Bitcoin is the pioneering solution to the Byzantine General Problem

On April 26, 2011, an individual asserting to be Satoshi Nakamoto quietly departed from the community that he established. This enigmatic persona claims to be Japanese and communicates fluently in British English. Alternatively, Nakamoto could represent a collective, akin to the renowned mathematician Nicolas Bourbaki.

Satoshi Nakamoto allegedly possesses a substantial stash of bitcoins (BTC) in the frequently discussed bitcoin market. Due to the volatile nature of bitcoin pricing, it’s challenging to ascertain a definitive value, but as of now, 1 BTC is worth around USD 40,000. Furthermore, Nakamoto is credited with the invention of bitcoin itself.

Currently, no single term adequately encapsulates bitcoin's essence. Phrases like cryptocurrency, digital money, virtual asset, and distributed ledger each only touch on specific facets of bitcoin.

In this piece, we endeavor to closely examine both Bitcoin and its elusive creator, Satoshi Nakamoto.

What Is Bitcoin?

Bitcoin operates outside the realm of government-issued currencies, allowing users to exchange it for cash via Bitcoin exchanges. Additionally, bitcoins can be acquired through mining. Although individual mining has become increasingly complex, it was once accessible to people worldwide.

The more one learns about Bitcoin, the more perplexing it seems. Is it akin to foreign currency because it is exchanged? Can it be mined like gold? If it isn't sanctioned by any government, is it comparable to loyalty points from Amazon.com? Yet, if it facilitates payments and international remittances, does it resemble PayPal?

The answer is no.

To begin with, Bitcoin lacks an issuing authority. It operates without a central bank or service providers. It doesn't possess the tangible characteristics of gold or platinum, nor does it exist in the form of physical bills or coins. Nevertheless, it exhibits the attributes of currency and functions as such, aligning with the definition of currency.

What constitutes currency? According to economic principles, the characteristics of currency include:

• Currency serves as a measure of value
• Currency is utilized for payments
• Currency acts as a store of value
• Currency functions as a medium of exchange

Additionally, a medium of exchange should ideally be difficult to counterfeit. When contemplating this, gold appears quite effective. It can be quantified in grams, can be physically transferred, retains its value over time, and is globally recognized. Historical practices in alchemy have also indicated the challenges of counterfeiting gold.

Interestingly, mathematicians approach integers in a similar manner. What defines an integer? What are its properties?

• The sum of two integers is also an integer (if a and b are integers, then a + b is an integer).
• The integer 0 does not alter the value of another integer when added (if a is an integer, then 0 + a = a).
• A negative integer is also an integer, and adding it to its positive counterpart yields 0 (if a is an integer, then - a is also an integer, and - a + a = 0).

If a is an integer, then - a is too, and - a + a = 0… At first glance, this might seem convoluted, but it possesses significance. We can extend our reasoning beyond integers, considering entities that, while not integers, adhere to these properties as pseudo-integers. Quantum mechanics, for instance, abstracts its principles to only reflect the properties of integers. This abstraction has enabled advancements in our technological civilization, justifying the mathematicians' detours.

Could a similar concept apply to currency? Specifically, if an item can be stored, exchanged, and is counterfeit-proof, and if someone is willing to pay for it, could it not eventually serve as a value measure and thus function as currency?

This is the conceptual foundation for the creation of bitcoin, which has been meticulously structured to align its measure of value closely with that of genuine gold.

Bitcoin's Non-Existence

Bitcoin diverges from traditional currencies in significant ways. Most notably, it lacks an issuing entity. Furthermore, it does not exist in a conventional sense.

To reiterate, Bitcoin has no issuing authority. There are no coins or paper notes labeled as Bitcoin. No bitcoins are secured in a vault, nor are there physical vouchers in circulation. Instead, only a digital ledger exists, documenting who paid/received which amount of bitcoins on what date. This is reminiscent of credit card and electronic money transactions, which also rely on recorded entries.

The Bitcoin ledger is globally accessible, but it operates without a managing entity. Unlike credit cards and e-money, there is no central control overseeing the ledger. Individuals and businesses utilizing Bitcoin are part of a network known as the Bitcoin Network, which maintains this shared ledger. Each participant keeps their own version of the ledger, which updates through contributions from network members. Following an update, copies are distributed throughout the network, with participants validating the authenticity of the update before incorporating it into their own ledgers.

How do we ensure the consistency of this global ledger? Can a malicious participant manipulate it? For instance, could someone falsely claim to have received Satoshi Nakamoto's 1 million BTC?

Tampering with the ledger is remarkably challenging for two reasons. First, each new entry in the ledger contains a digest of prior transactions. This characteristic complicates any attempts to alter historical records, making it hard to deny that a transaction ever occurred.

Second, adding new records to the ledger necessitates approval from the participants of the Bitcoin Network. Recall, there is no central authority overseeing this process. Unlike credit cards or e-money, there is no issuer to grant approval. Hence, consensus is achieved through majority voting among participants, which is where the Byzantine General Problem arises.

Consider the scenario of nine Byzantine generals, each commanding an army, faced with the decision to either attack or retreat. They must reach a consensus, as a half-hearted assault could lead to disastrous outcomes for their allies. However, the generals cannot convene in person.

Thus, they resort to majority voting, distributing copies of their decisions to one another. If five out of nine vote to attack while four vote to retreat, all nine will proceed to attack, based on majority rule.

However, if one general is a traitor, he could send attack orders to the generals favoring an assault while sending retreat orders to those preferring to pull back. Consequently, four generals may attack while four retreat, leading to catastrophe, while the rogue general survives.

The Bitcoin Network resolves this Byzantine General Problem through a clever mechanism known as the blockchain.

Before diving into blockchain, we should first clarify the concept of a digest.

What Is a Digest?

Digests are relatively compact integers referred to as hash values. The term hash originates from the concept of mixing something into smaller pieces.

A hash of digital data results in a single integer produced by breaking the original data into smaller segments and mixing them. Every set of digital data yields a unique hash value, and while numerous methods exist for generating these hashes, only a few are widely recognized.

For example, let’s utilize the now-obsolete MD5 method, established in 1991. This method is suitable for our discussion due to its brevity compared to modern approaches.

First, we compute the hash value for the character “a” using MD5:

16,955,237,001,963,240,173,058,271,559,858,726,497

Though it appears substantial, it remains one of the smallest hash values.

Next, consider a longer word, such as “Supercalifragilisticexpialidocious.” The MD5 hash value for this term is:

145,447,297,008,046,498,324,795,426,850,513,593,906

Notably, both hash values have a similar digit count. In fact, regardless of the length of data—be it a single word or an entire novel—the MD5 hash value is consistently adjusted to a maximum of 128 bits in binary.

Crucially, hashing the same data will always yield the same hash value, while even a minor alteration in the original data will typically produce a different result. For example, changing “Supercalifragilisticexpialidocious” to “Supercalifragilisticexpialidociouz” generates:

91,083,317,876,520,700,771,182,732,281,204,096,094

This demonstrates a vastly different number.

Since any digital data can be transformed into distinct 128-bit integers, these can serve as a digest of the original information.

Importantly, reconstructing the original data from the digest is virtually impossible without extensive knowledge about the source data. Thus, the digest can function as a fingerprint for the original content.

In the past, downloading a 700MB CD-ROM's worth of data could take hours, often interrupted by connection failures, making it challenging to verify data integrity.

In such scenarios, users would typically download data again for comparison, which would double the time required. Therefore, it was common to upload the MD5 hash value alongside the original data. By calculating the MD5 hash after downloading, users could confirm data authenticity by matching it with the online hash.

Given this context, if identical digests arise from different data, it diminishes their reliability as digests. The hashing method employed in the Bitcoin blockchain is designed to minimize the occurrence of such collisions.

In the Bitcoin ledger, each transaction is documented alongside a digest of the preceding transaction. This digest is straightforward to compute, enabling verification of prior transaction accuracy. Additionally, it is impossible to falsify information sharing the same digest but with different contents, thereby protecting the integrity of historical records.

In this manner, the Bitcoin ledger safeguards against historical falsification.

But how does it prevent future fraud, such as intercepting bitcoins? As previously mentioned, Bitcoin addresses this issue through the Byzantine General Problem, which will be elaborated on in the next section.

Summary of Key Points

• Bitcoin exists solely as a ledger recording transactions.
• This ledger is not overseen by a specific person, company, or government, but exists as a distributed ledger shared among all Bitcoin Network participants.
• The distributed ledger within the Bitcoin Network is exceptionally resistant to tampering.
• The identity and fate of Satoshi Nakamoto, Bitcoin's creator, remain a mystery.

Bitcoin exists exclusively as a transfer of coins within a communal ledger on the Bitcoin Network, which lacks any central administrator, with all participants sharing copies.

Private Key

Every Bitcoin Network participant possesses a unique private key. This key functions like a password, known only to the owner. Thus, a participant's identity hinges solely on their knowledge of this secret key—personal information like name, address, and ID number are irrelevant. This anonymity contributes to Bitcoin's frequent use in ransomware transactions.

The Bitcoin Network ledger records transactions that indicate “X pays Z bitcoins (BTC) to Y.” Due to the extensive volume of transaction records, they are organized into units called blocks, akin to pages in a physical ledger. The ledger encompasses everything from the initial transaction, known as the Genesis Block, dated January 3, 2009. While individuals can attempt to add pages to the ledger, these must receive approval from the entire Bitcoin Network.

The challenge lies in demonstrating that the ledger remains untampered with historically, and in validating transaction legitimacy.

When Y receives bitcoins from X, it is essential to verify that the bitcoins indeed belong to X. To accomplish this, X must substantiate to Y that the bitcoins are genuinely owned by them.

Bitcoin employs a method of cryptography known as public-key cryptography for transaction validation. This encryption system utilizes distinct keys for encrypting and decrypting messages. Analogous to a safe, one key locks it while another opens it. The public key is accessible to everyone, while the private key remains confidential, ensuring the safe's security.

Through public-key cryptography, participants can digitally sign messages. In this framework, a pair of signature keys and a verification key is created. The verification key is shared publicly, while the sender encrypts their message using the signature key before transmission. The recipient can then utilize the public verification key to confirm the message's authenticity. This process generates what is known as a digital signature.

Thus, X digitally signs a message stating “X will pay Z bitcoins (BTC) to Y,” and Y can employ X's verification key to authenticate the message. This transaction is not limited to X and Y; it is broadcasted to all Bitcoin Network participants. A participant known as a miner generates a new block in the ledger based on this transaction. Creating this block necessitates solving a computational problem of certain complexity. The transaction record, the resolution of the computational problem (termed the nonce), and a digest of prior transactions are submitted back to the Bitcoin Network.

Bitcoin Network participants individually assess each block for legitimacy, verifying the accuracy of the digest and nonce values, and ensuring consistency with previous blocks. Correctly validated blocks are integrated into each participant's ledger.

The first miner to successfully solve a computational problem and generate an accurate block is rewarded with a fee (transaction fee) and a bonus. The fee is provided by the transaction client, such as X, while the reward consists of newly minted bitcoins. This process is referred to as mining, as it resembles the act of extracting bitcoins from the ground.

As illustrated, mining and block generation are intricately linked. To acquire new bitcoins, miners must produce blocks—pages of the ledger—and introduce them into the Bitcoin Network, providing motivation for the network's functionality.

However, Bitcoin imposes limits on mining. The computational challenges associated with block generation are designed to increase in difficulty over time, with mining rewards halving every 210,000 blocks. The Bitcoin Network will cease producing new bitcoins once it reaches a total of 21 million BTC. As of 2021, nearly 90% of this total has already been mined, although it is projected that the network will not completely deplete until around 2140, according to Bitflyer.

At Bitcoin's inception, the mining reward was 50 BTC per block. This reward has halved thrice, and miners currently receive 6.25 BTC per block, along with an additional fee of approximately 1 BTC per block. At the time of writing, the value of 1 BTC hovers around 40,000 USD, making this a lucrative endeavor.

The smallest unit of bitcoin is 0.00000001 BTC, often referred to as 1 Satoshi. Once the mined amount drops below 1 Satoshi, it becomes uncountable, effectively ending mining. This limitation mirrors the finite reserves of gold and platinum.

The future of the Bitcoin Network post-mining remains uncertain. However, with miners still receiving compensation, it seems unlikely they will disappear. Given that an estimated 120 years remain until the end of mining, it is plausible that new technologies and currencies will emerge by then.

The Byzantine General Problem

Each Bitcoin Network participant maintains their own ledger. These ledgers must be periodically reconciled to ensure they remain identical. If participants choose not to engage in this reconciliation, they would need to appoint a representative for central ledger management, which contradicts the design of the Bitcoin Network. This rationale is why the Bitcoin Network ledger is termed a distributed ledger.

But what occurs when there are discrepancies during ledger comparisons?

As the Bitcoin Network’s ledger incorporates a digest of all past transactions, a specific point in time might result in the following chain:

A1 — A2 — A3

This is referred to as a blockchain due to the interconnected nature of its blocks. New blocks can be appended, but miners, seeking rewards, will strive to add their own blocks, leading to potential variations:

A1 — A2 — A3 — B1

and

A1 — A2 — A3 — C1

Moreover, additional blocks may connect to these chains, resulting in:

A1 — A2 — A3 — C1 — C2

Visualizing this scenario creates a diagram resembling the following:

The Bitcoin Network adopts the longest chain of these competing blockchains as the legitimate version. In our example,

A1 — A2 — A3 — C1 — D1 — D2

is recognized as the official blockchain, while all other branches are disregarded.

(Note: Occasionally, branches are intentionally preserved to create a new distributed ledger. For example, Bitcoin Cash branched from Bitcoin at block 478,558 on August 1, 2017, a process known as a hard fork.)

This blockchain selection method serves as a solution to the Byzantine General Problem discussed earlier.

The Byzantine General Problem was introduced by American computer scientist Leslie Lamport. The term General Byzantine is a clever play on words by Professor Lamport. There was a time when an editor reviewing one of Lamport’s submissions mistakenly thought it was a joke due to its pun-like nature. Students of science and mathematics often owe a debt of gratitude to Professor Lamport for his contributions to LaTeX.

According to Lamport’s findings, in the Byzantine generals problem, when there are n traitors among the generals, if the total number of generals is at least 2*n* + 1, all honest generals can reach consensus on their decisions. In simpler terms, if 51% of participants cast the same vote, that outcome is deemed correct.

To add a block to the blockchain, miners must introduce a nonce by solving a computational challenge, a process referred to as proof of work (PoW). Furthermore, in the event of blockchain branching, only the longest version is accepted. Thus, if an attacker aims to introduce a new block to the Bitcoin ledger, they must rapidly compute the proof of work and continuously add blocks.

If an attacker controls 51% of the network's computational power, they could potentially seize control of the Bitcoin Network. This would enable them to manipulate transactions, invalidate legitimate ones, and monopolize mining activities—a scenario termed a 51-percent attack, which currently lacks an effective countermeasure. However, since such an attack would diminish Bitcoin's value, there is minimal incentive for such action. Additionally, the immense computational resources required for a successful 51-percent attack make it nearly impossible to execute covertly.

In this manner, Bitcoin successfully addresses the Byzantine General Problem. Satoshi Nakamoto's approach marks a historic milestone in effectively resolving this complex issue.

Recent Developments: Bitcoin's Safety in Question?

Let us now examine a recent incident.

Colonial Pipeline, a significant oil pipeline operator in the U.S., fell victim to a ransomware attack, during which attackers illicitly accessed their computer systems and encrypted crucial data. One day, files in their “My Documents” folder became inaccessible. The attackers demanded a ransom to restore access.

This incident temporarily halted operations at Colonial's pipeline. Although the company likely attempted to recover independently, they ultimately paid a ransom to the hacker group DarkSide. Reports indicate Colonial paid approximately 75 BTC. While it’s common for data to remain unrecoverable even after the ransom is settled, in this case, the data was retrieved, and operations resumed.

The plot thickens.

The U.S. Department of Justice (DOJ) managed to recover 63.7 BTC from the ransom payment.

Details regarding how the DOJ retrieved the bitcoins remain unclear. However, this incident underscores the government's potential to influence bitcoin transactions.

As a result, Bitcoin's value has been gradually declining in light of these revelations.

Other Realistic Threats

The primary threat to Bitcoin, similar to other online services, stems from the exposure of users' private keys. If an attacker obtains or successfully guesses an individual's private key, they can exploit it to steal bitcoins. Consider the scenario in which X communicates to the Bitcoin Network, “X will pay Z bitcoins (BTC) to Y.” What occurs if Y possesses X's private key?

In 2014, the company Mt. Gox, which facilitated bitcoin trading, suffered a breach resulting in the theft of 850,000 BTC, as announced by the company. This figure comprises 100,000 BTC belonging to the company and 750,000 BTC deposited by customers. At that time, this accounted for approximately 7% of the total bitcoin supply, valued at around 47 billion JPY. Consequently, Mt. Gox faced severe financial challenges and ultimately declared bankruptcy.

(Following this, the trustees overseeing Mt. Gox’s bankruptcy received court authorization to liquidate remaining bitcoins. The escalating bitcoin prices at the time allowed the company to settle most of its debts.)

Who Is Satoshi Nakamoto?

In November 2008, an individual claiming to be Satoshi Nakamoto introduced the concept of Bitcoin in an online cryptography community.

Bitcoin: A Peer-to-Peer Electronic Cash System

Since that moment, developers have collaborated to bring the Bitcoin system to fruition.

On May 22, 2010, a programmer in Florida expressed a desire to purchase a pizza using Bitcoin. A local pizzeria responded with an offer to sell two pizzas for 10,000 BTC, marking the first instance where bitcoin held tangible value.

From that point, bitcoin's value has experienced both gradual and explosive growth. It has also undergone numerous crashes, making it an unreliable asset management strategy.

During this period, Satoshi Nakamoto engaged with the community but never disclosed their true identity. In 2011, Nakamoto bid farewell to the community.

In 2011, journalist Joshua Davis, in an article for The New Yorker, claimed to have narrowed down Nakamoto's identity, yet the two individuals named refuted the assertion.

Similarly, in 2011, journalist Adam Penenberg identified three individuals as Satoshi Nakamoto, but these men also denied the claims.

In 2013, Ted Nelson, an American sociologist and computer scientist, suggested that Shinichi Mochizuki of the “ABC prediction” fame was Satoshi Nakamoto, a claim that Mochizuki subsequently denied.

In 2014, Newsweek magazine asserted that Dorian Nakamoto, a California resident, was the true Satoshi Nakamoto. This claim was based on the fact that his birth name was Satoshi Nakamoto and that he had a background in systems engineering. However, Dorian denied being the creator of Bitcoin, and on the same day, the real Satoshi Nakamoto publicly stated, “I am not Dorian Nakamoto.” This marked Nakamoto's first communication in three years.

In 2016, Australian entrepreneur Craig Wright claimed to be Satoshi Nakamoto. Eventually, he retracted his assertion, stating, “I’m sorry.”

In 2019, entrepreneur Masao Nakatsu proposed that Satoshi Nakamoto was actually Isamu Kaneko from Japan, known for developing the P2P network Winny. While Nakatsu and I briefly collaborated, I doubt Kaneko is Satoshi Nakamoto.

Satoshi Nakamoto Is NSA?

An intriguing theory posits that Satoshi Nakamoto is, in fact, the National Security Agency (NSA). This does not suggest that Nakamoto is a (former) NSA operative, but rather that the agency concocted this identity.

This theory is not without merit.

In the 1970s, the U.S. government recognized the need for standardized encryption algorithms and commissioned IBM to develop one through a public competition. The result was the Data Encryption Standard (DES), which subsequently informed many encryption algorithms.

The NSA approved the DES encryption algorithm for global use. However, due to the opaque nature of the approval process, rumors circulated that the NSA had embedded a backdoor within the DES cipher. Notably, there were speculations until around 2000 that only the NSA could decrypt the DES cipher due to their intervention in modifying the S-box—a component designed to enhance the cipher's complexity. I recall a professor discussing this rumor during a cryptology lecture in graduate school.

However, the reality was even more peculiar.

At that time, the NSA possessed specific cryptanalysis capabilities. The initial version of the DES cipher created by IBM was vulnerable to the NSA's clandestine techniques, prompting the agency to enhance the S-box for improved security. Under NSA guidance, the DES cipher was fortified. This cryptanalysis approach is now referred to as differential cryptanalysis, and substantial evidence indicates that the NSA has maintained control over it since then.

The takeaway is clear: if the NSA intends to conceal something, they can successfully do so.

This context lends credence to the theory that Satoshi Nakamoto is the NSA. Russian security firm Kaspersky supports this hypothesis.

Recently, another event has bolstered this theory. As mentioned earlier, the DOJ recovered 63.7 BTC from the DarkSide hacking group, indicating potential NSA involvement in this Bitcoin theft recovery.

Even if the NSA is not Satoshi Nakamoto, they likely possess the technology necessary to decrypt the encryption employed within the Bitcoin Network.

The DES cipher is no longer in use; its successor, AES, was adopted in 2002. A specialized DES decryption tool created in 2012 could break any DES cipher in as little as 26 hours. Although AES is currently deemed secure, no encryption can guarantee perpetual safety.

One More Thing

For those seeking further insights into Bitcoin, consider watching this TED talk.