Bitcoin’s predictable issuance. Source .
When Nakamoto was mining bitcoin in early 2009, the subsidy was 50 bitcoin. The subsidy dropped to 25 in 2012, 12.5 in 2016, and 6.25 in April 2020. As of late 2021, nearly 19 million bitcoin have been mined, and by 2035, 99% of all bitcoin will be distributed.
The remainder will be distributed over the following century, as a lingering incentive to miners, who over time must shift to making their profit from transaction fees instead of the ever-shrinking subsidy.
Even in 2009, Nakamoto, Finney, and others speculated that Bitcoin’s unique “hard-capped” monetary policy with a limit of 21 million total coins could make the currency extremely valuable if it one day took off.
In addition to the innovative monetary policy, Back thought the so-called “difficulty algorithm” was also a significant scientific breakthrough. This trick addressed a concern Back had originally had for Hashcash, where users with faster computers could overwhelm the system. In Bitcoin, Nakamoto prevented this from happening by programming the network to reset the difficulty required to successfully mine a block every two weeks, based on how long mining the last two weeks took.
If the market crashed, or some catastrophic event happened (for example, when the Chinese Communist Party kicked half the world’s Bitcoin miners offline in May 2021), and the total global amount of energy spent mining Bitcoin (the “hash rate”) went down, it would take longer than normal to mine blocks.
However, with the difficulty algorithm, the network would shortly compensate, and make mining easier. Conversely, if the global hash rate went up, perhaps if a more efficient piece of equipment were invented, and miners found blocks too quickly, the difficulty algorithm would shortly compensate. This seemingly-simple feature gave Bitcoin resilience and has helped it survive massive seasonal mining turmoil, precipitous price crashes, and regulatory threats. Today, Bitcoin’s mining infrastructure is more decentralized than ever.
These innovations made Back think that Bitcoin could potentially succeed where other digital currency attempts had failed. However, one glaring problem remained: Bitcoin was not very private.
VIII. Bitcoin’s Privacy Problem
For the cypherpunks, privacy was a key goal. Previous iterations of e-cash, like the one produced by DigiCash, had even made the tradeoff of achieving privacy by sacrificing decentralization. There could be immense privacy in these systems, but users had to trust the mint and were at risk of censorship and devaluation.
In creating an alternative to the mint, Nakamoto was forced to rely on an open ledger system, where anyone could publicly view all transactions. It was the only way to ensure auditability, but it sacrificed privacy. Back says that he still thinks this was the right engineering decision.
There had been more work done in the area of private digital currencies since DigiCash. In 1999, security researchers published a paper called “Auditable Anonymous Electronic Cash,” around the idea of using zero-knowledge proofs. More than a decade later, the “Zerocoin” paper was published as an optimization of this concept. But to try to achieve perfect privacy, these systems made tradeoffs.
The math required for these anonymous transactions was so complicated that it made each transaction very large and each spend very time-consuming. One reason Bitcoin works so well today is that the average transaction is just a couple of hundred bytes. Anyone can cheaply run a full node at home and keep track of Bitcoin’s history and incoming transactions, keeping power over the system in the hands of users. The system does not rely on a few supercomputers. Rather, regular computers can store the Bitcoin blockchain and transmit transaction data at low cost because data use is kept to a minimum.
If Nakamoto had used a Zerocoin-type model, each transaction would have been more than 100 kilobytes, the ledger would have grown huge, and only a handful of people with specialized datacenter equipment could have run a full node, introducing the possibility for collusion, censorship, or even a small group of people deciding to increase the monetary supply beyond 21 million. As the Bitcoin community mantra asserts, “don’t trust, verify.”
Back said that he is, in retrospect, glad that he did not mention the 1999 paper to Nakamoto in his emails. Creating decentralized digital cash was the most crucial part: privacy, he thought, could be programmed in later.
By 2013, Back decided Bitcoin had demonstrated enough stability to be the foundation for digital cash. He realized he could take some of his applied cryptography experience and help make it more private. Around this time, Back started spending 12 hours a day reading about Bitcoin. He said that he lost track of time, barely ate, and barely slept. He was obsessed.
That year, Back suggested a few key ideas to the Bitcoin developer community on channels like IRC and Bitcointalk. One was changing the type of digital signature that Bitcoin uses from ECDSA to Schnorr. Nakamoto did not use Schnorr in the original design, despite the fact that it offered better flexibility and privacy for users, because it had a patent on it. But that patent had expired.
Today, Back’s suggestion is being implemented, as Schnorr signatures are being added to the Bitcoin network next month as part of the Taproot upgrade. Once Taproot is activated and used at scale, most types of wallets and transactions will look the same to observers (including governments), helping to fight the surveillance machine.
IV. Confidential Transactions
Back’s biggest vision for Bitcoin was something called Confidential Transactions. Currently, a user exposes the amount of bitcoin they send with each transaction. This enables auditability of the system — everyone at home running the Bitcoin software can ensure that there are only a certain number of coins — but it also enables surveillance to happen on the blockchain.
If a government can pair a Bitcoin address with a real-world identity, they can follow the funds. Confidential Transactions (CT) would hide the transaction amount, making surveillance much more difficult or perhaps even impossible when used in conjunction with CoinJoin techniques.
In 2013, Back talked to a handful of core developers — the “Bitcoin Wizards,” as he calls them — and realized it would be extremely difficult to implement CT, as the community understandably prioritized security and audibility over privacy.
Back also realized that Bitcoin was not very modular — meaning one could not experiment with CT inside the system — so he helped come up with the idea of a new kind of experimental testbed for Bitcoin technology, so that he could test out ideas like CT without harming the network.
Back quickly realized that this would be a lot of work. He would have to build software libraries, integrate wallets, get compatibility with exchanges, and create a user-friendly interface. Back raised a $21 million seed round in Silicon Valley to try to build a company to make it all happen.
With seed funding in hand, Back teamed up with noted Bitcoin Core developer Greg Maxwell and investor Austin Hill and launched Blockstream , which is today one of the world’s biggest Bitcoin companies. Back remains CEO, and pursues projects like Blockstream Satellite, which enables Bitcoin users around the world to use the network without needing internet access.
In 2015, Back and Maxwell released a version of the Bitcoin “testnet” they had envisioned and called it Elements. They proceeded to enable CT on this sidechain — now called Liquid — where today hundreds of millions of dollars are settled privately.
Bitcoin users fought what is known as the “Blocksize War ” against big miners and corporations between 2015 and 2017 to keep the blocksize reasonably limited (it did increase to a new theoretical maximum of 4 megabytes) and keep power in the hands of individuals, so any plan to significantly increase the size of blocks in the future could be met with stiff resistance.
Back still thinks it is possible to optimize the code and get CT transactions small enough to implement in Bitcoin. It is still several years away, at best, from being added, but Back continues on his quest.
For now, Bitcoin users can improve their privacy through techniques like CoinJoin, CoinSwap, and by using second-layer technology like the Lightning Network or sidechains like Mercury or Liquid.
In particular, Lightning — another area where Back’s team at Blockstream invests heavily through work on c-lightning — helps users spend bitcoin more cheaply, quickly, and privately. Through innovations like this, Bitcoin serves as censorship-resistant and debasement-proof savings tech for tens of millions of people around the world, and is becoming more friendly for daily transactions.
In the near future, Bitcoin could very well fulfill the cypherpunk vision of teleportable digital cash, with all of the privacy aspects of cash and all of the store-of-value ability of gold. This could prove one of the most important missions of the coming century, as governments experiment with and begin to introduce central bank digital currencies (CBDCs).
CBDCs aim to replace paper money with electronic credits that can be easily surveilled, confiscated, auto-taxed, and debased via negative interest rates. They pave the way for social engineering, pinpoint censorship and deplatforming, and expiration dates on money.
But if the vision for Bitcoin’s digital cash can be fully achieved, then in Nakamoto’s words , “we can win a major battle in the arms race and gain a new territory of freedom for several years.”
This is the cypherpunk dream, and Adam Back is focused on making it happen.
This is a guest post by Alex Gladstein. Opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc or Bitcoin Magazine.