out the window because Zucco realises that most of these startups did not have a business model and did not want to have one. Instead of shares, the business model with which Blockchainlab consolidates is to be a research lab for developers, drawing from them privileged information to package and resell; an exchange between help services in exchange for information.

In February 2015, Thaddeus Dryja and Joseph Poon published the first paper on lightning network and only 3 months later, on 15 April 2015, a major conference took place in London during which Gavin gave a speech called Why we need the bigger chain where he expressed the need to want much bigger blocks and that Satoshi’s limitation had to be eliminated.

After the speech, in a Q&A, Gavin is asked: what happens if there is no consensus on the blocksize discussion? and Gavin answers candidly: we will do as I say, as has already happened with P2SH. This answer leaves one quite stunned, and in fact, on 7 May, the first friction arises: Wladimir Van Der Laan (the new maintener of the GitHub repo) states that he does not agree with Gavin on increasing the block size: he warns that enlarging the block is dangerous and premature, especially without the consensus of the community.

At this point on 29 May, Gavin issued an ultimatum, stating that Mike Hearn would implement the largest blocks in the alternative BitcoinXT client, and on 22 June Gavin released the BIP 101 – Increase maximum block size which in simple terms expands the maximum block size from 1mb to 8mb, and then doubles it every year.

Gavin states that by Moore's law the storage space of hard disks doubles every year, too bad the problem is not storage space but:

  • The bandwidth that does not double every year following Moore’s law;
  • The computing power to check figures, do validation, etc., does not double every year.

Gavin’s rationale for choosing 8mb was that he and Mike initially planned to expand the blocks to 20mb; the Chinese miners (who accounted for over 60% of the hash-power) were against this because they would be cut off from the network due to government firewalls. China therefore accepted 8 mb as a compromise. Later, Mike revealed that they chose 8 mb because the number 8, in Chinese tradition, means prosperity and wealth and was meant to please the Chinese miners (a great scientific motivation 😁).

Garzik then makes two proposals:

  1. BIP 100 – Dynamic maximum block size by miner vote: since the block size is voted on by a majority of the miners, if the miners have a majority they decide the block size. This is a controversial proposal because clearly a block that is too large allows one miner to throw smaller miners out of the market; if one miner were to reach a majority it could self-vote a larger block to put the entire minority out of the market, definitely dangerous;
  2. BIP 102 – Block size increase to 2MB: quicker solution: proposes doubling now, moving the problem “in a few years”. Even this proposal is not appreciated, many wonder what is the point of doing a hard fork just to avoid a problem that will recur in a few years.

Pieter Wuille (a.k.a. ‘sipa’) then intervened, proposing the BIP 103 – Block size following technological growth saying: let’s do a hard fork increase now, but not double, let’s increase by 17.7% until 2063. Sipa quotes maintener Wladimir and Greogory Maxwell thanking them at the end of BIP for positive feedback. Turns out Gregory will say: I am quoted in the acknowledgements, but my feedback is: don’t do it.I totally disagree with Sipa.

The most aggressive of them all is Adam Back who agrees with Garzik on BIP 102 because he considers it “safe” and jokingly proposes BIP 248 in which he says: let’s double right now to 2 mb and with the next halving we’ll go up to 4 mb, with the next halving to 8 mb and so on; in the meantime, off-chain and side-chain technologies will have mitigated the problem.

Adam Back is a Garzik-like big blocker, in total disagreement with Gregory Maxwell and Luke Dashjr. On one point, however, they agree: without total consensus a hard fork will not happen.

The coin of a thousand narratives, Bitcoin Jesus #

On 30 July 2015, Ethereum was (unfortunately) born: Vitalik Butarin, a very young and talented journalist published a series of articles (commissioned by Jimmy Song) on Bitcoin 2.0 protocols for ‘doing assets’ on Bitcoin. Vitalik reaches the correct conclusion that on Bitcoin, assets must be managed differently because miners do not enforce asset rules (which is the same logic that will later lead Peter Todd and Zucco to work on current issues such as RGB). The birth of this shitcoin is however important to mention because it is part of the Bitcoin story even though it has always had a thousand different narratives:

  • The first narrative is “we have to make assets better than Bitcoin”;
  • The second narrative is “environmentalism, we will use proof-of-stake rather than proof-of-work”;
  • The third narrative is “let’s extend the language of smart contracts to do distributed generic computation”;
  • The fourth narrative is like that of litecoin “low fees and fast, wide blocks”.

Vitalik becomes - albeit on another chain - an ardent supporter of big blockers and according to his vision there is no limit to the scalability of blocks, you can put anything you want in them, all smart contracts and data should be on the blockchain and the blocks should be big and with low fees.

I take this opportunity to share the moderate opinion of Giacomo Zucco on Ethereum:

I consider Ethereum to be one of the worst scams in the industry, so anyone interested in Bitcoin should absolutely ignore it and not contaminate something as serious as Bitcoin. It has all the characteristics of centralisation of development typical of altcoins, but made worse by historical precedents such as the TheDAO bailout and the ‘ok can you guy stop trading’, as well as the episode of the coin dumping and pumping depending on fake news about its creator. It has all the issues of unsustainability of scale caused by a basic misunderstanding of the trade-offs of a blockchain (“we want everything onchain”) of typical “big block” scamcoin, which makes nodes technically centralised. It has all the security flaws typical of the pseudo-technical super-bullshit of those who do not know what they are doing (to date it has proved impossible in Ethereum to even make a simple multisig secure and not be ‘accidentally killed’ by a random user… let alone complex ‘smart contracts’). It has all the moral, ethical, legal and distorted economic incentive issues of premined coins and ICOs at the same time. It has all the fraudulent “no, it’s not a coin, it’s an appcoin” rhetoric typical of ICOs. It has a change of narrative every month to ignore false promises debunked by facts and launch new false promises for the future (world computer with appcoin, nay no turing completeness, nay no unstoppable applications, nay no rich statefullness, nay no collectible kittens, nay no defi, nay no open finance, nay no store of value, nay no..). It has a creator who used to sell scams about ‘quantum computing emulated on normal computers’ before launching this scam (like someone who sells healing crystals and time machines, basically). It has a site where a phrase from TheDAO’s bailout stands out as a full-fledged commercial scam (‘unstoppable applications’). It has a validation infrastructure completely centralised by one company (infura). It has a ‘road map’ for ‘2.0’ that represents a declaration of failure across the board covered in science fiction promises. I think it’s even worse than stuff like Bitconnect, Dentacoin or BSV, because on the latter, even if a few traders made money or lost money on it, no guy threw away reputation, skill, talent and time. Ethereum, on the other hand, has diverted a lot of potentially valuable intellectual resources.
Giacomo Zucco .

Thank you Giacomo for your enlightening intervention.

On 15 August 2015 the blocksize war officially begins. Gavin and Mike together in a blog post release a communication saying that BitcoinXT in the new version will implement Gavin’s BIP 101 and that Gavin no longer directly supports Bitcoin Core. There will be no miner voting, there will be direct activation.

It has been almost 5 years since Satoshi’s passing and magically an email arrives from one of his addresses in which he writes:

I followed the recent debate, I hoped it would be resolved with a general consensus but with the release of BitcoinXT 0.11a this seems impossible and I am forced to share my concerns about this very dangerous fork. The developers of this “wannabe Bitcoin” say they follow my original vision but nothing could be further from the truth. When I designed Bitcoin I designed it in such a way that making future changes would be difficult or almost impossible without global consensus. I designed it to protect it from the influence of charismatic leaders even if they were Gavin Andresen, Barack Obama or Satoshi Nakamoto. They use my old writings to say that Bitcoin had to be a certain way but even I could be wrong and many things have changed since then. If two developers alone can change Bitcoin and redefine it as they see fit then I will have to declare Bitcoin a failed project.
Satoshi Nakamoto

This message is not demonstrably verifiable as having been written by Satoshi himself, but the substance does not change: even if it were Satoshi who had written it, it would still be a defeat to have to make the future of a decentralised protocol depend on its very creator.

On 17 August 2015, Theymos announced a new policy on Bitcointalk and r/bitcoin. Until then, only BitcoinXT was being discussed and almost all posts monopolised the two boards. Theymos states that something was being discussed that breaks the Bitcoin consensus, hence an altcoin. As the owner of the forum, he urges all those who wanted to talk about altcoin to go elsewhere: the policy would be to delete posts related to shitcoin. BitcoinXT is confined to the category of altcoins on Bitcointalk, while on Reddit it explicitly says that it can no longer be talked about.

Roger Ver, known as Bitcoin Jesus, discovered Bitcoin in 2010 and became a staunch supporter. He is a super libertarian who even renounced his US citizenship and invested in small Bitcoin startups; Roger has no great technical knowledge, but was just trying to politicise Bitcoin a bit against Gavin, Mike, Luke Dashjr and Gregory, who instead wanted to keep it more neutral and less scary. On the topic of blocksize he doesn’t care much about blocksize, but he was pushing the rhetoric of Bitcoin spending versus saving so much (I’d add thank fuck when you’ve made millions with Bitcoin :-D). He totally freaks out when he writes a post in support of Gavin and Mike, but this post gets banned by Theymos. The ego affront is total for Bitcoin Jesus, he just can’t be banned from the official board. As a result, Roger Ver becomes one of the most ardent opponents of r/bitcoin, Bitcointalk, Blockstream or Bitcoin Core, and turns into the most fervent supporter of big blockers (and every other possible shitcoin, afterwards).

On 24 August, BitPay, blockchain.info, Circle, BitGo, KnCMiner, itBit and Xapo sent a public letter stating that they had discussed with Gavin, the leader of bitcoin, and realised that the way forward was to increase block sizes. They agreed and decided to support Gavin. The entire industry decides to support BitcoinXT which seems to have the victory in the bag because it seems to have come by a choice structured by the captains of the industry which is worrying because it has political implications: is bitcoin governed by a consensus that cannot be changed or by entities that are legal and regulated mainly in the US? It seems a very easy market to regulate because if the US government takes over it immediately becomes censurable like the Linden Dollar, e-gold or PayPal were.

SegWit and the fake Satoshi #

After two weeks, Pindar Wong (former member of the IETF | Internet Engineering Task Force (informal group of engineers who developed the TCP/IP protocol) suggests to stop continuing to write blog posts but to resolve the issue by looking straight into each other’s eyes and asks Gregory, Gavin, Adam and company to discuss it in person during the Scaling Bitcoin Phase 1 conference on 12 September 2015, in Montreal.

Very timidly in the general marasmus of the conference, Gregory starts arguing with Gavin and this amiable exchange turns into a real debate when you realise that there are about 80 people present to listen to the points of view of the two developers; after about 40 minutes Gregory breaks up the meeting by stating that it was not fair for the two of them to decide the fate of Bitcoin, but that it would be appropriate to let those who had something to say about it speak, or better yet, write it all down on a board.

On 6 December the second episode of Bitcoin Scaling takes place, this time in Honk Kong. During the first instalment (apart from the discussion between Gregory and Gavin) the conference had been more dominated by the presentation of lighining networks, this time it is dominated by a proposal by Petere Wuilla called Segregated Witness; SegWit aims to improve the scalability of the Bitcoin network by increasing the number of transactions that can be included in each block and reducing the consumption of transaction storage space. The way SegWit achieves these goals is by separating the transaction signature data (called ‘witness’) from the rest of the transaction data. In this way, the transaction size can be reduced, allowing multiple transactions to be included in each block without exceeding the 1 MB size limit per block. In addition, Luke Dashjr finds that with SegWit, it is possible to slightly increase the maximum block size without performing a hard fork.

During Honk Kong, a major player emerged, Jihan Wu, CEO of Bitmain (a company that produces ASICs with a world market share of 80 per cent), who claims that SegWit is liked as a hard fork, not as a soft fork. We will understand the reason for these words later.

On 3 January 2016, Coinbase CEO Brian Armstrong announces his support for BitcoinXT, publicly downgrading Bitcoin Core. However, there is a problem because on 14 January Mike claims to have been in Honk Kong and realised that the majority of miners do not want BitcoinXT and will not support it and so with a blog post called The resolution of the Bitcoin experiment declares (according to him) the end of the bitcoinXT experiment. At the industry level they seemed very strong because they had cashed in Coinbase’s support, but at the miner level they were very weak because the miners with a tacit agreement had decided to support a 2mb SegWit with hard-fork. Again, we will understand later why SegWit hard-fork is so desired by everyone.

On 5 February 2016, two American magazines, Gizmodo and Wired, published articles claiming that Craig Wright, an Australian investor/entrepreneur, was actually Satoshi Nakamoto, the anonymous creator of Bitcoin. Wright claimed to be in possession of the 1.3 million Bitcoins related to the famous ‘Patoshi’ pattern, believed to have been mined by Satoshi Nakamoto himself.

This news caused much controversy in the community, as many bitcoiners, including Gregory, Luke and Wladimir, distanced themselves from Wright, believing there was something fishy about his claims. Wright then changed his narrative, self-proclaiming himself the leader of the big blockers and claiming that it was necessary to increase the block size to gigabytes or even terabytes or that SegWit was ‘crap’.

Bitcoin Classic & Figures #

On 10 February 2016, Gavin launched a new Bitcoin client called Bitcoin Classic, which has much less support than BitcoinXT. Shortly afterwards the Honk Kong rounde table takes place with some of the developers and miners who had met during Scaling Bitcoin phase 2. This meeting takes place because some of the miners were threatening to run Gavin’s Bitcoin Classic; the point is still there, the clear content that emerges from Jihan Wu is once again that it is not so much a question of block size, but that SegWit should be done as a hard fork that is not backward compatible, not as a soft fork.

Bitcoin Classic is called this because it seems to mean: let’s make a change, but one that respects Satoshi’s original vision. Even if it is a change it is practically back to basics. A sleazy marketing move, I might add.

After two days of intense discussions, the following agreement was reached:

“We Chinese miners, pledge not to run Bitcoin Classic but only Bitcoin Core. In return, we, the bitcoin developers here, pledge to develop a hard fork for SegWit that will only be accepted if the community will accept it’.

Gregory Maxwell, at the time CTO of Blockstream argues with Adam Back because Greg says: “you don’t represent anyone, you are not Bitcoin and you can’t make deals behind closed doors. Bitcoin is Bitcoin and doesn’t care about your agreements “. Adam replies to Gregory that they are not committed to changing Bitcoin with the deal they made with the miners, but that they are committed to developing code that does a hard fork and that they will only offer it in production if there is consensus.


On 2 May 2016, Gavin Andresen marks a step that totally changes the history of the war with a blog post in which he states that he was invited to London on a private jet by Craig Wright who privately proved to him that he is Satoshi Nakamoto. He also claims that a few days later Wright will prove to the world that he is Satoshi with a public signing.

As it turned out, Craig does not really sign, he publishes a post in which he appears to sign but in reality the signature he proposes is false. Wraith then publishes a post in which he says he can’t sign because he doesn’t have the strength, he can’t make himself public because he cares too much about his privacy. And he deletes his blog.

Great figure! 😁

Shortly afterwards, on 5 May 2016, at a conference called Consensus Gavin continues to argue that Wright is Satoshi and at this point Vitalik Buterin also has his say with an excellent intervention:

On 6 May 2016, Wladimir (the GitHub maintener) removes Gavin’s keys and says that Gavin’s endorsement of Wraight is dangerous and could lead to fears of Gavin being compromised. Gavin has more access to the Bitcoin repo.

Events in blockchainlab #

On 27 July 2016, a split occurred within the Blockchainlab group, Lawrence Nahum (chief scientist) was acquired by Blockstream, one of the three symbols of evil for big blockers and one of the three heroic symbols for small blockers. The three victorious symbols were:

  • Bitcoin Core;
  • The forum/reddit moderator circuit, hence theymos and cobra;
  • Blockstream.

Blockchainlab has a figure in the lab who is also a Blockstream employee; another member of the lab was Franco Cimatti (HostFat) who was an avid big blocker but more from a free speech point of view against bad censorship: his theme was not so much ‘is a big block better’ as ‘is it better to have the possibility to change Bitcoin, everyone should be able to do and have his say’.

The rift in blockchainlab became irremediable and Zucco, no longer bound to hold the reins of the factions, began to take sides and proposed to Pinder Wong Milan as the venue for the third episode of Scaling Bitcoin.

Two ‘big actions’ are perceived as taking a stand by Zucco and the blockchain lab:

  1. Choosing to host and organise a conference geared towards small blockers;
  2. By directly participating in the drafting of the conference programme, Zucco and the other organisers have to decide which papers can be presented and which cannot; in the two days of the conference, there is time for a few dozen presentations, so the choices are made on a qualitative basis. The main topic is that given the idea of the limited size of blocks on a blockchain, how can one best scale the protocol?
    • Despite the main topic the organisers still left a section to talk about radical changes in consensus and increasing block size; in this section there was a Meni Rosenfeld presentation on elastic blocksize: her idea was that you could temporarily make the block bigger when there was overhead on the mempool and then make it smaller when the overhead was over. Obviously it was not the miners who decided when to enlarge and shrink the block but were choices determined by rules based on the lowest possible transaction fees throughout the block. This proposal is not presented but Bitcoin Unlimited is: the new holy grail of big blockers on which consensus is converging after Bitcoin Classic was killed. Too bad, however, that the paper was of unacceptable quality.
    • Peter Todd presents the idea of client-side validated Bitcoin, which will mark the birth of RGB. Peter Todd argues: not only do miners not have to decide the size of blocks, they do not have to know which transactions are valid or not. Miners only have to get paid to include what he calls a single-use-seal in the chain. If Alice pays Bob the proof of payment including signatures, which includes input scripts and output scripts should be passed peer-to-peer from Alice to Bob and only the hash of the transaction should end up onchain so that not even the miners can know what Alice and Bob are doing. This would provide remarkable scalability and fantastic privacy;
    • The only real consensus change that is discussed and tolerated is SegWit as a soft fork with possibly a blocksize increase. It can be done in soft fork because the transaction that is seen by the old nodes is a very small transaction because it no longer includes the spending scripts (only input and output). The spending scripts (including signatures) are all moved to a parallel structure called a witness program which is sent separately with the block, and is committed within the block; as a result there are new nodes which can pass up to a theoretical maximum of 4mb of data per block, while the old nodes see these transactions as valid and see 1mb (and do not see the witness program).
Some fifteen big blockers including Jihan Wu and Roger Ver will also attend this conference. They are very recognisable because they have distributed T-shirts with Hard Fork CafΓ© written on them, mocking the Hard Rock CafΓ© logo.

The real declaration of war occurs when the group of big blockers even forka the final party at the end of the conference: they organise an alternative party called the free speech party which has the usual rhetoric: during the conference you were forced to listen to what the committee wanted you to hear, whereas in our free speech party anyone who picks up the microphone can propose any change to the consensus.

Many people go to this alternative party and the shocking thing is that they managed to bring all the Chinese miners to the event. There is only one exception, miner Wang Chun, CEO of the F2Pool, who went to both the alternative party and the official one.

It was the third conference in the world with the most important Bitcoin developers under one roof, there was an obvious single point of failure problem, and in this regard the international organising committee imposed stringent rules such as that the entire food production chain had to be particularly verifiable. Giacomo Zucco commissioned an international security company with experience in counterterrorism because it was able to guarantee excellent security along with a high degree of discretion. As is well known, bitcoiners do not like to be stopped, searched or harassed.

Zucco pretends to be ex-Mossad to ferret out terrorists from the third edition of Scaling Bitcoin /s
Zucco pretends to be ex-Mossad to ferret out terrorists from the third edition of Scaling Bitcoin /s

After Bitcoin Scaling Zucco provides the offices of Blockchainlab to do two things:

  1. Host the Bitcoin Core Meetup, official developer meetup in the days following the conference;
  2. Gabriele Domeninichini was an employee of Blockchainlab who was intent on testing:
    • The implementation in GO of lightning network by Thaddeus Dryja and Joseph Poon;
    • The implementation by Christian Decker who had invented something entirely comparable to lightning network, later hired by Blockstream together with long-time linux developer Rusty Russell. The two of them were working on this implementation in C;
    • Two very clever French guys, they had started to make a hardware wallet but then they realised that there was already a hardware wallet in Paris that was very strong and called Ledger. They changed direction by building a lightning implementation called eclair, creating the company called ACINQ. Gabriel had installed them all and realized that even though in theory they were all working on the same idea, there was a lack of common specifications. Then Zucco persuaded Elizabeth Stark of Lightning Labs to gather all these companies/developers with the idea of having all these minds work together until they produced interoperability specifications that all implementations would follow in order to do routing and open channels between implementations.
This is not the first time such an approach has been successful, a few months earlier Riccardo Casatta was working on notorization in blockchain do timestamping and Peter Todd and 3 other people were also working on something similar. After joining forces in a group brainstorming in Milan it was chosen as the unique protocol opentimestamps, by Peter Todd

Brainstorming in Blockchainlab in Milan, based on pizza /s (a thanks to OpenAI)
Brainstorming in Blockchainlab in Milan, based on pizza /s (a thanks to OpenAI)

Back on lightning, all participants finally converge on a protocol called: Protocol Milano; in fact two days later, the name of the protoclle was changed to BOLT (basics of lightning technology).

In november 2016, version 0.13.1 of Bitcoin Core comes into play, which includes the code for SegWit and the signalling mechanism (the signalling by the miners that says “we are ready” ) that allows the activation of the soft fork. It goes into production immediately but there is an activation delayed until the following months and requires a threshold of at least 95 per cent.

The Punchbowl: Bitcoin Unlimited #

On 30 January 2017, a miner running Bitcoin Unlimited mines a block larger than 1 mb, which is immediately orphaned from the network.

On 12 March 2017, Shaolin Fry (fictitious identity) proposed BIP 148 – Mandatory activation of segwit deployment, which is essentially a version of Bitcoin Core that requires miners to report SegWit adoption by a certain date. If miners fail to do so, all blocks that do not include SegWit will be considered invalid. This proposal is extremely aggressive, as it requires miners not only to accept SegWit, but also to report its adoption or risk being excluded from the network. Most Bitcoin Core developers oppose BIP 148, except Luke Dashjr, who states that: users make the rules, miners must adapt or risk seeing their blocks rejected. Thus, a movement is formed that argues that Bitcoin Core’s decision not to support BIP 148 is a minority within the community. Opponents argue that although SegWit is a good solution and works well, it should not be imposed urgently, as this could destabilise the consensus within the network

On 15 March 2017, a curious thing happened on Bitcoin Unlimited. On this alternative version of Bitcoin there were a whole series of new technologies, one of which suffers from a bug that pulls all the nodes down from the network at the same time; both Jhian Wu and Gavin Andresen publish a communication on Slack in which they say that it is the case to counterattack against Bitcoin by producing empty blocks: their idea is since there was a bug and this bug crashed everyone, someone must have exploited it. Surely it must have been the bad guys from Bitcoin Core and they wanted revenge.

Bitmain (Jhian Wu’s company) in a chat talks - although there is no official document as proof - about 100 million dollars being allocated to produce empty blocks and attack the Bitcoin network. In this way they plan to kill it, leaving only Bitcoin Unlimited alive.

After two days, all the world’s largest exchanges (except Coinbase) signed a letter against Bitcoin Unlimited in which they stated:

  1. If reply protection is not included on Bitcoin Unlimited they will never list it (reply protection means that if you split the network and on one of the two versions of the chain I spend a UTXO then no one can take this expense and broadcast it on the other chain);
  2. Fixing the reply protecion is equivalent to declaring that Bitcoin Unlimited is the altcoin over Bitcoin.

Fortune sees us very well and the next day, 18 March, an even worse blow happens: the Bitfinex exchange launches futures, i.e. contracts in which one can give one Bitcoin and receive two futures in exchange, one on the core version and the other on the unlimited version. They open the market and at the beginning the futures on unlimited trades at 20 per cent over the core version; later it stabilises at around 3 per cent in value. The thing that these futures make clear is that when it comes to actually putting money on one of the two, 97% of the capital was on Bitcoin and not on Bitcoin Unlimited.

On 5 April comes yet another devastating blow, because Gregory Maxwell publishes a post about covert AsicBoost. The idea is that when you apply sha256 you don’t hash the whole file but divide the file into chunks and hash each chunk; in the specific case of the block header you need two chunks to make a 1mb block. If you need to change the hash because you haven’t found the solution to the block, instead of making the hash of two new chunks of the header you can keep the first one still and only change the second one you save time with each hash. There are two ways of doing this, an obvious one where you use the signalling bits inside the block header as entropy (and you are obviously optimising with this AsicBoost technique). Greg instead discovers that by putting bitcoin transactions in a certain order, it is possible to do AsicBoost without showing that you are doing AsicBoost. He also realises that:

  • SegWit as a hard fork creates no problems for AsicBoost;
  • Segwit as soft fork breaks the possibility of doing ‘hidden’ AsicBoost.

Then Gregory Maxwell takes the FPGA firmware that makes Bitmain’s ASICs go and realises that there is a hidden optimisation in all the machines do hidden AsicBoost. Bitmain had a competitive advantage in production, which is why Jhian Wu wanted SegWit so badly just as a hard fork 🀒. A big scandal broke out, followed by another scandal also discovered by Gregory Maxwell and called antbleed: it turns out that if Bitmain had wanted to, it could have sent a signal via the internet that would have remotely shut down and killed the ASICs sold by Bitmain.

On 6 April, two more events take place:

  • Samson Mow enters blockstream, one of the number one enemies outside blockstream enters enemy number one which is blockstream;
  • Joseph Poon, one of the two creators of the lighining network, in opposition to SegWit had proposed an alternative called extension blocks which for some reason also suited Jhian Wu as a soft fork unlike SegWit. It was later discovered that extension blocks did not break Bitmain’s hidden ASICBoost.
Joseph Poon quits Bitcoin to go work on Ethereum. Leaving the Bitcoin world reveals that there is a secret chat on Slack called Dragon's Den led by Samson Mow, which aims to bully people online. And that he considers himself a victim.

NYA and Bitcoin Cash #

On 22 May 2017, another edition of Consensus takes place (the same conference where Gavin was ridiculed by Buterin) and what happens is that the conference organiser (Coindesk) announces that they have resolved the scaling debate; in particular, it declares that they have arranged an agreement between all the major Bitcoin companies which accept SegWit but as a hard fork. This agreement is called the New York Agreement. Over the next two days, some 50 start-ups appear to support this decision, and among these companies are Blockstream, Lightning Labs, etc. It seems absurd that there are also purely small block companies, and indeed it is, so much so that many of them publicly deny this news because they had never signed or accepted such an agreement. It turns out, shortly afterwards, that a Coindesk employee had simply started publishing memberships from any start-up, without asking anyone. About twenty out of fifty were totally false and were not part of the New York Agreement.

James Hilliard, developer and miner makes a proposal to all participants who supported the hard fork with SegWit by publishing the BIP 91 – Reduced threshold Segwit MASF in which he says: “you want SegWit and we want SegWit too. Do it as soft fork (which Jhian Wu does not like), then if it passes we will agree to the hard fork which is the central part in the dispute “.

From 22 May to 5 June 2017 there is a lot of debate, but the discovery of the AsicBoost hiding plays a major role in public opinion; even some convinced big blockers become sceptical.

Around 20 June, the Unicode consortium is introducing the Bitcoin logo among its fonts.

On 21 July, BIP 91 was accepted and the real ’lock-in’ came. Jhian Wu publishes a reaction post in which he states that a very serious wrong was done, that these were not the agreements, and saying that they will do a user activated hard fork (UAHF). What Jhian proclaims is the arrival of Bitcoin Cash, which will be available from 1 August. This new version will have a larger blockchain and will not contain SegWit.

On 9 September there is a new conference, Breaking Bitcoin. At last they are no longer talking about scalability but about ‘how to break Bitcoin’ and all the possible attacks and security problems:

In the same conference on stage a few miners are asked if they will support the 2x fork and in that case Alex Petrov of BitFury replies: no wait, I when I signed the agreement I meant that if there is consensus we will do a hard fork, it is clear if there is not we will never mine blocks with 2mb (raised to 8mb with the witness program discount). After Breaking Bitcoin, with this interpretation by Petrov, many others like RootStock or Xapo confirm this version. Still others like Coinbase or BitPay send emails to their users warning them to download the new version of the software because otherwise they would be cut off from the network. A reckless move, and among other things before the official launch of this software (which was immediately aborted), a flaw was discovered for which the network would collapse immediately from day 1. In addition, this version contained two rather strange things:

  • The implementation of some address blacklists;
  • The elimination of bootstrap nodes in favour of enterprise nodes (πŸ€”). These nodes are needed because when Bitcoin Core when first launched it doesn’t know where to find the other nodes, so it uses initial nodes (there are 6) hardcoded into the software which are those of a number of historical developers and from these 6 it develops its own peer-to-peer network.

When BitPay sends this email inviting users to download a new version of the software for security reasons (without any other explanation), French developer Nicolas Dorier says:

This is too much, my trust in you is broken and I will make you obsolete.
Nicolas Dorier

A few days later. programming like crazy in C# he published BTCPay Server, a BitPay clone without BitPay, open-source and free for anyone.

On 8 November 2017, the blocksize war ends.

The modern era of protocol #

Misfortunes & low blows #

After destroying the villain called the New York Agreement one realises that Bitcoin is an impossible beast to tame. If 80% of the hashrate, the largest newspaper at the largest Bitcoin conference, the largest ASIC producer, the largest exchanges and the majority of developers fail disastrously in their attempt to take control of Bitcoin, yes, Bitcoin is indomitable. There is a mad enthusiasm in the air.

However, this enthusiasm is dampened by two negative events and a third ambiguous one:

  1. On 14 November 2017, a few days before the start of the Baltic Honeybadger conference, a Bitcoin Cash programmer uncovered an inflation bug in the Bitcoin Core code and claimed that if it was exploited it would allow another episode of uncontrolled inflation as happened at the beginning of Bitcoin’s history and forced Satoshi to perform a soft fork.

This bug was inserted into the protocol by an update by Matt Corallo, to make it simple: a node checks that a transaction is valid, that it has a valid script, valid signatures, and that it does not create inflation. All this is done both before it enters the mempool and when a block actually arrives that has been mined; so there are two checks, of the mempool and of the block.

Matt, in a series of optimisations drops one of the two controls and the interaction between two releases in a row effectively creates this difficult but not impossible to exploit bug, creating unlimited inflation. The difference with Satoshi’s bug is that that was already there, this one was introduced and has baffled many people because it means that: - The core developers who humiliated the ‘heretics’ Gavin, Garzik & Co., whom they derided for the Bitcoin Unlimited bug and the New York Agreement bug (which would have destroyed the network) reveal that they too are not infallible; - Social dynamics have been created whereby some people make commits that are not reviewed by anyone because those developers are deemed too good to fail; - The discovery does not come from the core team, but from a Bitcoin Cash developer.

  1. Steam finally drops support for Bitcoin, after accepting it for almost a year. It announces this in a blog post and the reasons are:

    • It’s too volatile;
    • The on-chain fees were too high (but on this it must be said that the mempool was clogged with empty blocks, graize Jhian).
  2. On 9 December, the first Bitcoin futures contracts authorised by the Chicago Board Options Exchange are announced and normalised. Shortly before these futures contracts came into action, Bitcoin hit its absolute peak for that period on 17 December; the average peak was $1,9783.

Fast forward to 2022: Many are frightened by the fact that the historical low of this cycle is lower than the historical high of that time. Opening bitcoinvgold and also checking on Jameson Lopp’s tool, what we see is that in fact the price of Bitcoin in real purchasing power was overpriced in 2017.

Brilliant idea: taproot #

The year 2018 began with a market depression, but on 22 January Gregory Maxwell launched a very interesting idea. Changes to the protocol had been under discussion for a long time, but two in particular were much discussed, namely:

  • Schnorr signatures: as already mentioned in the first chapter, the most obvious advantage of these signatures is that if you can have a key that is the sum of Alice’s key and Bob’s key and when there is to be signed, sign Alice, then sign Bob and add the two signatures together, the signature you get is a valid signature for the sum of the keys. In essence it is like an off-chain multisig;
  • (Merkelized Abstract Syntax Trees) MAST which is a technology that works by creating a merkle tree representing all the spend options included in the transaction. Only the option actually used is then included in the transaction, making it smaller and more efficient. Furthermore, MAST makes it possible to create contracts that can only be executed under certain conditions, making transactions more flexible and powerful. in January 2018 there were already two different forms of this idea, BIP 114 – Merkelized Abstract Syntax Tree and BIP 117 – Tail Call Execution Semantics. They were incompatible with each other and so only one had to be chosen.

Gregory fires off a brilliant idea:

Instead of putting the merkle-root of our script on the timechain as output, let’s put a public key schnorr because every contract almost always has a degenerate case (the most obvious case) which is the one where all participants agree. Let’s do the typical contract on Bitcoin where the public key is a key that is the sum of all the participants’ public keys so if all the participants agree, they all sign, the signatures add up, it is spent and there is no need to manage the contract. This public key is manipulated by multiplying it by the merkle-root. If, on the other hand, there is a disagreement, we choose which of the branches of the contract needs to be activated, we go back up the merkle-tree with the merkle-proofs and show how that merkle-root was included in the manipulated public key.”
Gregory Maxwell.

Greg takes Schnorr’s signature proposal, takes the two MAST proposals and fuses everything together into this idea he calls taproot.

Also in January 2018, Stripe dropped support for Bitcoin, as Steam had already done. We are in the era when SegWit is already in production and the lightning network is spreading, but it was still too niche and had not yet reached the mainstream.

On 23 March 2018, an important non-technical event happens. At the time, the most famous book was definitely Mastering Bitcoin by Andreas M. Antonopoulos. The Bitcoin Standard by Saifedean Ammous appears and soon becomes mainstream because it has a profound impact both on many bitcoiners and on many people who do not know bitcoin but who begin to be interested in it from a purely economic point of view.

This book is one of the items to be cited by Micheal Saylor and Jack Dorsey as the moment of enlightenment. πŸ˜‡

Drive chain and post-maximalism #

On 31 March 2018 the Blockchainlab closed for good while on 7 April 2018 a new phenomenon was born with an article on Paul Sztorc’s blog, truthcoin. His idea is to create a kind of prediction market on bitcoin; some functions were missing and instead of proposing to alter bitcoin to introduce them Paul became one of the biggest supporters of side chains which, however, had started in a certain way (a trustless idea) but then ended up in a trusted mode.

Paul disagreed with this mode and proposed the idea of drive chains which in essence would allow miners to vote on the history of a side chain so that the nodes do not have to verify it themselves but have to trust the majority of the miners. It is a totally different trust model that puts a lot of power in the hands of miners and since the miners had behaved as an adversary element with the SegWit story this creates friction and doubts about the very concept of trusting the miner as a decentralised system. Many people had therefore rejected the idea of the drive chain because it was considered too dangerous; Paul also saw his proposal as the solution to the blocksize debate, because the main-chain would have the small blocks while the drive chain would have the big blocks; but again, it never went through because it required too much trust towards the miners.

There is among other things a wonderful article by Paul on proof-of-work called Nothing is Cheaper than Proof of Work.

On 7 April without Paul he published the article Bitcoin Post-Maximalism in which he inaugurated a trend: already in 2014 there had been a phase of anti-Bitcoin hatred by former bitcoiners who had made a lot of money only to lose it in the market crash. With this article by Sztorc the concept of post-maximalism or anti-maximalism was born, which is a cultural reaction due to the fact that when the world of shitcoin collapses disastrously they blame the maximalists who warned about the future collapse of shitcoin. Particularly with the collapse of ICOs, Sztorc says that the reason for the market collapse was not because an unsustainable bubble had been created and everyone was doing ICOs randomly, the reason is that the maximalists had prevented drive chains and that if only there had been drive chains the market would not have collapsed. So, he declares that he is no longer a maximalist.

It begins a wave that leads to at least 11 of these.

eltoo, RGB, lightning torch, CoinJoin war and blocklist #

On 30 April comes a technical innovation by Christian Decker, Rusty Russell and Olaoluwa Osuntokun which is the paper of eltoo; eltoo is Decker’s idea theorised years before, very similar to Thaddeus Dryja and Joseph Poon’s Lightning network. eltoo is a different way of doing lightning networks with much simpler and less risky backups, multiparty channels and other small advantages. It’s a nice idea but for it to work it requires an onchain modification which in April 2018 is proposed with the BIP 118 – SIGHASH_ANYPREVOUT for Taproot Scripts. Basically when creating a transaction in Bitcoin, you need to sign each input with the private key of the owner of the funds. However, normally only the current input can be signed, not future or past inputs. This means that if an input is moved to a different transaction, its original signatory can no longer use its signature to ensure that the input is only spent as desired.

SIGHASH_ANYPREVOUT is a signing option that allows an input to be signed so that it is expendable in any future transaction, regardless of whether the input has been moved or not. This allows signatories to retain control over how their funds are spent even if the input is moved to different transactions.

It receives critical acclaim but remains a general idea, Christian doesn’t want to push the idea too hard because he doesn’t want to be a soft fork.

On July 3, 2018, Zucco presented the RGB protocol in Lisbon, sharing documentation and ideas, and from then on the theme would be carried forward by a team of Ukrainian boys led by Maxim Orlovsky; later Federico Tenga would arrive at the delivery of the first RGB wallet: (Iris Wallet) released in October 2022.

In January 2019 an anonymous twitterer called Hodlonaut came up with the idea of setting up a lightning relay network called lightning torch: he created a tweet saying he would send 100000 satoshi to the first person to reply to him with an invoice, that person would have to add another 10 thousand satoshi and send 110000 saotshi to the first person to reply to his tweet and so on, to see when lightning could scale. The experiment becomes gigantic after being relaunched by the likes of Elizabeth Stark and Jack Dorsey, and not only that: it goes to Iran, violating US sanctions through a Scotsman after Bitcoin Magazine declines the invitation because it fears legal repercussions. This torch becomes very famous and in fact scammers also start arriving: in particular, when the torch is ‘in the hands’ of Zucco a user called bitcoin wizard puts an invoice and disappears with all the loot (it was an account created relatively recently but with many interactions and followers also known). At this point Zucco repays the torch in full by putting in his satoshi and restarts it; when the torch reaches a particularly importnate size it is given to Bitcoin Venezuela, an association of volunteers to help Venezuelans suffering from the problems of hyperinflation and dictatorship.

On 12 April there is another important event: the We are all Hodlonauts. Hodlonaut has become very famous for the torch, has reached 10 thousand followers on twitter and uses some of his popularity to warn everyone about Craig Wright; Hodlonaut receives a threatening letter from Craig Wright’s court. He is anonymous, but Calvin Ayre (millionaire who funds Craig Wright) in a publication of his called CoinKeeg puts a $5000 bounty (paid in Bitcoin Satoshi’s Vision) on anyone who reveals information about Hodlonaut’s identity. A person who had figured out from someone that he might be in Oslo manages to call Hodlonaut’s employer posing as a Norwegian police officer who was investigating this twitter account; the employer seriously believes he is a policeman, reveals his full name and address, and a summons from Craig arrives at the house because he is being sued for defamation.

This event kicks off a beautiful campaign because everyone starts putting their own profile picture of Hodlonaut and puts it in the Hodlonaut helmet.

twitter invaded by support for Hodlonaut
twitter invaded by support for Hodlonaut

The case of Hodlonaut vs Craig Wright ends in October 2022 with Hodlonaut winning.

On December 23, 2022, Hodlonaut with a tweet announced that Craig had requested (and been granted) an appeal.

On 1 May 2019, the BIP 78 – A Simple Payjoin Proposal was awarded to Nicolas Dorier, the PayJoin is a kind of CoinJoin where along with making a CoinJoin, you also make a payment. Specifically, the PayJoin works by inserting a sender’s input and a receiver’s input into the same transaction. This means that instead of sending the funds directly from the sender to the receiver, the funds are first sent to a ‘middle’ address, where they are mixed together. Subsequently, the sender and the receiver can ‘withdraw’ their shuffled funds from the ‘middle’ address using their private keys. In this way, outside observers cannot know for sure who sent and received the funds, since the funds were mixed together.

A few days later, on 8 May 2019, there is the first semi-credible (and therefore worrying) proposal to roll back Bitcoin for the purpose of protecting individual interests. Specifically, Binance is hacked and its CEO Changpeng Zhao declares that he will pay the miners to orphan the chain where the theft occurred; he wants to spend those transactions again and convince the miners to start another chain. It’s not a matter of passing an invalid state but making a reorg that maintains the actual rules; even just making a deliberate reorg to repair an issue of bad security on Binance’s part was very controversial. And in fact it will never happen.

FUNDS SAFU!
"FUNDS SAFU!

Speaking of onchain privacy on 2 August starts the war of CoinJoin implementations. The CoinJoin is that kind of transaction where several parties put their inputs together; initially Satoshi in his whitepaper wrote that when a transaction has so many inputs it is obvious that they are made by the same person and so it is a limit to onchain privacy because this linking is necessitated by some heuristic; actually a few years later the usual Gregory Maxwell with a post on bitcointalk commented that it was not necessarily true that all the inputs were from the same person. All you had to do was implement a good wallet to do it. Gregory Maxwell, theymos and others raffled off 15 Bictoins as bounty for the construction of this wallet but the creation of this prototype lagged until nopara launched zerolink which takes David Chaum’s original e-cash idea and puts it in the context of CoinJoin then blinds the coordinator, as was the e-cash coordinator in the 90s who prevented double spending without knowing what he was signing thanks to blind signatures. Similarly, the CoinJoin coordinator is blind; the implementation is done on both Wasabi and Whirpool, Samourai’s wallet service.

On 2 August, Dojo was launched, a subordinate application to Bitcoin Core which travels with Bitcoin Core and is used to communicate with the Samourai wallet. Dojo is necessary because before then when using Samourai and Whirpool it was true that during CoinJoin the server was blinded by David Chaum style cryptography but it is also true that Samourai is a mobile wallet and all public keys are required to enter and exit CoinJoin. This criticism is partially solved with the launch of Dojo, because if few users use Dojo and many use Samourai ’normally’ the result is that if a person using Dojo enters a CoinJoin with many users using Samourai, it is obvious what your public key is in and out because it is the only one that is untraceable while everyone else is.

This is historically important because with the launch of Dojo, criticism begins from Luke Dashjr and Gregory Maxwell who warn that this implementation is no good and suggest not to use it. Many other developers join in and what emerges is the beginning of a no-holds-barred, not technical, but cultural/moral battle.

On 3 December 2019, Bitfinix became the first exchange to integrate lightninig networks.

On 12 December 2019, the first “second generation” lightning wallet called Phoenix is released, an experimental wallet with this idea: “tomorrow when everyone is using Bitcoin and onchain settlement cannot be accessed for small amounts (for normal payments we will all use layer2 or other forms however off-chain) what is the point of having a complex wallet where you manage both onchain and offchain?”

It is therefore pointless to show two types of amount, one onchain and one on each open channel. But I’m not showing all the channels either, I’m making an abstraction. It is like when surfing the Internet, we don’t want to see every TCP connection to every node, if we really have the scruple we can explore the advanced options, but basically the browser makes an abstraction to hide this complexity.

This simplicity presents many compromises and trade-offs:

  • On the level of privacy if one does not use TOR with Phoenix one sees the IP address in the clear and can still observe all open channels;
  • When I receive money from someone doing an onchain transaction a submarine swap is done, which costs a lot of money;
  • It lends liquidity but has very high costs.
On 27 December, 2019 came to a close with the failure of the Libra experiment, Facebook’s cryptocurrency. All the most famous bitcoiners were called by journalists of all kinds to comment on this experiment; they simply responded with the example of early PayPal and the Linden Dollar.

On 6 January 2020, a proposal that will only be a drama in 2022 goes unnoticed: BIP 119 -- CHECKTEMPLATEVERIFY by Jeremy Rubin. It is a form of covenants: the way bitcoin works today, if I can spend a bitcoin I can just spend it. I meet the spending conditions, it goes into the input and is consumed. Then I create another output with totally different spending conditions. I satisfy the A conditions and create the B conditions. There is no spending condition B that says: you can only fulfil this spending condition if the outputs you create in turn fulfil this other condition. It cannot be said that a coin can only be spent in a transaction whose further output script criteria are pre-determined.

On 19 January 2020, Pieter Wuille, Jonas Nick and Anthony Towns were awarded the BIP 341 – Taproot: SegWit version 1 spending rules discussing taproot. After two months on 16 March the isolations for COVID-19 begin and there is a general collapse of the economy, even Bitcoin takes a big plunge to $5000.

On 11 May there is the third halving party with half the world in lockdown and on 9 June comes another Bitcoin drama, that of blacklists. The Bitcoin software includes a part that blocks IPs of nodes that spam, are untrustworthy or generally break boxes. There is practically such a thing as a blacklist, but in American culture as early as 2020 there is a fashion for attacking software projects with the excuse that the words blacklist, whitelist or master-slave evoke sad memories of slavery and that therefore different terms should be used. On 9 June 2020, a random user (with no other contributions) makes a pull request on Bitcoin Core to replace the word blacklist, which is racist, with the word blocklist. In addition to being a semi-comic intervention it also has a technical problem because it would be very ambiguous as a term within Bitcoin’s software; this pull request is immediately taken into production without debate by Marco Falke, because he wanted to avoid “messes” and makes it clear that if he refused that pull request he would draw people on him who would accuse him of being a racist. So he takes it into production, of his own free will. Bitcoin Core finds itself in production with the merge of a ridiculous request and this pisses off a lot of developers who point out that Bitcoin Core is not a little game where people go to make political propaganda, but it is serious software and you certainly don’t send a pull request into production without the community accepting it. The situation escalates to John Newbery not only starting to defend this move ‘for inclusivity’ but even banning a contributor who had made pull requests on BTCPay Server from the repository. This fact is very negative and is the start of an issue that lasts to this day. The role of the developers changes, evolves: in the blocksize war, the developers are the ‘heroes to defend’, whereas here we can see that these same people are weaker against this type of populusmo that has begun to affect society. The new wave of developers is subservient to this puritan vawe and the fear of being ousted from projects becomes more and more vivid, even though such behaviour has nothing to do with the ability to manage a repository or create software. The difference with the 1990s or early 2000s is poignant, the old approach was one of ’no bullshit’, insults and libertinism in the costumes of colourful characters was the norm.

Richard Stallman was ousted from his foundation, the Free Software Foundation (FSF), due to certain statements and behaviour that were deemed inappropriate and damaging to the cause of software freedom. In particular, Stallman was accused of making sexist statements and advocating inappropriate behaviour towards victims of sexual abuse. The FSF decided to remove him from his leadership position to protect the integrity of the organisation and to ensure that his efforts to promote software freedom would not be tarnished by inappropriate behaviour.

Think free as in free speech, not free beer
"Think free as in free speech, not free beer."

On 3 September 2020, the financialisation that had started the year before with the Chicago futures continued, and on 30 November the previous peak was again exceeded; the dollar price touched and exceeded $19850, and thus we officially entered the bull market.

Present and future #

Taproot lock-in and the Co2 fable #

We are in the contemporary era, so for the sake of convenience let’s start arbitrarily from 2021.

The year 2021 begins with Elon Musk’s likeable character announcing on 8 February that Tesla will put part of its treasury in Bitcoin, expressing a general distrust of the dollar and other fiat currencies in the post-lockdown and current general context. As of 24 March Tesla directly accepts Bitcoin to sell its cars.

Musk relies on BTCPay Server with which a good partnership was born and triggers a very bullish wave for Bitcoin. All this hype and power was not expected, based on a conversion by a celebrity like Musk. The celebrity effect is so surprising and the euphoria is through the roof, there were really all the right conditions for the price to rise.

On 12 February, a user launches a twitter campaign #LaserRayUntil100K which literally means laser eyes until the price of Bitcoin reaches $100k and everyone goes wild on twitter with new pictures of people with laser eyes

Think free as in free speech, not free beer
The laser eyes of Micheal Saylor.

On 6 March, the whole taproot issue got underway, but as we saw, there was already BIP 341, even though there was virtually no trace of an actual proposal for activation; the discussion was strong, but not about taproot per se because there was neither technical nor political opposition (unlike SegWit). Taproot was fine with everyone. The real debate was about how to activate it in production; two factions were created:

  • Faction BIP 8 – Version bits with lock-in by height: “let’s give the miners time to tell us they are ready, if they are not ready we will still enforce this soft-fork”;
  • Faction BIP 9 – Version bits with timeout and delay: *“let’s give the miners time to tell us they are ready, if they are not ready the soft-fork will fail”;.

These factions create a problem because wanting to be conservative, the BIP 9 approach was certainly considered better, on the other hand developers who have generally always been very conservative such as Luke Dashjr insisted that this kind of ‘conservative’ approach had allowed the miners to create a political movement to turn the signalling of preparation for a soft fork into a political vote of decision.

At the end of the day a proposal comes out that has the unbelievable, it is brought forward with immense power by the Bitcoin Core development but actually displeases everyone. This proposal is called Speedy Trial and allows BIP 9 to be granted to miners, but without wasting a whole year waiting for miners to sign up, it gives a maximum time of 1 month. This gives plenty of time to try, fail and possibly raise a BIP 8 later.

After the speedy trial is proposed, the entire BIP 8 faction is dissatisfied because they are empowering the miners anyway, while the conservative BIP 9 faction considers the activation too dangerous because the time limit is too short.

The prevailing feeling among Bitcoin Core maintainers was that nothing concrete was being done, taproot had been talked about for a long time and nobody had done anything yet. The speedy trial is then deployed in production, along with a flag that the user can manipulate by changing configuration to change this speedy trial into a BIP 8 which then activates directly after the speedy trial.

From a technical point of view, everyone is happy about the arrival of taproot, but from a methodological point of view, it pisses a lot of people off because it looks like a ‘shitcoiner’ situation with the developers deciding that something is good enough for them and therefore must be good enough for everyone.

On 12 June, Taproot officially went into production.

On 5 May 2021, the listed mining company Bitcoin Marathon, mines a blockchain in which it writes in the coinbase “this is an OFAC compliant blockchain “ (OFAC is a financial task force that regulates markets around the world by eliminating transactions considered “bad and ugly” or anything that bothers the political establishment in being). We don’t know exactly what it meant by that blockade being ‘OFAC compliant’ but in any case absolute trolling breaks out, bitcoiners start making CoinJoins and getting friends in Iran to send them transactions by redistributing satoshi with small transactions on the same address as Marathon’s coinbase. Basically Marathon is flooded with ‘free money’ from mixed or declared non-compliant addresses. 🀠

On 19 May, disaster struck for those who had staked everything on Musk as mascot for Bitcoin; a Tesla statement came out saying:

We were wrong, we realised Bitcoin generates Co2 and causes global warming, we no longer accept Bitcoin
Tesla.

Obviously this statement does not make any kind of sense, first of all they still put forward the metric that every Bitcoin transaction consumes energy: this metric does not make sense, bitcoin transactions do not consume energy, at the limit you can say a Bitcoin block based on an estimate on hashrate consumes energy, but dividing by transaction makes absolutely no sense. So what do we do, ban Tesla because its electric cars consume electricity?

Tesla’s statement is completely wrong, but the strange thing is that Tesla does not sell Bitcoins from its treasury, it simply stops accepting them for Tesla payment. There are various hypotheses about the motivations behind this choice. One of the most popular (but unconfirmed, they are only inferences) is that according to some sources there had been since Tesla’s announcement on 8 February onwards a lot of people who had bought Teslas because in America the way the tax system is structured, if you sell bitcoins in exchange for fiat you have to pay capital gain, if instead you buy an object you do not pay capital gain. So the trick that a lot of people used to get out in dollars was to buy Tesla (no tax) and sell it in dollars, thus evading capital gains tax.

The climate statement may have concealed this, again, unconfirmed dietrology. Also because a Bitcoin miner does not produce Co2, it runs on electricity… and someone might object “ok, but that electricity was made by burning oil and therefore burning and releasing Co2 into the atmosphere “. Fine, but even Tesla’s batteries do not produce Co2 (the aim is to stop using combustion engines) but they use electricity, which has to come from somewhere. If Tesla is green and environmentalist, to say that Bitcoin is not is at least embarrassing.

Ban, war and Covenants #

On 21 May 2021 comes yet another ban by China, which has been undauntedly banning Bitcoin since 2014. All miners have to stop operating in Chinese territory and leave, the interesting fact is that 30% of hashpower is made in China illegally, a good example of failed prohibition. The other interesting thing is that the price (which had reacted embarrassingly for Musk) is not changed by the Chinese ban.

On 31 May 2021 Marathon does a complete about-face, Fred Thiel, CEO of Marathon appears on video and announces that they will adhere to the principles of the Bitcon community and that they will confirm any valid Bitcoin transaction according to the protocol. There will be no blacklists and they also announce the adoption of the taproot speedy trial.

On 5 June there is the Bitcoin conference in Miami where Jack Mallers announces (very emotionally, while crying) that El Salvador will adopt Bitcoin as legal tender:

A few days later the law in El Salvador is voted on and something quite ambiguous happens as the president of El Salvador, Nayib Bukele, opens a twitter spaces talking to bitcoiners as equals, making typical twitter meme jokes. It is also clear that Bukele makes himself at home, as they talk on spaces apologising by saying to go vote on his bitcoin law. There is a big wave of votes in favour and the law passes; a law that basically says:

  • “All Salvadoran citizens are obliged -when receiving a payment- to also accept bitcoin if the customer wants to pay in bitcoin.” This creates an internal conflict in many people because on the one hand the idea of being able to pay in bitcoin is nice, on the other hand ethically it is not nice that if a merchant does not accept bitcoin the “police on duty” has to come and force him to accept this currency;
  • If the merchant has technical difficulties accepting bitcoin, he can be exempted from the obligation;
  • The state will provide all merchants with infrastructure where they can exchange bitcoins for dollars in real time and without fees.

It is a tolerable legal tender, because it is not an actual imposition by the state. On 7 September, the Bitcoin law is implemented in El Salvador.

Caricature of Nayib Bukele.
Caricature of Nayib Bukele.

November 2021 is the Adopting Bitcoin conference in El Salvador and during these days taproot -which had gone into lock-in in June- is activated.

It is now 2022.

On 24 February, Russian troops invaded Ukraine; many young people decided to flee Ukraine because - despite being a nation-state (invaded, not invader) - it retained all the characteristics of nation-states and immediately mobilised to prevent young Ukrainians from leaving the country under martial law.

Many people, who may have other priorities rather than shooting at other people they have never met in their lives, decide to flee and the first stories of Ukrainians with blocked bank accounts and ATMs who cannot possibly cross the border with cash but manage to escape thanks to Bitcoin become famous on the Internet.

Not only are there people fleeing Ukraine but there is a symmetrical situation of people fleeing Russia because there was a general mobilisation stink in the invader as well. Bitcoin is back in the limelight with these stories but, on top of that, the Ukrainian state is doing a cryptocurrency fundraiser (both Bitcoin and shitcoin) to support the army, a fundraiser that is also doing very well.

On 19 April, a new drama takes place. Jeremy Rubin (not a particularly well-liked developer who proposed blacklists on Bitcoin together with Mike Hearn) two years earlier first proposed a very comprehensive version of the famous covenants (rules to put on the output that condition which output you have to put when you spend this output as input) with the BIP 119 – CHECKTEMPLATEVERIFY. Suddenly Jeremy publishes a blog post (in the style of Gavin Andresen) in which he announces that the debate about BIP 119 has been going on for too long and nobody is taking a stand.

He then proposed a speedy trial on his idea as well. After taproot, there were people who were still angry about the speedy trial, because they argued (with good reason) that doing it even on a technically non-controversial topic like taproot would set a negative precedent that would incentivise everyone to use the speedy trial to propose anything.

Others were afraid of covenants because of Jeremy’s old blacklist proposal, and others simply disliked Jeremy because he adopted Gavin’s know-it-all style, using a blog post and not following consensus. Still others argued that covenants was a good idea, but who decided that they were more imortant to implement than CISA or APO enabling eltoo?

It seems yet another drama with related toxic reaction both on twitter and on various mailing lists, and eventually on 2 May Jeremy published a post and message announcing that he would wait, that things would be done by consensus, if he didn’t change his mind first and go to work for Ethereum (eh..go.).

On 28 June came a new wave of post-maximalism, this time opened by Nic Carter. Nic was famous for being one of the co-founders of Castle Island Ventures, a venture capital firm specialising in investing in blockchain-based projects. Let’s also say that this fund also invests in shitcoin and ambiguous companies, one of which he invested in did chain-analysys and automated KYC on Ethereum.

Shortly afterwards, Nic will participate in an Ethereum podcast to say how great Ethereum is and how bad bitcoiners are. This starts a dance of about forty or so articles all the same about the death of maximalism. The main concept in these articles is to associate maximalism (in a random way) with the stock-to-flow prediction model of plan B (which gave the $150k as certain and many maximalists agreed with the prediction). In fact, many had ridiculed the price prediction based on that model because obviously market prices are never predictable. Otherwise, this whole circus would be trivial to deal with.

The latest date in this long epic is not about Bitcoin, but about a shitcoin and the arrest of the developer Alexey Pertsev creator of Tornado Cash. The issue is hot because first of all the shitcoin in question is Ethereum and has become completely censored because 51% of the blocks are actually OFAC compliant. But the most incredible thing is the arrest of an open source developer, who unlike Ross Ulbrich (who was also the manager of a centralised site and a business or Assange who was however the president of an organisation) pure developers were thought to be protected. Instead, this is not the case and the escalation -unfortunately- seems destined to increase.

New technologies and ossification #

  • CISA (cross input signature aggregation): we have already said that the Schnorr signature is much better than the ECDSA signature because it is aggregatable, i.e. if Alice and Bob sign a text with their private key and then add up their signatures, the resulting number is a valid public key signature which is the sum of Alice and Bob’s public keys. This signature is already present in taproot, because we use a public key that is the child of (for example) Alice and Bob’s public keys, and it is clear that the sum of the signatures is needed to make the signature. This aggregation is inside the input, when I have to spend inside the input I aggregate the two signatures of Alice and Bob and publish only the aggregated signature.
But wouldn’t it be nice to also aggregate signatures between different inputs?

Many of the signatures in a transaction sign the whole transaction, why do we have to have for each input a signature? We could have as a single signature the sum of all signatures for that public key which is the sum of all public keys needed within all inputs. Let us examine the advantages: - Save space on the timechain; - The basic CoinJoin increases privacy but costs money (because you write more onchain and have to coordinate with other participants). With CISA, suppose Alice has to pay for an input and an output, so she has to pay for a whole signature. But if Alice joins Bob, who also has to pay for a whole signature, with CISA we enter one signature instead of two. So the cost of one signature is divided by two. It would increase privacy and CoinJoin would be done to save money.

The real big problem is that SegWit increased the block exactly by giving a signature discount, the part that CISA would have saved by incentivising privacy is already minimised as a cost because it is 1/4 the cost. CISA and the Witness discount are a bad match, unfortunately.

The idea could be to eliminate the Witness discount and introduce CISA, so with at least 6 participants (more than 4 because there is a minimum overhead) you would have the same discount with the advantage of CISA which also from an architectural point of view is much leaner and cleaner than the Witness discount which is objectively ugly.

Then there are developers who are against CISA but as an idea, but because they are already ready for the ossification of Bitcoin’s basic procollo.

Sooner or later we will have to stop. It is true that CISA is a good idea but where do we stop? After CISA we will find another good idea but ossification is necessary for a basic procollo. Stability becomes more important than beauty just like TCP/IP has been changing since 1981, we change protocols on top.
John Carvalho

  • Simplicity (just entered production on the Liquid side chain): it is a very high level generic Bitcoin scripting language, on which one can do almost anything, including reconstructing almost every imaginable soft fork, then turning the soft fork into part of the script definition instead of consensus rules. The node before running a Simplicity script already knows how many computational resources it will use and how much time it will use, so it is clearly different because it generalises very well. Simplicity is created by Blockstream and Adam Back claims that:

Simplicity is the soft fork that could bring ossification, because if it goes into production as a soft fork, you won’t have to make any more, all the ones you want to make you can replicate with Simplicity.
Adam Back

  • APO (ANYPREVOUT): initially APO was presented by the eltoo paper as SIGHASH_NOINPUT, and it’s something very similar to covenants; it basically says that you can spend an input where the signature doesn’t pre-sign what UTXO you’re going to spend, you just start signing and decide some conditions that the script of that UTXO will have to satisfy. It is interesting because it enables a version of lightning network called eltoo which is much nicer, because it makes backups much easier and you can create channels with N people. APO is complete and is written unlike CISA. What it lacks is the supporters to push it as Christian Decker does not want to be seen as the man who pushes for a soft fork at all costs.

Conclusions #

I have finished for now.
Appropriate updates will follow, but in the meantime I really thank you very much if you have come this far, because it means that you have more than a little patience.
If you want to give me feedback don’t hesitate to write me on telegram, if you want to follow me I’m also on twitter! 😊