Published in 21magazine @ Blocktime: 840’246 | Moscowtime: 13:24 | Reading time: 2.5 Blöcke
Adam Back is one of the best-known cypherpunks and a committed bitcoiner. In this interview, he tells us why he was initially sceptical about Bitcoin, why Satoshi contacted him and why cypherpunks should be interested in Bitcoin.
INTERVIEW: NetDiver | ILLUSTRATIONS: MX12Art
Hi Adam, and thank you for taking the time to join us here at the planB forum. Is it true that you have Swiss roots? Yes, my mother is from Zurich, and my grandfather as well. As a child, we would often visit the Zurich region. We also went to Lugano once, but I have only vague memories of that.
This is your second time as a speaker at this forum. What were the key points and messages of your presentation in 2023? There were several panels this year. Some focused on the topic of Bitcoin ossification. Although there are occasional minor adjustments to the Bitcoin code, all changes must be backward-compatible and require soft forks. These opt-in features typically take about three to five years to implement. It involves many discussions, and the community must agree to the change. Bitcoin is a consensus system where nothing changes until the majority of the community agrees. It only happens if no one opposes it. This is a very strict process regarding developments. Clear, comprehensible arguments are needed; even small issues can be a reason to halt the entire feature. Changing a complex system, even if it’s opt-in, carries potential risks, especially when trillions of dollars in value are stored, and there will be several trillions in the coming years. People are concerned about potential risks. I think the discussion about Bitcoin ossification started partly with Satoshi in the Bitcoin Talk forum in 2009/2010. He described what he did in preparation torelease the initial version of bitcion, and hurried to integrate the script system so that the core code could be frozen and set in stone forever. Developers could implement new features in Bitcoin by using this script system. In practice, it didn’t work as well as Satoshi hoped perhaps because it had some flaws or some features were turned off. With ecosystem consensus, Bitcoin’s functionality has been extended with a dozen or more soft-forked opt-codes and backwards compatible major featuresover the past 15 years since Bitcoin’s existence.
As Bitcoin grows larger with participants like Fidelity or Blackrock managing billions of dollars or governments becoming Bitcoin holders directly or indirectly, the question arises: do ongoing changes to Bitcoin become more dangerous? It will likely become more challenging, but with the concentration of interest groups and funds representing millions of users, does it also become more dangerous? They could become incentivisedto want to change something that most Bitcoiners would not be interested in. We don’t know exactly when this will happen, but the time will come when things could develop in a direction that doesn’t make sense from our perspective. So the question is, could we ossify Bitcoin as it is? I think, as it is currently, it fits some use cases and is financially functional, but it has limitations. Therefore, it is difficult to decide not to change Bitcoin Core at all.
The challenge is to figure out what changes we really need, in the sense of what Satoshi initially meant, to be ossified, to be able to evolve but not have to change anything. There are comparable things like the TCP/IP protocol, the basis of the Internet, which has not been changed for 50 years and still works very well.
Technically, it is possible, but with Bitcoin, it is a bit more complicated. It is especially challenging regarding security. The Internet came completely without security. There are currently some proposals on how we can improve things like Lightning, but there are also some ideas like BIP 300, which would allow another second layer, a so-called „Drivechain,“ but this could potentially bring security issues again. The arguments are that with a Drivechain, you can develop things in a generic second layer.
I think the currently most promising idea for advancing Bitcoin without changing the core code is a Simplicity, a next generation Bitcoin script langage upgrade, which could simplify things. This has been discussed among developers since 2012, and about five years ago, Blockstream hired some developers to design and implement this language. We are now very close to being able to implement it on Liquid (second-layer technology), and as past experience has shown, sometimes the experience of developing and using a feature on Liquid, informs that feature later coming to Bitcoin. Liquid had something similar to Segwit at launch, and had Schnorr Signatures before bitcoin as well. People can see and developers try and learn understand how simplicity works by using it on Liquid once integratedt. Simplicity provides self-extensibility in effect, features and op codes can developed without changing the consensus codeand unilaterally without having to reach consensus first on which of a limited number of op-codes is better. This means individual signing devices or companies can develop things they want for their product in a permissionless programmable way. The process would be permissionless and yet more secure. Simplicity is a bit analogous to „Micro-Code,“ and todays bitcoin op-codes are likeCPU op-codes: very simple instructions like fetching numbers, accessing memory, or writing something to memory. These instructions are not built directly into the hardware; hardware is built at a much lower level, which is reprogrammable partly using form of micro-code in the CPU to change or add new instructions. In terms of Bitcoin, this is an analogty Bitcoin op-codes and CPU op-code differ in some ways, but an analogy is recognizable.
You are the founder and CEO of Blockstream. Can you describe to our readers what it is and what products you develop? I founded Blockstream because I was interested in Bitcoin. I discussed with some Bitcoin developers how to bring more complex things into Bitcoin, such as „Confidential Transactions,“ for example, which creates a form of privacy over the amount of a transaction. As we know, transactions leave traces in the block explorer. With confidential transactions, no one sees how much someone is sending or receiving. Everything is hidden and visible only to those involved in the transaction. Unfortunately, these transactions are more challenging due to cryptography. In 2013, I developed this and thought, let’s do it. I talked to developers but realized that it was a significant change, and it would take some time to implement. So I postponed it because I thought ideally Bitcoin should become more modular so that you can do something like this with an opt-in model or on a second layer. This led me to the idea of a sidechain. You can test all these features in a sidechain and, for example, try different things with significant risks in some sidechains. But I quickly realized that implementing a sidechain was a lot of work. A small team of talented open source engineers could implement a library or the network parts, but you also need a block explorer, hardware and software wallets, and such. So it was clear to me that we needed to set up a startup, raise funds, and hire Core developers, as well as those who develop UI or apps.
Soon after we started Blockstream, the whitepaper for the Lightning protocol was released. Actually, two very similar papers were published at the same time. Christian Decker came up with a similar technology during his PhD research, but he did it in an academic process where external reviewers scrutinized it. A few months later, he found out that something similar was published online. At the same time, developer Rusty Russell was working on another solution to scale Bitcoin, but when the Lightning whitepaper came out, we asked him if he wanted to work with us on it because we thought Lightning was the better solution to scale Bitcoin. He said, why not, and switched from IBM. So we formed a team around Christian and Rusty, which are now part of our Lightning team.
After that, we acquired Green Wallet. It’s a Bitcoin wallet that existed before Blockstream. This wallet had developed some features first, like Multisig, Segwit, and so on. So we knew that with Liquid, we needed not only Core developers but also people who could build user-friendly desktop and/or software wallets. Therefore, we acquired Green Wallet so that we could integrate it with Liquid and Lightning, thus having all three basic layers, sidechain, and Lightning on the same signing device. Now we have Lightning on Bitcoin and on Liquid. In the meantime, we developed a block explorer and encouraged other companies to develop additional explorers, like the Mempool, which is based on our block explorer.
We also just launched the Bitcoin Satellite service, which transmits time-chain data and reduces the costs of operating a full node in emerging markets. In these countries, not everyone can afford the costs of the devices to operate a full node. Our satellite service transmits the data for free, and users only pay a small transaction fee.
We also engage in mining providing miner hosting for customers. For some wealthy individuals but mostly for companies like Fidelity, Galaxy, or BlockFi. We have around 15 customers who own a lot of machines. We also mine a little for ourselves.
Yes, and we are working on „Simplicity,“ which I mentioned earlier, a promising technology.
Which project is particularly close to your heart and why? They are all close to our hearts because we think that anything that makes Bitcoin better makes it robust, scales it, and makes it more usable for more people. So, it’s all about helping Bitcoin. I can’t say I favor one project. For anyone interested in Bitcoin technology, Blockstream is the place to work on it. Some Bitcoin innovations that people know were launched by Blockstream. Segwit, Schnorr, Taproot, or Simplicity in the future – we have an excellent research department. Some of these technologies, like C-Lightning, now also have a large, decentralized developer community, which is nice to see.
Blockstream continues to participate in many projects to further develop the Bitcoin network. It is now a large company financed by investors. What influence do these investors have on strategic decisions and individual projects? When we started Blockstream, there were several Bitcoin developers we wanted to collaborate with. So, when we sought our initial investors, it was clear to us that they must not have any influence on the developers. Consequently, we negotiated with our original investors an agreement formalizing that management must use a “no strings” approach for Bitcoin related development. We were the first company to do this, and today there are many companies who adopted our model of no strings bitcin developer sponsorship and employment for core work. Our investors agreed this was wise because Bitcoin itself is a public good.
Around 2014, fundamentally, no Bitcoin developer was paid by anyone. There was no funding; there were voluntary contributors. So, we also started sponsoring Bitcoin development. Initially, some complained that Blockstream had hired five core developers and now had too much influence. However, over time, the situation has organically evolved, and now there are dozens of companies such as exchanges, mining companies, and affluent individuals who also support developers and adhere to this agreement. There are organizations like Chaincode, Block/Square, or Brink now pursuing similar concepts. Thus, there are several nonprofit organizations supporting between three to eight developers each, which is a useful collaborate on and organize bitcoin research and development. It must not happen that people with such significant influence on Bitcoin’s development work for companies that want to directly influence the core code to sell their products. However, Bitcoin developers should be paid for their work, and not be expected to do all as unpaid volunteers. So, a way had to be found to ensure that individuals working on something as critical as Bitcoin had the resources to focus on Bitcoin and focus on the interests of making the best protocol optimized for the interests of the users. This situation has significantly improved today. In 2014, there were approximately 100 core developers.
What do you consider when choosing investors? We aim to find investors who are familiar with open-source and public internet projects. In the initial round, we talked with Reid Hoffman, who was involved in the nonprofit Mozilla foundation, which develops the opensource firefox browser. So with that background he understood the open source rationale and public good mission, which aligns with our vision, and he was already interested in and thoughtful about Bitcoin.. In the second round, iFinex came in; while it is an exchange, they invest heavily in Bitcoin development and second-layer solutions like Lightning. They were the first exchange to integrate Lightning and invested a substantial amount in Bitcoin for the company. Across our investment rounds we have a diverse set of Investors with many interested in bitcoin and blockchain financial use-cases. Many companies buy Bitcoin but give nothing back. However, stil these companies contribute with their delivery of services to bitcoin users.
What were the reasons that led you to delve into cryptography early on? RSA was something that interested me during my university days. I was already programming on my home computers. I learned Pascal and developed a small cryptography program at that time. Once you entered your password, the program was encrypted and no longer analyzable. It was a kind of „hacker thing.“ The encryption wasn’t really good because I had developed it myself, but it intrigued me. Some people have a mindset that doesn’t let closed doors deter them; they seek a way to overcome the challenge. I have always been one of those people. Security was important to me. In my university, there was a PIN to access a research lab, and I realized it had a logic defect. So, I wrote a program to efficiently bruteforce the PIN by discovering a long master PIN that could unlock any lock of this type, and gain access to other labs. It worked and was fun. Disassembling and analyzing things has always interested me—both cryptography and security, whether physical or electronic, and the logic behind it.
As a Cypherpunk, you advocated for the right to association and the right to confidential communication in the digital space in the ’90s. How do you feel today, seeing that these rights are hardly respected, and Europe even wants to read encrypted messengers? It is regrettable. I grew up in England and lived in different countries. My impression was always that, despite being bureaucratic, Europe acted more proportionally at the judicial level. Law enforcement work for us as civil servants, and so we should not erode people’s rights just to make it less work to catch, 0.1% of people doing bad things. This means that the negative aspects for 99.9% of the population, who do nothing wrong, erode their freedom, costing society more than catching the other 0.1% who do bad things. So, it’s disappointing to see that Europe, in particular, is losing proportionality regarding privacy, freedom rights, and individual sovereignty in the last year. he World Economic Forum (WEF) around Klaus Schwab and some European government representatives are currently advocating for some extremely dystopian things. It seems like they are suffering from envy and seek to copy the example of some Chinese measures like social control, social credit scores, travel restrictions, or total financial surveillance. It is shocking to hear that some governments in Europe and other Western countries also want these or to see how some Western governments are already doing such things. Because they are copying from guys who are technically one or two centuries behind. People died here for these freedoms, our grandparents. It must be tough for them to hear that we are regressing. This is quite unfortunate and I hope there will be a mix where people complain about it but also outright refuse to adopt such technology or simply migrate to jurisdictions that continue to respect individual freedoms. Especially young people should consider taking this step.
What were the Crypto Wars, why were they fought, and who were the opposing parties? The cypherpunks were interested in cryptography, such as PGP and electronic money, with a focus on privacy. In 1985, some academic cryptographers were also interested in privacy protection. When PGP was released, it was easy for people to use. But governments in America or France did not like widespread use of cryptography because they were already collecting massive amounts of data. So, the American government, stemming from the Cold War, categorized cryptography as military technology, an unusual regulation. But they tried to contain the spread of cryptography because the American government was and still is very involved in developing internet protocols. They felt that if this technology spread, American intelligence and spy agenciesnot be able to eavedrop as easily on everyones communications. So, they tried to prevent Phil Zimmerman from publishing cryptographic software by regulatory means. He was surprised when he learned about this obscure regulation. When they contacted him, he initially thought he was to explain encrypted emails to them, but it wasn’t; they wanted to arrest him for publishing „illegal“ software.
The Crypto Wars were an attempt by individuals, privacy and cryptography enthusiasts, and technology companies to lobby for the unfettered freedom to use and distribute cryptographic software. When I saw these legal actions against Zimmerman, I found it quite ridiculous because, as a European, you could develop something and import it into the USA and use it for yourself. So, it was absurd to arrest someone for something that anyone could import and use in the USA. To highlight this absurdity, I developed a tiny size-optimized perl implemetnation of RSA and had them printed on shirts, inserted them into emails, and some people even got the code tattooed. Ultimately, an American law professor asked the State Department if he could export these three lines of code. The answer was no! That was somehow good for us because it was just ridiculous. It was simply impossible for politicians to defend this regulation, especially since companies developing cryptographic products were outsourcing jobs abroad. Companies in Europe or Australia began developing such products, and American companies couldn’t compete. So, I think that was what prompted them to reconsider.
More data from citizens are being collected today than ever before. Is there even a right to privacy and personal data, or is it better to take care of it individually? I think there is a right, but it is not respected, especially by law enforcement agencies. The balance is not right because they should be working for us; they are public servants. I think politicians are currently trying to figure out how far they can go. Snowden’s revelations showed that these activities were more extensive and worse than one could imagine, especially the national security agencies pressuring companies to provide them with information and installing software on the internet to collect various data. That was shocking. Due to these revelations, an American court clarified that these agencies were not allowed to spy on Americans. But it’s not a friendly form of international cooperation. Europe, Switzerland, England, they are all spying on each other, and, England like the others was busy spying on everyone else.
So, yes, we do have a right to privacy, but this right is not worth much when security agencies, phone companies or manufacturers, big tech companies, and other influential corporations do not respect it. They all say you have a right, but then ignore it. The solution is to use tools like Signal or similar cryptographic tools to encrypt personal communication; that’s the main vulnerability.
Why is privacy particularly essential in financial transactions? Because a significant part of our daily life consists of transactions. Financial transactions can be politically motivated when we finance parties, support activists, or small publishers that governments dislike. So, it’s easy to form a picture of someone by controlling their transactions. Therefore, it’s important to use things that protect our transactions. If you had a private conversation before the internet, it remained private. The internet changed this fundamentally.
You were involved in the early development of digital money, even before banks discovered the internet. Why, in your view, was and is free, independent, and private money so important? When the Cypherpunks began developing anonymous remailers, the infrastructure to operate such servers and services was supported by volunteers, but you couldn’t pay for it because all existing payment channels were traceable and monitorable. It was also difficult to receive credit card payments at the time, and also not a good approach for privacy reasons. So, we tried to develop electronic money that was scalable and private in order to integrate it with the privacy networking technology and use the fees users pay to pay for internet connections and servers to scale the infrastructure. But in the physical world, there is also a trend to abolish cash. Some cultures, like Switzerland, may like cash, but in Sweden, they try to phase it out. That’s not good because if you buy everything with a debit card and want to get a book on political theories, especially if it contradicts the prevailing political opinion, they create a dossier on you. A large part of general surveillance is bad for a sovereign society. So, we need this right to financial privacy, especially in a digital society, because most transactions happen there. Whether you want to watch a documentary or buy an eBook, everything happens online.
You are the inventor of Hashcash, a proof-of-work system to protect against email spam. When did you come across it, and how should I imagine its functioning? I ran an anonymous remailer, and people were spamming through it and they would spam to USENET which is a discussion forum network spread over thousands of servers. And that was bad because some providers may start blocking remailer postings if there was too much spam through remailers. Since we didn’t want that, I started thinking about how to prevent spam. Until then, it was done by blocking IP addresses. But that’s not particularly effective. So, I thought about the fundamental factors that enable spam to be so widespread, and my answer was that email costs nothing, it’s very very nearly free. If we had ecash then the emails could charge a fee to send, but we didn’t have ecash yet and it was complicated to design and n one had found a way to do it in a distributed reliable way. So, I tried to simplify the problem by having the sender pay for the email, but the recipient could no longer use that payment—a kind of electronic stamp; you can only use the stamp once.
So, I spent a few days on it and came up with this hash-based solution, Hashcash. The user writes their email, and in the background the software keeps the CPU busy computing hashes to find a digital postage stamp,. How it works is hashes are deterministic, meaning you can use the same input string and change only one letter, and you get a completely different result. The challenge for the sender is o find an input that when hashed produces a lot of zeros at the beginning of the chain. Initially, I had 20 leading zeros in binary, which takes a million attempts on average. Within this hash was also the recipient’s email address, like a personal stamp. This means that if you send the same string to someone else, they know the email is not for them and reject it. I It’s a fully scalable system.
I published hashcash and the software to produce stamps, and hook them into email serves and clients, shortly after the failed attempt by „Digicash,“ which was a centralized but very private electronic money system. People were initially very interested in Digicash and excited to have anonymous bearer electronic cash, but eventually the company failed. After that experience, we analysed the design to think about how to make a more resilient ecash system. The lesson we took was that centralization was the reason for Digicash’s failure. But there are also challenges with decentralized systems. Digicash was intended as a kind of „stablecoin“ with a bank account, but in distributed systems, there are no bank accounts. So, how could value get into this system? That was the big blocker for which we had no solution. When I described Hashcash with its use of CPU work, some people soon said, „oh, this is like digital gold.“ Within a year, there were then some projects with this idea.
This led to projects like Nick Szabo’s, but they were not easy to implement and automate because they required some human collaboration and specialized markets to arise. People spent some years trying to figure out how to control inflation. Hal Finney developed „Reusable Proof of Work,“ which was also based on Hashcash, but it was also centralized. While it required some computational effort, there was some scarcity from the mining cost to obtain coins, but it lacked difficulty adjustment and was therefore also risked being hyper inflationary.
So, people kept trying to solve these challenges, but the leap forward from Finney’s 2004 RPoW was Satoshi Nakamoto’s email and the Bitcoin whitepaper he published in 2008. After spending some time reading about and discussing on mailing lists, people realized that he had solved the remaining ecash problems. In my opinion, the essential factor was that he created a process for difficulty adjustment. His system thus had decentralized control over the number of coins, giving them a mathematically fixed supply curve.
Looking back, this proof-of-work system seems to be the central puzzle piece that eCash was missing because it solves the often-cited Oracle problem. Were you not involved in the eCash project, or did you not see the forest for the trees back then? No, I was one of the people very interested in it. I developed credlib a ibrary implementing the Chaum ecash protocol and also Brands protocol;I was heavily involved in these discussions about how to build a decentralized eCash system.
Some people on the mailing list decided to invest time to read all the old emails when we tried to build something like Bitcoin. It’s very interesting to look at these emails again 15 to 20 years later. As people poked around, trying to find the limitations of such Bitcoin-like systems. In our attempts, we got close but we didn’t quite solve the last few problems enabling an fully decentralised ecash system to work robustly and without human involvement in monetary policy decisions. I was also one of half a dozen people trying for years to figure out how such systems could work.
You were not initially part of this Cypherpunk movement and not the only one on this much-cited mailing list. Have you ever wondered why Satoshi Nakamoto contacted you first from this list in August 2008? As far as I can remember, there were a few thousand people on that list at the time. I can imagine that the reason Satoshi contacted me was that he knew about Hashcash, and he asked me, „what is the correct way to cite hashcash in his paper“ Hashcash was never published in an academic journal. I just published the code and later a PDF paper about it on my website.. Although I had some articles in academic journals, when you publish applied cryptography an ecash systems like hashcash, it’s more interesting to discuss them with applied cryptographers and developers than with academics, the target audience of the formal academic journals
I It seemed that Satoshi didn’t know b-Money and BitGold. Even if you were on the cypherpunks list, you might have overlooked B-money as there was only one page with some text on it, and some emails discussing it. Or perhaps Satoshi wasn’t on the Cypherpunk list because the announcement of Bitcoin was on the Cryptography list but not on the Cypherpunk list. The whitepaper doesn’t give a narrative of the discovery, . it only describes how this and that works. So, it remains a mystery about what he knew and read and the reason for some of Bitcoin’s design decisions.
Satoshi managed to solve the „Byzantine Fault,“ what was the crucial puzzle piece to prevent double spending with digital money, and were you immediately aware that this problem was solved with Bitcoin? My doctoral thesis focused on distributed systems, so I was familiar with the Byzantine Problem. The author of the Byzantine Problem was a computer scientist named Leslie Lamport. He created LaTeX, a publishing software, Lamport Signatures, and more in the field of computer science. He also dealt with adversarial scenarios on computer networs, where you have a large number of computers on the internet, and you can’t trust any clock, no timestamp, no one. Everyone can lie. Yet, you have to coordinate all these computers. It turns out that this is not an easy problem to solve, and there was no elegant solution to this problem. Lamport demonstrated that in such a scenario, at least two-thirds of the participants must be honest. Initially, it was thought that 50% would be enough, but it turned out to be at least 66%.
Lamport proposed a solution to the Byzantine Problem but it required identities, otherwise one individual could pose as 1,000 different personasu. Bitcoin is a decentralized system, so there can be no identities in this system. Thus, Satoshi would have had to find a way to solve the Byzantine Problem in an anonymous, decentralized system. I don’t know how he came up with the solution, but one guess is he may have started from the requirement of identities in BGP and found or rediscovered the idea that was used by some earlier systems that used PoW to “buy” pseudonyms., Ie if you need identities for BGP algorithms to work, and you can’t have them a decentralized system, you need PoW to buy pseudonyms which are then scarce because they are expensive to create. There were similar earlier things, like some of the synonymous mail systems where you had to pay with Hashcash to buy a name. If you transfer that to the Bitcoin model and everyone has an identity that works, that can vote as part of the network. This means that if you have two computers, each with an identity, you have two votes. That’s what Bitcoin does, except it uses one hash per “vote” and skips the identities.
What were your thoughts when you first heard about Satoshi’s project, which was not yet called Bitcoin in 2008? Why didn’t you use or test it from the beginning? My first thought was a kind of mix. He created a decentralized system, and that was the most important insight from DigiCash. Still, to get this decentralized system, he had to give up some security prerequisites. All these centralized systems are very cryptographically secured and have this security standard for digital signatures, but the problem is that you had to trust central servers that kept the private keys. Regarding Bitcoin, people with an academic background especially took some time to accept that this system has no central private keys, and the security margin is essentially an arms race between people who want to steal money and those who want to trade fairly and not steal. It’s a symmetrical battlefield where as public key cryptography has an asymmetric advantage for the defenders: signatures can be continuously attacked, y to crack the private key, and they won’t succeed for thousands of years.
With Bitcoin, ultimately, it’s an economic security model because you get money for mining, and it might be more profitable if you do honest work. If you fail to steal, you lose all your mining energy. So, if you try to defeat this system, you will be likely to lose money.
The other thing that I saw in comparison to systems like DigiCash is they had an extremely high standard of privacy, but Bitcoin did not. It’s pseudonymous, and there is no identity, but anyone who wants can find out a lot from the public broadcast blockchain. I didn’t use bitcoin early on but read a reportHal Finney wrote about his experience from using Bitcoin. From analyzing and reading about bitcoin d I saw that Satoshi improved some things that were blocking problems with previous systems, which was great, but then the next question on peoples mind was whether Bitcoin would be adopted. Will people use it, will it take off and develop a price? So, like many I simply observed and resolved to wait and watch if it would bootstrap over some years
When I realized that it was bootstrapping more rapidly in 2013, I got actively involved and tried to improve privacy.
Bitcoin payments are at best pseudonymous and forever and for everyone visible in the time chain, which is far from perfect for privacy, I can imagine for a cypherpunk. Yes, it’s not ideal. People are developing things on the second layer, performing CoinJoins, and every major Bitcoin Core release also includes privacy improvements. An important step is encrypting connections between two nodes so that people sniffing around the time chain cannot associate transactions with an IP address. Also, Taproot and Schnorr will bring more privacy over time. So, people are interested in better protecting privacy. It’s good that work is being done on it.
Why is public-private key encryption not used for encrypting transactions in Bitcoin? Wouldn’t that be the solution to Bitcoin’s privacy problem? The problem is that you need a full node to verify it. But that’s exactly what „Confidential Transactions“ does; it encrypts transaction amount information in a way that a full node can verify, but you still have the connections between spender and recipient visible on the blockchain, and obscuring these connections is much more difficult. It might be possible, but you end up with twenty to thirty-kilobyte heavy coins, and if you’re not careful, some cryptographic assumptions are less secure than assumptions in Bitcoin.
Some of the Blockstream researchers are working on using a kind of Bulletproof technology that resembles Bitcoin’s security model. We will implement it in a sidechain and may come closer to a solution.
Why is Bitcoin at best pseudonymous but not anonymous? What is the difference, and is it even possible to make Bitcoin as anonymous as cash? I think Bitcoin is pseudonymous because Satoshi knew how to do that, and we still don’t have privacy technology that is secure and efficient enough with the same conservative security assumptions that Bitcoin has. That’s the reason. If we had this technology, I think there would be strong interest in introducing it with a soft fork.
What are the trade-offs of absolute privacy in digital currencies, such as Monero? Monero uses Ring Signatures. This means that when you spend a UTXO, you publish five of them. The side effect of this is that it is not scalable. So, „Confidential Transactions“ is an alternative for various reasons to achieve similar effects but still remain scalable. MimbleWimble uses the Confidential Transaction range-proof to make scriptless cryptographic transactions which have somes scalability advantages
What should a user pay attention to in order to optimally protect their privacy when using Bitcoin? That’s not so easy. The main problem is when you use KYC exchanges. Unfortunately, these exchanges cooperate with analytics companies like Chainalysis, which can make correlations with accounts on different exchanges and create user profiles in the context of on-chain activities. So, it’s easy for them to find out who pays whom, how much. That’s the biggest problem. So, it’s advisable to avoid such platforms and acquire Bitcoin in more p2p ways or through debit card payments not associated with exchanges.
In your opinion, what can and will Schnorr and/or Taproot improve in this regard? It’s another incremental improvement because it reduces fingerprints. Comparable to Multisig or Lightning transactions.
Currently, there is intense debate about BIP 300; what would be the significant changes at the base layer? Would the introduction of either of the mentioned issues solve these problems? I think „Simplicity“ would solve these problems because you wouldn’t need soft forks anymore. People could implement sidechains in an alternative way. I think the idea of sidechains is valuable and interesting because it allows experiments, and it is guaranteed that unintended risks and errors will not affect the Bitcoin chain. Drivechains have some tradeoffs and are a topic of current discussion, along with various other models
Paul Sztorc is trying to push this BIP by arguing that it should only have advantages but no disadvantages. Not very convincing. While Dan Held „finds any speculative investment in Bitcoin“ good, Hodlonaut sees „fundamental changes in the transaction mechanism and significant attack vectors.“ Where do you stand on this issue? In practice, I suspect drivechains would be economically stable and secure in practice. But the possibility of a miner attack, would probably be unsuccessful because it would be stopped by Bitcoin users, but stoppig that attack could associated social costs to coordinate. So, it maybe harder to reach consensus as the security approach involves economic game theory and in the theoretical worst case human reaction.
Which BIP do you currently consider the most promising, and why? I think AnyPrevOut/APO is one of the most promising because it has been discussed for a long time, about as long as Taproot. It would be useful to make Lightning more efficient, and there is not much to debate about it. At the same time, it seems like it could bring some covenant capabilities. Therefore, it seems logical to try this first, to see how well the implementation works, try out some use cases, and then use the most flexible management solution.
There are concerns that Bitcoin’s „Security Model“ could be in danger soon; do you share these concerns? Will fees soon not be enough to adequately protect the Bitcoin network? I’m not too worried about this because the price of Bitcoin will rise faster than the halving will reduce the block reward. Over the past decade, the price has doubled on average every year, and the halving only happens every four years, meaning that the security budget has increased eightfold every four years. So, Bitcoin is much better defended than in previous periods, and there is already significant fee pressure, which grows proportionally to the decreasing rewards.
Last question: Is Bitcoin Cypherpunk? Yes, I think Bitcoin is Cypherpunk. At least, it is based on some ideas of the Cypherpunks and has brought many new people into contact with the ideas and ideologies. But what still surprises me is that many of the early Cypherpunks are sceptical about Bitcoin. One would actually expect them to be very happy about this development. Some of them are older than I am. I was a university student when I joined the maling list during my studies. Phil Zimmermann was about my current age when I was at university. The cryptography list was also full of security professionals related to the Internet Protocol and international companies. This list still exists, and some of these people are still there. In recent years, there have been discussions on the cryptography list that sounded like “Nocoiner” logic, and so I commented on the thread to ask why they did not get Bitcoin, why they were not enthusiastic or did not understand as they had all the prerequisites, they understand the cryptographic and network technology. They know how digital signatures work, understand public key cryptography, understand internet security, understand everything about it, and they hear all this news about Bitcoin and don’t own a Satoshi. Some of them were never really excited about Bitcoin from a Cypherpunk standpoint as this was the cryptography list, another list. However, there are certainly also Cypherpunks who are very active in the bitcoin community, such as Nick Szabo. Phil Zimmermann always placed more value on the privacy aspect but now also attends such conferences. A large part of academic cryptography has not been economically used in the internet or in companies so far. Bitcoin has the potential for mass adoption for all these technologies. So if you are interested in this research area, where a growing industry is interested in innovations in this field, and cryptography is experiencing a renaissance, you should be interested in Bitcoin!
I thank you for this inspiring conversation. Continue to have fun and success in your work on and with Bitcoin.
Article from EINUNDZWANZIG-Magazine, Issue 3: Bitcoin is Cypherpunk.
We have put a lot of energy into the four issues, now we would be delighted if you also discover the value behind the only magazine that is the first magazine in the world to be produced, printed and distributed 100% in the circular economy of Bitcoin.