What I learned from the inventor of Bitcoin

The post originally appeared on Medium and we republished with permission from its author, Ryan X. Charles.

  1. Introduction

The inventor of Bitcoin is an Australian-British polymath genius who obsessively studied and got degrees in every subject matter related to digital cash for more than ten years leading up to the genesis of Bitcoin and for more than ten years after its genesis leading to more patent applications, and soon-to-be more patents, than anyone in history, including Thomas Edison. His name is Dr. Craig S. Wright. I call him Craig, like most people who know him personally.

When I discovered Bitcoin on May 13, 2011, it seemed like it had the potential to be the foundation of a new industry, like the internet in the 1990s, and I thought I had a chance to get in on the ground floor and create success for myself. So I began an initiative to study Bitcoin and create businesses on top of it. My initiatives would result in what is today Money Button, a simple payment system based on Bitcoin.

I met Craig for the first time in early 2017 when my former cofounder, Clemens Ley, independently discovered the Turing completeness of Bitcoin and cold emailed Craig’s company, nChain, with his proof. It was common knowledge at the time, albeit wrongly, that Bitcoin was not Turing complete. But it is. Craig was the first to say so publicly in this panel with Nick Szabo, although no one believed him. Two years after that panel, nChain was intrigued by Clemens’ work, so we arranged a meeting with Craig in London.

After more than a day talking with Craig, it was clear that he was an exceptionally knowledgeable person. He talks at a very high level. Most people find it difficult to follow what he says. It is as though he speaks at the level of a university lecture during everyday discourse. But more than that, he speaks at a university level across five or more disciplines simultaneously, so it is actually higher information density than most university lectures. Even well-educated people usually can’t follow most of what he says.

A lot of dramatic events occurred in the industry from then until now, but I will spare you the details. What matters is that a selection process occurred whereby nearly the entire industry demonstrated a disinterest in the original idea of Bitcoin. Worse, as best I can tell, almost no one even understands it at all. Few people even seem to realize how interdisciplinary the theory of Bitcoin is, much less attempt to master the material. Most people who think they understand it seem to understand at best a hundredth or so, and at worst they willfully misunderstand it. As such, we have started to refer to the “cryptocurrency industry” as distinct from the Bitcoin industry. Their industry has essentially nothing to do with the original idea for Bitcoin.

It has become obvious to some of us involved that we need to substantially ramp up the knowledge and understanding of Bitcoin. I’m not even sure if anyone else besides Craig actually has a complete understanding of it. Certainly I don’t. Craig reached out to me earlier this year and wanted to know if I would like to learn “the other 99% of Bitcoin.” This seemed like a once-in-a-lifetime opportunity to learn from what must surely be one of the most knowledgeable people in the world, so I said yes.

I inquired whether Craig would like to turn our discussions into a public video series. This would be a way to hit two birds with one stone — I could learn directly from Craig, and also help Craig reach a larger audience of students who can also learn from the same material. Craig agreed. So we created the Theory of Bitcoin interview series, a twenty hour-long discussion where I asked Craig questions that span the sixteen or so different disciplines that one must know about to master Bitcoin. The reason why we made it twenty hours is because that is about the length of an audio book, and as such it should have as much information as a book or so, while still being short enough to be something any full-time individual involved in the industry out to be able to watch all the way through.

The series is divided into an introduction, six interviews on theoretical subject matter, one on the history of Bitcoin, one on the future of Bitcoin, and a conclusion. In this essay I summarize the interviews.

  1. Networks

Craig created Bitcoin because digital cash needed to exist to solve the security problem of the internet. The security problem of the internet is in essence that it was not designed with security in mind at the start, and instead the security was added post-facto and was done in a way that has multiple central points of failure. This is worse than a single point of failure. It actually has multiple different points such that if any one were compromised, it ruins the security of everything on the internet not just now, but for all history, present, and future, and it would be a giant catastrophe. In fact, this actually happened already. See the Diginotar hack. The internet is not secure.

The internet is a mesh network. Part of the solution of Bitcoin is to create a different type of network. The logo of this series demonstrates what an 8-node small world network looks like. That is essentially what the nodes of Bitcoin look like. There are a small number of them and they are incentivized to connect to all the other ones so that when they find a block, all the other nodes get it right away.

Bitcoin has multiple networks. The nodes (“miners”) are the central core of a series of overlay networks layered on top of one another like an onion. The simplest way to understand the layer on top are SPV nodes (Simplified Payment Verification, as defined in the original whitepaper) that send and receive transactions to each other but who do not send and receive transactions that do not belong to them.

We should distinguish between theory and reality. In theory, the miner nodes are a complete graph (every node connects to every other node), and the SPV nodes are a mesh network on top. In practice, the miner nodes do not necessarily all connect to each other, but approximately so. Thus, we say the miner nodes form a “near-complete graph.” And SPV nodes do not even really exist yet — long story. My company is collaborating with a number of others to create standardized SPV wallets that satisfy the definition in the whitepaper, which is necessary for the security of Bitcoin (the block headers must be public and widely distributed, which is the security service of SPV nodes).

The most important theory behind the Bitcoin network was established by Watts and Strogatz in 1998. The internet was a remarkable invention for the 1960s and 1970s, but these new advances in networking theory, as well as advances in hardware (fast and ubiquitous fiber connections), makes better networks feasible. Bitcoin is the next generation of networks. It can be cleaved to the internet to improve security and could ultimately replace the TCP layer of the internet as a more secure alternative.

  1. Introduction to Law

Craig studied many different subjects to invent Bitcoin, including a degree in law, which he finished in 2008, shortly before the whitepaper was published. He was driven both by the pursuit of knowledge itself as well as to learn all relevant subject matter around Bitcoin to make sure he properly solved the problem of digital cash. He has more than seventeen university degrees and he continues to pursue more degrees to this day.

Digital cash has failed many times. Craig was involved with Mark Twain Bank in the 1990s, which attempted to use DigiCash, the company created by David Chaum, the pioneer of digital cash. David Chaum created the first description of digital cash in this paper from 1982, and he pursued the project obsessively for decades before ultimately failing. A problem with David Chaum’s approach and nearly all other approaches to digital cash is an interest in creating purely anonymous money. The problem with this is somewhat obvious in that it facilitates crime, and becomes impossible to comply with the law. Thus, a proper solution to digital cash needs to be legal and it needs to be possible for banks or other companies that use it to comply with all regulations. Craig knew the law was central, so he studied it specifically to make sure this would not be an issue for Bitcoin.

Craig helped me understand some basics of law before diving into the specifics of Bitcoin. The most important foundational legal concept is that of the Rule or Law, which is the idea that there is such a thing as a law determined by society that applies equally to everyone. No one is above the law. We are all equal under the law.

  1. Legal Aspects of Bitcoin

Bitcoin is a way to bring law to the internet. It enables us to use law both to enforce contracts as well as to identify and prosecute criminals. This is a central and important idea, so I will say it again: Not only is Bitcoin not a way to get rid of governments, it is exactly the opposite. Bitcoin is specifically designed to allow governments to enforce both civil law and criminal law on the internet, opening up the possibility to use law on the internet in ways that are not possible, or very difficult, without it. Bitcoin is a legal innovation.

Let’s consider both cases. To enforce contracts, all relevant contracts can be written and signed and hashed to the blockchain irreversibly, making it possible to take flawless and comprehensive evidence to court when needed. An example of this is the purchase of digital content. The purchase can declare constraints on the digital content that the purchaser must comply with, and if the purchaser commits fraud (such as by improperly relicensing the content), the data on the blockchain can be used to provide what contracts were signed and in what order in a court of law, making it enforceability of contracts much more efficient.

The same is true for criminal law. By using Bitcoin not just for payments but also for contracts (hashed, and thus secure, on-chain), crime can be discovered and proved. In some cases, fraud can be discovered automatically, such as by using Bitcoin to pay taxes, where audits can be performed by using blockchain data, making audits by tax authorities vastly more efficient. Bitcoin will help governments collects taxes, and it will help businesses pay them. Everyone wins by improving efficiency. Even the worst crimes are disincentivized when Bitcoin is used because everything is tracked. Bitcoin encourages honesty through transparency.

Money is central to law and contracts, and as such there is a body of law and regulations where it is important that Bitcoin is both legal and where the businesses and individuals who use it have the ability to comply. An incomplete list of those issues are as follows:

  • Bitcoin was created legally. There is no law in Australia against the creation of money.
  • Nodes form a settlement layer and are not money transmitters.
  • Bitcoin is not a security in the sense of the Howie test, although it is a security in a more broad sense which includes essentially any financial asset.
  • Bitcoin is fungible in a legal sense, but because each token can be tracked, it is not anonymous and businesses or individuals who do not comply with financial regulations can be liable for returning lost or stolen funds.
  • The blockchain doesn’t transfer your token — you do.
  • Because the protocol is fixed, the nodes do not form a partnership. (By contrast, on alternate networks where a central organization does change the rules, and that organization does not have a corporation, the individuals (usually developers) can be held liable on those alternatives.)
  • Bitcoin transactions can be but are not necessarily legal signatures. If the signer sees the contract in full and then signs, then the transaction can be a signature in the legal sense.

Law is complex and dependent on particular countries, so this list ought to be used only as a reference for the types of law relevant to Bitcoin and is not authoritative in any way.

In conclusion, not only is Bitcoin legal, but because everything is traceable, it makes it possible to use the law in both civil court and criminal court. Bitcoin is key to what makes Bitcoin secure. The law can always be used as a last recourse.

  1. Script, Computation, and Turing Completeness

A Bitcoin transaction has multiple inputs and multiple outputs. Each input links to an earlier output. Both the inputs and outputs have a “script” inside, which is really a predicate, or a statement that evaluates true or false. In Bitcoin, the predicate can also evaluate to any value. In other words, the script can return a value so long as that value is not zero (a zero return value invalidates the transaction, so they are never found on the blockchain). The outputs of a Bitcoin transaction output thus not just money (Bitcoin) but also information (the return value of the script). Same with the inputs: they input both money and information.

The predicate language of Bitcoin is simply called Script, and it is based on Forth, a stack-based programming language used for embedded hardware and other highly specific cases such as the F18 fighter jet console. Forth is extremely fast, but cumbersome to use, because it lacks many features of modern programming languages, such as a heap. Nonetheless, the simplicity, speed, and verifiability of Forth make it appropriate for the base-layer language of Bitcoin. Higher-level languages can be compiled down to it.

A computer or programming language is Turing complete if it can compute any number that can be computed. Forth is Turing complete. Script is Turing complete. Bitcoin is Turing complete. This is not difficult to understand, but it was widely missed by nearly everyone involved in the industry until Craig started telling everyone. Entire cryptocurrencies such as Ethereum were invented to make a Turing complete version of Bitcoin, but they are founded on a basic misunderstanding. Bitcoin is already Turing complete and so making a new Turing complete version of it doesn’t actually improve anything.

The notion of “Turing complete” originates ultimately from a paper by Alan Turing in 1936 on computable numbers. Alan Turing was a genius and was sometimes misunderstood. His invention modeled a computer as a machine with a head and a tape of any size. He was very often misunderstood to mean the tape had to be infinite. But of course, as Turing knew, and as any practical person knows, there is no such thing as an infinite tape in reality, and so any such model would necessarily be useless for modeling real computers. Turing’s original paper does not require the tape to be infinite.

Note that because Bitcoin has two stacks, the second stack allows us to map Script to a 2-PDA (2-Stack Push Down Automata), which is known to be Turing complete.

There are three different ways Bitcoin is Turing complete:

  1. Loops can be unrolled in Script using nested conditionals. This makes Bitcoin a “Total Turing Machine” by some definitions and is not strictly Turing complete because the Script can be infinite, but by that definition there is no computer that is Turing complete, so we ignore that useless definition.
  2. Payment channels can be used to loop in a second layer above Bitcoin where the output value is put back into the input, and we are limited only to the maximum size of the sequence number in the number of iterations.
  3. A second layer above Bitcoin can be used to propagate data from on-chain transaction to on-chain transaction.

The halting problem is the idea that some programs running on a Turing Machine can loop forever, and there is no way to know whether a program will loop for ever without running it. Total Turing Machines, such as Bitcoin, are Turing Machines that always halt, and thus cannot have infinite loops, and thus every program can be known to halt, and the halting problem is elegantly avoided. The halting problem is moved to the compiler rather than the computer.

Note that there is no real-world computer that can loop infinitely. It will run out of memory for the iterator. Insofar it is computing a value that anyone cares about, the human operator will eventually hit “control + c” to end execution of the program thus making it halt. There is never and can never be a program that never halts in reality. Thus, Bitcoin has the same type of Turing completeness as any real-world computer. If your script halts too early, unroll the loops to a larger number of iterations and try again.

Another point to consider is that the nodes don’t necessarily run everything. This is a part of the elegant economic design of Bitcoin. The nodes are the core, not everything. Machines in the outer layers can compute things and put the data on chain. The second and third ways in which Bitcoin is Turing complete rely on this mechanism.

  1. Economics, Information, Religion, Work, and Goggins

Bitcoin is an economic system. One of the themes of Craig’s work going back to his computer security days in the 1990s is the idea that computer security is always economic. The goal of computer security isn’t to make it impossible to compromise a system, but rather to make the cost of compromising a machine higher than the benefit. Many computer criminals are hyper-rational and do not account for morality at all in their actions and care only about profit. If it is not profitable to compromise a system, they will not bother to do so. Bitcoin is a solution to digital cash that can be used to make costs and profits explicit for use in securing computer systems. Furthermore, Bitcoin itself operates on this principle internally. It is more costly than profitable to rewrite history. This is the sense in which Bitcoin is an economic system.

A basic concept in economics is that specialization is good for everyone. If I am good at hashing, and you are good at producing Merkle proofs, it is better than we swap services rather than that we each do both hashing and Merkle proofs. This results in greater total productivity and we each win. Bitcoin is not designed for everyone to do everything. Rather, it is designed for each entity to do what they are best at and trade. This is true to separate large scale services such as nodes and wallets, and also true to separate services inside nodes or other entities.

  1. Computer Security, Game Theory, and Personal Responsibility

Bitcoin is secured by economics and law. The digital signatures, hash functions, and Proof-of-Work are not full scope of the security mechanisms of Bitcoin. Cryptographic algorithms make attacks more costly than profitable. Furthermore, in case crime occurs, the traceability of Bitcoin enables the use of law to recover funds. Note that both of these concepts are quite different than what is currently the popular opinion about how Bitcoin is secured, and so they deserve some elaboration.

Bitcoin is not secured by cryptography: First of all, Bitcoin does not use “cryptography” in the sense of encryption. What Bitcoin uses is cryptographic hash functions and the elliptic curve digital signature algorithm (ECDSA). We call these “cryptographic algorithms,” but not “cryptography.” The distinction matters because it is commonly thought that Bitcoin is “encrypted,” but this is not the case. Nothing in Bitcoin is encrypted. Secondly, cryptographic algorithms do not make it impossible to compromise a system. A private key can be cracked with a sufficiently large computer. The exponential growth of computational speed should continue for quite some time. It would be possible to crack keys for an exceptionally large cost today, but it is a near-certainty that they can be cracked for a reasonable cost in a couple of hundred years. It is possible to crack cryptographic algorithms. Furthermore, the transactions are in plaintext and could be altered at will. Thus, clearly cryptography is not the reason why they are secure.

Bitcoin is secured by economics: Cryptographic algorithms are used to tune the cost of attacking the system. Hash functions are costly, but not impossible, to invert. Digital signatures are costly, but not impossible, to invert. Bitcoin is an economic system and the security is always and everywhere adjusted such that the cost of attacking the system is higher than the profit for doing so. Rational agents will not attack Bitcoin. That does not mean that it cannot be compromised in other ways. It is possible for irrational actors to attack Bitcoin, but they will likely run out of money in the process. The plaintext transactions are not simply altered to give money to someone else because the benefits from doing so are lower than the costs.

Proof-of-Work is a deanonymization mechanism, not a security mechanism: Proof-of-work with an adjustable difficulty-adjustment algorithm (DAA) is used to keep the block time approximately ten minutes. While this is the average time, some blocks happen quicker and some blocks happen slower than ten minutes. It is random. It is important for nodes to get their block to the other nodes as quickly as possible so that they build the next block on it. It thus becomes possible to triangulate nodes, because to do anything to anonymize the origin such as distribute the block globally before passing it to other nodes decreases the probably of winning the block. Thus, Proof-of-Work deanonymizes nodes. This encourages nodes to be professional, regulated businesses.

Bitcoin is secured by law: A common misconception about Bitcoin is that it is intended to enable anarchy. This is not the case. The law is critical to be able to recover funds in the event of fraud or theft. Because all Bitcoin can be traced, and all businesses are encouraged to be legal and compliant due to the transparency of the blockchain, the law can be used through criminal courts to recover stolen Bitcoin or other digital assets on Bitcoin. This is very important, so it bears repeating. The law is necessary to recover stolen Bitcoin. Bitcoin is not anti-law. The traceability of Bitcoin is what enables the use of law to recover stolen Bitcoin. Bitcoin is pro-law. Bitcoin is a legal innovation that enables the use of law in the case of digital cash and other digital assets.

  1. The History of Bitcoin

David Chaum was the first person to sketch out a plan for digital cash in the early 1980s. I asked Craig if this was the origin of Bitcoin, and his answer was “not really,” due to the difference in philosophy between them. Chaum was more aligned with the cypherpunk movement which desires anonymous cash, but Bitcoin was explicitly designed not to be anonymous. Bitcoin is private in that the identity of the users are not actually put on the blockchain, but because everything is tracked, identity is always provable. In Craig’s opinion, the primary reason DigiCash failed (Chaum’s company) was due to the attachment to anonymity.

Starting around the late 1990s and early 2000s, Craig started working on what would become Bitcoin obsessively. He would ultimately get more than seventeen degrees in subject matter related to Bitcoin. He failed many times before the design of Bitcoin was completed and the software launched. The solution was ultimately something that required satisfying constraints across many disciplines, including most especially computer science, economics, and law.

Roughly speaking, the constraints are explained as follows:

  • Computer science: Bitcoin needs to technically function, needs to be sufficiently flexible to allow markets to solve as many problems as possible, and it needs to scale globally.
  • Economics: The incentives of Bitcoin need to be designed to encourage people to maintain and grow the network.
  • Law: Bitcoin needs to be legal, it needs to have all the technology to enable users and businesses to comply with any relevant laws and regulations, and furthermore, it needs to enable the use of law on the internet for an information market.

This is not a complete list of subject matter, but a high level flavor of the types of problems that had to be solved and how they span many subjects. Craig solved all of the problems by studying the subjects himself.

Bitcoin was finished and launched in January of 2009. From then until now, the story in a nutshell is that many people got involved who misunderstood Bitcoin (many of them willfully) to think that Bitcoin was about anarchy and crime. This was not and is not the case. As Bitcoin popularity increased, Craig rejected the spotlight, to his later chagrin, and allowed the misunderstanding to grow. This brings us to the present time, where Craig, myself, and others are doing what we can to rectify the situation with misunderstanding by educating ourselves and others about the full scope of the theoretical background for Bitcoin.

  1. The Future of Bitcoin

The future of Bitcoin is an economy with no more than 2016 nodes (because that is how many nodes can actually find a block in a given DAA interval), and where businesses solve all other problems in specialized ways. In other words, it is an economy that will grow.

It will never be the case that everyone runs a node, or that everyone is equal in any other way. Nodes will be businesses like infrastructure in every other industry. Bitcoin will be plumbing for the world economy. Most people will not know when they are using Bitcoin, but it will be underneath most commercial activity.

Computers will be more secure, transparency in corporations and governments will increase, crime will be easier to prosecute, and many costs will be saved with increased efficiency that spans every industry.

Throughout the series, Craig and I spent a lot of time discussing classical liberalism. Craig’s idea, which I share, is to increase appreciation of classical liberalism through education, and to encourage the development of society over time to enhance individual responsibility.

  1. Conclusion

We are improving the educational situation around Bitcoin, and the world at large, by acting responsibly. We pursue lifelong education and entrepreneurship ourselves and show people what we are doing. A growing ecosystem of responsible people help. Together we lift the world.

To watch previous episodes of the Theory of Bitcoin, check the Theory of Bitcoin YouTube playlist here.

New to blockchain? Check out CoinGeek’s Blockchain for Beginners section, the ultimate resource guide to learn more about blockchain technology.