by David Gerard
They used mostly digital evidence in this trial. Whether or not you believe their evidence … it significantly lowers the standard of evidence at trials. Digital material can be created out of nothing. It doesn’t take much imagination to see how this is a threat to us all.
If only the prosecutors had had to hand some sort of cryptographically robust ledger of all transactions, widely distributed, with thousands of verifiable copies available.
Ulbricht’s January 2016 appeal was primarily on the basis that the investigation included corrupt law enforcement agents, therefore all the evidence should be thrown out as tainted. This is not an inherently unreasonable basis for an appeal, but, well, log.txt.124 The appeal was rejected in May 2017, the appeal judges upholding in particular the life sentence without parole on the basis that “Ulbricht was prepared, like other drug kingpins, to protect his profits by paying large sums of money to have individuals who threatened his enterprise murdered”.125
Silk Road imitators sprang up soon after it started, and many more after it went down. Atlantis ran from March to September 2013. Project Black Flag closed when the Silk Road was busted, stealing all its users’ bitcoins. Sheep Marketplace ran from March to December 2013, closing when a vendor apparently stole $100 million in users’ bitcoins, though it may have been an exit scam.126 Silk Road 2.0 started in November 2013, lost bitcoins to the transaction malleability bug, was crippled by arrests, and the operator was finally arrested in November 2014. One undercover federal agent from The Silk Road had been invited to the administrator group of Silk Road 2.0 on its very first day of operation.127
Chapter 5: How Bitcoin mining centralised
The firetrap era
Bitcoin promised that anyone could mine bitcoins themselves – you could make magical Internet money out of nothing (but electricity and hardware). The mining difficulty is adjusted automatically every 14 days to keep the block rate at about one every ten minutes, and in the early days the difficulty was very low indeed.
Mining works by calculating one specific function over and over, as absolutely fast as possible. As far back as 2009, people had realised that graphics cards would be much more efficient128 – a graphics processing unit (GPU) is designed to run simple calculations very fast to compute video game pixels, and the same sort of processing was able to compute Bitcoin hashes eight hundred times as fast as a general CPU. By 2010, this had become the normal mining method. These were consumer graphics cards, so mining was still accessible to anyone with a few hundred dollars, and it was quite feasible to come out ahead while the price was on the upward slope of the first bubble. (Particularly if you stole the electricity, a popular strategy.)
The sort of thing home Bitcoin miners proudly photographed to show everyone back in the day. Source: Killhamster, Buttcoin Foundation; original source unknown.
There are many hilarious and horrifying stories from these days. The now defunct Bitcoin Mining Accidents blog featured home miners’ proud photos of their hideously bodged firetrap mining rigs.129 This famous tale was posted in June 2011:
I’m done with Bitcoin. It was easy money, but it wasn’t worth the (literal) heat.
>had 4 machines with multiple overclocked 5850s in my bedroom
>fan speeds at 100%
>room was warm, but tolerable
>weather suddenly gets hotter one day
>get severe heat stroke while I’m sleeping
>get taken to the ER, get covered in bags of ice and drink tons of gatorade and water
>finally cool down after what seemed like forever
>find out I have minor permanent brain damage now because my brain was hot and swelled a lot
I wish I was joking.130
Further efficiency was possible. In late 2012, Butterfly Labs released mining hardware using a field-programmable gate array (FPGA), a silicon chip that you can program the circuit of. This was five times as efficient (in hashes per kilowatt-hour) as the graphics cards of the time. This was the start of industrial Bitcoin mining, and the decline of end-user mining.
Bitcoin mining was fully industrialised in 2013 with application-specific integrated circuits (ASICs). These were pretty much the FPGAs but manufactured as custom silicon chips, and were much more efficient again. The largest bitcoin miners now sponsor the development of new ASICs for their own use – since 2013, you can’t compete without designing your own mining chips.
You can buy ASIC mining rigs – in May 2017, the Bitmain AntMiner S9 was $1161 for 13.5 terahash/sec at 1323 watts131 – but they will rapidly become obsolete, and you are unlikely to be able to turn a profit unless you have very cheap or free electricity.
(I know one person who mined at home through to 2014, keeping a close eye on electricity and hardware costs, and stopped when home mining was no longer viable even with ASICs. He came out a few hundred dollars ahead and had fun with it while there was fun to be had. This is not the usual story, however.)
From 2014 onward, the mining network was based almost entirely in China, running ASICs on very cheap subsidised local electricity. (There has long been speculation that much of this is to evade currency controls – buy electricity in yuan, sell bitcoins for dollars.132) On 30 June 2017, the total Bitcoin network hash rate was 5.5 exahashes per second – that’s 5.5×1018, or three million times the hash rate in the GPU era as of early 2011.
Everything about mining is more efficient in bulk. By the end of 2016, 75% of the Bitcoin hashrate was being generated in one building, using 140 megawatts133 – or over half the estimated power used by all of Google’s data centres worldwide at the time.134
There have been occasional calls to re-democratise mining by changing the hash function; some other cryptocurrencies deliberately chose hash functions that wouldn’t be efficient on a graphics card or an ASIC. But it is always the case that any function, particularly a simple one like a hash, will be more efficient on hardware specialised to just that function than on more general-purpose hardware. And we know how to program a hash function into an FPGA for mining and then base an ASIC on it. If the Bitcoin hash were to change, new ASICs would follow with only manufacturing lead time.
Abusing your hashpower for fun and profit
Bitcoin relies on distributed consensus: the blockchain is what a majority of mining capacity says it is. The consensus model relies on the fact that you can’t outdo all the other miners casually – so it’s not “secured by math,” but secured by economics, balanced between multiple players.
Unfortunately, every force in the Bitcoin ecosystem tends to centralisation. Mining benefits from economies of scale, so it’s progressed from mining on your PC, to graphics cards, to programmable chips (FPGAs), to ASICs.
Nakamoto’s original Bitcoin white paper assumes a peer-to-peer network that anyone can join. In practice, the miners operate their own centralised communication pool, previously the Bitcoin Relay Network and now called the Fast Internet Bitcoin Relay Engine (FIBRE), as it’s more efficient.
(This came close to being a single point of failure in January 2016, as the BRN was about to shut down from lack of funding, and the decentralised peer-to-peer network would not have been able to handle the traffic.)
As of March 2017, three pools controlled over 50% and six pools over 75% of the hash rate, with the largest individual pool at 21.3%.135 There is no reason that multiple pools could not have a single owner. The largest mining pool owners already meet and operate as a cartel.136
If you control more than 50% of mining power, you can perform a “51% attack,” which allows you to write the longest blockchain, which will then be taken by the rest of the network as canonical. You can double-spend confirmed transactions, or reject any new transaction you don’t approve of. You can reject other miners’ blocks. You can’t spend someone else’s bitcoins, but you can stop the owner from spending them.
Even if you have a bit less than 50%, you can still mount similar attacks with a better-than-average chance of succ
ess. From 25% of the hash rate upward, a selfish miner can mount 51%-style attacks and expect to turn a greater profit than they would otherwise.137
This isn’t hypothetical – mining pool GHash.io went over 50% of the hash rate several times in June and July 2014.138 GHash doing this was particularly problematic, as the pool had double-spent against a gambling site earlier that year. They blamed a rogue employee.139
Bitcoin decentralises things that should not be decentralised, then centralises them anyway but wastefully.
Chapter 6: Who is Satoshi Nakamoto?
You’ll know sufficient proof has been provided when it actually happens, because cryptographers will be convinced.
– Peter Todd, Bitcoin core developer140
The creator of Bitcoin, the pseudonymous “Satoshi Nakamoto,” mined 1.1 million bitcoins over 2009 and 2010. He withdrew from the Bitcoin world and cut off contact completely in 2011. Nobody knows who he really was.
Searching for Satoshi
Since Nakamoto’s disappearance, there has been endless speculation as to his identity – as whoever was behind “Satoshi” owned 1.1 million bitcoins that haven’t moved since his disappearance. The Wikipedia article on Satoshi Nakamoto even has a section listing people suspected of being him – cypherpunks Hal Finney (who had fallen ill in 2009 and died in 2014) and Nick Szabo, engineer Dorian Nakamoto, mathematician Shinichi Mochizuki …
All that is known of Nakamoto is emails and message board posts.141 He even bought and edited bitcoin.org using Tor. He gave his birthdate on the P2P Foundation forums as 5 April 1975142 and his location as Japan. He was a Windows C++ programmer. He wrote the Bitcoin white paper in OpenOffice 2.4. All of his messages are written in fluent and idiomatic English, in a single style. He was a calm, methodical and precise person, who knew his way around the use of cryptographic tools.
He may have just wanted his privacy at first, but the stalker-like tendencies of some Bitcoin fans, and obvious interest in a million-bitcoin stash, constitute excellent reasons to continue to keep his head down. The reams of Bitcoin conspiracy theorist projection and pareidolia that followed single derived “facts” like a birth date is frankly disturbing,143 and even better reason not to want to leave oneself exposed.
(Gwern Branwen, a writer who ferreted out Nakamoto’s apparent birth date, discovered this when an incoherent but persistent Bitcoiner tried to threaten and blackmail him in late 2013 on the assumption that he was Satoshi.144 “Gwern Branwen” is also a pseudonym, by the way.)
Bitcoin advocates worry that such a large pool of bitcoins coming into play would massively destabilise the Bitcoin world, and – per Bitcoin economic theories – cause massive devaluation of bitcoins due to the sudden supply increase. (Though what would probably happen is that everyone would just pretend everything was fine, and keep speculating, buying drugs and paying to unlock their PCs from ransomware – there are already plenty of Bitcoin “whales” with enough coins to destabilise the price if they wanted to.) Since every Bitcoin transaction is visible on the blockchain, there are those who watch the blockchain like hawks for those bitcoins ever moving.
If someone comes forward claiming to be Satoshi Nakamoto, there is precisely one thing people are interested in: do they control those bitcoins? If they can move even a fraction of a bitcoin from Nakamoto’s pile to someone else, they are Satoshi Nakamoto. Or they could sign a message using the PGP private key (a cryptographic key for signing email messages) that matched the PGP public key that Nakamoto had put on the front of bitcoin.org in 2008. If they can’t, they aren’t Satoshi.
Dorian Nakamoto
News magazine Newsweek had been sold off as a debt-ridden liability in 2010 and stopped print publication in 2012. It was sold again in late 2013 and relaunched in print in March 2014. It led the relaunch with what seemed a major scoop: after two months of investigation, Newsweek journalists had identified a 64-year-old engineer from Los Angeles, Dorian Prentice Satoshi Nakamoto, as the Satoshi Nakamoto who had created Bitcoin.145
Dorian Nakamoto was not impressed. As reporters gathered outside his house, he offered an interview to the first one who would buy him lunch – “Wait a minute, I want my free lunch first. I’m going with this guy” – and, after a reporter car chase through LA, spoke to the Associated Press denying any involvement in or knowledge of Bitcoin.146 The quote that Newsweek claimed as an admission of being Satoshi was “I am no longer involved in that and I cannot discuss it. It’s been turned over to other people. They are in charge of it now. I no longer have any connection.” However, he said that he had been speaking of his work on classified systems for military contractors, and that he hadn’t even heard of Bitcoin (which he first called “Bitcom” with an M) until his son had been contacted by a reporter two months earlier.
In the first sighting since 2011, the “Satoshi Nakamoto” account that had posted the 2009 announcement of Bitcoin 0.1 on the P2P Foundation forums commented on that post: “I am not Dorian Nakamoto.” (Some noted that the comment could have been posted by a forum administrator and that it was not cryptographically confirmed to be Satoshi Nakamoto.)147 The Bitcoin world was both utterly unconvinced by Newsweek’s report, and outraged that they would violate an alleged Satoshi Nakamoto’s privacy in that manner.148 149
Newsweek defended its article,150 but eventually appended a statement from Dorian Nakamoto to the web version of the original piece in which he denied the whole story and noted the damage it had done to his livelihood.
Professor Dr Dr Craig Wright: Nakamoto Dundee. That’s not a signature.
Craig Wright is an Australian computer businessman. He claimed in 2016 to be Satoshi Nakamoto. He didn’t move a bitcoin from the Satoshi stash or successfully sign a message using a known Satoshi Nakamoto key – instead, he did absolutely everything else except those things, in ways that didn’t check out and which others immediately spotted the problems in.151
Wright’s LinkedIn page152 (since deleted) at the end of 2015 listed multiple master’s degrees, a doctorate in theology from an unnamed university and a doctorate in computer science from Charles Sturt University earned during his five years as an unpaid adjunct lecturer (along with three more master’s in that time). This second doctorate turns out not to have yet been awarded, CSU saying that the doctoral thesis was still being considered.153 (It was finally accepted in February 2017.154) The text of the profile was peppered with typographical and grammatical errors. At the top of the work history, it stated: “July 2015 – Present (6 months): Writing papers, Research, Managing change. Nothing but security and blockchain.”
Wright had been active on the Cypherpunks mailing list in 1996,155 so he may have been aware of the ongoing currency discussions. In February 2011, he blogged that central banks had “devalued all our savings and capital investments” through “printing money”, leading to a resurgence of interest in the gold standard.156 He then proposed a PayPal-like system backed with gold. In the comments he emphasised “The sole basis is in a currency that cannot be printed like paper.” Imagine someone writing this if they had invented Bitcoin two years before.
The first time Wright is known to have spoken of Bitcoin was in the comments of his August 2011 post on The Conversation, “LulzSec, Anonymous … freedom fighters or the new face of evil?” in which he wrote of “Bit Coin” as a solution to WikiLeaks’ problems receiving donations.157
Wright started buying bitcoins on Mt. Gox in April 2013, including 17.24 BTC at the peak of the bubble in November for $1198 each.158 Some time in 2013, he posted backdated entries to his personal blog with references to Bitcoin and Bitcoin-related concepts:
A post dated August 2008 mentions he will be releasing a “cryptocurrency paper” and references “Triple Entry Accounting,”159 a 2005 paper by financial cryptographer Ian Grigg.
One post dated November 2008 includes a PGP key owned by [email protected] – one letter different from [email protected], an address the real Nakamoto had been
known to use. This PGP key used a cipher suite not used in PGP at the time, and wasn’t on the public key servers in 2011, which suggests the key had also been backdated.160
Finally, dated 10 January 2009 (it would have been 9 January in the US), there was this post:
Bitcoin
Well, e-gold is down the toilet. Good idea, but again centralised authority.
The Beta of Bitcoin is live tomorrow. This is decentralized … We try until it works.
Some good coders on this. The paper rocks. http://www.bitcoin.org/bitcoin.pdf
Wright established the company Hotwire PE in 2013 with the stated purpose of research and development work using e-learning and e-payment software. Hotwire bought the software from Wright’s own Wright Family Trust. Hotwire was capitalised by Wright with AUD$30 million in bitcoins. (It’s not clear if these existed; this would have been 1.5% of all bitcoins at the time.) AUD$29 million of this was paid (still in bitcoins) to Wright’s trust to buy software. This incurred sales tax (GST). Hotwire then claimed a GST refund of AUD$3.1 million on this R&D expense – which would have been received from the Australian Tax Office in actual dollars.
The ATO was unimpressed with these arrangements and withheld the refund pending investigation,161 eventually assessing a AUD$1.7 million penalty. The mid-2014 administrator’s report for Hotwire PE noted the company was capitalised only with bitcoins, with its only assets being anticipated tax rebates, and blamed the company’s failure on the collapse of Mt. Gox.