Dynamic block size with economic safeguards – could this be the solution that we can all get behind?

One side of the block size debate wants to hand over control of the block size to the miners.  Many fear such an implementation would cause catastrophic failures of consensus, and that miners could even be incentivised to bloat the block size at a rate that overly compromises Bitcoin’s decentralistion.

Others are worried that scaling solutions such as Lightning Network and sidechains will take too long and not achieve sufficient gains, stifling Bitcoin’s network effect and preventing its continued exponential growth.

What if there were a way to simultaneously allow for exponential growth on chain if needed – allowing time for layer two solutions to take some heat off the chain, but also creating an economic disincentive for miners trying to inflate the block size arbitrarily.

Such a solution should allow for an exponential increase in block size if miners were in consensus, but require they face an economic risk when signaling for a block size increase where there was no consensus. Cryptoeconomics is built on incentive game theory, why not introduce it here?

Allowing the block size to change dynamically with demand would reduce the risk of requiring additional contentious block size hard forks and hostile debate. I fear a simple 2MB increase would reignite the debate almost as soon as it was activated, we need to buy as much time as possible.

Any solution is going to be a compromise, but by allowing a few years of exponential growth with strict safeguards and appropriate economic incentives we can hopefully achieve that.

So how do we do it?

My basic idea is for miners to vote in each block to increase the block size.

Allowing for exponential growth would mean that the block size could double every year.

This would be achieved by each of the previous 2016 blocks voting to increase the block size by the maximum amount of 2.7% each time. An increase of 2.7% every 2 weeks would result in an annual block size increase of 99.9% (rounding).

We only need to use 3 bits for miners to vote on block size:
000 = not voting
001 = vote no change
011 = vote decrease 2%
101 = vote increase 1.35%, pay 10% of transaction fees to next block
111 = vote increase 2.7%, pay 25% of transaction fees to next block

Not including any transactions in a block will waive a miners’ right to vote.

Each block is a vote, and the block size change could be calculated by averaging out all the votes over 2016 blocks.

In order to achieve an increase in block size, the blocks must also have been sufficiently full to justify one. Transactions with no fee and perhaps outliers far from the mean tx fee/kb should perhaps not be included.

By asking miners to pay a percentage of their transaction fees to the miner of the next block, you discourage miners from stuffing the blocks with transactions to artificially inflate the block size.

If miners are in unanimous agreement that the block size needs to increase, the fees would average out and all miners should still be equally rewarded. Only miners trying to increase the block size when consensus is not there would incur a cost.

There should be a limit on the maximum increase, perhaps 8MB. This isn’t a permanent solution, it is just to create time for Bitcoin to progress, and then re-evaluate things further down the line. Combined with SegWit this should provide a reasonable balance between satisfying those who are worried about missing out on exponential growth for a few years if LN and other solutions are not as fast or effective as hoped.

This is my rough idea for trying to find a compromise we can all get behind. Please let me know any thoughts or suggestions in the comments.

Why I’m massively in favour of a hard fork block size increase, and also massively against one

I made some reddit posts that recently have been interpreted as my being in favour of small blocks and not raising the block size limit.

This is not my position at all. I’m making the important case that Bitcoin cannot rely on on-chain scaling alone. Satoshi mentioned Moore’s law in the white paper. These were very compelling comments, and for my first few years following Bitcoin it seemed reasonable that Bitcoin could scale on-chain indefinitely.

Unfortunately global propagation is harder than it first seemed when blocks were tiny, and on-chain scaling is not as viable as first thought. Moore’s law alone is not our scaling saviour.

That said I’m not opposed to a hard forks to increase the block size – I think they are necessary. My concern is at hard forks being seen as an easy solution to scaling.

If I seem like more of a small blocker than I am it’s because I’m trying in my mind to balance out the community by pushing the small block cause. I want people to realise that on chain scaling has real implications and is not a long term solution.

I’m incredibly sympathetic to the arguement that we need Bitcoin to be attractive, and low transactional fees are something that first attracted me to Bitcoin. However we’ve also got to be careful of precedent.

The block size debate is more than technical – it is about the politics and future direction of bitcoin.

If we head in the wrong direction and become dependent upon bigger and bigger blocks, there is a genuine risk we embark on a slippery slope and slowly erode what makes Bitcoin special.

I’m not convinced anyone is using Bitcoin at the moment to buy coffee. I’m also sympathetic that we want to make Bitcoin accessible and that lower fees helps the poorest participate, but we need to be cautious.

Bitcoin’s decentralised nature is our democracy, and good democracy requires checks and balances. It might not feel like it at times, but the passionate debate and resistance over changing the status quo is giving us exactly that.

No matter what you think of your opponents, we’re all playing an important role in Bitcoin’s governance. There has never before been anything like it. Fierce debate over monetary policy has taken place behind closed doors throughout most of history, now we all get our say.

I am not opposed to a block size increase, I am opposed to a block size increase being easy. Not because I think bigger blocks will ruin Bitcoin, but because I think lots of block size increases would ruin Bitcoin.

We need to put up a fight against anything that could change what Bitcoin currently is. That doesn’t mean we shouldn’t ever change Bitcoin, but that such changes should have stood up to immense scrutiny.

You might be massively in favour of increasing the block size, but you should also be thankful in the face of resistance. If Bitcoin ever becomes easy to change it becomes easy to break.

That’s why I’m simultaneously opposed to a block size increase while also being in favour of one.

Yes I’m a paradox, but I’m quite happy that way.

Bitcoin is under siege! We need to fight against post-Truth propaganda, and a plan B to reclaim Bitcoin if taken

We now have a completely divided community where people believe nonsense. A sizable minority have now been convinced that SegWit is dangerous and creates an insurmountable technical debt. These people generally have no development experience, and just blindly repeat misinformation despite the protests of those who do. The vitriol they have been fed is a contagion that is spreading, while others just want to block SegWit out of spite.

I recently tried to compile a list of developers who were opposed to SegWit. The exhaustive list consisted of four. That’s right… four. From the stink kicked up by the anti-SegWit brigade you’d think this number would be far higher.

If you repeat a lie often enough, people will believe it. There is a real risk that enough of the non-technical community now believes SegWit is too complicated and risky to prevent its activation. For the technical community this is a total non-debate, actual developers opposed to SegWit are the flat earth society of Bitcoin. Disagree with this? Try to list developer names and credentials opposing SegWit and you’ll soon realise how feeble the technical opposition is.

In addition to SegWit hate, the vitriol directed at Blockstream is absurd. Bitcoin is and always will be open source, and Blockstream’s business model depends entirely on the success of an open and decentralised Bitcoin. All the big names there have a proven track record of dedicating themselves to Bitcoin’s advancement. Their business model is to profit from their expertise, gained by valuable contributions to Bitcoin’s development. This is a sound and reasonable business model that has been successful on many other open source projects such as MySQL. The profit they make can be used to further advance Bitcoin – it is a win, win.

People literally believe that Blockstream is Evil Corp. I’ve seen people argue that Blockstream profits from keeping blocks small so they can charge for the lightning network. This demonstrates a shocking lack of comprehension and common sense. There are even conspiracy theories that Blockstream is a secret banking trojan horse to bring down Bitcoin from the inside. People peddling such misinformed nonsense need their heads inspecting.

Five years ago in response to scaling concerns, I used to argue that Bitcoin could scale infinitely on-chain, often citing Moore’s law. The more I learned about Bitcoin, the more I realised this isn’t viable without risking Bitcoin’s fundamental value proposition – decentralisation.

I have not been “brainwashed by Blockstream lies”, I have simply joined the consensus of those with a more informed technical understanding. With off-chain scaling we can have our decentralised, inexpensive and instant digital money cake, and eat it too. Sadly, we now live in a post truth world, and having the better argument is often trumped by those shouting the loudest.

Valid concerns can be raised about user experience, missed opportunities, and yes, Lightning Network and Sidechains aren’t ready yet and we do need solutions now. Well, guess what, we have a solution right now: SegWit will immediately ease the stress on the network, it is coded, extensively tested and ready to launch… and there is even consensus for a hard fork block size increase after its activation.

The only thing that will prevent SegWit from activating is misinformation combined with a political power grab by opportunistic miners.

There is now a movement, in the form of Bitcoin Unlimited, to hand over control of the blocksize to miners. There are many reasons why Bitcoin Unlimited is a terrible answer to the block size debate. Sadly, much of this discussion takes place in the bitcoin-dev mailing list where the brightest technical minds hang out, while the rest of the community indulges in misinformed squabbles on reddit. In short, handing over control of the block size to miners would be terribly centralising.

People arguing that the community wants a block size increase are right. I’m all for a block size increase too, however it is vitally important for the health of Bitcoin that the best technical solutions win and we do not concede to misinformation and fear. SegWit MUST be activated before a hard fork block size increase.

If the propaganda succeeds in persuading miners to fritter control of Bitcoin’s block size limits away to an implementation as poorly conceived as Bitcoin Unlimited, then that chain and those who created it must be punished by the market.

To do this, I propose Bitcoin 4Core, a hard fork response that would clearly support the scaling vision of Bitcoin Core, and hopefully recruit their talented development team.

I believe the best way to protect the network from attack and simultaneously improve decentralisation would be to introduce additional proofs of work. 4 proofs of work each with 40 minute block creation targets and respective difficulties. We could add Ethash, Scrypt and Equihash to give a mix of CPU and memory intensive methods, and improve diversity of hardware. We could also take the opportunity to introduce a 4MB maximum block size.

By using proof of work methods with existing altcoin implementations, the mining ecosystems already exist, though some altcoins would likely face severe disruption as miners fled to profit from Bitcoin. Existing Bitcoin miners also wouldn’t be shut out completely as with a change of PoW, and could reluctantly return with diminished income and influence when they a realise that the economic majority will overwhelmingly follow the technical majority when given a choice.

I don’t know if the Core developers would support a proposal like this, but I personally think it would be a great way to reclaim Bitcoin and give a clear mandate to the sound vision of the Core development team. This, however, should be a last resort, and I remain optimistic that SegWit can still activate despite all the noise.

People who argue that introducing SegWit as a soft fork is “too complicated” are concern trolling

Back in February I wrote a piece on then big block flavour of the month, Bitcoin Classic.

I was frustrated that the approach of rival implementations to Bitcoin Core was basically to lift most of the work of the core development team, make a few simple tweaks, and then try and push their implementation as the saviour of Bitcoin.

So I laid down a gauntlet, instead of being a cheap cover band, actually write some code that showcases your abilities and proves your worth. Do that, and a rival implementation could earn the respect and credibility essential to advance their agenda.

Segregated Witness (SegWit) is a clever way to almost double Bitcoin’s capacity without increasing the block size, while also solving other problems such as transaction malleability. It was widely agreed that SegWit was a win win.

Fast forward to now and SegWit has been developed, fully tested and is ready to be implemented as a soft fork.

Great news you would think, except if you go to the big blocker parts of the Internet, suddenly SegWit is considered dangerous!

The argument isn’t that SegWit is bad, it’s that it is way too complicated to be introduced as a soft fork, and should have been implemented as a hard fork. They also claim that the complexity of the code (over 500 lines), and compromises required as a soft fork will make Bitcoin really difficult to develop for in the future.

The developers at Bitcoin Core, who have delivered the solid dependability for which Bitcoin has become known, have collectively decided that SegWit was not just within their capabilities to write, but also to build upon in the future.

If any serious developer is arguing that Bitcoin is going to be too complicated for them after SegWit, they’re probably not a good enough developer that they should even be considering working on such a critical software. Anyone who isn’t a developer frankly needs to keep their concern to themselves, as they are not qualified to hold such a view.

I’d be a lot less harsh if SegWit had suddenly been announced and implemented under a shroud of secrecy. The Core developers said in December however, that SegWit would be coded as a soft fork.

If any rival team of developers disagreed with this approach they had a simple solution… write their own implementation of SegWit as a hard fork.

This would give them an opportunity to showcase their abilities, and give the community something to think about. If it was as simple and elegant as they say… they could have had the code ready months before Core, impressed us all with its elegance, and really built some momentum

What do we have instead? We have a small community determined to do everything in its power to block SegWit activation. It’s a shame that instead of sitting on the sidelines complaining, they didn’t take some initiative. They need to learn from this experience, as right now they just look like the petty children who have taken their ball and gone home because the game isn’t going their way.

photo credit: John Spooner Beware of the Troll via photopin (license)

The blocksize debate: is an end in sight for the civil war that has engulfed Bitcoin?

Depending on which parts of the Internet you inhabit, your perception of what’s happening in Bitcoin land can vary hugely.

The Bitcoin community is bitterly divided. For years now it has been split into two camps, those who think Bitcoin needs an urgent blocksize increase, and those that think other scaling approaches should be prioritised.

The “big blockers” are worried that with the current limit of mostly full 1MB blocks, there isn’t enough capacity for Bitcoin to grow. They think this will cause real harm to Bitcoin’s network effect, and that not addressing it urgently could result in Bitcoin losing its position and momentum as #1 cryptocurrency.

Whether you see merit in this view or not, it’s important to recognise that to somebody who is convinced that failing to urgently raise the blocksize could lead to Bitcoin’s downfall, the current standoff and ongoing lack of an increase would be incredibly frustrating. It is understandable that frustration and helplessness would lead to a deep seated suspicion and contempt for those they see as standing in their way.

For those of you that don’t visit the big blockers communities, it’s staggering to see the vitriol and anger directed at those “progress preventers” the Bitcoin Core developers, the team that has long served as custodians of the main Bitcoin implementation.

While big blocker communities can feel a little bit like the front line of a war, frequenting the “small blocker” parts of the Internet can feel a lot happier – you wouldn’t necessarily realise there even was war.

The thing is that everyone, big and small blockers alike, agree that Bitcoin needs to scale.

The Bitcoin Core team have identified a few interesting ideas that they believe are the best way to scale Bitcoin, primarily Segregated Witness (SegWit), and Lightning Network.

Lightning Network is not popular with big blockers. It aims to move transactions off chain, sending them directly between individuals rather than being stored by every participant on the network.

They are skeptical, arguing that it is hypothetical and unproven, and that even if it achieved everything claimed, it does nothing to address the scaling problems that Bitcoin is facing right now. Many also believe that these transactions taking place “off chain”, are undesirable and not part of Satoshi’s vision.

They contend that on chain scaling is an essential and easy fix that can be implemented immediately, and that Lightning Network is a distraction, causing Core developers to neglect more pressing issues.

I can understand these concerns, but I also see the merit in the approach taken by the Core developers. In summary, an increase in blocksize is a barrier to running a node and reduces decentralisation, a sacred and essential property of Bitcoin which, they contend, must be preserved as much as possible.

Middle ground is hard to find when the argument is so subjective. On one side, a $0.09 transaction fee is far too high and going to put off new users so Bitcoin never grows. On the other a $0.09 transaction is far too cheap to require that every full node, thousands now, possibly millions in the future, is required to store details of $2 coffee purchases for thousands of years to come – leading to a bloated chain that will suffocate under its own weight and jeopardise the highly prized property of decentralisation.

SegWit seems to be a middle ground. It works by splitting the data from transactions into two parts, half of which can be included in 1MB blocks, the other half stored separately and not contributing towards the block size limit, while improving a other areas of Bitcoin (like transaction malleability) as an added bonus.

This, the developers claim, will give an effective block size increase to around 1.7MB without requiring that everyone upgrade their software (a hard fork).

Great news, you would think, the big blockers and small blockers can both agree this is a win win for Bitcoin. Also, there’s no longer need to wait, SegWit is coded, tested and ready for implementation.

The thing is, to the surprise of those who don’t frequent the big blocker communities, the frustration and suspicion has grown so pernicious that SegWit is not trusted. They don’t believe it does enough to address Bitcoin’s urgent scaling problem, has taken too long, and will take too long to come into effect.

There is almost a sense that, in accepting SegWit, they will have “lost”, and that they still haven’t been listened to. Some even argue that introducing SegWit as a soft fork is more dangerous.

All this frustration and bad feeling has manifested itself in the rejection by the big blocker community of SegWit. They would rather block its implementation than “lose”.

You might think they’d be barmy to block something that is ready to increase Bitcoin’s capacity, but that is exactly the plan. They have lost complete confidence in Bitcoin Core and many would like to see a switch to a rival implementation, Bitcoin Unlimited, that would allow miners to decide the maximum block size instead.

There is a genuine belief that in blocking SegWit, they can force a stalemate that will enable them to push the community into choosing “their” scaling solution, and that they can still win the war.

If you’ve not passed by this community, this may sound absolutely outrageous. To everyone else, the war is almost over, but to those on the other side, battle has just commenced.

So, what happens now?

In order to be activated, SegWit requires 95% of miners to vote for its activation. Currently, mining pool ViaBTC has stated it will vote against SegWit, and since it has over 5% of hash power, it will succeed.

This leads to an interesting dynamic. To those outside the big block community, those that have most vocally demanded the network capacity increase are now the ones standing in its way. In a war of ideas, it’s hard to see that the big blockers are going to suddenly gain much new support when it looks like this.

How will the Core developers react? Well, I think they’ll patiently respect the 95% activation threshold.

It’s also interesting to note that a number of prominent Core developers signed an agreement in February about how to scale Bitcoin.

The agreement was that SegWit would be worked on as a priority, and the once finished the developers would take around 3 months to write code for a hard fork to increase the block size somewhere between 2-4MB.

They then went on to estimate that SegWit would be coded by April, and if that were the case the hard fork would be coded by July 2016. This is unfortunate, because this optimistic timescale has led to accusations that the Core developers had failed on their “promise” to code a hard fork by July.

Software often takes longer than hoped, but it is a shame this mention of July 2016 has led to some in the big block community feel like they have been betrayed and misled, when it was an estimate rather than a commitment.

If Core developers present had said SegWit would take until October 2016 instead of April 2016, it is possible that consensus may not have been agreed- and you could argue was agreed on false pretences. While I believe this was a genuine underestimation, I can understand why others already cynical would assume the worst.

So, what happens now? Well, SegWit will probably not activate, and the Core developers who signed that agreement will spend the next 3 months writing the code they promised for a hard fork – those present signed the agreement and their reputation now depends on it.

It would actually be good for the big blocker cause if the Core developers present reneged on the agreement, as they would be vindicated and would gain new support.

In the meantime, the big blockers will promote Bitcoin Unlimited, and despite their overwhelming optimism in the face of what to many looks like adversity, it will probably face the same fate as Bitcoin XT and Bitcoin Classic, similar attempts which failed before it.

Around 3 months from now we’ll possibly still be waiting for SegWit activation, but we’ll probably have code for a blocksize increase. The thing is, part of the agreement was that the code would not be implemented by Core until after SegWit had activated.

At that point, I feel the guns may fall silent, and the great Bitcoin war could finally reach its conclusion.

Craig Wright is a liar and anyone who still believes he is Satoshi is a gullible fool

Forgive the blunt tone of this post, but I wanted to be to the point. Craig Wright has now declared he will not be providing the promised proof that he is Satoshi.

I thought he may try and drag it out a little longer… but the outcome was always going to be the same – failure to provide evidence.
His ruse didn’t play out how he planned. He thought he could gain credibility from a simple confidence trick on Gavin and others and that the community would all hail Caesar and accept a public signature from block 9 as proof. He was naive and/or desperate to think that is how it would play out.

Let us be objective. Craig Wright’s reputation and credibility is mud and could not sink lower. Consequently he has absolutely nothing to gain by failing to provide the proof he claims to possess. The only objective explanation is that he is a fraud.

His only shred of hope now is that a small core of gullible fools will continue to believe in and defend him, don’t. He has made this mess himself, and if he is telling the truth only he has the power to fix it – do not drag your reputation down with his. Even if he somehow did turn out to be Satoshi he is responsible for how this has played out.

The proof that he is a fraud will likely come in the outcome of his investigation by the Australian Tax Office.

On a human side, Craig Wright must be in a pretty desperate place to even try and pull this off, I actually feel bad for him. I hope now that he will face reality and come clean with the full truth, for his own sake and for the family of Dave Kleiman.

The feather in Wright’s cap: demonstrating a signature from block #1 to Gavin Andresen is going to backfire spectacularly and will ultimately prove his downfall

Imagine you’re trying to convince the world you created Bitcoin.

What greater coup than convincing Gavin Andresen of your legitimacy, Satoshi’s chosen successor and the man who arguably knew him better than any other.

So, how would you do it? Well, if you have a private key that the real Satoshi Nakamoto would possess it’s easy. You ask for a message to sign, sign that message, and then send the signature back to be verified. The whole process can be completed from the opposite ends of the world in minutes with 100% certainty.

What would you do if you didn’t have that private key? Well, you might ask someone to fly to London to meet with you and ask them to sign a nondisclosure agreement. That way, if the meeting doesn’t go as you hoped, they’re not allowed to comment on it.

You could then alter the software on a laptop to make it say that an invalid signature is actually valid. You could then stick a factory seal on the box, bring it out, and claim your assistant just bought it brand new from the shop so it could not possibly have been interfered with. You could then demonstrate an invalid key, and then take away the USB pen and laptop so that person had no evidence to check for themselves.

Somehow, that plan worked. The BBC ran with the headline “Craig Wright reveals himself as Satoshi Nakamoto”.

Then, everyone else was confused – where was the evidence?

Craig Wright has a big problem now. He could have tried to claim to be Satoshi Nakamoto but concoct some elaborate excuse for why he was unable to access any private keys that Satoshi would have owned. This would have made an already difficult con even more insurmountable, but would at least give him plausible deniability – nobody could prove his story was false.

The problem is, Craig Wright claims to have demonstrated using a private key from block #1 to Gavin Andresen. That means he can no longer concoct such an excuse as a get out of jail free card. He now must either put up or shut up.

If Craig Wright genuinely signed a message from block #1 for Andresen, then he still has that private key and can prove it in minutes. That he keeps dragging this out is very telling.

Convincing Gavin Andresen he possessed the private key to block #1 once seemed his greatest asset, it has now become his greatest liability.

photo credit: Feather in my cap via photopin (license)

Here’s how Craig Wright probably tricked Gavin Andresen

What an exciting and dramatic day for Bitcoin.

I woke this morning to my girlfriend asking if I had seen the news that “Satoshi Nakamoto had been uncovered as that Craig Wright guy”.

My initial reaction was scepticism, in my mind he was a scammer, definitely not Satoshi. There it was however, on the trusty BBC home page, with the promise of proof. The proof, however, was elusive.

A quick trip to Craig Wright’s blog and I came away more confused. Had he proven he was Satoshi? Then I encountered Gavin Andresen’s blog where he verified that Craig Wright had signed a message of Andreson’s choosing with a private key known to be Satoshi’s – this looked like case closed.

The problem is, as the day progressed, all the other evidence crumbled under scrutiny. The one shred that retained any credibility was Andreson’s account. How could this proof have been faked?

Let’s find out what happened. In his blog Andresen says:

I witnessed the keys signed and then verified on a clean computer that could not have been tampered with

Only a person with a private key can ‘sign’ a message. Once a message is signed, people can use software to check that the signature is genuine and was created by someone in possession of the private key.

With open source software, anybody can download the source code themselves. This makes it incredibly easy to make small modifications to the otherwise identical software.

It would be quite trivial to find the bit of code that verifies whether a signature is valid and then change the word invalid to valid. Depending on the software it could literally be as easy as deleting the proceeding letters IN.

The modified software would then say that every signature tested was valid, regardless of whether it was or not.

This is the reason the “clean computer” is relevant. If I invite you to view my computer where I show you a validation, I could easily have modified the software. If we go to a shop and buy a brand new computer and then download fresh software, that would eliminate this risk.

This is Andresen’s account of what happened in a post on Reddit:

Craig signed a message that I chose (“Gavin’s favorite number is eleven. CSW” if I recall correctly) using the private key from block number 1.

That signature was copied on to a clean usb stick I brought with me to London, and then validated on a brand-new laptop with a freshly downloaded copy of electrum.

I was not allowed to keep the message or laptop (fear it would leak before Official Announcement).

I don’t have an explanation for the funky OpenSSL procedure in his blog post.

As far as we can tell, Andresen bought a new USB stick. This stick was put into Wright’s computer and a file was copied over containing the signature.

This USB stick was then put inside a brand new laptop.

A remote possibility is that Wright’s computer secretly copied files to the USB stick, files which were then transferred to the new laptop and ran behind the scenes to modify the freshly downloaded Electrum software. This seems unlikely though.

All the scenarios involve Wright somehow running a modified version of Electrum, but another remote possibility is that he somehow discovered a bug in the code that allows you to trick the software into displaying a valid message for an invalid signature. Again, this is unlikely.

Let’s look for more clues, this time from a Wired article:

Andresen says an administrative assistant working with Wright left to buy a computer from a nearby store, and returned with what Andresen describes as a Windows laptop in a “factory-sealed” box. They installed the Bitcoin software Electrum on that machine. For their test, Andresen chose the message “Gavin’s favorite number is eleven.” Wright added his initials, “CSW,” and signed the message on his own computer. Then he put the signed message on a USB stick belonging to Andresen and they transferred it to the new laptop, where Andresen checked the signature.

At first, the Electrum software’s verification of the signature mysteriously failed. But then Andresen noticed that they’d accidentally left off Wright’s initials from the message they were testing, and checked again: The signature was valid.

“It’s certainly possible I was bamboozled,” Andresen says. “I could spin stories of how they hacked the hotel Wi-fi so that the insecure connection gave us a bad version of the software. But that just seems incredibly unlikely. It seems the simpler explanation is that this person is Satoshi.”

There’s a bit of a smoking gun here. A factory seal doesn’t prove something hasn’t been tampered with any more than writing ‘this is genuine’ on a CD makes it genuine. Instead of buying a laptop himself, he allowed one of Wright’s representatives to source the laptop. This means the laptop can no longer be considered ‘clean’. It could have been preloaded with modified software, either to trick the computer into downloading a modified version of Electrum, or by modifying a legitimately downloaded version of Electrum during or after installation.

As Andresen mentions himself, it is also possible the Wifi connection was compromised to point to a different download location, in which case even an clean computer could be compromised.

Either way, a major weakness of Andresen’s is that it sounds like he already was convinced of Wright’s story before he arrived and was the victim of a confidence trick. This means he may have let his guard down in permitting one of Wright’s associates to source the ‘clean’ machine, or in his verification of the legitimacy of the software installed. It is possible to verify a software has not been modified by checking the MD5 checksum, it would be interesting to know if Andresen performed this test. It is also very suspect that Wright insisted on keeping the laptop and USB stick without a compelling reason after the demonstration as that would have allowed Andresen to verify the test.

There are other possibilities too. Andresen may have not witnessed any of this and may be in on the scam, or acting under duress. Another unlikely possibility is that Craig Wright is Satoshi Nakamoto.

As Gavin Andresen says himself, the simpler explanation is often the most likely, and in this case it seems most likely he was bamboozled by a world class con artist.

If Craig Wright is proven as Satoshi beyond reasonable doubt, then I’m going to be unreasonable

I’m conflicted. Craig Wright has unveiled himself as the mysterious creator of Bitcoin. Something about this story just doesn’t sit right with me.

I can’t work out whether I just don’t want it to be true, or whether something genuinely doesn’t add up. Gavin Andresen is far more informed than me, and has been in contact with both Satoshi and Wright – that he is convinced of Wright’s authenticity should be enough to satisfy me.

I don’t know what my vision of Satoshi Nakamoto is, I just know that Craig Wright is not my Satoshi. It’s easy to get carried away and forget that whoever created Bitcoin is almost certainly a fallible human being who can never live up to the weight of expectations that have been projected upon them.

There’s a difference between being fallible however, and just dodgy. Some things about Wright’s story strike me as the latter. He claims to own the world’s 17th most powerful supercomputer, but there is no evidence of this and the manufacturer denies selling it to him. He also faked having a PHD on his LinkedIn profile and is having his tax affairs scrutinised in Australia.

He’s publicly declaring himself as Satoshi Nakamoto to end speculation… while making it incredibly difficult to independently verify his claim, under the convenient excuse that he likes “being difficult”. When Wright demonstrated his proof to journalists, it is not impossible that he altered the software to give the appearance of validating something that is actually invalid. This is why independent verification is important, something that my Satoshi would have valued.

The problem is, I don’t know what standard of proof I require. Even if Wright demonstrated possession of private keys known to be held by Satoshi that I could verify for myself, I’d still want to know the role of others who ‘helped’ him create Bitcoin, notably Hal Finney and Dave Kleiman who are now sadly deceased and unable to confirm his version of events. Perhaps I like the mystery so much I’d perform the mental gymnastics required to, in my mind at least, keep it alive.

I may well come around to the idea that Craig Wright is Satoshi Nakamoto, and if I can let go of my doubts, I want to give Wright the credit he deserves and celebrate his gift. Until then I remain sceptical and, quite possibly, unreasonable.

Will full blocks really be bad news for Bitcoin?

The idea that full blocks, or a ‘fee event’ will be bad news for Bitcoin is based on a couple of assumptions. First, that Bitcoin is used as a currency, and second, that those using it as such will stop doing so.

This is just wrong. Bitcoin is young and evolving, with only a minority of transactions used for purchases.

Bitcoin is primarily a commodity and store of value at this stage of its existence. Full blocks have little impact on this role.

Leicester City Football Club are currently leading the English Premier League. They are reaching capacity every game with demand so high that £50 tickets are touted at £15,000 for a pair, a major ‘fee event’.

No journalist would frame this as bad news for Leicester City. It is an achievement, a direct consequence of their success.

Despite this, higher capacity would enable greater sales instead of ‘missed opportunities’. On 7th May, as the full time whistle blows, these opportunities have passed forever.

This is not the case for Bitcoin. As a commodity, rather than an event, Bitcoin will increase in value as demand increases. There is no deadline at which its value drops to zero.

For Bitcoin to go from less than 8,000 transactions per day to over 200,000 in 4 years is a success story. Full blocks are a newsworthy event, a celebration of what Bitcoin has achieved. “Product in such high demand that nobody wants it any more” read no headline, ever.

Any news stories on reaching capacity are good. The real story is a 4 year use increase of 2500% and major capacity increases on the way. The future is bright.

 
photo credit: 20,000 Miles via photopin (license)