Episode 39: Decoding the Bitcoin White Paper with Pierre Rochard Part 2

Show Notes

Embark with us on a journey through the cryptographic labyrinth that is Satoshi Nakamoto's seminal Bitcoin white paper, a blueprint that set the stage for the digital currency revolution.

Dive headfirst into the mechanics of electronic cash as we untangle the complexities behind Bitcoin's design, which sought to tackle issues far beyond basic transactions. You'll gain a richer understanding of the financial dance between liquid and tangible assets, the intrigue behind money creation by central banks, and the masterstroke of Bitcoin's proof of work to thwart double spending. Our narrative sheds light on the evolution of mining technology and the brilliance of Satoshi's predictions, setting the scene for a future deep dive into his lesser-known writings.

Follow Blocktime on Twitter: https://twitter.com/BlocktimebyRiot
Follow Blocktime on YouTube: https://www.youtube.com/@RiotPlatforms/podcasts

Chapters

• 0:07: Bitcoin
• 15:19: Bitcoin Privacy and Innovation Discussion
• 28:35: Bitcoin Transaction Finality and Security
• 37:36: Analyzing Satoshi's Bitcoin White Paper

Transcript

Speaker 1: 0:07

Welcome to Blank Time, a podcast produced by Riot Platforms where we take a deep dive into Bitcoin, bitcoin mining and the grid. In last week's episode, we covered the first half of Satoshi Nakamoto's seminal white paper, published in 2008. In this episode, we're going to go through the second half. So if you missed last week's episode, I would highly encourage you to go back. Listen to that and you'll get all caught up and you'll be ready to dive into this episode. So where we left off was? We just finished section four, which is talking about proof of work, and now we're entering into section five, which is really about the network architecture.

Speaker 1: 0:53

Satoshi writes the steps to run the network are as follows New transactions are broadcast to all nodes, and so this is, you could ask. Well, this is the passive voice Maybe he should have put an active voice of the wallet. Software broadcasts new transactions to all nodes, and then each node verifies the transaction. Right. So this is really important. You'll hear people say, oh, bitcoin mining is about verifying transactions. That's actually not the case. The transactions are verified long before they even make it into a block. They're verified by the nodes before adding them into the mempool. Now, even in a situation where a transaction goes directly to a mining pool, it's the mining pool's node that is verifying the transaction. It's not the hash rate on the other side of the mining pool that is verifying the transaction. They are just trying to find that winning knots. They're not actually verifying the data. So, number three each mining pool aggregates hash rate from mining rigs, asics, to work on finding a difficult proof of work for its block. It's searching for that nonce that we described in last week's episode. When a mining pool finds a proof of work hash, its node broadcasts that winning block to all the other nodes and then the other nodes accept the block only if all the transactions in it are valid and not already spent. Lastly, the mining pools express their acceptance of the block by working on creating the next block in the chain using the hash of the accepted block as the previous hash. Now I would also note here that the nodes they express their acceptance of the block by updating the ledger right that they're maintaining and then, if they don't accept the block, they can reject that block and not update the ledger and wait for a valid block.

Speaker 1: 3:08

Okay, nodes always consider the most proof-of-work chain to be the correct one and will keep working on extending it. This, in the academic literature, is described as Nakamoto consensus of essentially this rule. And so if two mining pools broadcast different versions of the next block simultaneously, some mining pools may receive one or the other first. In that case they work on the first one they received, but save the other branch in case it becomes longer. The tie will be broken when the next proof of work is found and one branch becomes longer. The mining pools that were working on the other branch will then switch to the longer one. So this phenomenon is now called a reorg reorganization, basically saying that you can get into a situation where you've got, let's say, 10 mining pools. They're all working on the latest block. One of them gets lucky, finds a block. Another one around the same time also gets lucky, finds a block. Okay, well now which one do you build on top of? And the reality is that you're going to have folks building on top of both until, statistically, one's going to come out ahead, and then you'll have a reorg onto that most work chain.

Speaker 1: 4:34

Okay, new transaction broadcasts do not necessarily need to reach all nodes. So this is a functionality in Bitcoin called transaction relay, meaning that maybe your transaction gets into the mempool of some of the mining pools. Now the terminology gets murky here, because a mining pool is different than a mempool. A mempool is aggregating transactions, a mining pool is aggregating hash rate. But they intersect because the mining pool is using its node's mempool to bring in the next batch of transactions into a block. So your transaction just really needs to get to a mining pool and in fact we've seen some controversy about transactors going directly to mining pools and handing over their transaction rather than broadcasting it through the peer-to-peer network of nodes that are accumulating transactions in their mempools. But as long as a transaction reaches many nodes, they will get into a block before long. I'll add a caveat here as long as they're paying a transaction fee that is competitive with the other transactors who are also competing to get into that same block.

Speaker 1: 5:58

Block broadcasts are also tolerant of dropped messages. If a node does not receive a block, it will request it when it receives the next block and realizes it missed one. So you don't need to be online 24-7. You don't need to receive the blocks in order. You can receive the blocks out of order, but you do have to verify them in order, and so even if you're receiving them out of order, even if you're receiving them out of order. But it has resulted in a network architecture that is very decentralized, often analogized to BitTorrent. So, bittorrent, you can download the end of the movie, the beginning of the movie, the middle of the movie, all the little bits and pieces at a time, and then you put it together at the end, and that allows you to download from many different peers, and that way, you are able to quickly download all that data, put it all together and then verify it, and so that's what a Bitcoin node does.

Speaker 1: 6:59

Okay, now, in this next section, satoshi is going to talk about the block reward. Now, in this next section, satoshi is going to talk about the block reward, which he describes as the incentive. First, we're going to talk about the new issuance, which oftentimes is described as the subsidy, but that's written in the code. Technically it's not a subsidy, but it's new issuance, right, new Bitcoin being added to the ledger by convention. The first transaction on a block is a special transaction, often called the Coinbase transaction, nothing to do with the exchange. The exchange stole its name from Bitcoin, actually, but anyway, that starts a new coin issued by the creator of the block.

Speaker 1: 7:45

This adds an early incentive. Sorry, this adds an incentive for early nodes to support the network, right? Because at the beginning, when all of this software was bundled together, you would download the node software and it had mining functionality in it, right, so you could hit the mining button and it had a wallet, and so essentially, the whole Bitcoin system was self-contained inside of the Bitcoin software that Satoshi Nakamoto launched. Now, over time, the mining component of the node software got split out into specialized mining software, so now you have Stratum. V2 is kind of the mining pool software, right, that is separate from the node, but it connects and communicates with the node and then off CG miner and then the firmware on your mining rig, right, completely separate from a mining node, but in the early days. What he means here is that it creates an incentive for somebody to run this bundle that includes the node in order to generate coins, and it provides a way to initially distribute coins into circulation, since there is no central authority to issue them. This is the only decentralized way of issuing a cryptocurrency. All the other ways have elements of centralization in them, and so this is also part of what makes Bitcoin unique and Bitcoin mining so important from an economic perspective.

Speaker 1: 9:28

So then he wrote the steady addition of a constant amount of new coins, and so here this is. You know, this ended up being different in the code. So he said constant amount, but it's really a decreasing amount of new coins that he should have written. But you know, satoshi is not. I don't know if he modified the code after writing the white paper or if he was kind of just speaking a little bit loosely about how it works. In any case, a decreasing amount of new coins is analogous to gold miners expending resources and I'll add here in specific geological areas to add gold to circulation. In our case it is, and so he put CPU time and electricity. I actually wanted to modify this and say it's human time, including a lot of fantastic people who work at Riot, who are contributing their human time to Bitcoin mining Capital, all the shareholders that are contributing to be able to mine Bitcoin and electricity that is expended anywhere in the world. And I added anywhere in the world to contrast with the in specific geological areas that I added for the gold part, because I think that this is what differentiates Bitcoin from gold is that you can mine Bitcoin anywhere in the world. You cannot mine gold anywhere in the world, and so just by that virtue alone, I think that Bitcoin actually has a more level playing field and more fairness built into it.

Speaker 1: 11:08

The second part of the incentive, in addition to the new issuance, to the mining reward, is the new issuance plus the transaction fees. So Satoshi wrote the incentive can also be funded with transaction fees. If the value of a transaction's new outputs is less than its inputs, the difference is a transaction fee that is added to the incentive value of the block that is containing. That is choosing to include the transaction. As the number of coins entering circulation gets cut in half, the incentive can gradually transition entirely to transaction fees and be completely inflation free. So here I did a little bit of editing. You know he didn't mention the halving, so I wanted to rewrite that to mention the halving.

Speaker 1: 12:02

I'm going to get so many complaint letters of people saying you butchered Satoshi's white paper. You put in your own opinions. Fine, you can do that too. Everyone's free to do that. Okay, the incentive may help encourage nodes to stay honest.

Speaker 1: 12:19

You know this part I really hesitated on deleting or not. I don't think it has a material effect, but in any case we'll go through it here If a greedy attacker is able to assemble more hash rate than all the honest hash rate, he would have to choose between using it to defraud people by stealing back his payments or using it to earn the block reward. He ought to find it more profitable to play by the rules such rules that favor him with the full reward rather than to undermine the system and the validity of his own wealth. And so this game theory angle only applies to Bitcoin miners, you know, hashers who are profit maximizing right, and so the immediate response to this scenario is often by people who say, well, look what if it's somebody who's a criminal and who they don't care about making money, they just want to see the world burn right, then this does not apply to them. I agree, but I also think that saying that Bitcoin is incentive compatible for people who are profit maximizing, that is actually a huge breakthrough, even if we say, hey, this does not apply to people who are not profit maximizing. It's already a huge breakthrough to have this system function for people who are greedy, because there's lots of systems that completely fall apart once you have greedy people who are trying to make as much money as possible, they start printing their own money and circumventing rules, making up new rules for others, making exceptions for themselves, all that. So I actually think that from a governance perspective, uh, this is actually a tremendous breakthrough. Okay, and that's why I didn't remove it.

Speaker 1: 14:12

Um, reclaim, reclaiming disk space uh, here in section seven, um, I'm going to gloss over this because, um, satoshi here, what he described is actually not a great solution to reclaiming disk space and I haven't actually seen anybody use it in practice. Because basically, what he's saying is that, oh, you can delete all of this massive amount of data, and there is a lot of data. So today, the Bitcoin blockchain is north of 500 gigabytes of data. 500 gigabytes, you know, that's a good chunk of data. You can pretty easily get hard drives that are bigger than 500 gigabytes that are not that expensive, but you're still, you know, having to download all this data and verify it all. So it usually takes hours to weeks to be able to do that and, as you can see from this chart, it is growing tremendously. If you're looking at the slides, it's growing by an annualized 20% is kind of the estimated growth rate of the blockchain.

Speaker 1: 15:19

So Satoshi suggested an idea for reclaiming that disk space. But the problem is that even if you can delete historical disk data going forward, you would still have to verify all of the data. So it doesn't really help a tremendous amount. Especially if you're looking for an old transaction. You would have to look at all of the transactions after that old transaction to see if it has been spent before, as we were talking about earlier. So this part, I think, is somewhat irrelevant to today.

Speaker 1: 15:57

And then he talks about the memory use of what if we reclaim this disk space, while then we still need 1.2 gigabytes per year of memory? This actually is also somewhat wrong in the sense that there's a bigger use of memory than the block headers, which is the unspent outputs. This is what you want to put in memory and at this point it's almost 11 gigabytes, which from a memory perspective is actually substantial. I think it's actually worse than the disk space situation, because it used to be that an entry level computer system would be eight gigabytes of memory and then standard now I think is 16 gigabytes, and if you're a gamer you've got 32 gigabytes or 64. So you know, 11 gigabytes of memory is starting to hit kind of what the normal amount of memory is today of 16 gigabytes and entering into kind of more enthusiast territory of 32 gigabytes of RAM. And entering into kind of more enthusiast territory of 32 gigabytes of RAM, but you know, satoshi didn't really foresee this being an issue. And also, the other thing, though, is, let's be real, you still can use your hard drive to store the TXO set. It's just not as fast as using memory, using memory.

Speaker 1: 17:29

The next section was about another innovation that Satoshi suggested, which is to use simplified payment verification SPV. So he said, it's possible to verify payments without running a full network node. I think it's notable here that he uses the terminology network node, because he's already understanding that there's an unbundling here, which is that you have a mining node and then you have a network node, and a network node is just about verifying and participating on the peer-to-peer network, whereas a mining node is actually doing the proof of work, and you know now we just call those mining rigs. Okay. So a user only needs to keep a copy of the block headers of the longest proof-of-work chain, which he can get by querying network nodes, until he's convinced he has the longest chain, and let's say most work chain here Now, and let's say most work chain here Now.

Speaker 1: 18:27

The thing is that, while it's true that you can do this, one of the challenges is it's actually a privacy challenge is that even if you know about a block and you know you have a transaction, but you don't know if that transaction is in the block or not, you have to tell the node. Here's the transaction I'm interested in. Can you check if it's in the block? Because you're not downloading the data, which means that the node now knows what transactions you're interested in and it knows what transactions are relevant to you, and so presumably it's about money that you're sending and receiving, and so now you've given up your privacy on that transactional information. Okay, as such, the verification is reliable as long as honest nodes control the network, but is more vulnerable if the network is overpowered by an attacker. While network nodes can verify transactions for themselves, the simplified method can be fooled by an attacker's fabricated transactions for as long as the attacker can continue to overpower the network, and that's among a lot of different vulnerabilities. So one strategy to protect against this would be to accept alerts from network nodes. We don't do that, it never became a thing when they detect an invalid block, prompting the user's software to download the full block and alerted transactions to confirm the inconsistency.

Speaker 1: 19:51

And then he concludes businesses that receive frequent payments will probably still want to run their own nodes for more independent, security and quicker verification. And so, in my mind, it's like Satoshi, why did you spend all this time describing a bad solution and then saying, hey, you should just run a node anyway. And you know, I would argue that it's not even really about the frequency of payments, it's about do you want to be independent? Do you want to have freedom? That, to me, is a more important point here than do you receive frequent payments, especially because you know, if you want to make sure let's say, you received Bitcoin 10 years ago you haven't received any Bitcoin since. You want to make sure the Bitcoin are still there, use your node Check OK, there's not been any transactions that have moved those Bitcoin since node Check Okay, there's not been any transactions that have moved those Bitcoin since, and so I would argue that verifying the absence of a transaction using a Bitcoin node is a great use case. And so I think Satoshi here really undersold the importance of running your own node and leave it at that, all right.

Speaker 1: 21:05

And then he talks about inputs and outputs. Okay, although it would be possible to handle coins individually. It would be unwieldy to make separate transactions for every cent in a transfer. So this is like imagine going to a store and buying things using, you know, 900 pennies and or 937 pennies instead of, uh, $5 bill, four $1 bills and then a quarter, so on and so forth. So to allow value to be split and combined, transactions contain multiple inputs and outputs. Normally there will be either a single input from a larger previous transaction or multiple inputs combining smaller amounts, and at most two outputs one for the payment and one returning the change, if any, back to the sender. So here he says at most two outputs. I'm going to modify that and say and most often two outputs. You can have a transaction with hundreds of outputs. It's called transaction batching. So it's just one more thing Satoshi was wrong about. I joke because you know it's okay to be wrong about things. I'm wrong about things and we fixed it All right. It should be noted that fan out, where a transaction depends on several transactions and those transactions depend on many more, is not a problem. Here there's never the need to extract a complete, standalone copy of a transaction's history, because instead what we do in the node software is maintain a set of unspent outputs that come from any number of transactions, but the transaction data is not kept in the UTXO set, only the outputs are All right.

Speaker 1: 22:58

Privacy this also, you know, hotly debated issue on both sides of people who want more privacy, people who want less privacy in Bitcoin. So the traditional banking model achieves a level of privacy by limiting access to information to the third parties involved and the trusted third party. Sorry, by limiting access to the parties involved and the trusted third party. So you know, if it's a payment, it's going to be three people Me, gabe and the bank. The necessity to announce all transactions publicly precludes this method in Bitcoin. But privacy can still be maintained by breaking the flow of information in another place by keeping public keys anonymous. Now he says anonymous, here I'm going to put pseudonymous. Well, that's an interesting thing, because the public keys, technically, are the pseudonyms. So it would be kind of redundant to say we're going to keep the pseudonym pseudonymous. So, yeah, let's keep anonymous there. You know, let's not.

Speaker 2: 24:10

Unless you, as a person, decided to go out there and, and you know, expose what your.

Speaker 1: 24:16

Your key is right yeah, yeah, you can just just verify for everybody else.

Speaker 1: 24:21

Hey, this is mine and people do that for valid reasons, like they'll say hey, this is my donation address, right? Um? But, as we'll see, it's better to avoid reusing your address and linking your identity to it like that if you want privacy. The public can see that someone is sending an amount to someone else, right, they see that it's not really I don't think someone is the correct terminology here but that you're sending it to, so that one address is, you know, sending it to another address, essentially, but without information linking the transaction to any one person. This is similar to the level of information released by stock exchanges, where the time and size of individual trades, the tape, is made public, but without telling who the parties were. And then he's got a handy diagram showing how the privacy model works. I'll let you look that up if you're on audio only. Okay, so he adds as an additional firewall, a new key pair, meaning a new address. And here you know what this is going to be confusing for folks. So I'm going to strike out key pair, because it's also not necessarily key pair because of hierarchical, deterministic wallets. So a new address.

Speaker 1: 25:53

By the end of this it'll be a completely new white paper. We'll call it Pierre Rochard's white paper. People would be so outraged. Okay, anyway, should be used for each transaction to keep them from being linked to a common owner. Some linking is still unavoidable with multi-input transactions, which necessarily reveal that their inputs were owned by the same owner. And here we'll add unless a mixing technique like CoinJoin is used correctly. Satoshi did not know about CoinJoin, so you know, it made part of his white paper somewhat incorrect.

Speaker 1: 26:29

The risk is that if the owner of a key is revealed, linking could reveal other transactions that belong to the same owner. No problem, okay. So in the next section of calculations, satoshi is going to walk us through some of his thinking and some of the you know, running the numbers on the probabilities of an attacker winning. Because really, this proof of work mechanism is central to what the discovery here, what the invention is here. So Satoshi writes, we consider the scenario of an attacker trying to generate an alternate chain. This caveat is really important. So in last week's episode I talked about the voting right of proof of work and we said that you know it's a metaphor, first of all, and second of all, that what they are metaphorically voting on is very specific. It's the ordering of transactions, right and so even if they're able to reorder their own transactions or other people's transactions, right and so, even if they're able to reorder their own transactions or other people's transactions, that doesn't mean that they can create transactions that would create money out of thin air, for example. So it's not like they completely can change the rules, because those rules are set by nodes and nodes are not going to accept an invalid transaction as payment, and honest nodes will never accept the block containing them. So an attacker can only try to change one of his own transactions to take back money he recently spent, and so this is called double spending right, this is a double spending attack.

Speaker 1: 28:35

The race between the honest chain and the attacker chain can be characterized as a binomial random walk. The success event is the honest chain being extended by one block, increasing its lead by plus one, and the failure event is the attacker's chain being extended by one block, reducing the gap by minus one. So the probability of an attacker catching up from a given deficit is analogous to a gambler's ruin problem. Suppose a gambler with unlimited credit starts at a deficit and plays potentially an infinite number of trials to try to reach break even. I've been in this situation. I did not have an unlimited credit, unfortunately, but you know you're in the. You're in a hole, you're trying to gamble your way out of it.

Speaker 1: 29:26

This is the gambler's own problem. We can calculate the probability he ever reaches break-even, or that an attacker ever catches up with the honest chain, as follows. So here he has an equation explaining kind of what the probabilities are of the honest node and the attacker node finding the next block and the probability of catching up given those two. And the probability of catching up given those two, and basically you're talking about what is the relative market share of the honest nodes in terms of hash rate versus the dishonest ones? So, given our assumption that P is greater than Q, meaning that the honest hash rate is greater than the dishonest hash rate, the probability drops exponentially as the number of blocks the attacker has to catch up with increases. So meaning that as long as there's more honest hash rate than dishonest hash rate, it gets harder and harder to be dishonest With the odds against him. If he doesn't make a lucky lunge forward early on, his chances become vanishingly small as he falls further behind.

Speaker 1: 30:40

Okay, now we consider how long the recipient of a new transaction needs to wait before being sufficiently certain. The sender can't change the transaction. So this is what we refer to as transaction finality, and this is really what the Bitcoin mining proof of work is providing as a service to transactors is transaction finality. So we assume the sender is an attacker who wants to make the recipient believe he paid him for a while. So, for example, I'm ordering a large aircraft, a 787, from Boeing. So I send them the Bitcoin and they send me the jet, and then I switch it back by double spending the Bitcoin to give myself back the Bitcoin after some time has passed, and that way I have the Bitcoin, I have the jet. Boeing has nothing, right, and so this is a double spending attack. The receiver Boeing will be alerted when that happens, right, they'll be like oh my goodness, we don't have any Bitcoin anymore. He double spent us, but what we're hoping is that it's too late, that they will not be able to essentially double spend back right to undo the double spend. Okay, so the receiver generates a new address and gives the address to the sender. Now there's a part here about doing it quickly. Shortly before signing Turns out that was wrong.

Speaker 1: 32:19

Hal Finney explained why Satoshi is wrong on this, and this is called the Finney attack. In any case, I'll gloss over it. Once the transaction is sent, the dishonest sender starts working in secret on a parallel chain containing an alternate version of his transaction, right, so this is the double spend transaction that's going to be on the secret fork, right? That is hopefully going to for the attacker be the winning side of the fork. The recipient waits until the transaction has been added to a block and Z blocks have been linked after it. So Z is how many blocks you're going to wait until you're happy, right? And so typically today now people say Z should be three and we'll talk about, we'll see, numerically, why that might be the case. He doesn't know the exact amount of progress the attacker has made on his secret chain, right? So as the defender you can't see what the attacker is doing. But assuming the honest blocks took the average expected time per block 10 minutes, right, the attacker's potential progress will be a Poisson distribution get to use my French here with an expected value of lambda, okay. So let's, we'll gloss over the math here, because we actually have some numerical results of the functions that are interesting. So Satoshi wrote out some basic C code here.

Speaker 1: 33:50

So Satoshi wrote out some basic C code here to show what happens. And what he showed is that, as you wait for more blocks, the probability of somebody being able to double spend your transaction because they can look in the mempool and they can put in a transaction with a higher transaction fee and they just double spend you right away, right now. What if one block has included a transaction. So now your transaction is it's got one confirmation. Um, now there's a motivated attacker has a 20% chance, if they have 10% of the hash rate, to double spend your Bitcoin. And that's what Q equals. 0.1 means that the attacker has 10% of the hash rate and so after one block, their probability of success drops from 100% to 80%, and then after two blocks it drops to 5%, and then after three blocks it drops to 0.1%. And that's 0.1% if the attacker is motivated to double spend your transaction in particular, and also has 10% of the hash rate in particular, and also has 10% of the hash rate. So you can see here that even in a really bad scenario, waiting for three confirmations gives you a tremendous amount of transaction finality and so on and so forth. And then if the attacker sorry, if you're trying to achieve a certain amount of transaction finality right. So if you're trying to achieve a probability of less than .001% or, sorry, less than .01% of being double spent, then here you know, if the attacker has 10% of the hash rate, all you have to do is wait five blocks. If the attacker has 10% of the hash rate, all you have to do is wait five blocks. So there's really not a lot of blocks. You have to wait in order to achieve a pretty reasonable level of probabilistic transaction finality, which is all that the Bitcoin system

Speaker 1: 36:05

guarantees you. Okay, now we're on the last paragraph, the conclusion. So Satoshi Nakamoto concludes with we have proposed a system for electronic transactions without relying on trust Because, sorry, we started with the usual framework of coins made from encumbrances. Right, he wrote digital signatures, but, as we saw in the last episode, digital signatures is a bit too specific now. Now with advanced smart contracts, we can generalize to saying encumbrances, which provides strong control of ownership but is incomplete without a way to prevent double spending, without a way to prevent double spending. To solve this, we proposed a peer-to-peer network using proof-of-work to record a public history of transactions that quickly becomes computationally impractical for an attacker to change if honest nodes control a majority of hash rate. The network is robust in its unstructured simplicity. Nodes work all at once with little coordination. They do not need to be identified, since messages are not routed to any particular place and only need to be delivered on a best effort basis. Nodes can leave and rejoin the network at will, accepting the proof of work chain as proof of what happened while they were gone, accepting the proof of work chain as proof of what happened while they

Speaker 1: 37:35

were gone. And so that you know, now there's two more sentences there, and I've completely crossed them out because I think that Satoshi was off the reservation with these statements that are literally the last two sentences of the white paper. Satoshi wrote they vote with their CPU power. And so that's where I'm like well, hold on, satoshi. When you talked about that, you spoke about it metaphorically. Now you're kind of speaking about it a little bit too literally Expressing their acceptance of valid blocks by working on extending them and rejecting invalid blocks by refusing to work on them. And so you know, I think that might apply to mining pools, but I think that it creates exclusionary language against nodes, meaning that you can reject an invalid block by just rejecting it and not updating the ledger. You don't have to refuse to work on it. All you have to do is refuse to use it for updating

Speaker 1: 38:31

your transactions. And then he goes on and says any needed rules and incentives can be enforced with this consensus mechanism. That's actually incorrect. The Nakamoto consensus mechanism can enforce the ordering of transactions, but it can't enforce any of the other rules and incentives. Those are enforced by the nodes that are operating on a consensus that is orthogonal to Nakamoto consensus, because Nakamoto consensus exists within the overarching consensus of the Bitcoin protocol rules that are implemented by the Bitcoin nodes. So Nakamoto consensus is a part of the Bitcoin system, but it is not what defines the rules. It is very much defined by the rules, and so this is a little bit of a head scratcher, and it's necessary for Bitcoin to

Speaker 1: 39:30

be decentralized. If Nakamoto consensus dictated the rules of the network, of the system as a whole, then it would be a no-brainer for Bitcoin miners to discard and get rid of the halving right. We would just delete that part of the code. Maybe we'd call it a doubling right, increase the Bitcoin that miners receive, and so it's really key. We've got to keep in mind that the Bitcoin nodes are defining the rules. Anybody can run a Bitcoin node. You can run a Bitcoin node on

Speaker 1: 40:00

your laptop. I've got one running on my laptop here and so that node software is what defined the rules, and so in many ways, we saw that there were a lot of technical errors in Satoshi's white paper that you have to take into account, system that you know he really kind of in a reductionist way, put into all of these functionalities into the Node software. And so I think that you know, while the Bitcoin white paper holds up to the test of time by like, let's say, 80%, I'd say that we still need to read it with some historical perspective of what has happened since the network launched. The white paper was written before the network launched in order to describe a particular aspect of it how the proof-of-work functionality contributed to creating a decentralized timestamp server to stop double spending. So, anyway, won't belabor the points too much and before I close it out, I guess, gabe, do you want to see if there's any questions.

Speaker 2: 41:24

I did want to ask where do you think Satoshi was coming from? What was his perspective? Why did he need to write this? Why did he need to work on this? Was he wronged by the financial system that we have now? What was his motivation?

Speaker 1: 41:43

Yeah, maybe his bank scammed him, um, but no, I think I think that his, his motivation was, uh, earnestly um, ideological one, uh, and I think this is this is somewhat challenging for the bitcoin community, because, on one hand, human freedom is kind of something that is a universal value, right, that we should all have the right to control our own money, but it is also a value that is emphasized by libertarianism here in the United States, right, by a particular political philosophy, and that made Bitcoin very attractive to the adherence of that political philosophy. And when we read Satoshi's critique of central banking, it is a libertarian critique of central banking. So we can't shy away from the clarity here of Satoshi Nakamoto had a monetary economics axe to grind, that he wanted a sound money that was not being abused by governments and banks, and so I don't think there's any ambiguity on that point that Bitcoin is a politically ideological project that has been hugely successful. And I would actually consider the United States itself to be a politically ideological project, right. If you go read the Declaration of Independence, in the same way that we just read the white paper, you know it is a manifesto for human freedom and dignity, and so I think that Satoshi, in a way, kind of had a lot of overlap with the founding fathers in this regard.

Speaker 1: 43:31

Now, cynics might say, oh, he launched Bitcoin to enrich himself. Right, he wanted to create his own currency and enrich himself. Well, the evidence of that, yeah, I mean, look, he mined all these Bitcoin and he hasn't moved any. So I think we can rule that out. Or he wanted to be famous Really. I mean, he created the pseudonyms and we haven't heard from him since 2010. So I don't think it was about his ego. I don't think it was about his avarice, his greed. I really think that it was about his avarice, his greed. I really think that it was about his political perspective on the world and that he wanted to change the world in a particular way by unleashing the system. And the purpose of the white paper was to get a particular audience to look at this. He wanted the cryptography mailing list to be interested in this, and so that's the audience for this white paper.

Speaker 1: 44:28

This white paper is not a marketing document. It's not something he's going to go on CNBC and run a commercial for. It really was a computer science technical document to describe a computer science invention, software engineering invention that solves a particular problem. The problem was known before Satoshi, right, but the solution was not known before Satoshi. So it's yeah, it's a marvelous white paper. Even though I was kind of looking at some of the shortcomings. Obviously, as a whole it's just a breakthrough in humans' understanding of a lot of you know of maybe we call it game theory or monetary economics, monetary systems design. That it's really unprecedented in the sense that nobody came out with a white paper explaining oh, here's how we're going to use the printing press to create currency, right, they kind of just started doing that and obviously we didn't create a white paper to talk about oh, let's use gold instead of barter it just kind of happened.

Speaker 1: 45:51

Yeah, it just kind of happened. It evolved organically. Now Bitcoin has been evolving organically as well since this white paper was released. But we shouldn't think about it of like the white paper tells us what we should be doing. I think that's a very kind of backwards perspective. I think that we should learn from the white paper in the way that Satoshi was trying to communicate technical concepts right, and then we should update our understanding of those technical concepts and we should go take a look at the real world and see, hey, did that hold up? Did his idealized description of the system hold up?

Speaker 1: 46:27

And I would argue I mean, if you go and you say, hey, look, I'm the Wright brothers, I'm going to write a white paper about flight, and then you come back 15 years later and people are, you know, using jet engines, and you're like, hey, look, my vision here was propellers. You know, you've ruined my vision of flight with your jet engines. It's like it's, it's kind of uh, you know it's silly, uh, you know technology continues to evolve. But the the underlying principle of, hey, let's get, um, a heavier than air thing, uh, uh, hey, let's get a heavier than air thing going using Lyft Well, that has not changed, and so I'd say that most of Bitcoin a surprising, an astonishingly large percentage of Bitcoin has not changed since Satoshi's white paper by any amount, and so that, I think, is just as amazing, far more amazing than the fact that we've had to tweak a few things at the edges.

Speaker 2: 47:26

Yeah, we did tweak quite a few little things throughout the episode, but I think they're all make sense for, like you said, the context of 2024 and how we understand Bitcoin today. I guess the last part of my question would be are we able to speculate? You know what Satoshi's expertise is based on, how he wrote the white paper?

Speaker 1: 47:48

know what satoshi's expertise is based on, how he wrote the white paper. Yeah, yeah, um, so, um, to a limited extent.

Speaker 2: 47:52

Um, he, obviously he was a software developer because he was able to write the code but there has to be some sort of level of of understanding of the financial system and the problems of the financial system.

Speaker 1: 48:04

Yeah, and he wrote about those very clearly, which is funny because last night I was reading in one part he says I'm not very good at writing, I'm not very good at communicating, and I was like, really, satoshi, are you sure about that Very humble man? But yeah, he clearly has a tremendous breadth of knowledge, uh, and he was familiar with the literature in this area. Um and um, yeah, it's, it's befuddling that there's not really any obvious candidates as to you know, oh, this person knows C plus plus.

Speaker 2: 48:41

He's a libertarian.

Speaker 1: 48:43

Yeah, he's a libertarian, knows monetary economics, knows cryptography right, and cryptography is kind of a specialized field within software development. Not every software developer is a cryptographer. In fact, software developers are encouraged to stay away from cryptography because they'll say don't roll your own crypto, because they're like, hey, roll your own crypto, that's you know. Because they're like, hey, you should have a completely different mindset. You know, it's very math focused and very, you know proving things out Right. So that's a great question.

Speaker 1: 49:14

I think Satoshi was a polymath, right, he clearly gifted in many different fields, probably self-taught in most of them. I don't think he collected PhDs, but because, at the same time, you know, yeah, that, and I also think it's reflective of today, bitcoin continues to be so cross-disciplinary that it's there's not a lot of people out there that kind of understand Bitcoin from a lot of different angles. Quite often, one's understanding of Bitcoin is limited to one's area of expertise. So I have a very accounting-focused understanding of how Bitcoin functions, but others have a more cryptographic focus and so they'll understand, um, you know how elliptic curve cryptography works far better than I do, um, but they won't quite understand how a ledger works, right. So, um, to this day, you know, we, we haven't had another Satoshi. I'd say Very interesting.

Speaker 2: 50:20

Yeah, maybe that narrows down who we think satoshi could be by you know a couple magnitudes, just based on all the different areas that he was fluent in that's right.

Speaker 1: 50:30

Um, although you know I maybe I'm I'm weird in this and uh, I'm, I'm more than uninterested in who satoshi is, I'm I'm actively opposed to ever finding out interesting, uh, if somebody handed me a piece of paper and said, hey, the name is on this I'd burn it immediately, I'd show it.

Speaker 1: 50:51

I wouldn't look at it. That's crazy. Yeah, yeah, um. So, yeah, uh, but maybe, maybe, against my best wishes, we'll find out, uh, who satoshi is. Could happen any Thanks for joining us into the deep dive on the Bitcoin white paper. If there's anything I got wrong, let us hear it. You know DMs are open, always happy to improve the educational content we're putting out here and I hope to you know, see your feedback in leaving a review on iTunes wherever you listen to your podcast, hopefully a positive review. If you found this episode to not be positive, then please don't leave a review. Share it with your friends, family, co-workers, share it with your friends, family, co-workers, uh, and make sure to subscribe as well for future episodes. So thanks for joining us, um, and if you have questions or thoughts about future episodes, always game, uh, and we'll see you next week. Thank you.