Category Archives: Bitcoin

Tracking Bitcoins, Mitigating Evil

Bitcoin was designed to be difficult to regulate, in the same way that gold is difficult to regulate. Possession (of a private key) is ten-tenths of the law as far as Bitcoin is concerned, and it can be very difficult to tell exactly how a particular Bitcoin came to be possessed by a particular individual.

This relative opacity is one of the properties that makes Bitcoin and other cryptocurrencies so attractive for criminals, extortionists, tax evaders, and dark markets.

From the point of view of believing Nakamotoans,  untraceability is a feature.

From the point of view of the law and society in general,  opacity is often considered a bug. Civil society in general has little appetite for unregulated financial systems, so Bitcoin will never succeed unless it can be brought into civil society and the rule of law.

This month researchers at Cambridge University describe how an old legal principle might be applied to Nakamotoan cryptocurrency to rein in abuses and “make Bitcoin legal” [1].

The researchers point out that many Internet technologies have been put forward as “outside the law”, but this is an assertion not a fact.  The fact is that “the law” decides what the law is and how it is applied.  No one gets to simply secede from the legal system, at least not without resort to pure power politics.

“we have repeatedly seen a pattern whereby the promoter of an online platform claims that old laws will not apply.”

“The key is making online challengers obey the law – and the laws may not need to change much, or even at all.”

In the case of Bitcoin, the researchers explore how conventional financial controls, especially anti money laundering rules, could be applied to Nakamotoan cryptocurrency.  They conclude that it is surprisingly straight forward and does not require changes to the network protocols.  I.e., the legal system can adapt to cryptocurrencies as they stand now, without any cooperation or consent from programmers or users.

There is a common legal principle that one may not profit from the fruits of crime.  Similarly, you cannot receive goods from someone who does not legitimately own them.  If someone gives you a stolen coin, it must be returned to the original owner (and you may well be out of luck).  Thus, it is very important not to trade in ill-gotten goods.

It is often the case that the monetary fruits of crime are passed along mixed in with other money.  In the case of Bitcoins, this kind of mixing occurs rapidly and across the whole Internet.  This presents a dilemma for the law.  The funds are “partly” stolen, but which part can be confiscated?

The Cambridge team discusses the history of this problem.

Theft and misuse of Bitcoins are a significant issue, to the point that even most Bitcoin users are concerned.  If there is a significant risk that your assets may be stolen (or misplaced), with no possible recourse, then cryptocurrency is unattractive for many uses.

Philosophically, Nakamotoans generally do not want government guarantees (e.g., registration of ownership) or other conventional mechanisms for protecting assets.  An alternative would be for courts to enforce rules, e.g., to allow recovery of stolen or extorted Bitcoins.  But how would courts adjudicate such a case?

In the past, the general legal approach has been to consider the funds “poisoned” by the presence of illegal money.  Someone who holds the funds will have to pay a penalty proportional to the illegal funds.  This stands as a deterrent to dealing in potentially “toxic” assets.

One way to do this is to consider all the money to be N% illegitimate, i.e., to confiscate part of the value of the whole batch.  This approach can be used with Bitcoin, though it is a blunt instrument.  Anderson et al. indicate that a very large proportion of Bitcoins would be touched by such “pollution” (5% in one sample–one in every twenty!)

They propose an alternative mechanism that echoes an approach used in nineteenth century English law:  First-in-first-out.   The idea is to trace the flow of coins and to assign an order to each transaction.  The first coin taken out of an account is equated to the first coin put in, and so on.  When a stolen coin is spent, that transaction is identified and the payment is illegal.  This is a sort of “reverse lottery” – an unlucky user ends up losing.

This approach is much more precise way to identify and deter accepting ill gotten money.  The paper argues that this is quite possible with Bitcoin, using the public blockchain and crime reports.  Furthermore, the FIFO principle works even when “mixers” are used to conceal the origins of the Bitcoins.  In the end, when this legal doctrine is applied, accepting Bitcoins from a mixer risks losing the entire payment in the unpredictable event that you receive coins designated “poison”.

This approach isn’t “centralized”, and it doesn’t break Bitcoin.  It doesn’t even change Bitcoin. It just wraps Bitcoin in a legal framework.  Honest users would have a way to behave honestly (use honest exchanges), crime could be punished, and the system functions as efficiently or inefficiently as now.

“In short, we might be able to turn a rather dangerous system into a much safer one – simply by taking some information that is already public (the blockchain) and publishing it in a more accessible format (the taintchain). Is that not remarkable? “

It is difficult to overstate how important it is for Bitcoin and other cryptocurrencies to get “legal”.  Whatever the technical merits of Nakamotoan technology, it cannot succeed outside the law.

  1. Ross Anderson, Ilia Shumailov, and Mansoor Ahmed, Making Bitcoin Legal. Cambirdge University, Cambirdge, 2018.
  2. Andy Greenberg (2018) A 200-Year-Old Idea Offers a New Way to Trace Stolen Bitcoins.,



Cryptocurrency Thursday

Detailed Study of Ransomware

It is widely known that Bitcoin has become a favorite tool for ransomware. It is easy enough for victims to deliver, can be swiftly “disappeared”, and is readily convertible into other currencies.

Everyone knows what ransomware looks like to the victim.  But what happens to the ransom after it is paid?  And how much extortion is going on?

This spring researchers from several US Universities and Google report a study tracing ransomware payments through the Bitcoin blockchain [1].  The study examined more than 19,000 cases over a two year period, tracing the Bitcoin from acquisition (by victims) to cash out (often in the now seized BTC-E exchange).

While Bitcoin has many attractive properties for illicit commerce, it also has the interesting property that the ledger is completely public.  Ironically, this makes it possible to study illicit transactions in considerable detail, compared to other methods of extortion and covert payments.

This study used a variety of techniques to suss out the end-to-end activity of ransomware.  For the first step, known victims reveal some of the payment addresses, and sandboxed “synthetic victims” provided additional addresses.  The study also statistically clustered addresses to identify other likely but unacknowledged ransomware payments.  In addition, making micropayments by the “synthetic victims” made it possible to trace addresses that are associated with the scheme in question.

The researchers also searched for bursts of payments associated with known ransomware attacks.  In fact, they constructed a timeline of ransomware events and payments.  (This ideas is so obvious, I’m surprised there isn’t one already on the web.)  This chart makes clear that there are likely large gaps in the data.

The researchers also looked for patterns such as many identical payments to the same address which could indicate ransom payments from multiple victims.  They also identified patterns such as known ransom payments that were quickly emptied into a common address.  Other addresses that paid to that same address probably represent other victim payments.

The study also documents where victims purchased Bitcoin. In this (incomplete) dataset, over $16M was identified.  Much of the activity identified was in Korea, i.e., the victims were Korean.

The payments typically are transferred to a output address, often into a mixer that will obscure the origins and destinations of further transactions.  It is difficult to trace the cash outs in many cases, though the study showed the Bitcoins being passed on after a few days (or, in the case of WannaCry, after many weeks).  For those cases that can be identified, several major exchanges were used, presumably to exchange for other currencies (“cash out”).  BTC-E was the top choice. (BTC-E has since been seized by the FBI, presumably for its nefarious activities.)

Analysis of the behavior of the infection software documented that it takes ten minutes or less for the ransomware to encrypt the victim’s files.  This is the window in which defensive measures might be possible, if an attack is detected as it begins.

The researchers comment on some tricky ethical challenges in this work.

Some ransomware posts the payment address on a web page, and when the victim visits the page, a counter starts.  This design means that examining these URLs could potentially harm victims, e.g., by starting the count down without their knowledge.

They point out that even this incomplete analysis would enable them to disrupt or possibly take down parts of the payment infrastructure.  This might deter attacks, but it would prevent victims from regaining their files, which would be harmful.

In many ways, this study is a confirmation of what is widely believed.  I don’t think there is anything particularly surprising here, except maybe some of the details of particular ransomware.  There is some variation in the design of these programs, and some seem pretty sloppy.  That’s bad news, because they are likely to evolve to become much harder to trace or disrupt.

Overall, the amount of money involved isn’t especially large.  Millions of dollars globally, and even several million in a single place like Korea isn’t a huge deal.  Indeed, the ransoms are generally in the range of a few thousands of dollars.  This is basically in the class of a local protection racket.  (“Gimme $100 a week, or we’ll slash your tires.”)

But, like groups of local tough boys, there is probably an infinite supply of them, so the problem will not go away.

Why Bitcoin?

The paper lists features of Bitcoin that make it useful in this racket:  Bitcion is “

“decentralized, largely unregulated, and all parties in a transaction are hidden behind pseudo-anonymous identities. Moreover, all transactions are irreversible, and it is widely available for victims to purchase.”

There is one more feature of Bitcoin that is essential:  the relatively low transaction cost. Bitcoin’s transaction costs will never be as low as enthusiasts imagine, but they are as low enough to make a profit from $1,000 ransoms.

In addition, much of the ransomware technology is built from open source technology, which is cheap and ubiquitous. Besides Bitcoin, ransomware uses encryption, standard network interfaces, Web sites, and so on. This is a very successful, but scarcely innovative technology.

I’ll add one more thing.  If ransomware is a problem today for poorly maintained office software, imagine what is going to happen when it attacks the “Internet of Too Many Things”.  It won’t be your accounting database or documents, it will be your electric grid, car, or hospital equipment that is locked out.  It’s going to be really dangerous.  Doubly dangerous because IoT is generally not “owned” by the user—so who will pay the ransom, if we wanted to?

  1. Danny Yuxing Huang, Maxwell Matthaios Aliapoulios, Vector Guo Li, Luca Invernizzi, Kylie McRoberts, Elie Bursztein, Jonathan Levin, Kirill Levchenko, Alex C. Snoeren, and Damon McCoy, Tracking Ransomware End-to-end, in IEEE Symposium on Security & Privacy. 2018: San Franscisco.


Cryptocurrency Thursday


Evil junk is on the blockchain

If you run a Bitcoin node, this means that evil junk is on your computer.  And if you mine bitcoin, you helped put the evil stuff out there.

And, of course, the blockchain is immutable, so there is no way to ignore or delete the junk.

Most Bitcoin enthusiasts simply ignore the issue.  For true-blue Nakamotoans, this is a feature, not a bug.  But many people are less eager to be complicit in trafficking in stuff like pornography or stolen property (not to mention payments for extortion, drug sales, or prostitution).

This is not exactly news.

Garrick Hileman, a crypto-currency expert at Cambridge University, said the issue of illegal content had been “discussed and known about for awhile.”” (quoted in [1])

And see here, here, here.

This spring, a group of researchers from Aachen and Frankfurt Universities report on an analysis of the “unintended” content that is stored in the Bitcoin blockchain [2].  Bitcoin offers several mechanisms for inserting arbitrary content into a block, at a cost of a few dollars or less. Once accepted, the bits are permanently part of the ledger, and are replicated on every participating node of the Bitcoin network.  Whether you know or not, if you process Bitcoin transactions, you “possess” everything on the blockchain.

Storing data on the blockchain might be used to publish an important document, which could not be censored or manipulated.  But anything can be stored.

The researchers identify five categories of problematic non-financial content

  • Copyright Violations
  • Malware
  • Privacy Violations
  • Politically Sensitive Content (e.g., state secrets)
  • Illegal and Condemned Content (e.g., pornography)

The key point is that possessing these materials exposes a person to risks of prosecution, and having the blockchain on your disk is likely to be considered legally operative ‘possession’.

Scanning the blockchain in 2017, the research identified over 1500 files, which included examples of all the types of problematic content, except maybe malware.

In short, the Bitcoin blockchain already has content that could be considered illegal in many jurisdictions.  It is only a matter of time before someone is prosecuted somewhere.

“Although controlled channels to insert non- financial data at small rates opens up a field of new applications such as digital notary services, rights management, or non-equivocation systems, objectionable or even illegal content has the potential to jeopardize a whole cryptocurrency” ([2], p. 9)

I would add that beyond the risk of prosecution by governments, problematic content raises risks at other levels.  Many organizations have rules governing the use of their computers and networks, such as prohibitions of unlicensed software or pornography. And it is hard to imagine that any organization would want to possess stolen state secrets or private information about third parties.

In addition, many organizations will wish to avoid the moral hazard and bad publicity of association with financial transactions related to gambling, sex trade, or any criminal activity.

Who wants to see headlines like:

Child porn links could make Bitcoin blockchain illegal[1]

In fact, the Bitcoin blockchain already violates the policies of many companies, schools, and other organizations.

It is possible to use Bitcoin without possessing a copy of the blockchain, at least in a limited way.  (Though I could construct a legal theory that doing so makes you an accessory in crime.)  But it is clear that it would be difficult to fully use Bitcoin if you cannot touch the blockchain.

This problem is baked into the entire Nakamotoan project, and I’m sure it applies to many, if not all other cryptocurrencies.

I might also point out that the growing interest in adding Bitcoin mining to IOT devices, which would mean that your lightbulb or toaster might harbor illegal pornography or state secrets.  Sigh.

A fundamentalist Nakamotoan would say that this is all good, Bitcoin is designed to be beyond the reach of “the man”.  Bitcoin is disrupting government, and leading to the anarchistic future.

But most normal humans won’t think this is a great way to run a railroad.

  1. BBC, ‘Child porn links could make Bitcoin blockchain illegal’, in BBC News – Technology. 2018.
  2. Roman Matzutt, Jens Hiller, Martin Henze, Jan Henrik Ziegeldorf, Dirk Müllmann, Oliver Hohlfeld, and Klaus Wehrle, A Quantitative Analysis of the Impact of Arbitrary Blockchain Content on Bitcoin, in Conference: Financial Cryptography and Data Security 2018. 2018: Curaçao



Cryptocurrency Thursday

Dorsey Has Yet Another Wrong Idea

Twitter cofounder Jack Dorsey pontificated recently about Bitcoin in The Times (London), stating that it will become the world’s single currency within the next ten years [2].  (This comes as his current company, Square, is rolling out Bitcoin services—so take that for what it is worth.)

“The world ultimately will have a single currency, the internet will have a single currency. I personally believe that it will be bitcoin,” he told The Times. This would happen “probably over ten years, but it could go faster”. (from  [2])

Recall that Dorsey is one of the crew of the “clown car that fell into a gold mine”,  (per Mark Zuckerberg quoted in [1]). He is famous for helping boot up Twitter, which has gazillions of users but has lost bazillions of dollars. Twitter is a solution to a problem that never existed, and has created massive problems of its own. So Dorsey is not exactly the most credible oracle in my eyes.

Anyway, in this case, Dorsey’s prediction about Bitcoin is almost certainly wrong.

For one thing, the entire concept of “single global currency” is murky and undefined. Even the more limited version, “single currency of the internet” is pretty much undefined. I suspect that Dorsey is saying that digital systems like Square will use Bitcoin or something like it, at least behind the scenes.  But that isn’t even close to what a “global currency” would be.

He acknowledges that Bitcoin today sucks and isn’t even remotely close to the scale needed for such a role.  He is reported as saying that these scaling problems will be solved Real Soon Now.

“It’s slow and it’s costly, but as more and more people have it, those things go away. There are newer technologies that build off of blockchain and make it more approachable,” (from  [2])

Of course, there is no such technical solution on the horizon, and the governance process of cryptocurrencies has proved to be fatally unworkable.  How anyone can be confident about Bitcoin’s technical future is beyond me.

In addition, many of the technical improvements that might make Bitcoin actually scale up actually involve major changes to the design.  Just what Dorsey might be thinking of, we don’t know, but it is arguably not “Bitcoin” as we know it now.

It seems clear that one thing Dorsey is thinking of is using something like Square to make payments in Bitcoin. Maybe that will work, though it hasn’t happened yet, because, well, Bitcoin sucks in this use case.  But it is important to note that if Square does make this work, it will involve a ton of infrastructure beyond Bitcoin itself. And users will barely know they are using Bitcoin, if they know at all.

And, of course, Square isn’t decentralized, nor is it anonymous.  So it’s not clear what the advantage of paying via Bitcoin versus some other currency would be.

Essentially, Dorsey is predicting that something might become a global currency, and maybe it will have the same name as Bitcoin.  And he’s really thinking about it within the context of something like Square, which is only about 1% Bitcoin, and 99% other technology.

Dorsey also ignores lethal threats that could bring all cryptocurrencies crashing down.

There are many, many real world legal challenges that would have to be overcome. Regardless of supposed global extend of Bitcoin, local regulations and laws apply everywhere.  (He knows this very well, I’m sure.)

There are many vulnerabilities to Bitcoin’s technology, including physical threat and financial shenanigans, and also volatile exchange rates.  Also, the Nakamotoan model for decentralized governance is proving unworkable, and certainly not something that you’d want to base the world’s economy on.

For that matter, it seems very possible that Quantum Cryptography will kill Bitcoin within the next decade.  It could also kill Square and most of the internet.  Yes, there may be ways to make BTC “quantum safe”, but they will change BTC beyond recognition.  Worse, Quantum Cryptography might very well mean that the entire “legacy” blockchain can be deanonomized with who knows what impact.

In short, Dorsey’s prediction is shallow and wrong.  It is also self-serving.

  1. Nick Bilton, Hatching Twitter: A True Story of Money, Power, Friendship, and Betrayal, New York, Penguin, 2013.
  2. Alexandra Frean, Bitcoin will become the world’s single currency, tech chief says, in The Times (London). p. 48, March 21, 2018: London.

Wolfie Zhao (2018) Bitcoin Will Be World’s ‘Single Currency’ Says Twitter CEO. Coindesk,


Cryptocurrency Thursday


Yet More Academic Warnings About Blockchains

One of the most important features of Nakamotoan blockchains is that they are “decentralized”[3] .  Blockchains and consensus protocols are grievously inefficient, but the price is considered worth paying in order to eliminate the potential for a few privileged actors to control the network.

Nakamoto-style blockchains are theoretically decentralized. This means that the system is capable of, and intended to be, run by a non-hierarchical group of peers.  But real networks are never perfectly decentralized in practice. There are also many possible dimensions of “decentralization”.

One important, if not preeminent dimension is decision making: just how are decisions actually made, and by whom?

Researchers from University College London report this spring that in fact the decision making is concerned Bitcoin and Ethereum are highly centralized [1].  This finding confirms the intuition of anyone who has dealt with these communities.  Regardless of philosophical intentions, there are a relative handful of people and organizations that have out-sized influence on these cryptocurrencies.

The study examined the public discussion and code repositories, where the design and implementation of the software infrastructure is recorded. This infrastructure embodies many technical decisions that affect the behavior of the system, the outcomes of users, the security and trustworthiness of the information, and even how decisions are made.

The decision-making process is modelled after the Internet and open source software. Ideas are formulated as public proposals, which are posted for global discussion. Implementations are published in open repositories, and also subject to evaluation and discussion.  The principle is that anyone on the Internet can propose features or changes, and that implementations will have widespread understanding and support by the time they are deployed.

The study examines the number of individuals who contribute to comments and code for different cryptocurrencies, as well as comparison to other open source code projects.

The results are pretty simple.

While “anyone on the Internet” is theoretically able to contribute, only a relatively small number of people actually write the code. And most files have only a handful of authors.  (Programmers will not be surprised at this: coding is hard work, and collaborative coding is even harder.)

Similarly, the open-to-anyone comment process is, in practice, dominated by a handful of individuals, who are de facto “experts”. This distribution parallels the pattern of actual coding, though whether “coders are experts” or “experts are coders” or there are two separate populations is not clear.

This study confirms what we have seen in practice: cryptocurrency communities are complicated, with many individuals, organizations, and interest blocs that exercise outsized influence. Their comparison to other code projects indicates that these are a natural pattern for “distributed” software projects.  The paper also include references to other studies that show just how “centralized” cryptocurrencies are.

The study did not, and could not, compare to non-decentralized projects, such as proprietary or sponsored systems.  My own experience is that such projects have similar patterns of concentration in decision making (a relative few highly influential designers and coders), though this case there is also a formal proprietor with decision-making authority which may override the contributors.

In other words, the pattern seen in this study is perfectly normal for software development.  The major difference is that there is no one “in charge”, so the de facto mavens rule.

It is important to note that, as the researchers discuss, there is a large ecosystem beyond the core software examined here.  These other projects, including exchanges, wallets, and services are organized in a variety of ways, some “decentralized”, and some very centralized (and opaque).  This means that the overall, end-to-end system is “patchy” and likely includes many islands of code, created and managed by different people.  It isn’t really reasonable to describe a cryptocurrency as purely “decentralized”.

This and many other studies show that the broad and often poorly defined notion that cryptocurrencies are “decentralized” is not realized in the actual, real-world implementation. Clearly, the Nakamotoan dream of a truly decentralized system has yet to be realized in practice.

This conclusion is important because this “decentralization” property underlies other important claims for the ultimate fairness and usefulness of the system.  For many people, the point of paying the high technical cost for decentralization is to achieve a system that is not, and cannot be, controlled by a powerful few.  If this goal is not really being accomplished, then the case for Nakamotoan blockchains is much weaker.

  1. Sarah Azouvi, Mary Maller, and Sarah Meiklejohn, Egalitarian Society or Benevolent Dictatorship: The State of Cryptocurrency Governance. 2018.
  2. Alyssa Hertig (2018) Major Blockchains Are Pretty Much Still Centralized, Research Finds. Coindesk,
  3. Satoshi Nakamoto, Bitcoin: A Peer-to-Peer Electronic Cash System. 2009.


Cryptocurrency Thursday


Cornell Report on Cryptocurrency “Decentralization”

One of the outstanding features of Nakamotoan blockchains is that it is a “decentralized” protocol—a peer-to-peer (overlay) network produces consistent updates to the shared data with no privileged leader or controller [2].  This property is a significant technical feature of Bitcoin and its extended family, and has even more symbolic and cultural significance for crypto enthusiasts.

“Decentralization” is supposed to impart technical robustness (there is no single point of failure), and political independence (there is no “authority” to be manipulated or shut down).  The absence of a “central” node also means that the protocol is “trustless”—there is no central service that must be trusted in order to do business. (I.e., you only need to trust your counterparties, not the rest of the network.)

In short, Nakamotoan blockchains and cryptocurrencies are all about being “decentralized”.

But what does “decentralized” mean?

In fact, the notion of “decentralized”, as well as the many related concepts, are poorly defined. In the context of a computer network, “centralized” can mean many things.  Indeed, a network transaction may depend on a number of physical and virtual layers, with different degrees of centralization involved simultaneously.  For example, a wi-fi network has various routers, links, switches, firewalls, and so on.  Even the simplest point to point link may pass through a number of shared channels and chokepoints that are technically “central” services, though the overlying service is decentralized, or centralized in a different way.  (Does that sound confusing?  In practice, it truly is.)

However, Nakamotoan “decentralization” is mostly about the logical organization of digital networks, as developed in so called “peer-to-peer” networks.  A classic Internet service is “centralized” in the sense that  client (user) nodes connect with a single server, which manages the whole system.  Clients trust the service to implement the protocol and protect all the data.  Note that so-called “centralized” services often run on many computers, even in many locations.  They are logically a single server, even if not physically a single node. (Does that sound confusing?  In practice, it is.)

Nakamotoan systems replace a single “trusted” service with a peer-to-peer protocol based on cryptography and economic incentives.  One of the critical design features is the use of algorithms that are impossible for a single node to hack.  This is important because In a conventional “centralized” service, once a server is suborned (or subpoenaed), the whole network is controlled.

In contrast, Bitcoin is designed so that the system cannot be controlled unless the attacker controls more than 50% of all the participating nodes.  In this design, security is assured by having a very large number of independent nodes in the network. This widespread participation is made possible by making the code openly available and letting anyone connect to the network.

While the cryptography has a relatively straightforward technical basis, other aspects of this security guarantee are less easy to define and they are actually empirical features of the network that may or may not be realized at any given moment.

For example, everything depends on the Bitcoin network being “owned” by many, many independent people and organizations.  If one person owned 51% of the network, then they would own all the Bitcoin.  And in fact, if one person owned 51% of the computing power (not the number of computers), they would own all the Bitcoin.

The point—and I do have one—is that while the Bitcoin protocol is designed to work in a decentralized network, the protocol only works correctly is the network really is “decentralized” in the right ways.  And there is no formal definition of those “right ways”, nor much proof that various cryptocurrency networks actually are decentralized in the right way.

This winter Cornell researchers report on an imporatant study of precisely these questions on the real (as opposed to theoretical or simulated) Bitcoin and Ethereum networks [1].

there have been few measurement studies on the level of decentralization they achieve in practice” ([1]. p.1)

This study required a technical system to capture data about nodes of the relevant overlay networks (i.e., real life Bitcoin or Ethereum nodes).  In addition, the study examined key technical measures of the nodes, to discern how the overall capabilities are distributed (i.e., the degree of decentralization).  These measures include network bandwidth (data transmission), geographic clustering (related to “independence”), latency (a key to fairness and equal access), and the distribution of ownership of mining power.  The last is an especially important statistic, to say the least.

The Cornell research showed that both Bitcoin and Ethereum have distinctly unequal distribution of mining power.  In the study, a handful of the largest mining operations control a majority of the mining power on the network.  (Since some authorities own or collaborate with multiple mining operations these counts underestimate the actual concentration of power.)   In other words, these networks are highly centralized on this essential aspect of the protocol.  The researchers note that a small non-Nakamotoan network  (a Byzantine quorum system of size 20) would be effectively be more decentralized—at far less cost than the thousands of Nakamotoan nodes ([1], p. 11).

Although miners do change ranks over the observation period, each spot is only contested by a few miners. In particular, only two Bitcoin and three Ethereum miners ever held the top rank.” ([1], p. 10)

These findings are not a surprise to anyone observing the flailing failure of the “consensus” mechanism over the last two years, let alone the soaring transaction fees and demented reddit ranting.  Cryptocurrency systems are designed to be decentralized, but they are, in fact, dominated by a few large players.

By the way, the two networks studied here are likely the largest and most decentralized cyrptocurrency networks.  Other nets use similar technology but have far fewer nodes and often far more concentrated ownership and power.  So thees two are the good cases.  Other networks will be worse.

The general conclusion here is that Nakamoto’s protocol trades off a huge, huge costs in equipment, power consumption, and decision-making efficiency to achieve the supposed benefits of a “decentralized” system.  Yet the resulting networks are actually highly centralized, though in opaque and hidden ways.  I think this is a fundamental flaw in the engineering design, and also in the philosophical underpinnings of Nakamotoan social theory.

I’d love to see similar careful studies of other underpinnings of Nakamotoism, including the supposed properties of “openness”, “trustlessness”, and “transparency”.

A very important study.  Nice work.

  1. Adem Efe Gencer, Soumya Basu, Ittay Eyal, Robbert van Renesse, and Emin Gün Sirer, Decentralization in Bitcoin and Ethereum Networks. arXiv, 2018.
  2. Satoshi Nakamoto, Bitcoin: A Peer-to-Peer Electronic Cash System. 2009.


Cryptocurrency Thursday

Narayanan and Clark on Bitcoin’s academic roots

For an old grey-headed programmer, Bitcoin has always been a bit weird technology.

The big thing, of course, is that it is deliberately designed to be slow. My whole career has been basically about trying to make software go faster, so the computation that has no purpose except to take a long time just feels wrong.  I understand it intellectually, but it’s just not right, deep down.

The other thing about Bitcoin is that all of the pieces are not new, though the specific way they are used is. For example, I was doing peer-to-peer networks (with hash addresses) before the Nakamoto paper [1], so there was no news there.

So what, exactly is new, about Bitcoin?

I was very pleased to read Arvind Narayanan and Jeremy Clark’s recent article reviewing “Bitcoin’s academic pedigree[2].  N&C review the academic papers that present many of the key technical features used in Nakmotoan cryptocurrencies.

[B]y tracing the origins of the ideas in bitcoin, we can zero in on Nakamoto’s true leap of insight—the specific, complex way in which the underlying components are put together.” (p. 38)

They point to six lines of technical innovations from the 1980s and 90s that are critical to Nakmotoan cryptocurrencies:

  1. Linked Timestamping, Verifiable Logs
  2. Digital Cash
  3. Proof of work
  4. Byzantine Fault Tolerance
  5. Public Keys as Identities
  6. Smart Contracts

Figure 1. Chronology of key ideas found in bitcoin. (from [2,, p. 38)
In some cases, Nakamoto acknowledges the academic predecessors, and in others he doesn’t. In part that is because some of the ideas were so widely known that they seem “obvious” and “common knowledge”, even if they were first written about only in the last forty years.  It is also possible that Nakamoto may have reinvented some of the concepts, perhaps inadvertently reverse engineering from example systems know to him, without tracing their origins.

Nakamoto was obviously following up on earlier concepts for digital money, including hashcash, which used a form of proof-of-work using hashing.  N&C note that there was a lot of academic interest in proof-of-work, and several lines of work seem to have independently converged on ideas about using hashing as proof-of-work in peer-to-peer networks. In the last fifteen years, these efforts have been recognized to be the same idea, and the terminology, including the term “proof-of-work” have been standardized.

Nakamoto also uses widely known public key cryptography (PKI) to implement secure but anonymous digital signatures. The use of public keys as identifiers is central to Bitcoin, and Bitcoin is one of the most successful implementations of that concept. However, Nakamoto actually punts the problem of key management, which has certainly led to issues as well as development of alternative cryptocurrencies that deal with keys and identity in different ways.

N&C argue that Nakamoto’s contribution, his “genius”, was “the intricate way in which they fit together” these pieces from academic and practical research. Nakamoto’s system is a triad, with each piece supporting the logical flaw in the other pieces (p. 42).

Secure Ledger Prevents double spending, ensures the currency has value Needs distributed consensus
Distributed consensus (mining) Ensures security of ledger Needs to be incentivized, i.e., by a valuable currency
Valuable Currency Incentivizes the honesty of nodes Needs a secure ledger

This is an extremely useful insight, which explains why it has been so difficult to describe the “one big idea” underlying Bitcoin.  In fact, it is a clever combination of big ideas, glued together in a specific way that works pretty well in practice.

It would be an interesting follow up to this paper to identify the “innovations”, if any, in various alternative and derivative cryptocurrencies. There have been a number of alternatives to the Nakmotoan proof-of-work proposed and explored.  There have been alternatives to the peer-to-peer topology of the consensus network, as well as many different ideas about incentives. In short, there is probably a landscape of contemporary cryptocurrency design, with many neighbors in Bitcoins’s neighborhood.

I would add that there is a social dimension to the Bitcoin story (besides incentives).  Bitcoin succeeded beyond the simple merits of its technology because it hit a particular time and place (the 2009 global crash) and had supremely effective salesman (“Satoshi Nakamoto”, and the legions of enthusiastic Nakamotoans) who told and retold and still tell the story.

This combination of a clever technology built “just right” from existing concepts, arriving at the right moment, announced by a supreme salesman reminds me of NCSA Mosaic.  I remember that when I first saw the Mosaic browser, I immediately knew all the pieces it was built from.  Yet it was a new wrinkle, combining the familiar technologies, “just right”.  It also hit at the right moment (the Internet was exploding) and found a cheerleader in Larry Smarr—one of the greatest sales-beings I have ever encountered.

Bitcoin too succeeded by having a clever combination of technologies (including the strategically critical “leaving out” of key management), a fortunate historical moment, and an able storyteller.  (We can also see parallels in the overheated claims and financial bubbles of the early WWW and Bitcoin.)

This is a great paper, well worth the read.  N&C give us a better idea of the “genius” of Satoshi Nakamoto, and also insight into ongoing technical and social developments.

  1. Satoshi Nakamoto, Bitcoin: A Peer-to-Peer Electronic Cash System. 2009.
  2. Arvind Narayanan and Jeremy Clark, Bitcoin’s academic pedigree. Communications of the ACM, 60 (12):36-45, November 2017.


Cryptocurrency Thursday