Eight years ago, the last post widely acknowledged to come from the creator of Bitcoin, Satoshi Nakamoto, was published. Bitcointalk is the forum Nakamoto launched to promote BTC´s adoption, and there he engaged in numerous conversations with those interested into his/her/their invention. Here Chepicap collected his most relevant interactions.
On zero-knowledge-proofs and privacy
Privacy coins are still much of a trend these days, but the likes of Monero, Dash, Zcash or DeepOnion were already in the imaginary shared in posts on Bitcointalk. On the 10th of August 2010, a user opened a thread called 'Not a suggestion', where he shared his concerns about the publicity of the history of transactions, and asked whether it would be possible to keep this type of information private.
Satoshi Nakamoto was quick to reply to the post, expressing his interest in the type of implementation suggested by the user, but also admitting to be uncertain on how to apply a zero-knowledge proof to Bitcoin. This type of method can be used by a party to prove to a second one that it knows a certain value, without revealing any information other than the value.
Read more: Satoshi Nakamoto's last message was today, 8 years ago. What did Satoshi say?
This is a very interesting topic. If a solution was found, a much better, easier, more convenient implementation of Bitcoin would be possible.
Originally, a coin can be just a chain of signatures. With a timestamp service, the old ones could be dropped eventually before there's too much backtrace fan-out, or coins could be kept individually or in denominations. It's the need to check for the absence of double-spends that requires global knowledge of all transactions.
The challenge is, how do you prove that no other spends exist? It seems a node must know about all transactions to be able to verify that. If it only knows the hash of the in/outpoints, it can't check the signatures to see if an outpoint has been spent before. Do you have any ideas on this?
It's hard to think of how to apply zero-knowledge-proofs in this case.
We're trying to prove the absence of something, which seems to require knowing about all and checking that the something isn't included.
After exchanging ideas with Satoshi Nakamoto and others for about 25 posts, the OP closed the thread admitting that he was eventually convinced of the Bitcointalk founder’s postulates:
It turns out that Satoshi was correct. You either need publicly validated transactions OR you need to save the entire transaction history so the receiver can validate a private transaction. The reason eluded me at first, so it is not stated yet in the thread. In private transactions, if you send the money to yourself you will own both sides of the verification. As such, you can increase the values to be anything you want. Nobody else is watching. If you throw away the history no one will know. You can now pass on your inflated money to anyone. FAIL.
Satoshi being straightforward
Another post on Bitcointalk that is important for Satoshi’s participation, is one on a thread from July 2010 titled ‘Scalability and transaction rate, where a user asks if a bottle neck could take place when the network grows. A few different Bitcointalk members tried to break it down, but he was still on denial, believing that bit-banks were required in the network to guarantee trust.
Click on the image for larger size
The current system where every user is a network node is not the intended configuration for large scale. That would be like every Usenet user runs their own NNTP server. The design supports letting users just be users. The more burden it is to run a node, the fewer nodes there will be. Those few nodes will be big server farms. The rest will be client nodes that only do transactions and don't generate.
Quote from: bytemaster on July 28, 2010, 08:59:42 PM
Besides, 10 minutes is too long to verify that payment is good. It needs to be as fast as swiping a credit card is today.
See the snack machine thread, I outline how a payment processor could verify payments well enough, actually really well (much lower fraud rate than credit cards), in something like 10 seconds or less.
Satoshi then intervened, with quite some directness towards the insistent user: 'If you don't believe me or don't get it, I don't have time to try to convince you, sorry'.
The final reply from the OP couldn’t concede any more than this: 'I fully believe you and came to conclusion (sic) you did'.
Read more: The 'comebacks' of Satoshi Nakamoto since the day of his last message
On transaction fees and the future of Bitcoin
Nakamoto was trying to solve the doubts of a user who posted in Bitcointalk on February 2010 trying to understand why his latest block reward was higher than the usual 50 BTC. Satoshi explained how fees worked, but perhaps unnoticing, he gave a dichotomist view of the future:
Click on the image for larger size
Right. Otherwise we couldn't have a finite limit of 21 million coins, because there would always need to be some minimum reward for generating. In a few decades when the reward gets too small, the transaction fee will become the main compensation for nodes. I'm sure that in 20 years there will either be very large transaction volume or no volume.
Apparently, Bitcoin miners would need transaction volumes to increase strongly, in order to be able to afford processing once the limit of 21 million coins was reached. And this would lead to only two possible scenarios: either mass adoption, or catching up dust.
On server farms and nodes
Satoshi appeared to be really certain that Bitcoin would scale up to the point where server farms would be required to run the network profitably. It might seem obvious these days, but it should be reminded that the initial block difficulty enabled mining using just a laptop’s CPU. That was the case when somebody questioned Bitcointalk about the scalability of the system, putting into doubt its impracticality due to replication. The picturing of future scenarios lead Satoshi to prophesize the possible role of Bitcoin farmers.
Click on the image for larger size
The design outlines a lightweight client that does not need the full block chain. In the design PDF it's called Simplified Payment Verification. The lightweight client can send and receive transactions, it just can't generate blocks. It does not need to trust a node to verify payments, it can still verify them itself.
The lightweight client is not implemented yet, but the plan is to implement it when it's needed. For now, everyone just runs a full network node.
I anticipate there will never be more than 100K nodes, probably less. It will reach an equilibrium where it's not worth it for more nodes to join in. The rest will be lightweight clients, which could be millions.
At equilibrium size, many nodes will be server farms with one or two network nodes that feed the rest of the farm over a LAN.
On a different occasion, replying to another Bitcointalk user who was trying to determine why his transaction was taking forever, Nakamoto stated as well his vision of server farms running nodes.
How long is the initial block download typically taking? Does it slow down half way through or is about the same speed the whole way?
I've thought about ways to do a more cursory check of most of the chain up to the last few thousand blocks. It is possible, but it's a lot of work, and there are a lot of other higher priority things to work on.
Simplified Payment Verification is for lightweight client-only users who only do transactions and don't generate and don't participate in the node network. They wouldn't need to download blocks, just the hash chain, which is currently about 2MB and very quick to verify (less than a second to verify the whole chain). If the network becomes very large, like over 100,000 nodes, this is what we'll use to allow common users to do transactions without being full blown nodes. At that stage, most users should start running client-only software and only the specialist server farms keep running full network nodes, kind of like how the usenet network has consolidated.
SPV is not implemented yet, and won't be implemented until far in the future, but all the current implementation is designed around supporting it.
In the meantime, sites like vekja.net and www.mybitcoin.com have been experimenting with account-based sites. You create an account on a website and hold your bitcoins on account there and transfer in and out. Creating an account on a website is a lot easier than installing and learning to use software, and a more familiar way of doing it for most people. The only disadvantage is that you have to trust the site, but that's fine for pocket change amounts for micropayments and misc expenses. It's an easy way to get started and if you get larger amounts then you can upgrade to the actual bitcoin software.
As it later became evident, Satoshi had been able to envision a successful network taking in mind developments which were years down the road.
VIDEO: 'Satoshi Nakamoto accepted my friend request'