Skip to main content
Skip to main content
American cryptocurrency exchange Coinbase announced the launch of Kryptology, an encryption library that focuses on building complex encryption technologies.
The Coinbase team stated that it hopes to make Kryptology the standard for a powerful and usable encryption library. The encryption library will provide developers with an audited and easy-to-use API toolbox.
Cryptography is the driving force of cryptographic innovation which can make cryptocurrency no longer a digital code that can be easily copied.
Cryptographers use the zero-knowledge technology in ZCash to create private transactions and ensure that personal data is protected.
The most recent advancement in cryptography is the Boneh-Lynn-Shacham or BLS signature. This signature is used to verify the sender’s information while verifying the transaction, for dual security transactions.
Another advanced algorithm worth mentioning is the Shamir secret sharing or SSS algorithm. SSS refers to the distribution of secret values among multiple participants (called shareholders), and all participants must work together to reconstruct the secret. Therefore, the algorithm is very suitable for storing private keys holding decentralized financial portals or locking large amounts of funds in DeFi, mining pools, and smart contracts.
Skale uses BLS to create summaries to increase scale and reduce on-chain storage, and Mina and ZCash use Halo 2 and the new elliptic curve design Pasta to improve crypto wallets.
Coinbase is also working to put recent encryption technology into production. zkSNARKS and encrypted accumulator, FROST, and threshold signature.
Image source: Shutterstock
On Monday, Coinbase, the fourth-largest cryptocurrency exchange globally by trading volume, announced the creation of a novel cryptographic library, Kryptology, as a compendium of tools for blockchain developers. These include secure, audited, and easy-to-use APIs, as well as a repository of common issues and lessons learned throughout the history of crypto.
Without cryptography, cryptocurrencies such as Bitcoin would be digital lines of code that anyone can copy/paste. It would be easily replicable and falsifiable, leading to significant issues such as currency double-spending. Recent advancements include Boneh–Lynn–Shacham, or BLS, signatures that senders cannot deny the validity of their transactions while ensuring their data is safely stored. Another recent adoption is the Shamir Secret Sharing, or SSS, algorithm. SSS divides a secret value among multiple participants, called shareholders, who must work then together to reconstruct the secret. The setup is ideal for storing private keys holding entrance to decentralized finance, or DeFi, pools, and smart contracts that lock a large sum of money.
Then, there are zero-knowledge proofs, which ensure that encrypted messages can be passed on and validated without revealing underlying personal data, making them ideal for use in complex DeFi applications. Finally, the design of new elliptic curves, such as Pasta could also potentially improve crypto wallets.
One leading area of cryptography innovation is among that of privacy coins, which can enable users to evade tracking by blockchain forensic firms and prevent outside participants from viewing their transaction details. Law enforcement has shunned such technology due to its ability to promote illicit activities.
This is a fun project that will help you understand Bitcoin keys better. You’ll need a pencil, paper, something to generate random output in binary (like a coin) and a computer. The purpose here is to get you doing something which will help you learn a lot, instead of just reading about pure theory. And it’ll be easy enough that you can just jump right in and follow along.
Don’t use this key for your actual bitcoin. Practice with this guide first.
When you make your real key — the one that will hold real bitcoin — you must make it on an air-gapped computer if you use this method. An air-gapped computer must have no capability of connecting to the internet. It’s not enough to just temporarily switch off your wifi connection on a regular computer if you are serious about security; clever hackers exist and can extract your private keys even if you are temporarily disconnected from the internet. At the end I’ll explain what to do next if you want to use this method to make your real keys.
Ok, let’s begin the project…
You can flip a coin 256 times, but it’s better and faster to use dice. You can buy casino-grade dice to ensure fair, random rolls. But it’s also okay to just save money and just use any old dice. Even if your dice are not perfect and have some bias, as long as you use several at a time, you will achieve sufficient randomness.
This is the procedure (one of many ways)…
Like this example:
There are 256 binary digits here — 23 complete sets of 11 digits with the 24th row only needing three digits.
You’ll see later more clearly but, for now, understand that every 11 digits of binary will be translated to a mnemonic seed word. For the total 256 random binary digits, we can divide by 11 to get the number of words in the seed. But the answer to 256 divided by 11 is not a whole number; it’s 23.27. We can’t have 23.27 words in our seed.
We need eight more bits to have enough to make our 24th word. Once we have 264 bits in total, it all divides nicely into 24 sets of 11, yielding a 24-word mnemonic seed. As you’ll see later, these final eight extra bits will have their own important role to play.
A note on randomness:
You can make these 256 bits of random data any way you want, as long as it’s actually random. If it’s not random, someone might be able to reproduce the data. They would then be able to recreate your private key and could take all of your bitcoin. For example, if you make 256 bits of all zeroes (clearly not random), then someone will be able to guess your private key. Here’s proof: I generated a private key from that terrible all-zeroes randomness and found someone’s existing wallet. If it hadn’t already been emptied, I could have stolen the funds.
They clearly knew what they were doing because it was a small amount and they didn’t leave any coins there for long. It might have been a demonstration, who knows. But other people have made non-random private keys that were guessable and as a result lost their bitcoin. But don’t worry, if you make a truly random private key, someone would have to exactly repeat your binary dice rolls or coin flips and, thanks to exponential math, that’s not going to happen during the life of the universe.
These final missing eight digits need to be calculated to form what is called the “checksum.”
What is a checksum? A checksum is how computers know that you’ve made a typo when you enter things like your credit card number or bank account number. It’s a useful thing to have the computer warn you that you’ve made a typo in your Bitcoin private key!
To calculate the checksum you’ll need a Linux or Mac computer. If you have Windows 10, you can install the Ubuntu App (a version of Linux) from the Microsoft Store. Just search “Ubuntu” and install it. You’ll use the Ubuntu terminal to run the commands that follow. The app is a temporary session; no files are stored on the Ubuntu app. This means you’ll get a clean session each time you run it.
Windows users need to do this workaround and it’s a nuisance. I tried other workarounds but met with various issues.
Now that you have a terminal on your Mac, Linux orWindows 10 machine, type the command below. Replace my binary digits with your own random binary digits (note that this should all be one very long line, even though the way it’s displayed here may look otherwise)
echo 1010111100111000000011110110001111010111101001010010001011001111011110100011000010100011111100100010100011110001110101000110011111110000101000110001010111010001010011111110101001010011110110110110000001101111010011000001110101101001000010001000010000100111 | shasum -a 256 -0
It can be hard to interpret that if you’re not used to the command line. I’ll spell it out: type “echo” then a space, then your series of zeros and ones without any spaces, then a space, then the “pipe” symbol (usually below the <delete> key on most keyboards), then a space, then the “shasum” command, a space, hyphen “a”, a space, “256”, a space, another hyphen and then the zero digit. Then hit <enter>.
Explanation of the code: The “echo” command just repeats back whatever you type next. The pipe symbol (“|”) takes that output and passes it to the command to the right of the pipe symbol (it “pipes” the data from left side to the right side!). The recipient of your bit stream is the ”shasum” hashing command. “-a” is an option to specify which algorithm to use. “256” represents SHA-256 — famous in the Bitcoin world — which is our choice for “-a”. Finally, “-0” is an option to say that the input should be interpreted as binary data, not regular text (aka ASCII) data.
When I run this command my resulting hash is displayed under the command. It’s the line that starts with “b184”:
Now we can begin calculating the checksum. We take the first two digits of the hash output, in this case, “b” and “1”. These are hexadecimal numbers. In hexadecimal, instead of displaying digits from 0 to 9, we count up to 15 by using letters of the alphabet to represent numbers greater than nine:
0, 1, 2, 3, 4, 5, 6, 7, 8, 9, a, b, c, d, e, f
Similar to how playing cards count from 1 to 13 using their own substitutions:
Ace, 2, 3, 4, 5, 6, 7, 8, 9, 10, Jack, Queen, King
So in my hash, my first digit, “b”, represents 11. And “1” in hexadecimal is the same as a “1” that we’re used to dealing with.
Now we convert these first two numbers to their four-digit binary representations. You can do this by referring to the chart below:
So we went from b and 1, to 11 and 1, and finally to 1011 and 0001.
These four-digit numbers are the checksum that we’ll add to our bits to complete our 24th word!
Add them to the 24th line to complete the final set of 11 binary digits. You now have 264 digits in total (see how the 24th line is completed in the diagram further down)
Each of the groups of 11 binary digits needs to be converted to a decimal number.
You can enter them into an online binary-to-decimal calculator, but only for this practice wallet. For your real wallet, I’ll show you how to do it manually.
A bit about binary. In a binary number system, there is only 0 and 1. The other digits you know (2,3,4,5,6,7,8,9) don’t exist. So counting upwards we start with 0, then 1, but the next number is unusual. There is no “2” available. So the next biggest number after 1 is “10”. Don’t read it as “ten,” read it as “one, zero.” In binary, “10” represents the “2” you are used to. The next number up after 10 (binary) is “11” (“one, one,” not “eleven”!). That’s equal to “3” in decimal. For the next number “12” is not possible because there is no “2” digit in binary; the next biggest number we can represent with just zeros and ones is “100” (“one, zero, zero”). That’s actually “4” in decimal. Then 101=5, 110=6, 111=7, 1000=8, 1001=9 and so on.
With eleven binary digits, the smallest possible number is zero (00000000000), and the largest is 2047 (11111111111).
We take each of these eleven binary digits on our page (each line) and convert them to decimal. You can do it manually or convert them from the command line in Linux, Mac, or the Ubuntu App.
For the number 10101111001, you’d type:
You’ll get an output of “1401”. Just change the 10101010101 to match each group of eleven digits and calculate its equivalent decimal number.
Doing this conversion solely by hand is harder, but possible.
On the top of the page, write this exact sequence of numbers from right to left, vertically in line with the binary digits below:“1024” above the first column of binary digits. Then “512” over the next column. Then “256”. And on and on, halving the number each time until you end up with “1” above the last (eleventh) column of your binary digits.
Now look at the your first row of binary digits. Wherever there is a “1”, you add the decimal number that’s directly above it and record it below the binary digit. Where there is a “0” you ignore the number above. Like this:
In this example, there’s a “1” under the 1024 column, the 256 column, the 64, the 32, the 16, the 8 and the 1.
Add the decimal numbers to get the total:
Now repeat this process for all 24 rows:
You now will have 24 decimal numbers that range between 0 and 2047.
The BIP 39 protocol (Bitcoin Improvement Proposal number 39) specifies 2048 different words, listed in alphabetical order. When this list is read in by code, each word can be identified by its ordered position in the list. The numbers you just calculated are used to look up their corresponding word. For example, the first row resulted in the number 1401 which equals the word “quality” in the ordered BIP 39 wordlist.
Zero is the smallest possible value you could calculate for a row (from binary 00000000000). In that case you would select “abandon,” the first word on the list.
The largest possible number is 2047 (from 11111111111). The correct word for that would be “zoo,” the last word on the list. This is word number 2047.
There’s one confusing wrinkle to be aware of: computers count items starting at 0. So the fifth item in a list is the computer’s number 4.
This extra confusion is unfortunate. The official specification of the BIP 39 words is on GitHub but the word list is displayed with line numbers that start with one instead of zero. So while “abstract” is the eighth word and is listed on line number 8, its actual BIP 39 numeric equivalent is 7.
My first line of 11 binary digits adds up to 1401 in decimal. So on the list in Github, I have to find the word on line 1402 (1401 + 1). That word is “quality”. Proceed to look up each decimal — taking care to add an extra 1 to your calculated result to match Github’s line numbering — and find the word for each of the 24 lines.
Well done if you’ve made it this far! You now have a valid 24-word Bitcoin mnemonic seed. You should now throw it away — unless you used the fully manual approach, you can’t use these for your bitcoin as they were not created in a safe environment!
Actually, before you do toss them, you could enter the words into a hardware wallet or software wallet and see if they are rejected. If it is rejected, you’ve made an error somewhere, which is very easy to do with this manual approach. If there’s any error anywhere, the checksum will not match and all wallets will signal an error immediately.
You really need to do key generation on an air-gapped computer.
You can learn to build a cheap $10 Raspberry Pi Zero air-gapped computer here, buy one ready-made or if you have extra money you can build a custom desktop computer without any wifi or Bluetooth components. The Raspberry Pi option is very cheap but the computer is very slow, so be warned. It is excellent if you want to have many distributed keys in a multisignature setup.
Heard some FUD about air-gapped computers? See some anti-FUD here in Q&A number 23.
In addition to the safe generation of keys, you have to consider storage and duplication or distribution.
To drastically reduce your risk of attack or loss, the next level up is learning about multisignature wallets — something I teach in my mentorship program.
If you are in the single-signature key phase of storage (most people are), then you really should keep your seed in a hardware device. Most people let the hardware wallet (HWW)make their key and never verify that key on an air-gapped computer. That’s fine for most people. But if you are paranoid, you should verify that the key produces the public key and addresses you expect.
And now that you know how to securely make your own key (the totally manual, offline approach described above), you don’t have to trust the HWW to generate a good key. You first make a new key yourself and then instead of creating a new wallet on the hardware device, you “restore” a wallet instead and enter your newly calculated words into the device. The words are then “locked” in the HWW and protected by your PIN.
The hardware device is thus a digital safe for your private key.
You should never have just one copy of your private key. If you lose it, you will lose any bitcoin stored by the key in there. Technically there are no bitcoin in the device; they are on the blockchain. The hardware wallet, as I said, is a digital safe for your private key which is represented by the words you just made. To understand this a little better, see this article.
The code within the HWW uses mathematical functions to calculate your extended public key from the private key and then many individual public keys are mathematically derived from the extended public key. And then each of those can be used to calculate a collection of seemingly infinite addresses. Everything is downstream from the private key. You can enter your private key in a different device and reliably (mathematically) produce exactly the same collection of public keys and addresses. More details on this here.
The point of saying this is for you to appreciate that it’s as if the bitcoin are stored on the 24 words you created — not the hardware wallet. And you should very, very carefully back up those words and keep them safe from thieves and natural disasters. If you make copies and store them in different locations, then a fire in one location won’t cause you to lose all of your bitcoin because you’ll have a copy somewhere else.
Once you have your keys that you generated on an air-gapped computer and you’ve backed them up very securely, it’s time to think about how to pass them on to your heirs.
There are trusted third parties that can hold your keys or you can develop a plan in a trustless way — my preferred option. I am happy to assist people that need this.
This is a guest post by Arman the Parman. Opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc or Bitcoin Magazine.
The developers of Monero (XMR) recently discovered a bug capable of exposing transactions of its users. Even though the team is working to fix it, they have announced that users’ privacy is at risk as long as the bug remains. The Monero team made this announcement through their official Twitter account.
They called it a “significant bug,” which they claim to have discovered in the crypto’s “decoy selection algorithm” This algorithm is a system that the network uses to hide output transactions within 10 decoys.
The developer who discovered this bug was Justin Berman, a software developer. He noticed that the bug makes it easier for output transactions to become visible as real spend among the 10 decoys. Once the user spends money after a lock time in the first 2 blocks or spends money after receiving money, the transaction will be visible.
Related Reading | American Banks Encouraged To Partner with Cryptocurrency Firms
When Justin discovered the bug, he stated that there is no risk of exposure for addresses and transaction amounts. However, it will enable users to know when a transaction occurs on the crypto. According to the developers’ statements, the bug won’t facilitate the stealing of funds, but it has remained in the wallet code.
Another Monero (XMR) contributor mentioned on Reddit that the Monero bug impacts past transactions. So, Monerao developers recommend that its users should wait for one hour or more after receiving XMR before spending it.
Monero (XMR) follows an uptrend on the daily chart as crypto market floats in the green zone | Source: XMRUSD on TradingView.com
That way, they can protect their privacy pending when there will be a wallet software update to reduce the privacy risks. Also, the developers assured the community that they don’t need to carry out a hard fork or full-scale network upgrade to tackle the bug.
The Monero network joined the industry in 2014. It is a crypto that focuses more on the privacy of its users. Monero’s goal is to provide a system where crypto users can complete private transactions that no one can trace. The network uses unique cryptography to keep transactions 100% unlinkable and untrackable.
The crypto maintains a significant rank in the crypto industry based on its Market Cap and has been the largest amongst privacy-centered digital currencies. At press time, the XRM price stands at $263. This price represents a 4% gain in 24 hours of trading based on TradingView data.
Related Reading | Vitalik Buterin Urges Ethereum To Grow Beyond DApps
Before now, our sources have mentioned that many financial regulators’ eyes are on Monero. These agencies have done several things to break the privacy that characterizes their transactions.
For instance, in 2020, the Internal Revenue Service of the United States announced a $625,000 award for any person who can crack the transactions occurring on Monero and also on Bitcoin’s Lightning Network, another privacy-centric network.
Featured image from Business Insider, chart from TradingView.com
At the height of the 2017 bull run, I came across a sobering post. It went something like this: there was a young man who acquired about 20 bitcoin early on. As the price went from $1,000 to almost $20,000 over the course of 2017, he felt rich beyond his wildest dreams and decided to travel a bit. At one point he was in Mexico in a nice hotel and partied by a rooftop pool. Things got out of hand, then he fell down to the street below and died. The author of this particular post was a friend of the man’s family and wanted to find out if there was any way to access the bitcoin. However, the young man used a passphrase-protected Trezor and hadn’t written the passphrase down anywhere. The bitcoin was thus lost along with the man’s life.
Bitcoin is a bearer instrument, meaning that it’s not sufficient for your survivors to be aware of your stack – they have to be able to access the keys. On the other hand, you don’t necessarily want your family having access to your bitcoin while you’re still alive. So there needs to be some sort of backup plan allowing for access management. Shamir backup allows precisely for this use case.
But before we get to the details of how Shamir backup works, let’s have a brief recap of what seed backups are.
In the humble beginnings of Bitcoin, it was a challenge to do backups properly. Before the invention of deterministic wallets, all the individual private keys had to be backed up, which could be hundreds of keys. Unsurprisingly, many bitcoin were lost due to this clunky backup process. In 2012, Pieter Wuille came up with the clever invention of Hierarchical Deterministic Wallets (HD wallets, standardized by BIP32) that made backups much easier – users now had to secure only one master seed, from which the individual private keys were then generated. A year later, BIP39 standardized the mnemonic seed – a group of words in particular order that fulfill the role of HD wallet backup. With mnemonic seed, backups became much easier, as there is little room for error when writing down ordinary words, as compared to writing down a random string of letters and numbers.
So nowadays you don’t actually back up your private key as such, but rather the recovery seed — usually in the form of 12 or 24 words in particular order. You may lose your phone or break your hardware wallet, but you will still be able to access your bitcoin if you have the recovery seed safely stored away.
Storing the recovery seed safely is the tricky part. We have to protect the seed from the following two risks:
While the risk of theft calls for as few copies as possible — preferably just one at your home — the risk of loss calls for the opposite. Having just one copy of your recovery seed is literally playing with fire. So you need to have several copies in a multitude of physical locations – but you need to be sure these won’t be misused even if found by a stranger. A plain recovery seed based on a single word list cannot meet this criteria.
Shamir’s secret sharing (SSS) is a cryptographic technique formulated in 1979 by the Israeli cryptographer Adi Shamir. The essence of Shamir’s scheme lies in the ability to back up, share and recover a secret through breaking up the secret into multiple shares that are individually useless and leak no information about the secret or the scheme setup.
There are two important parameters relevant to SSS: shares, or how many parts of the secret there are; and threshold, or how many shares we need to combine to recover the secret.
For example, a “3 out of 5 Shamir backup” means that the user created five shares when setting up the scheme and the threshold requirement to access the original secret is three shares. It doesn’t matter which three shares are used to recover the secret.
This means that Alice can back up her seed for example in the following way (assuming the 3 out of 5 Shamir backup):
Of course the individual shares are in an analog form – written by hand on paper or stamped into a sheet of metal (using Cryptosteel, Cryptotag, or other similar solutions). Alice is well aware that she should never write down the shares on an internet-connected computer or keep a digital copy.
With this arrangement in place, Alice doesn’t have to worry about losing access to her bitcoin even if her house burns down, because she can regain access to it by collecting the remaining shares from her friend, her mother and the safe deposit box. She also doesn’t need to worry about theft because no single location meets the necessary threshold to access the coins.
Shamir’s secret sharing is thus a perfect solution to the theft/loss conundrum, as the isolated shares are useless by themselves, and Alice can even lose some of the shares without losing access to her bitcoin.
The original Shamir scheme has been around since 1979, but was only properly standardized for use in seed backups in late 2017. The standard is called SLIP-0039 : Shamir’s Secret-Sharing for Mnemonic Codes and is fully open for anyone to study, share and implement in their products.
Shamir backups based on SLIP-39 are used by Trezor (Model T), Unchained Capital’s Hermit wallet, and others have also started to adopt the standard.
The same qualities that make Shamir backup powerful for everyday security also make it suitable for inheritance planning. When Alice has her recovery shares distributed as outlined above, the only thing she needs to do to ensure succession is to write down clear guidance for her survivors.
Now this may sound easy, but writing down the inheritance guide should be done with proper care. Here are the crucial dos and don’ts:
And of course, if you have some bitcoin on hot wallets, exchange accounts or other services, you should inform your survivors about these too. Ideally, every single satoshi should be accessible by your loved ones in case something happens to you.
But perhaps the most important piece of advice is to put yourself in the shoes of a nocoiner. Because if your whole family isn’t sufficiently orange-pilled, chances are they will make fatal mistakes if they’re confused. So try to be as clear as possible about what you’ve left behind and how to access it safely, without falling prey to scammers, phishing attempts and so on. Consider recommending a trusted bitcoiner friend to help your family out. Be very careful with whom you recommend, but also know that if you don’t recommend anyone to your family, they may reach out to strangers on the internet. And even if your friend won’t prove himself as trustworthy as you thought, your family will have legal recourse against a known person, which wouldn’t be the case if they were scammed by a stranger.
Not everyone is a fan of Shamir backups. Some time ago, Jameson Lopp (Casa) wrote an analysis of the supposed Shamir shortcomings and recommended multisig optionsinstead. Lopp’s analysis is fair and should be addressed here.
First of all, it’s true the previous attempts at Shamir’s scheme for use in seed backups were sloppy, as Lopp pointed out. It’s a different matter with SLIP39, though. The standard was written in late 2017, but implemented in the Trezor wallet only in the summer of 2019. No vulnerability has been found in the two years before the first real-world implementation, neither in the two years following. And there is none, as the math behind the SLIP39 is simply correct. If it wasn’t, a vulnerability would have been found years ago.
Furthermore, Shamir backups and multisigs solve a slightly different use case. Shamir backups solve the problem of protecting the recovery seed. Multisigs offer enhanced security when transacting. The two can actually be combined: you can have a multisig scheme, where the recovery seed of each individual wallet is protected via Shamir backups.
Both multisig and Shamir backups rely on the physical remoteness of the elements (signing parties or Shamir shares) for their security. Setting up and using both plans is thus time consuming.
For Shamir, this isn’t such a problem, as you usually need to deal with your seed only when setting up your wallet and later on when performing a recovery (which can be years down the road).
For multisig schemes, users are faced with a practical coordination problem, as you depend on active, ongoing participation of physically remote parties whenever you need to sign transactions — which can be several times a month if not more often. While this is doable for formal organizations like hedge funds or corporations, it’s quite unworkable for individuals — unless they pay a third party who offers such service as their business.
The coordination problem can be mitigated by choosing a multisig setup where users hold the necessary threshold (e.g. 2-of-5) in their own home. Such a setup is more practical than the one where all the keys are physically distributed, but eliminates one of the advantages of multisigs – the inability to transact under duress. But to be fair, Shamir by itself also doesn’t protect against physical attack scenarios such as home intrusion, if the user has her Trezor set up and immediately available.
Multisigs still have many pitfalls when it comes to transaction verification and backing up the whole setup. These will hopefully be resolved with widely accepted industry standards in the future, but until that happens, they aren’t really usable for ordinary, non-technical hodlers. Shamir backups are usable and practical today.
Shamir backups are effective at preventing both theft and loss. They are also a smart way to pass bitcoin on for inheritance. In addition to creating the Shamir backup itself, inheritance planning requires clear written instructions for survivors. Shamir can be used in a multisig or on its own and is a practical solution to increase the level of security without the need for multiple wallets.
This is a guest post by Josef Tětek. Opinions expressed are entirely their own and do not necessarily reflect those of BTC, Inc. or Bitcoin Magazine.
The Wall Street Analyst’s Intro to Bitcoin:
In October of 2008, amidst a global recession resulting in government bailouts of the banking system, a white paper was released under the pseudonym Satoshi Nakamoto titled Bitcoin: A Peer-to-Peer Electronic Cash System. The paper summarized a confluence of technologies that, when combined, created the first successful form of digital money. These technologies were the product of 4 decades of attempts and failures to create digital money — below is a list of about 100 failed attempts:
PayPal is on that list — their original idea was cryptographic payments on hand-held devices. They were not able to execute on this idea, and survived by pivoting away from it. Many of the projects in the above table have a similar story of attempting to make something like bitcoin but coming up short. In hindsight we realize that their fundamental problem was that they tried to be a company in the first place. However, with each failure knowledge was gained, and the world came one step closer to digital money.
Many attempts to create digital money were spawned by the cypherpunk movement which originated in the 1990s along with the growth of the internet. Cypherpunks believed the internet would become a government surveillance apparatus unless defensive technologies were created.
Before governments implemented national firewalls, before social media websites were selling our personal data, before the NSA’s PRISM program,l and before big tech was systematically censoring political movements, the cypherpunks were at work anticipating this new world. They were able to anticipate it because of their uncommon intersection of various kinds of knowledge — including cryptography, computer science, Austrian economics and libertarianism.
Cryptography enables digital encryption, which removes the power of sovereign influence over the internet. However, an autonomous form of digital money is also required to have an economy free from government control. Digital money enables an encrypted online economy to freely transfer value and thus to freely organize in the digital world.
Here is a summary of the major events that ultimately lead to the creation of Bitcoin:
To recap, digital signatures create a verifiable method of confirming an identity digitally without disclosing it. This digital signature, when incorporated in a blockchain data structure, creates a temporally linked, immutable record of data. These technologies could be used to counteract problems native to digital money. However, the supply of that digital money needed to be scarce, and this problem was solved using computationally intensive puzzles (via hash functions) to regulate supply.
However, none of these advancements had found a way to resolve disagreement between nodes on the recorded ledger. Bitcoin resolved these final challenges. This may not make complete sense yet, but it will, so if you are confused please keep reading.
Bitcoin utilized digital signatures, the blockchain data structure and computational puzzles to successfully create, for the first time in history, decentralized digital money.
Satoshi says he or she started coding Bitcoin around May 2007 and registered www.bitcoin.org in May 2008. In October 2008 he released the Bitcoin white paper and code. The Bitcoin network was up and running by the start of 2009. The first transaction was sent to Hal Finney and a community of cypherpunks began encouraging the use of bitcoin for peer-to-peer transactions.
The foresight of the cypherpunks is astonishing, and what they did took courage. Much of their quest to invent internet money was inspired by economists rooted in the Austrian school.
In 1984, Nobel laureate economist Friedrich Hayek stated:
“I don’t believe we shall ever have a good money again before we take the thing out of the hands of government, that is, we can’t take it violently out of the hands of government, all we can do is by some sly roundabout way introduce something that they can’t stop.”
In 1999 Nobel laureate economist Milton Friedman stated:
“I think that the Internet is going to be one of the major forces for reducing the role of government. The one thing that’s missing, but that will soon be developed, is a reliable e-cash, a method whereby on the Internet you can transfer funds from A to B, without A knowing B or B knowing A.”
In 2008 this vision began its journey toward reality. Satoshi created decentralized digital money while standing on the shoulders of giants.
What bitcoin does is a separate question from why it is valuable. What makes bitcoin valuable is the network of people who have decided to use it. To understand why these people have decided to use it you need to understand how it works. This can be challenging, as Bitcoin’s technology is a confluence of technical concepts unfamiliar to most people.
The Bitcoin protocol allows you to send scarce money to anyone in the world. This ability sounds simple, but it is powerful. Call your bank right now and ask them to wire a significant amount of money to somebody in another country for you. Enjoy spending the next week trying to make that happen and subsequently getting tracked by the government. The ability to move large amounts of value within minutes over a digital network does not exist anywhere else.
You might ask, what about Paypal or Venmo or Cash App?
These are all trusted third parties, and trusting third parties has consequences.
Let’s append “trustless” to my last statement: the ability to move large amounts of value within minutes over a trustless digital network is incredibly powerful. It is trustless because you don’t have to trust a third party. This is possible because it is a decentralized network which has no third party intermediaries and thus nobody can control it; more on this later.
In April 2020, $1.1 billion in bitcoin was moved in a transaction for a cost of 68 cents, and it was done in a matter of minutes. This was done cheaply and efficiently without the transactors having to play by anybody’s rules, tell a third party who they are, trust anyone with their information or give anyone control over it. No other payment system in the world can move that amount of value, for that price, in that amount of time, without oversight from a third party.
To understand how this is possible we need to get technical. I will keep this high level — you can check out my book for a more in-depth explanation .
Bitcoin uses hash functions (also called hashes) in a variety of ways throughout the protocol. In the simplest sense it allows us to produce one-way calculations — a calculation where if A*B=C you can only find A or B if you know them (e.g., if you have A and C you cannot divide them to find B).
In Bitcoin, your public key is C, A is your private key, and B is known by everybody.
One-way calculations work because they are dependent upon an unsolvable mathematical problem called the discrete log problem. In short, if you use finite field math over a field of an unfathomably large prime number then dividing for the solution is practically impossible. Much of modern cryptography rests on this unsolvable problem. If it is solved, most of our cryptographic systems will crumble. Computers could theoretically become fast enough to guess solutions through iteration (e.g., through quantum computing). However, this is very unlikely. To give you some perspective on this, the prime number used by bitcoin is 2256~ or 1077 digits long. The estimated number of atoms in the universe is 1080. A trillion computers doing a trillion computations every trillionth of a second for a trillion years is still less than 1056 computations.1
Hash functions and digital signatures are used to create the basis of Bitcoin. They enable the creation of Bitcoin addresses. An address is where people can send and receive bitcoin to and a digital signature allows you to publicly prove you know the private key that unlocks your address without revealing it. To do this, Bitcoin uses the Elliptic Curve Digital Signature Algorithm (ECDSA) and below is a description of how this all ties together.
At a high level here is how the ECDSA works:
In Bitcoin every transaction has an input and output. When you send bitcoin the input is how much is at your address, and the output is the amount you are sending to another address.
Assume Kanye West sends one bitcoin to Mike Tyson:
Bitcoin exists at addresses, which are potential inputs and outputs for any transaction to come. Bitcoin participants maintain a list of all bitcoin in existence at each address called unspent transaction outputs (UTXOs). This list is what network participants reference to confirm that Kanye had the one bitcoin he sent to Mike. After the transaction, Kanye’s address decreased by one bitcoin and Mike’s address increased by one bitcoin. Mike now has one bitcoin to spend which can be verified from the updated list of UTXOs.
Bitcoin allows people to create transactions and if the transactions pass verification from other nodes they are aggregated into blocks. These blocks are linked together to form a blockchain. The blockchain is used as a ledger that cannot be changed.
Each block has a block header that includes information for easy verification of blocks between nodes.
This data structure links everything together which allows computers to quickly verify that the history of the Bitcoin ledger is consistent between one another.
So, all transactions are linked within blocks through a tree structure and the previous block hash links all blocks together forming a blockchain. Below you can see a block header that includes all the fields shown above as well as the size of the block and all the transactions in it.
Any change in a previous block will be instantaneously reflected in the current block because the previous block hash would change. This structure was implemented to quickly allow participants to understand that they are both working off the same history of bitcoin transactions. This is basically a method of version control that protects against bad actors. A full explanation of this requires an understanding of the Bitcoin network, covered in the next essay.
Lastly, it is important to understand the memory pool. There is a period between the creation of a transaction and its ultimate recording in the blockchain. During this period, a transaction is held by every participant who has heard of it in their respective memory pool. This is like a waiting room where it sits until a miner has solved the computational puzzle that publishes the transactions to the blockchain. The memory pool can vary for each network participant. The memory pool of the miner who ultimately found the next block is the one that will be inserted in the block chain; any transactions that were sent but not included by this miner will simply have to wait to be included in the next block.
We now understand the structure of the blockchain. This summary of the blockchain is incomplete without understanding the Bitcoin network. How does everyone hear about transactions? Does everyone agree on the same transactions? If not, how is consensus achieved among thousands of different participants when multiple versions of the blockchain are being referenced? The next essay will explain.
Eric Yakes came from the private equity industry and is a CFA charterholder turned bitcoin pleb and author of The 7th Property: Bitcoin and the Monetary Revolution – a comprehensive/technical resource on money, banking and bitcoin. He is passionate about enabling the Bitcoin ecosystem through financial services — if you have similar interests send him a DM @ericyakes.
This is a guest post by Eric Yakes. Opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc or Bitcoin Magazine.
I’m going to talk about the security behind Bitcoin addresses and keys, called Public Key Cryptography. This includes SHA256, Random Number Generators(RNGs), Hash Functions, and Elliptic Curve Digital Signatures (ECDSA.) If you have questions beyond this, please feel free to DM me. I am a mathematician by training, and I have a deep love for it. If you find that you have a new interest in cryptography as a hobby, there are many people who create cryptographic algorithms for fun, and their community can be helpful for your journey.
I promise that you only need some basic algebra for this, as well as a simple understanding of exponential functions. If you are familiar with modular arithmetic, that’s wonderful. If not,no biggie.
Cryptography has been around for thousands of years, and currently has a very robust community of professionals and hobbyists alike. The technology has come an extremely long way, and its current iterations allow for the online security which we hardly have to think about.
Let’s start with the concept of Public Key Cryptography, specifically within the context of Bitcoin. On the most basic level, PKC involves your private keys, and the public keys generated from them. PKC utilizes what are called “trapdoor functions” which are easy to solve (easy to generate a public key from a private key), but almost impossible to reverse engineer (find a private key given a public key.) This is due to the usage of modular arithmetic, exponential functions, and very large prime numbers.
Your bitcoin private keys are probably words, but they can also be a very large number. To be specific, when we begin the encryption, your private keys will be converted to a large number or binary string (series of ones and zeros) regardless of what its initial form was. How neat! This is why people sometimes say your private keys “represent a very, very large number” and is the reason for its security. While this is technically true in a deterministic/algorithmic sense, it’s not necessarily obvious why.
Private key generation is another interesting facet. Hardware and custodial wallets do this for you, and they may or may not tell you precisely how they go about it (open-source vs closed-source software.) This is definitely worth considering when choosing a wallet. The other option is to create your own from scratch. You can roll a good die, flip a coin or use some other similar method. There are also online random number generators which have been tested and graded by the professional cryptography community. RNGs frequently use the current time as their generator to create a small initial difference which, after enough iterations, makes a totally unique number. Choose an online RNG at your own risk. Even if the RNG itself is good, there may be malware on the site. The more you know!
So we have our secret words. Let’s see what happens next.
This is a very simple form of our trapdoor function. “G to the a mod n” represents our final public key (mod is short for modular arithmetic, which restricts our answer to a certain limit of numbers, as opposed to every single natural number). But, even if you know G and n, there’s no easy way for you to find a, which represents your private key. Calculating G to the mod n is relatively easy, but there’s no going backwards, thanks to the Discrete Log Problem. N is generally a large prime number because they are unfactorable by definition. Also, If relative complexities of functions/problems interest you, feel free to look into Algorithm Time Complexity.
Let’s go a little deeper, and look at it graphically for a more concrete understanding.
The red line is our curve, and is the specific one used by Bitcoin’s ECDSA. G is the point we start at, our “generator,” if you will. Then, we are going to “add” G to itself (although it isn’t addition in the usual sense – those crazy mathematicians love to redefine things. Don’t even get me started on topology!). In this case, adding it means we are going to take the tangent line of this point. Wherever that tangent line intersects the curve will be our next point. We will again take the tangent, and find a new point. In practice (on a computer) this is being done many thousands, or even millions, of times. The end result is that even if you know where I started, you don’t know how many times I “added” G to itself in order to get to the final point. How many times we performed the addition is your private key (your private number). Again, this is easy to check given a potential answer, but almost impossible to “brute force.” Voila!
So we have our first deterministic (one input gives you one answer) scrambling of information, but it’s not in a great format (right now, it’s just an ordered pair (x,y). We now have a public key, derived from a private one. Let’s scramble that information again and transform it.
We do this via SHA 256, which stands for Secure Hashing Algorithm. A Hashing Algorithm is a specific set of steps one applies to information, which results in an encrypted dataset of fixed length, regardless of the length of the input.
Yes, this family of algorithms was developed by the United States National Security Agency (NSA), but don’t let that worry you. The beauty of applied science — including mathematics, is that discovery and knowledge stand independent of who developed it. This is why we have proofs. If a proof is “sound,” then it stands on its own two feet, and cannot be “hacked” or worked around. The SHA2 family is public knowledge. You can go online and look at the code, and if you like use SHA256 yourself to encrypt some things. You’ll find that a very small change in input will have a dramatic output on the answer. Chaos Theory is beautiful. But anyhow.
As many people secure billions of dollars with SHA256, they have also spent a lot of money testing it to ensure its security. People frequently bring up quantum computing as a potential way to break this encryption. However, were quantum computing to become feasible, there is a lot more money to be stolen by hacking the top five major banks in the world. I’m sure Bitcoin is far down the list since, once it was hacked, its value would probably decrease dramatically. All that being said, if SHA256 becomes less secure in the future, we can always upgrade Bitcoin’s encryption methods. Programmable money!
SHA256 is similar to ECDSA in that it’s easy to check an answer, but very difficult to brute force — trying every answer until you find the right one. SHA256 is so named because it creates a string of 256 bits — a series of 256 zeros and ones. This makes for an absurdly high number of possible combinations, more than the number of atoms in the observable universe.
We are going to use a different hash again in order to get a smaller output, which makes for a shorter final address. This hash function is called RIPEMD-160. Once we have this result, we are going to convert it into what’s called Base58, which is just a form that’s more readable for humans.It omits both the number zero (0) and the uppercase letter O (o), so that they aren’t mistaken for each other, as well as omitting the uppercase letter I (i), so that it isn’t mistaken for the number one (1) or the lower case letter l (L) It omits both the number zero (0) and the uppercase letter O (o), so that they aren’t mistaken for each other, as well as omitting the uppercase letter I (i), so that it isn’t mistaken for the number one (1) or the lower case letter l (L).
And now we have a public address which is provably (in a formal, mathematical sense) created from a unique private address. Even if all seven billion people in the world create a new bitcoin public key every day for a thousand years, there are so many possibilities that the likelihood of creating the same one twice is almost zero.
All of this is quite the process, creating and verifying keys, hence our ten minute average block time. Ten minutes for mathematically-guaranteed final settlement is worth everything.
This is a guest post by Nameless. Opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc. or Bitcoin Magazine.
“Running Bitcoin” is a sculpture in commemoration of Hal Finney — celebrating his 65th birthday and his contributions to Bitcoin. It will be up for auction beginning today, May 4, 2021, Hal’s birthday, and 50% of the sale will be donated to ALS Association Golden Golden West Chapter. I am the artist, Marcus Connor, best known for being the original creator of the “Bitcoin Roller Coaster Guy.”
Hal Finney was one of the very first people to run Bitcoin. He wrote, “When Satoshi announced the first release of the software, I grabbed it right away. I think I was the first person besides Satoshi to run bitcoin.” We know that Hal was doing this also due to his now-famous tweet which simply states, “Running bitcoin.” This sculpture was directly inspired by that tweet.
When Bitcoin was first released in early 2009, Hal was in great shape and was running quite a bit. Hal wrote, “I’d lost a lot of weight and taken up distance running.” He had run half marathons and was looking forward to running a full marathon. Unfortunately, later that same year, he was diagnosed with ALS and his running days were quickly coming to a close. On September 5, 2009, Hal ran his last race — the Disney Half Marathon in Anaheim, California. He ran that race with his wife Fran. Hal wore the number 415 in his final race and that number is carried on in this sculpture.
On January 11, 2009, Satoshi Nakamoto (the creator of Bitcoin) made the first person-to-person bitcoin transaction — he sent 10 bitcoins to Hal Finney as a test. Luckily, the transaction worked, and people have been sending bitcoins all over the world ever since. That first transaction is forever saved on the blockchain, and the first eight characters of that transaction hash (f4184fc5) are incorporated into this sculpture. Those eight characters also share the digits four, one and five with Hal’s race number.
In 2004, Hal created the first reusable proof-of-work system (RPOW). RPOW used Hashcash, which is a proof-of-work algorithm developed by Adam Back in 1997. Prior to RPOW, proofs of work were not reusable — RPOW allowed for sequential reuse to pass on a token. Hal’s RPOW also allowed users from anywhere to verify a token’s validity and correctness. This work paved the way for Bitcoin.
Here is a progress video from the build.
The Bitcoin body of the sculpture is cut and hand-carved from Basswood. The wood was oiled first and then painted with oil paints that were cut with more oil to allow the wood grain to be seen. The body measures approximately five inches tall. The sign in his hand was made with the same process as the body. The limbs of the piece are made from steel and painted. All metal joints were soldered with silver. The base is a piece of a New Hampshire maple tree that is partially carved and oiled. The base was chosen for its unique natural curves and interesting beauty.
Overall approximate dimensions are 11″ tall × 15″ long × 7″ deep (28 × 38 × 18 cm).
On August 5, 2009, Hal Finney was diagnosed with ALS — a progressive degenerative disease. People with ALS also lose involuntary muscle function. The usual cause of death is respiratory failure because the lungs cease to function. There is currently no cure for ALS. Hal died from ALS five years after his diagnosis. Half of the sale price from this art auction will go to The ALS Association Golden West Chapter.
The “About” section of the ALS Association Golden West Chapter states, “The Golden West Chapter supports people living with ALS, and their loved ones, in 31 counties throughout California and the state of Hawaii. Everything they do advances the search for effective treatments and cures for ALS.”
If you would like to donate bitcoin in memory of Hal Finney and to advance the search for effective treatments and cures for ALS, please visit HalsPalsFightALS.org.
As long as Bitcoin is running, it carries the flag of financial freedom for Hal.
This is a guest post by Marcus Connor. Opinions expressed are entirely their own and do not necessarily reflect those of BTC, Inc. or Bitcoin Magazine.