banner
leaf

leaf

It is better to manage the army than to manage the people. And the enemy.
follow
substack
tg_channel
HomeArchives作品集情报公司研报钱的属性指南针计划友情链接

Digital Asset Management Requirements

#Mirror.xyz59
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
The rapid growth of digital currency has created a demand for talent in IT, finance, and asset management. Companies must focus on recruitment, branding, marketing, risk management, and integrating traditional and digital assets for success. Scott Stornetta is a pioneer in blockchain technology, laying the foundation for its development. He emphasizes the importance of blockchain for verifying digital documents and believes in the continued evolution of digital currency on this foundation.

#

    1. Talent Reserve and Incentive Mechanism

The explosive development of digital currencies and digital assets has inevitably created a huge gap in professional talent. Digital currency itself is a cross-disciplinary phenomenon, spanning at least the IT, finance, and asset management sectors. Even with a solid background in these industries, a sufficient understanding of the development of the digital currency industry is necessary to ensure that digital asset management can be conducted in an orderly and secure manner.

As the entire asset management industry increases its investment in digital asset management, it will inevitably lead to a high frequency of personnel turnover within the industry, and the loss of professional talent will become a significant bottleneck for corporate development. Whether it is possible to find truly suitable human resources, establish a comprehensive human resource system and a reasonable incentive mechanism, focus on attracting and retaining experienced talent, and actively cultivate a new generation of reserves to form a competitive human resource advantage will be key factors in the future success of digital asset management institutions.

    1. Brand Creation

A unique brand advantage and customer stickiness are undoubtedly key to winning in the competitive digital asset management industry. Since digital asset management is a new phenomenon, the absence of any highly recognized brand in the market will inevitably lead to a chaotic "Warring States" period. We can already imagine that in the initial stages, each company or institution will propose some brand-new strategies to build its own brand. The ability to quickly establish a brand advantage is crucial for gaining a first-mover advantage in the digital asset management industry. In the process of asset management business involving "raising, investing, managing, and controlling," the ability to raise funds is particularly important. For such a new product launch, if users cannot fully understand the industry, the brand value of asset management institutions will become an important factor in attracting funds. Therefore, digital asset management companies or institutions need to establish a strong brand system and be able to differentiate themselves from competitors. Specifically, asset management institutions can strengthen their brand through clear positioning, establishing a brand management system, and creating and increasing brand value.

    1. Marketing Capability

Marketing capability will also become a key challenge in the digital asset management industry. Unlike traditional asset management, which is very familiar to most clients in any form, digital assets require starting from scratch in client cultivation, and the education of marketing personnel also begins from zero. The ability to first cultivate qualified marketing talent will become a major factor in initially closing the gap. Since digital assets involve a wide range of fields, how to help users better understand digital assets in this new domain, rather than being passively inundated with knowledge, and to achieve a good marketing experience and customer experience will be a topic that every company or institution needs to study.

    1. Risk Control Capability

The rapid development of the digital currency system is accompanied by the development and application of quantitative tools, and may also be accompanied by the emergence of complex financial derivatives to meet the needs of different investors. Although digital assets often have unimaginably high returns, they inevitably come with various risks. However, due to the short development time of the industry, there may often not be enough data to analyze and support the analysis of risks and their levels. In this case, risk identification becomes more complex and often requires management personnel's personal understanding of digital currencies and digital assets, including their own asset management literacy, to make judgments. In the development of financial products, effectively identifying risks is a prerequisite for reasonable pricing, and in the process of developing digital asset management business, systematic control of risks is also an important capability valued by investors. Therefore, whether it is the asset management company or institution itself or the investors, risk control capability must be one of the elements that must be constantly monitored in the process of business advancement.

    1. Integration Capability

For asset management institutions that already have a certain scale, they can create new asset management products by integrating traditional asset management products and digital asset management products and redefining the industrial chain. Traditional asset management products and digital asset management products have huge differences and complementarities in terms of returns, risks, and regulatory methods. Whether they can combine the advantages of all parties to create new asset management products based on actual customer needs is a significant challenge that tests the capabilities of product manufacturers. Through strong resource and product integration capabilities, achieving customer needs while allowing companies and institutions to gain substantial business returns is an essential path to becoming an excellent digital asset management company or institution.

Development Direction of Digital Assets

Digital assets are a brand new field and are still developing rapidly, with new concepts and models emerging continuously. We anticipate that there are four significant directions worth noting in the development of digital assets: intelligence, high-end, institutionalization, and globalization.

Since the birth of Bitcoin in 2008, blockchain technology has gradually been discovered. Before 2009, blockchain was primarily a technology of interest within the cryptocurrency circle represented by Bitcoin, marking the blockchain 1.0 phase.

The financial sector began to realize the disruptive potential of blockchain technology, and the application scenarios of blockchain technology gradually expanded from cryptocurrencies to programmable finance, marking the blockchain 2.0 phase.

From 2013 to 2016

As the unique value of blockchain technology began to emerge, governments around the world and some capital-intensive, technology-intensive industries began to enter blockchain technology research, marking the blockchain 3.0 phase.

Since 2016, commercial, technological, and IT internet giants around the world have been laying out blockchain, and the scale and application scenarios of blockchain have rapidly developed.

W. Scott Stornetta is recognized as the "father of blockchain." He is also a well-known figure in the fields of cryptography and distributed computing. In a paper co-authored with Haber, he first mentioned blockchain architecture technology, describing a digital architecture system called "blockchain" that uses "digital timestamps" for commercial transactions. The concept of the blockchain system was later used by Satoshi Nakamoto to develop the widely adopted Bitcoin-blockchain.

Together with his long-time colleague and collaborator Stuart Haber, W. Scott Stornetta laid the foundation for the emergence of today's blockchain technology revolution. Stornetta and Stuart Haber are respected as co-inventors of blockchain. Stornetta spent decades providing valuable research and publications in the fields of cryptography and distributed computing and consulting for several universities on establishing startups. He co-authored some important literature in the field of cryptography with Haber. Several foundations of the Bitcoin blockchain architecture are based on Stornetta's work. The third, fourth, and fifth items in the table of contents of Nakamoto's Bitcoin white paper reference his work on cryptographic timestamp protocols.

Scott obtained his Ph.D. in physics from Stanford University and is now the Chief Scientist at First Digital Capital, an Australian investment company, responsible for evaluating blockchain technology companies and ICO projects.

W. Scott Stornetta is recognized as the "father of blockchain." He is also a well-known figure in the fields of cryptography and distributed computing. In a paper co-authored with Haber, he first mentioned blockchain architecture technology, describing a digital architecture system called "blockchain" that uses "digital timestamps" for commercial transactions. The concept of the blockchain system was later used by Satoshi Nakamoto to develop the widely adopted Bitcoin-blockchain. Together with his long-time colleague and collaborator Stuart Haber, W. Scott Stornetta laid the foundation for the emergence of today's blockchain technology revolution. Stornetta and Stuart Haber are respected as co-inventors of blockchain. Stornetta spent decades providing valuable research and publications in the fields of cryptography and distributed computing and consulting for several universities on establishing startups. He co-authored some important literature in the field of cryptography with Haber. Several foundations of the Bitcoin blockchain architecture are based on Stornetta's work. The third, fourth, and fifth items in the table of contents of Nakamoto's Bitcoin white paper reference his work on cryptographic timestamp protocols. Scott obtained his Ph.D. in physics from Stanford University and is now the Chief Scientist at First Digital Capital, an Australian investment company, responsible for evaluating blockchain technology companies and ICO projects.

Value China: Could you briefly introduce how you and Stuart Haber proposed the idea of blockchain during the period from 1990 to 1991? What was your main purpose when you first conceived this concept?

Scott: In fact, many people are surprised to learn that the concept of blockchain technology predates Bitcoin by a long time because when they first encountered the concept of blockchain, it was the emergence of Bitcoin that brought the concept of blockchain into people's view. So I will first briefly talk about the history of blockchain technology and then discuss its relationship with Bitcoin.

When I first started thinking about blockchain technology, of course, the term did not exist; it was a word we created later. In 1989, I graduated from Stanford University with a Ph.D. in physics, and I had always been very interested in computer technology and internet technology. At that time, computer technology was rapidly developing, and all documents were gradually being transformed into electronic versions. I was thinking about how we could ensure that the electronic version of the document in hand was the original. How could we know if someone had altered the electronic version of the document? Since only a portion of documents were in electronic form at that time, most documents, including transfer records and transaction records, were still recorded in written form. Even though these were written documents, they had their own backups to ensure the accuracy of the written records.

As is well known, if these documents can be altered, the records can be changed. At that time, everyone was focused on how to ensure the accuracy of written documents, and no one cared about the accuracy of electronic document records. But I thought that we would live in a world where all documents would be electronic, and written documents would eventually be eliminated by technology. If we did not solve the problem of electronic document accuracy, we would not be able to distinguish between real records and tampered records.

I was working as an analyst at Bellcore, which was a very open and free laboratory that did not assign specific tasks to employees or tell them what to do step by step. Instead, it encouraged employees to choose problems they were interested in and wanted to solve, providing resources and letting them work freely. I was very fortunate to work in this laboratory because I did not know much about cryptography and the latest internet technology at that time, but my colleagues were very skilled cryptography experts.

Stuart Haber was one of them. I approached him and said that while I might not know much about cryptography, I knew that the issue of electronic document accuracy must be a critical problem that we could solve together. We could really do something to change the world. So we decided to research and solve this problem together. Stuart, as a cryptography expert, taught me a lot about cryptography, and we studied this issue for several months. Eventually, we found a solution, but it was not a satisfactory or perfect solution.

He solved the problem, but it required the existence of a third-party trusted institution, relying on trust in an external channel. However, such a third-party trusted institution could still alter records, so we decided we should continue exploring other methods to create a way to ensure that digital documents were not tampered with without needing to trust anyone or any external channel. We continued our research, and eventually, Stuart found the key to the problem. He believed that we could not solve this problem at all, so he decided to prove that we could not solve it.

Interestingly, in the process of proving that we could not solve this problem, we found a way to solve it. (Laughter...) The fundamental solution was that since we always had to trust someone or some institution to ensure the accuracy of digital documents, we should trust everyone, meaning that everyone in the world should be a witness to the digital document records.

We turned the problem upside down and found a solution. We envisioned building a network that would allow all digital records to be transmitted to every user at the time they were created, so that no one could tamper with that record. This was the birth of the earliest concept of blockchain.

Bitcoin is a wonderful coincidence. One day, I received an email discussing Bitcoin, and the writer expressed great interest in this emerging technology. He noted that my research with Stuart Haber was involved, and then someone named Satoshi Nakamoto made further developments based on my and Stuart Haber's research. People found that my research results were cited multiple times in Bitcoin, and I could speak Japanese, so they were suspicious of whether I was the original author of that work, Satoshi Nakamoto. In fact, I am not, but I learned about Nakamoto's paper and his research, which is very impressive and remarkable.

I contacted him, and he told me that someone had emailed him asking about the connection between the Bitcoin he proposed and the digital timestamp I proposed. Nakamoto replied that Bitcoin is a more distributed application of digital timestamps, specifically applied to monetary transactions. So the early relationship between blockchain and Bitcoin is as he said: Bitcoin is an application of blockchain. Bitcoin created a new monetary system, which is an incredible achievement. But blockchain has many other applications, and beyond the most attention-grabbing Bitcoin, blockchain still needs further development. I firmly believe that digital currency will have greater development space in the future, but it must be based on blockchain technology, rather than separate from it, although it does not necessarily have to use the technology that is today called Bitcoin.

Characteristics of Blockchain

Value China: It is well known that the invention of "digital timestamps" is extremely important for blockchain, as it addresses security issues. Can you explain the relationship between cryptographic digital timestamps and blockchain? Scott: I have already answered part of this question, so I will briefly elaborate again. Cryptographic digital timestamp technology is the early blockchain technology; they are the same thing. Unlike Bitcoin and blockchain, which have significant differences, many people debate the relationship between blockchain and Bitcoin, but I believe the more important thing is to promote the future development of blockchain technology.

First, does the record need to be distributed? The answer is yes; only by ensuring distributed records can we guarantee that the records are immutable, which is the core technology of blockchain. Second, does the algorithm need to be distributed? I believe it is necessary in some cases and not in others, depending mainly on the primary purpose of the application. Third, do the controllers and leaders of the entire society need to be distributed? I think it depends on the specific situation. Most people may disagree with my view, but I always hold my opinion, and I believe my view will ultimately be proven correct.

How to distribute rulers is like how to run algorithms. We individuals are in a weak position in the market, while the ruling class is in a strong position. This power dynamic can be beneficial in some cases and not in others. Therefore, I believe these questions cannot be answered with a simple "yes or no"; it depends on the specific situation and specific stance. My company's name is the Japanese word "Yugen," which means contemplation. My intention is to hope to remain clear-headed in the tide of development and think about problems from different angles, rather than "going with the flow" to earn profits.

In 1976, the famous economist Hayek published "The Denationalization of Money," proposing the concept of non-sovereign currency and competitive issuance of currency, providing a theoretical basis for the birth of Bitcoin (the earliest blockchain technology).

Also in 1976, cryptography masters Bailey W. Diffie and Martin E. Hellman published a paper titled "New Directions in Cryptography," covering all new areas of cryptography that would emerge in the following decades, including asymmetric encryption, elliptic curve algorithms, hashing, and other methods, laying the foundation for the entire development direction of cryptography to date, and playing a decisive role in the technology of blockchain and the birth of Bitcoin.

In addition to theoretical foundations, many predecessors' practices provided many references for Nakamoto:
In 1990, the "bishop-level" figure of the cypherpunk movement, David Chaum, invented the cryptographic anonymous cash system Ecash. In 1997, Adam Back invented Hashcash, which used a proof-of-work system (POW). In 1997, Haber and Stornetta proposed a protocol using timestamps to ensure the security of mathematical documents. This protocol also became one of the prototypes for the Bitcoin blockchain protocol. In 1998, Wei Dai invented B-money, emphasizing peer-to-peer transactions and unalterable, traceable transaction records. In 2004, Finney invented "cryptographic cash," using a reusable proof-of-work mechanism (RPOW).

Failure is the mother of success. Nakamoto summarized the reasons for these failed cases and integrated these technologies to invent the earliest blockchain technology—Bitcoin.

In November 2008, Nakamoto published "Bitcoin: A Peer-to-Peer Electronic Cash System" (the Bitcoin white paper).
In January 2009, the Bitcoin network officially went online.
In 2011, Chinese-American Li Qiwei invented Litecoin. Litecoin has a faster block generation speed (2.5 minutes, four times faster than Bitcoin) and a larger total supply (84 million, four times that of Bitcoin), while making some adjustments in the proof-of-work mechanism.

After Litecoin, a large number of similar currencies emerged, all making some adjustments based on Bitcoin, but these new currencies have no essential difference from Bitcoin, as they are all positioned as currencies.

A Brief Encyclopedia of Bitcoin
"Blockchain" was not proposed by Nakamoto.
Initially, Bitcoin's currency was represented in lowercase as "bitcoin," while the underlying technology of Bitcoin was represented in uppercase as "Bitcoin."
However, due to many people's biases against Bitcoin, the underlying technology of Bitcoin was distilled into a new term—blockchain.
At this stage, the application of blockchain was limited to currency, with a single function. During this stage, blockchain technology faced three problems:
The scripting language was too complex, making it difficult to develop an ecosystem;
There were not many participants;
The scripting language did not meet "Turing completeness," limiting further applications.

Blockchain technology was only applied to digital currency during this phase, which is referred to as the era of blockchain 1.0. The representative work is Bitcoin.
In 2013, Vitalik Buterin (known as "V God") released the first version of the Ethereum white paper.
In 2015, Ethereum released its first official version: Frontier. This version only had a command-line interface, mainly used by developers.
In 2016, Ethereum released a new version: Homestead. It added a graphical interface similar to the Windows system, allowing ordinary users to experience Ethereum's functions.
In 2016, Ethereum underwent a hard fork, resulting in ETH and ETC.

Simply put, Ethereum can be understood as an "operating system," similar to Windows.
Many people may have heard of the term "blockchain 3.0," but there is currently no consensus on what 3.0 means or what its representative works are.
Some say that projects represented by IOTA, which adopt DAG technology, are 3.0 (What is DAG?).
Others say that 3.0 means extending beyond the financial sector and applying its technology to various aspects of life.
What 3.0 is does not matter as much as the fact that blockchain technology is becoming increasingly powerful. I believe that blockchain technology will bring tangible benefits to our work and life in the future.

The Pre-Bitcoin Era
Cryptocurrencies may have become one of the most favored investment assets for millennials. However, few people know that the first proposal for digital cash appeared as early as 1982. In the paper "Blind Signatures for Untraceable Payments," researcher David Chaum from the University of California first proposed the concept of digital cash.
In 1990, he founded a company called Digicash, but this company ultimately declared bankruptcy as it moved south. This was the first serious attempt to bring digital cash into the real world, although the penetration of the internet was still in its infancy at that time.
In 1991, Stuart Haber and W. Scott Stornetta began their research on a chain of encrypted secure links composed of blocks. On this chain, no one could alter the timestamps of the documents. A year later, in 1992, they upgraded the system, using Merkle trees to improve efficiency, allowing a block to contain more documents.

Digital Gold (E-Gold)
In 1996, Gold & Silver Reserve (G&SR) released digital gold, a digital currency backed by physical gold. This company released digital gold two years before PayPal was founded, allowing users to see their gold balance and trade digital gold.
It introduced the concept of real-time settlement, which is an important theoretical foundation for the emergence of today's smart contracts. It led to a surge in third-party trading services. Meanwhile, it introduced transactions through encrypted connections and APIs provided for third parties.
In addition, although it was a centralized company, it established a governance mechanism called "e-gold Special Purpose Trust," which is now the core of governance committees.
E-Gold also made international Ponzi schemes and global fraud possible for the first time.
At its peak, E-Gold's annual trading volume reached $2 billion, with five million accounts and over 3.5 tons of gold stored.
The decline of E-Gold was due to increasing security issues, including Ponzi schemes and phishing attacks. The company became a target for hackers worldwide, and some common hacking techniques (company impersonation, email list attacks...) were improved to attack E-Gold. E-Gold was ultimately shut down by the U.S. judicial authorities as an illegal remittance entity. During the litigation process, E-Gold lost a massive user base, as users feared being seen by authorities with their holdings. By 2008, this system rapidly declined.

The Era of Cryptographers
During the same period as digital gold, there were other innovations. In 1997, cryptographer Nick Szabo published a paper titled "Formalizing and Securing Relationships on Public Networks." In it, he proposed the concept of smart contracts, a method for executing agreements between untrusted strangers on a network.
In 1998, Szabo designed a decentralized digital currency called Bit Gold. Szabo suggested that users use computational power to solve cryptographic puzzles. Although Bit Gold was never widely used, its theoretical framework influenced the creation of the first cryptocurrency.
Also in 1998, computer engineer Wei Dai published "B-money, an anonymous, distributed electronic cash system." This paper described many characteristics of modern cryptocurrencies, such as collective updates of ledgers, incentives for work processes, cryptographic authentication, and public key cryptography.
Another important contributor was Hal Finny, a developer and active cryptographer, who developed the first reusable proof of work (RPOW) in 2004.

Entering the Bitcoin Era
There are some clues indicating that something new has arrived in this world, something unprecedented that will have a revolutionary impact.
In August 2008, the domain name "Open source P2P money" was registered.
On October 31, 2008, the paper "Bitcoin: A Peer-to-Peer Electronic Cash System" was published in a cryptography mailing list. The publisher was Satoshi Nakamoto, a pseudonym for one or more individuals, whose true identity remains uncertain to this day.
Here is the original email:
I have developed a new peer-to-peer electronic cash system that does not require a trusted third party.
The paper can be viewed here: http://www.bitcoin.org/bitcoin.pdf
Main features:
A peer-to-peer network prevents double-spending;
No mint or other trusted third party;
New coins are generated through a hash algorithm proof of work;
The proof of work mechanism for generating new coins also powers the network to prevent double-spending.
—— Satoshi Nakamoto
In January 2009, Nakamoto released the open-source software for Bitcoin. On January 3, 2009, when Nakamoto mined the first block on the chain, the Bitcoin network was born. That block later became known as the "genesis block."
Embedded in this block is the following text: "The Times 03/Jan/2009 Chancellor on brink of second bailout for banks." At this time, the Chancellor was on the brink of a second bailout for banks. The Bitcoin community and cryptographers interpreted this statement as a timestamp and a distributed storage that would have a significant impact on the banking industry.
Six days later, the Bitcoin 1.0 version was released. Anyone could participate. It was released as a Windows program, compiled using Visual Studio.
The first Bitcoin transaction was sent to Hal Finny on January 12, 2009, when Nakamoto sent him 10 bitcoins in block 170. Eight years later, these 10 free bitcoins reached a value of $200,000 at their peak.

Suspected Nakamoto Cryptographers
In 2009, a small cryptographic community engaged in mining and debate.
In June, the Chinese judiciary released the first legislation regarding "virtual currencies," prohibiting citizens from using any kind of digital currency to purchase goods and services. This rule was initially aimed at in-game currencies and electronic points, such as Tencent's Q coins. However, it also covered Bitcoin.
On October 5, 2009, the exchange rate of Bitcoin was first determined. The proposed exchange rate was 1309.03 BTC = 1 USD. It was derived from calculating the electricity cost of generating Bitcoin on a computer. This exchange rate was reversed over nearly eight years: by April 2017, 1 BTC = 1309 USD.
On October 12, 2009, a dedicated IRC channel for Bitcoin developers was established: #bitcoin-dev. As a result of the establishment of this channel, the Bitcoin 2.0 version was born on December 16, two months later.
On November 22, 2009, Nakamoto created Bitcointalk and used "Satoshi" as his username. His main thread moved from the previous Sourceforge forum.

The year 2019 ended with increased difficulty in Bitcoin mining: on December 30, just before the New Year, the mining difficulty increased for the first time in history.
In 2009, a small cryptographic community engaged in mining and debate.
In June, the Chinese judiciary released the first legislation regarding "virtual currencies," prohibiting citizens from using any kind of digital currency to purchase goods and services. This rule was initially aimed at in-game currencies and electronic points, such as Tencent's Q coins. However, it also covered Bitcoin.
On October 5, 2009, the exchange rate of Bitcoin was first determined. The proposed exchange rate was 1309.03 BTC = 1 USD. It was derived from calculating the electricity cost of generating Bitcoin on a computer. This exchange rate was reversed over nearly eight years: by April 2017, 1 BTC = 1309 USD.
On October 12, 2009, a dedicated IRC channel for Bitcoin developers was established: #bitcoin-dev. As a result of the establishment of this channel, the Bitcoin 2.0 version was born on December 16, two months later.
On November 22, 2009, Nakamoto created Bitcointalk and used "Satoshi" as his username. His main thread moved from the previous Sourceforge forum.

02 # Core Technology of Blockchain
Blockchain, as a distributed system, includes P2P network technology, consensus mechanism technology, and cryptographic technology.
First is the P2P network, which allows nodes on the network to directly access each other without going through intermediaries while sharing their resources, including storage capacity, network connectivity, processing power, etc.
Second is the consensus mechanism, which ensures that the distributed system meets varying degrees of data consistency. To achieve data consistency, consensus algorithms are used.
Third is cryptography, which uses a large number of cryptographic techniques and the latest research results to ensure the integrity and security of blockchain data construction, transmission, and storage, such as cryptographic hash functions and elliptic curve public key algorithms.

Almost all technical components of Bitcoin originated from academic literature from the 1980s and 1990s. This is not to undermine Nakamoto's achievements but to point out that he stood on the shoulders of giants. In fact, by tracing the origins of Bitcoin's ideas, we can attribute Nakamoto's true leap of insight to a specific, complex way—a combinatorial innovation (integrating underlying components together). This helps explain why it took so long for Bitcoin to be invented. Readers familiar with how Bitcoin works can gain deeper insights from this historical review. The cultural history of Bitcoin can also serve as a research case showcasing the collaborative relationship between academia, external researchers, and practitioners, providing lessons on how these different groups can benefit from each other.

  1. Ledger

If you have a secure ledger, the process of using it for digital payment systems will be very simple. For example, if Alice sends Bob $100 through PayPal, PayPal deducts $100 from Alice's account and deposits $100 into Bob's account. This is roughly similar to traditional banking operations, although traditional banking operations do not have a shared ledger.

The concept of a ledger is the starting point for understanding Bitcoin. It records all transactions that occur within the system and is open to all participants in the system, who trust it. Bitcoin converts the system's payment records into currency. In banking, account balances represent cash that can be withdrawn from the bank, but what does one Bitcoin represent? For now, we can only say that Bitcoin represents transactions containing fixed value.

In an internet environment where participants may not trust each other, how can we establish a ledger? Let's start with a simple part: the choice of data structure. This data structure must meet certain property requirements—the ledger should be immutable. More precisely, new transactions can only be added, not modified or deleted, and existing transactions cannot be reordered. Additionally, a cryptographic digest of the ledger's state needs to be obtained. The digest is a short string that avoids the need to store the entire ledger. If the ledger is tampered with, the resulting digest will inevitably change, allowing tampering to be detected. The reason for these properties is that, unlike conventional data structures stored on a single machine, the ledger is a global data structure maintained collectively by a group of participants who do not trust each other. This is different from the approach of decentralizing digital ledgers, where participants maintain local ledgers and users query these ledgers to resolve conflicts.

1.1 Linked Timestamping

The data structure of Bitcoin's ledger borrows modifications from a series of papers written by Stuart Haber and Scott Stornetta between 1990 and 1997 (their 1991 paper also had another co-author, Dave Bayer). We know these historical origins because Nakamoto mentioned them in his Bitcoin white paper. The main work of Stuart Haber and Scott Stornetta dealt with the documentation of timestamps—their goal was to establish a "digital notary" service. For patents, commercial contracts, and other documents, people want to determine whether the document was created at a certain point in time or no later than a certain point in time. The document concept of Stuart Haber and Scott Stornetta is very generalized and can be any type of data. They did mention that financial transactions are potential applications, but financial transactions were not their focus.

In a simplified version of Stuart Haber and Scott Stornetta's scheme, documents are continuously created and broadcast. Each document's creator declares a creation time (and signs the document), the document's timestamp, and the previous broadcast document. The previous broadcast document signs its predecessor, so the documents form a long backward chain. External users cannot change the timestamp information because it is signed by the creator; the creator also cannot change the timestamp information without altering the entire information chain. Therefore, if an item in the chain is obtained from a trusted source (for example, another user or a dedicated timestamp service), the entire chain prior to that moment is locked, immutable, and temporally ordered. Furthermore, if you believe the system rejects your document due to an incorrect creation time, you must ensure that the document is at least as old as it claims to be. In summary, Bitcoin merely borrowed the data structure designed by Stuart Haber and Scott Stornetta and then redesigned its security properties (by adding proof of work, which will be discussed later).

*Note: Furthermore, if you assume that the system rejects documents with incorrect creation times, you can be reasonably assured that documents are at least as old as they claim to be.

In the subsequent literature of Stuart Haber and Scott Stornetta, they introduced other schemes to make this data structure more efficient (some of which were hinted at in the first paper). First, hashes can be used instead of signatures to create links between documents; since hashes are simpler and faster to compute. Such links are called hash pointers. Second, instead of processing documents individually (which may be inefficient if multiple documents are created almost simultaneously), they can be grouped into batches or blocks, each containing documents with roughly the same timestamp. Third, within each block, documents can be connected together using a binary tree of hash pointers, known as a Merkle tree, rather than a linear chain. By the way, six years after the publication of Stuart Haber and Scott Stornetta's first paper, in 1991, Josh Benaloh and Michael de Mare independently proposed the three aforementioned schemes.

1.2 Merkle Trees

Bitcoin essentially uses the data structure proposed by Josh Benaloh and Michael de Mare in 1991 and 1997 (Nakamoto probably was not aware of Josh Benaloh and Michael de Mare's work), as shown in a simplified form in the diagram. Of course, in Bitcoin, transactions replace documents. In each block of the Merkle tree, the leaf nodes represent transactions, and each internal node consists of two pointers. This data structure has two important properties. First, the hash of the latest block serves as a digest. Any change to a transaction (leaf node) requires the change to propagate all the way up to the root of the block and to the roots of all subsequent blocks. Therefore, if you know the latest hash value, you can download the remaining ledger from an untrusted source and verify whether it has been altered. A similar perspective establishes the second important property of the data structure—that is, someone can simply and effectively prove to you whether a specific transaction is included in the ledger. This user only needs to send you a small number of nodes from the transaction block (this is a feature of Merkle trees) and a small amount of information from each subsequent block. The ability to efficiently prove the inclusion of transactions is crucial for performance and scalability.

*Note: Ralph Merkle, born in the United States, is a computer scientist who has made significant contributions to public key cryptography. He later shifted his research focus to nanotechnology and human cryopreservation.

By the way, Merkle trees are named after Ralph Merkle, a pioneer of symmetric cryptography. He proposed this idea in a paper in 1980. His goal was to produce a public directory summary of digital signature certificates. For example, when a website provides you with a certificate, it can also provide a brief proof that the certificate appears in the global directory. As long as you know the root hash of the Merkle tree in the certificate directory, you can efficiently verify the proof. This idea is ancient in cryptographic standards, but its power has only recently been recognized. It is central to recently implemented certificate transparency systems. A paper from 2015 proposed CONIKS, applying Merkle trees to public key directories for end-to-end encrypted email. Efficient verification of parts of the global state is one of the key functions provided by ledgers in the new cryptocurrency "Ethereum."

Bitcoin may be the most famous real-world application of Josh Benaloh and Michael de Mare's data structure, but it is not the first. At least two companies—Surety, which started in the mid-90s, and Guardtime, which started in 2007—utilized document timestamp services. These services have an interesting intersection, which is an idea mentioned by Bayer, Haber, and Stornetta, that is to regularly publish the Merkle root in newspapers as advertisements.

1.3 Byzantine Fault Tolerance

Of course, internet currencies without a central authority require stricter standards. Distributed ledgers will inevitably experience forks, meaning some nodes will consider block A the latest block, while others will consider block B the latest block. This may be due to attackers attempting to disrupt the ledger's operations; it may also simply be due to network delays, where different nodes are unaware of each other's blocks and may occasionally generate blocks almost simultaneously. Simply relying on linked timestamps is not enough to resolve forks, as proven by Mike in a 1998 article.

A different research field—fault-tolerant distributed computing—has studied this issue, including state replication. The solution to this problem is to have a group of nodes apply state transitions in the same order—usually, the precise order does not matter as long as all nodes are consistent. For digital currency, the state to be replicated is a set of balances, and transactions are state transitions. Early solutions, including Paxos proposed by Turing Award winner Leslie Lamport in 1989, considered state replication when communication channels are unreliable, where a minority of nodes may experience certain "realistic" failures, such as being permanently offline or restarting, receiving outdated messages sent while initially offline, etc. Subsequently, a large body of literature was published, mainly addressing more complex (hostile/adverse) environments and trade-offs regarding efficiency.

A series of related works studied situations where the network is mostly reliable (messages are transmitted with limited delay), but the definition of "fault" was expanded to include any deviation from the protocol. Such Byzantine faults include naturally occurring failures as well as maliciously manufactured behaviors. As early as 1982, Lamport, Robert Shostak, and Marshall Pease published a paper titled "The Byzantine Generals Problem." In 1999, Miguel Castro and Barbara Liskov published a landmark paper introducing PBFT (practical Byzantine fault tolerance), accommodating both Byzantine faults and unreliable networks. Compared to linked timestamps, the literature related to fault tolerance is extensive, including hundreds of variants and optimizations of Paxos, PBFT, and other important protocols.

Nakamoto did not cite BFT literature or use its language in his original white paper. He used some concepts, treating the protocol as a consensus mechanism and considering faults in terms of attackers and nodes joining and leaving the network. This contrasts sharply with his explicit references to the literature on linked timestamps (including proof of work, discussed below). When asked about discussions in the mailing list regarding the relationship between Bitcoin and the Byzantine generals problem (a thought experiment that requires BFT to solve), Nakamoto claimed that the proof-of-work chain solved this problem.

In the following years, other scholars studied Nakamoto's consensus mechanism from the perspective of distributed systems—this remains ongoing work. Some argue that Bitcoin's properties are quite weak; others believe that the BFT perspective is unfair regarding Bitcoin's consistency properties. Another approach is to define well-studied properties and prove that Bitcoin satisfies them. Recently, these definitions have been significantly strengthened to provide a more standard definition of consistency, retaining more realistic assumptions about message passing. However, all this work assumes that the behavior of a portion of participating nodes is "honest" (e.g., protocol-compatible), while Nakamoto believed it was unnecessary to blindly assume that node behavior is honest, as behavior is incentivized. A comprehensive analysis of Nakamoto's incentive consensus mechanism does not fit past fault-tolerant system models.

2 Proof of Work

Almost all fault-tolerant systems assume that the majority or vast majority (e.g., more than half or two-thirds) of nodes in the system are honest and reliable. In an open peer-to-peer network, there is no registration of nodes, and nodes can freely join and leave. Therefore, attackers can create enough Sybil or sockpuppet nodes to break the system's consistency guarantees. The Sybil attack was formally defined by John Douceur in 2002, proposing to resolve it using cryptographic infrastructure—proof of work.

2.1 Origins

To understand proof of work, let's look at the origins of this concept. Proof of work was first proposed and created by Cynthia Dwork and Moni Naor in 1992. Their goal was to prevent spam. Note that spam, Sybil attacks, and denial-of-service attacks are roughly similar problems: attackers increase their destructive power through the network compared to regular users. Proof of work applies to three-party defenses. In Cynthia Dwork and Moni Naor's design, email recipients only process emails that come with proof—that the sender has performed a certain amount of computational work—known as "proof of work." Computing proof of work may take a few seconds on a regular computer. Therefore, it does not pose any difficulty for regular users, but for spammers, sending a million emails would take weeks under equivalent hardware conditions.

Note that proof of work (also known as "puzzle-solving") must be specific to emails and recipients. Otherwise, spammers would be able to send multiple emails to the same recipient (or send the same email to multiple recipients) at the same cost as one-to-one sending. The second important characteristic is that it should impose only a minimal computational burden on the recipient; "puzzle-solving" should be easy to verify, regardless of how difficult they are to compute. Additionally, Cynthia Dwork and Moni Naor believed that a backdoor function—a secret known to a central authority—could allow the authority to solve the problem without performing proof of work. One possible application backdoor is to open a mailing list for the authority that does not incur costs for sending emails. Cynthia Dwork and Moni Naor's proposal included three candidate problems that satisfy their properties and initiated an entire research field, which we will return to later.

2.2 Hashcash

A very similar idea called hashcash was independently invented in 1997 by Adam Back, then a postdoctoral researcher in the cypherpunk community. Cypherpunks are activists against government and central authority powers, dedicated to promoting social and political change through cryptography. Adam Back is a practical person: he first released hashcash software, and only five years later, in 2002, did he release an Internet draft (a standardization document) and paper.

Hashcash is much simpler than Cynthia Dwork and Moni Naor's idea: it has no backdoor and does not require a central authority; it only uses hash functions instead of digital signatures. Hashcash is based on a simple principle: hash functions behave as random functions in some practical applications, meaning the only way to find an input that hashes to a specific output is to try various inputs until the desired output is produced. Moreover, the only way to find an input that hashes to any set of outputs is again to try hashing different inputs one by one. So, if you are asked to find an input that hashes to an output starting with ten zeros (in binary), you will have to try a large number of inputs, and you will find that the chance of each output starting with ten zeros is (1/2)^10, meaning you will have to try (2)^10 sequential inputs, or about 1000 hash computations.

As the name suggests, in hashcash, Adam Back views proof of work as a form of currency. On his website, he positions this currency as one of the choices for David Chaum's DigiCash implementation—a system where banks issue untraceable digital cash to users. He even made some design trade-offs in the technical design to make it appear more like a currency. Later, Adam Back commented that Bitcoin is a direct extension of hashcash. However, hashcash is not cash because it does not prevent double spending. The tokens of hashcash cannot be exchanged between peers.

At the same time, in the academic field, researchers found that proof of work has many application scenarios beyond spam prevention, such as preventing denial-of-service attacks, ensuring the authenticity of network analysis, and rate limiting for password guessing online, etc. By the way, the term proof of work was first introduced by Markus Jakobsson and Ari Juels in a paper written in 1999, which also served as a good overview of this research up to that point. Notably, these researchers did not seem to be aware of hashcash, independently converging towards hash-based proof of work, as mentioned in papers by Eran Gabber and others, as well as in Juels' and Brainard's papers (many terms used in this article only became standard terms long after the relevant papers were published).

Sidebar: Sybil-resistant networks

In his paper on Sybil attacks, John Douceur proposed that all nodes participating in BFT protocols need to solve hashcash puzzles. If a node impersonates N identities, it will not be able to solve N puzzles in a timely manner, and its forged identities will be eliminated. However, malicious nodes can still have more advantages than honest nodes that only claim a single identity. A follow-up article published in 2005 proposed that honest nodes should mimic the behavior of malicious nodes and claim as many virtual identities as their computational power can support. By using these virtual identities to execute BFT protocols, the original assumption that "at most a portion of f nodes fail" can be replaced with "the share of total computational power controlled by faulty nodes is at most f." Therefore, there is no longer a need to verify identities, and open peer-to-peer networks can run BFT protocols. Bitcoin happens to use this idea, but Nakamoto posed a further question: what incentivizes nodes to perform expensive proof-of-work calculations? The answer requires a further leap: digital currency.

2.3 Proof of Work and Digital Cash: A Catch-22

You may know that proof of work has not been successfully applied to its originating application as an anti-spam measure. One possible reason is the significant differences in the speed at which different devices solve puzzles. This means that spammers can customize hardware with a small investment to increase their rate of sending spam by several orders of magnitude. In economics, the natural response to asymmetric production costs is trade—that is, a marketplace for proof of work. However, this presents a catch-22, as this would require a digital currency that works. In fact, it is precisely the lack of such currency that has led to insufficient motivation for the use of proof of work. A crude solution to this problem is to declare "puzzle-solving" as cash, as hashcash attempted to do.

*Note: A catch-22 generally refers to a predicament caused by conflicting rules or conditions that make it impossible to escape; or an illogical or contradictory problem. For example, this is a contradictory dilemma: no one wants to support you unless you have already succeeded, but if no one supports you, how can you succeed?

Work is currency, and currency is needed to incentivize work, which is the catch-22.

If it is mandated that proof of work is currency, Nakamoto's consensus and incentive logic should be as follows: proof of work is currency, which incentivizes miners to work hard to mine and provide proof of work, thus earning currency; at the same time, using economic principles to set rules so that the input of malicious nodes exceeds the benefits, malicious nodes have no motivation to disrupt consensus, thus solving the problem of reaching consensus due to generals' betrayal in BFT.

In two earlier articles, clearer schemes were found to treat "puzzle-solving" as cash, describing b-money and bit gold. These schemes provide timestamp services to sign the creation of money (through proof of work), and once money is created, it can sign transfers. However, if inconsistencies arise in the ledger between servers or nodes, the articles do not provide a clear solution. Relying on majority principles to decide seems to be the implicit intention of the two authors' articles, but due to the Sybil problem, these mechanisms are not very secure unless a gatekeeper is introduced to control the network, or Sybil resistance is achieved through proof of work.

3 Putting it all together

By understanding all these predecessors that contributed to the design details of Bitcoin, you will appreciate Nakamoto's truly genius innovation. In Bitcoin, "puzzle-solving" cannot self-construct into cash; instead, it is merely used to protect the ledger. The solution of proof of work is accomplished by specialized entities called miners (although Nakamoto did not anticipate what professional mining would become).

Miners need to continuously compete with each other to find the next "puzzle-solving." Each miner is tasked with solving a slightly different variant of this puzzle, so the chances of success are proportional to the share of global mining power controlled by the miner. The miner solving the puzzle contributes the next batch of the timestamped ledger, or block (i.e., the next transaction). By maintaining and exchanging the ledger, the miner contributing a block will receive a reward of newly mined currency. It is likely that if a miner contributes an invalid block or transaction, it will be rejected by the majority of other miners contributing the next block, rendering the reward for the invalid block void. Thus, due to monetary incentives, miners are ensured to follow the same protocol.

Bitcoin cleverly avoids the double spending problem that plagues the "proof-of-work-as-cash" mechanism by sidestepping the value of "puzzle-solving" itself. In fact, Bitcoin achieves two decouplings of "puzzle-solving" from economic value: the amount of work required to produce a block is a floating parameter (proportional to global mining power), and furthermore, the number of bitcoins issued per block is not fixed. The block reward (i.e., how new bitcoins are mined) is halved every four years (in 2017, the reward was 12.5 bitcoins/block, reduced from the initial 50 bitcoins/block). Bitcoin includes an additional reward scheme—transaction initiators pay transaction fees to miners who include the transaction in a block, expecting the market to determine transaction fees and miner rewards.

Thus, Nakamoto's genius lies not in any single component of Bitcoin but in creating a complex way—integrating various technologies to breathe life into the entire system. Objectively speaking, researchers studying timestamps and Byzantine protocols did not address the node incentive problem until 2005, nor did they use proof of work to eliminate the node identity problem. Conversely, the authors of hashcash, b-money, and bit gold did not absorb the ideas of consensus/consistency algorithms to solve the double spending problem. In Bitcoin, a secure ledger can prevent the double spending problem, thereby ensuring that currency has value. Only valuable currency can reward miners, and then ensure that the strength of mining power can secure the ledger. If there is insufficient mining power, an adversary could seize more than 50% of global mining power, allowing them to generate data blocks faster than the rest of the network, double spend transactions, and effectively rewrite history, leading to a deficit for the entire system. Therefore, Bitcoin is self-bootstrapping, with a closed-loop dependency relationship among the ledger, currency, and miners. The challenge Nakamoto faced was not just in design but in persuading the initial users and miner community to leap into the unknown era together: at that time, the price of pizza exceeded 10,000 bitcoins, and the network's mining power was less than a trillionth of what it is today.

Sidebar: Smart Contracts

A smart contract is a program that places data in a secure ledger and extends smart contracts to computation. In other words, it is a consensus protocol that publicly specifies the correct execution of a program. Users can call functions in the smart contract program and comply with any restrictions specified by the program, and the function code is executed in sequence by miners. Users can trust the output without having to redo the calculations and can write their own programs to handle the outputs of other programs. By combining with cryptocurrency platforms, smart contracts are particularly powerful because the aforementioned programs can handle funds—owning, transferring, destroying, and in some cases even printing.

Bitcoin implements a restrictive programming language as a smart contract. A "standard" transaction (i.e., transferring currency from one address to another) is implemented using this language as a short script. Ethereum provides a more permissive and powerful language.

The idea of smart contracts was proposed by Nick Szabo in 1994, as it can be analogized to legal contracts (smart contracts have the added functionality of automatic execution), hence the name smart contracts. Nick Szabo foresaw (this view has been criticized by Karen Levy and Ed Felten) the proposal of smart contracts as an extension of digital cash protocols and recognized that Byzantine protocols and digital signatures (among others) could serve as building blocks. The success of cryptocurrencies has made smart contracts a reality, and research on this topic has begun to rise. For example, programming language researchers have adjusted their methods and tools to automatically discover errors in smart contracts and write verifiably correct smart contracts.

3.1 Public Keys as Identities

This article is based on the understanding that a secure ledger makes creating digital currency easier. Let's revisit this assertion. When Alice wants to pay Bob, she broadcasts the transaction to all Bitcoin nodes. A transaction is merely a string: a declaration that "Alice wants to pay Bob some money," signed by Alice. Ultimately, this declaration is recorded in the ledger by miners, and the transaction becomes real. Note that Bob does not need to participate in this process in any way. However, let us focus on the absent parties in this transaction: clearly absent are the identities of Alice and Bob; instead, the transaction only contains their respective public keys. This is an important concept in Bitcoin: public keys are the only identities in the system. Transactions transfer value to or from public keys, and this convention is called an address.

*Translator's Note: The introduction of this address concept is a clever innovation by Nakamoto compared to traditional distributed systems.

To "speak" an identity, you must know the corresponding key. You can create a new identity at any time—by generating a new key pair—without needing a central authority or registration agency. You do not need to apply for a username or notify others that you have chosen a specific name—this is the concept of decentralized identity management—Bitcoin does not specify how Alice should tell Bob what her pseudonym is; this is external to the system.

Unlike most other payment systems today, these ideas are quite "old," tracing back to David Chaum, the father of digital cash. In fact, David Chaum also made pioneering contributions to anonymous networks, and it was in this context that he invented the idea of "digital pseudonyms." In his 1981 paper "Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms," he stated: "Digital pseudonyms" are public keys used to verify whether the corresponding private key's anonymous holder has signed.

Now, knowing the recipient only through the public key is an obvious problem: it is impossible to route the email to the correct computer. This led to the inefficiency of David Chaum's scheme: anonymous transactions could not be eliminated. Compared to centralized payment systems, Bitcoin is also inefficient: the ledger containing each transaction is maintained by every node in the system. In any case, Bitcoin chose security while also choosing inefficiency, thus achieving "free" anonymity (i.e., public keys as identities). David Chaum advanced these ideas in his 1985 paper, proposing a vision of privacy-protecting e-commerce based on universal "pseudonyms" and the key ideas behind digital cash—"blind signatures."

The idea of "public keys as identities" also exists in the earlier discussed pioneering literature of Bitcoin: b-money and bit gold. However, most of the work is built on the foundation laid by David Chaum, and his later work (including electronic cash) deviated from this idea. The cypherpunk community had a strong interest in privacy-protecting communications and commerce, embracing what they called "nyms" as pseudonyms. But for them, nyms were not just cryptographic identities (i.e., public keys) but were typically email addresses associated with public keys. Similarly, Ian Goldberg's paper—the basis for subsequent anonymous communication work—endorsed David Chaum's view but argued that "nyms" should be memorable nicknames bound to certificates. Thus, Bitcoin has proven to be the most successful example of David Chaum's ideas.

4 Blockchain

So far, this article has not mentioned blockchain. If you believe the hype, blockchain is the main invention of Bitcoin. You might be surprised to learn that Nakamoto never mentioned this term at all. In fact, the technical term blockchain does not have a standard technical definition but is used by various parties to refer to systems that are similar to Bitcoin and ledgers to varying degrees.

Discussing example applications that benefit from blockchain will help clarify the different uses of the term. First, consider a database backend for transactions between a consortium of banks, where transactions are presented in a mesh structure at the end of each day, with accounts settled by a central bank. Such a system has a few clearly defined parties, so Nakamoto's consensus would be overkill. There is also no need for currency on the blockchain, as accounts are denominated in traditional currency. On the other hand, linked timestamps are clearly useful, at least to ensure consistent global transaction ordering in the face of network delays. State replication is also useful: a bank would know that its local data copy is the same as the data used by the central bank to settle accounts. This frees banks from the costly coordination processes they currently must perform.

Second, consider an asset management application, such as tracking financial securities, real estate, or any other asset ownership documentation. Using blockchain can improve interoperability and lower barriers to entry. We would like to have a secure global document registry, ideally allowing public participation. This is essentially what timestamp services provided in the 1990s and the new millennium. Public blockchains provide a particularly effective way to achieve this (the data itself may be stored off-chain, with only metadata stored on-chain). Other applications also benefit from timestamping or "bulletin board" abstractions, most notably electronic voting.

Let us continue with the example of asset management. Suppose you want to execute an asset transaction via blockchain rather than merely saving transaction records. If the asset itself is issued digitally on the blockchain and the blockchain supports smart contracts, transactions can occur. In this case, smart contracts solve the "fair exchange" problem of ensuring that payment only occurs when the asset is transferred. More generally, smart contracts can encode complex business logic, as long as all necessary input data (assets, prices, etc.) is represented on the blockchain.

This mapping of blockchain properties to applications allows us not only to appreciate its potential but also to inject much-needed skepticism. First, many proposed blockchain applications, especially in banking, do not use Nakamoto's consensus mechanism. Instead, they use ledger data structures and Byzantine protocols (these technologies, as mentioned earlier, can be traced back to the 1990s). This suggests that blockchain is a new revolutionary technology. Conversely, the buzz surrounding blockchain has helped banks initiate collective actions to deploy shared ledger technology, much like the metaphor of "stone soup." Bitcoin is also a very clear proof of concept for decentralized ledgers, and the Bitcoin core project provides a convenient codebase that can be adjusted as needed.

*Note: "Stone Soup" is a work adapted from a French folktale, but Joan Muth sets the story in ancient China. Three monks arrive at a village that has suffered greatly, and the villagers, having endured hard times for years, have become hardened and unwilling to accept anyone. However, the monks use the method of cooking stone soup to subtly encourage the villagers to contribute, teaching them the essence of sharing and happiness.

Secondly, there is a misleading claim: blockchain is generally more secure than traditional document registries. To understand why, one must separate the overall stability of the system or platform from endpoint security (i.e., the security of users and devices). Admittedly, the systemic risk of blockchain may be lower than that of many central institutions, but the endpoint security risks of blockchain are far higher than the corresponding risks of traditional institutions. Blockchain transactions are almost instantaneous, irreversible, and designed for anonymous transactions in public blockchains. In blockchain-based stock registries, if a user (broker or agent) loses control of their private key—whether due to a lost phone or malware installed on their computer—they will lose their assets. The extraordinary history of Bitcoin hacks, thefts, and scams does not inspire much confidence; it is estimated that at least 6% of bitcoins in circulation have been stolen at least once.

Sidebar: Permissioned Blockchains

While this article emphasizes that private and permissioned blockchains do not utilize most of Bitcoin's innovations, it does not mean that there is little interesting work happening in this field. Permissioned blockchains restrict who can join the network, write transactions, or mine (blocks). In particular, if miners are limited to a list of trusted participants, proof of work can be abandoned in favor of more traditional BFT methods. Therefore, most of the research is a revival of BFT algorithms, and the following questions can be posed: Can we simplify consensus algorithms using hash trees? What if the network can only fail in certain ways?

Additionally, there are important considerations surrounding identity and public key infrastructure, access control, and the confidentiality of data stored on the blockchain. These issues largely do not arise in public blockchains and have not been studied in traditional BFT literature.

Finally, there is engineering work to improve the throughput of blockchains and apply them to various businesses, such as supply chain management and financial technology.

5 Concluding Lessons

The history described here provides rich (and complementary) lessons for practitioners and scholars. Practitioners should be skeptical of claims about revolutionary technologies. As previously mentioned, most of the ideas in Bitcoin that excite enterprises, such as distributed ledgers and Byzantine protocols, can be traced back over 20 years. Recognizing that your problem may not require any breakthrough innovation—solutions long forgotten can be found in research papers.

The academic community seems to have the opposite problem, at least in this scenario: resisting radical, external ideas. Many ideas in the Bitcoin white paper, although traceable to their lineage, are more novel than most academic research. Moreover, Nakamoto did not care about academic peer review and did not fully connect it with academic history. Therefore, for years, the academic community largely ignored Bitcoin. Many academic groups informally believed that although Bitcoin was indeed functioning well in practice, it could not operate based on theoretical models and experiences from past systems.

We repeatedly see that ideas in research literature may gradually be forgotten or overlooked, especially if those ideas are ahead of their time or even outside popular research fields. Both practitioners and scholars should revisit old ideas and gather insights from current systems. The extraordinary and successful aspect of Bitcoin is not that it is at the forefront of any component research, but that it integrates many old ideas from unrelated fields. Achieving this is not easy, as it requires bridging different terminologies, assumptions, etc., but it is a valuable blueprint for innovation.

Practitioners should be able to identify overhyped technologies and benefit from doing so. There are some indicators for identifying technological hype: difficulty in determining its technological innovation; difficulty in determining the meaning of so-called technical terms due to companies rushing to attach their products to popular trends; difficulty in determining the problems being solved; and finally, demands for technology to solve social problems or create economic/political turmoil.

Conversely, the academic community struggles to market its inventions. Unfortunately, the original proof of work researchers did not receive credit for Bitcoin, possibly because their work was not known outside academia. In academia, activities such as publishing code and collaborating with practitioners are not adequately rewarded. In fact, to date, the original branch of academic proof of work still does not acknowledge the existence of Bitcoin! Engaging with the real world not only helps gain credit but also reduces wheel reinvention and is a way to find new ideas.

The attitudes of major global economies toward Bitcoin and the historical changes. Why is it important to understand this knowledge? Besides increasing knowledge reserves, when your work involves blockchain—whether directly working in the industry or indirectly investing in it—the policy changes and current situations of various countries will be very important references for you.

Globally, the United States and Japan are at the forefront of Bitcoin regulation. Countries like the UK, Canada, Australia, and Switzerland also recognize the positive significance of Bitcoin and are working on formulating relevant regulatory regulations to standardize industry development. Russia and Thailand have shifted from previous prohibitions to relaxations.

| Germany

The first country to recognize the legal status of Bitcoin was Germany. In August 2013, the German government stated that Bitcoin could be treated as private currency and currency units, and individuals using Bitcoin would have a one-year tax exemption, while a certain percentage of tax would be levied for commercial use. In October 2016, a company providing Bitcoin lending services in Germany announced that it had obtained a license from the Federal Financial Supervisory Authority (BaFin). To date, Germany is one of the few countries in the world that has established relatively clear regulatory and legal policies regarding Bitcoin transactions.

Now, regarding the United States, in addition to federal legislative powers, each state has its own legal system. From a regulatory perspective, several major regulatory agencies in the United States include the Securities and Exchange Commission (SEC), the Commodity Futures Trading Commission (CFTC), and the Internal Revenue Service (IRS), each having different regulatory measures for Bitcoin. The regulatory measures of various states in the U.S. also vary.

| United States

Let’s first talk about the SEC, which has rejected Bitcoin ETF (Bitcoin Exchange-Traded Fund) listing applications at least three times this year. The CFTC classifies Bitcoin as a "commodity," and in July 2017, it issued the first Bitcoin derivatives clearing license, approving the establishment of Bitcoin futures exchanges. The IRS views Bitcoin as property subject to federal taxes, with different tax types required for different uses.

Various states in the U.S. have also introduced digital currency regulatory regulations to establish a regulatory framework for the digital currency industry. In August 2014, the New York Department of Financial Services issued the world's first digital currency license (BitLicense). New York is also the first government entity to comprehensively propose regulations for digital currencies. In April 2017, Washington introduced Senate Bill 5031, requiring all companies conducting Bitcoin trading business in Washington to apply for trading licenses and undergo third-party audits, providing all relevant data. In other states, some simply define cryptocurrencies as financial instruments and tax them, while others have introduced more detailed business registration rules.

| Japan

Now, regarding Japan, it is a very positive country toward Bitcoin. In 2016, Japan approved a regulatory bill for digital currencies, and on April 1, 2017, the "Amendment to the Payment Services Act" officially took effect, granting official recognition to the legality of digital assets such as Bitcoin as a means of payment. In July 2017, Japan officially stopped charging an 8% consumption tax on Bitcoin transactions. Recently, on September 29, the Financial Services Agency of Japan issued the first batch of Bitcoin exchange licenses. Starting in October, the Financial Services Agency began comprehensive regulation of Bitcoin exchanges in Japan. For example, they will take measures such as reviewing internal systems and authorizing regulatory agencies to conduct "real-time" inspections.

Since the beginning of 2017, the trading volume of Bitcoin in Japan has been continuously rising, and currently, the Japanese yen ranks first globally in terms of trading volume against Bitcoin among fiat currencies.

| Russia

Russia has undergone the most significant change in its attitude toward Bitcoin. In February 2014, the Russian Prosecutor General's Office announced that the use of Bitcoin by any citizen or legal entity within Russia was illegal. However, later, other regulatory departments expressed differing opinions. The Deputy Minister of Finance stated that Russia might consider cryptocurrency as legal currency in 2018; however, shortly thereafter, the Central Bank's Financial Technology Center expressed opposition, stating that it was too early to discuss the legalization of cryptocurrency in Russia. Currently, there are officially approved trading platforms and mining companies in Russia. The Governor of the Central Bank stated in June 2017 that Bitcoin is a digital asset, not a virtual currency.

Having discussed Germany, the first country to recognize the legal status of Bitcoin, as well as the United States, Japan, and Russia, let's take a look at the attitudes of other countries toward Bitcoin.

| France

France's attitude toward Bitcoin is somewhat different. At the end of 2013, the Governor of the French Central Bank, like many of his international counterparts, issued a warning about the risks of Bitcoin trading, cautioning that Bitcoin prices are unstable and users may encounter difficulties when converting Bitcoin into real currency after investing in it. According to French law, Bitcoin cannot be considered a legal currency that complies with the national financial and fiscal code. Additionally, the French government has strengthened the management of trading platforms for fiat currency and Bitcoin transactions, requiring every Bitcoin transaction to be real-name registered. Income generated from trading Bitcoin in France is also subject to taxation. Of course, France is a romantic country; in May 2017, leftist leader Emmanuel Macron was elected as the new president of France. Besides his story of marrying his former teacher, he also made headlines on the globally renowned news social site Reddit by holding a Bitcoin hardware wallet, sparking discussions among Bitcoin enthusiasts.

In line with Germany and France, several Nordic countries have a more laissez-faire attitude toward Bitcoin. As early as 2013, the Danish Financial Supervisory Authority issued an official statement, in addition to warning about the risks of Bitcoin, stating that virtual currencies are unregulated electronic currencies that can also be used for payments. Subsequently, the Danish government issued a surprising announcement: digital currencies such as Bitcoin would not be regulated in Denmark, and companies conducting Bitcoin exchange businesses would not need permission from the Danish government.

| Norway

Similarly, Norway's attitude toward Bitcoin has undergone two drastically different changes. In November 2013, the Norwegian Tax Administration issued a statement declaring that Bitcoin does not meet the definition of currency and would be treated as a virtual asset for taxation. Any form of Bitcoin transaction would incur a 25% value-added tax, which is quite high. In October 2014, two major banks in Norway announced that they would not provide services to Bitcoin companies. However, two years later, the Norwegian government underwent a dramatic change in its attitude toward Bitcoin. In November 2016, Norway's largest financial services group DNB added a feature to its app allowing users to purchase Bitcoin using credit or debit cards. In February 2017, the Norwegian Tax Administration further announced the cancellation of the high value-added tax on Bitcoin transactions in the country.

| China

Finally, let's look at the official stance of China on Bitcoin. In China, five ministries and commissions of the central bank once issued a notice titled "Notice on Preventing the Risks of Bitcoin" in 2013, classifying Bitcoin as a "virtual commodity" and requiring financial institutions not to participate in Bitcoin-related businesses, while also requiring trading platforms to fulfill their obligations for record-keeping and anti-money laundering. For several years, regulatory authorities and industry parties have been implementing and enforcing this document until September 2017, when regulatory authorities guided all Bitcoin trading platforms to cease domestic Bitcoin trading activities.

Alright, in today's lesson, we learned about the official attitudes of major countries toward Bitcoin. Let's review these key points:

The United States and Japan are at the forefront of Bitcoin regulation globally. Although the main regulatory agencies and various states in the U.S. have different policies regarding Bitcoin, overall, their regulation of Bitcoin is more advanced and mature. Japan has a very positive attitude toward Bitcoin, officially recognizing its "payment" attributes, stopping the collection of consumption tax on Bitcoin transactions, and issuing the first batch of Bitcoin exchange licenses while conducting comprehensive regulation of Bitcoin exchanges in Japan.

Countries like the UK, Germany, and several Nordic countries also recognize the positive significance of Bitcoin. However, France's attitude is somewhat different, as it does not consider Bitcoin a legal currency and has strengthened the management of Bitcoin trading platforms, requiring every Bitcoin transaction to be real-name registered and taxing income generated from trading Bitcoin.

Russia's attitude toward Bitcoin still has many controversies, with different departments holding differing views on whether Bitcoin should be considered legal currency. The latest statement from officials in June 2017 was that "Bitcoin is a digital asset, not a virtual currency."

Finally, China's official policy regarding Bitcoin classifies it as a "virtual commodity," with the central bank requiring financial institutions not to participate in Bitcoin-related businesses while also requiring trading platforms to fulfill record-keeping and anti-money laundering obligations.

6 Acknowledgements
The authors are grateful to Adam Back, Andrew Miller, Edward Felten, Harry Kalodner, Ian Goldberg, Ian Grigg, Joseph Bonneau, Malte Möser, Mike Just, Neha Narula, Steven Goldfeder, and Stuart Haber for valuable feedback on a draft.

7 References

Aspnes, J., et al. 2005. Exposing computationally challenged Byzantine imposters. Yale University Department of Computer Science; http://cs.yale.edu/publications/techreports/tr1332.pdf.

Back, A. 1997. A partial hash collision based postage scheme; http://www.hashcash.org/papers/announce.txt.

Back, A. 2001. Hash cash; https://web.archive.org/web/20010614013848/http://cypherspace.org/hashcash/.

Back, A. 2002. Hashcash—a denial of service counter measure; http://www.hashcash.org/papers/hashcash.pdf.

Bayer, D., Haber, S., Stornetta, W. S. Improving the efficiency and reliability of digital time-stamping. Proceedings of Sequences 1991; https://link.springer.com/chapter/10.1007/978-1-4613-9323-8_24.

Benaloh, J., de Mare, M. 1991. Efficient broadcast timestamping; http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.38.9199.

Boyle, T. F. 1997. GLT and GLR: Component architecture for general ledgers; https://linas.org/mirrors/www.gldialtone.com/2001.07.14/GLT-GLR.htm.

Castro, M., Liskov, B. 1999. Practical Byzantine fault tolerance. Proceedings of the Third Symposium on Operating Systems Design and Implementation; http://pmg.csail.mit.edu/papers/osdi99.pdf.

Chaum, D. 1981. Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM 24(2): 84-90; https://dl.acm.org/citation.cfm?id=358563.

Chaum, D. 1983. Blind signatures for untraceable payments. Advances in Cryptology: 199-203.

Chaum, D. 1985. Security without identification: transaction systems to make Big Brother obsolete. Communications of the ACM 28(10): 1030-1044; https://dl.acm.org/citation.cfm?id=4373.

Chaum, D., et al. 1988. Untraceable electronic cash. Advances in Cryptology: 319-327; https://dl.acm.org/citation.cfm?id=88969.

Dai, W. 1998; http://www.weidai.com/bmoney.txt.

Douceur, J. R. 2002. The Sybil attack; https://dl.acm.org/citation.cfm?id=687813.

Dwork, C., Naor, M. 1992. Pricing via processing or combatting junk mail; https://dl.acm.org/citation.cfm?id=705669.

Felten, E. 2017. Smart contracts: neither smart nor contracts? Freedom to Tinker; https://freedom-to-tinker.com/2017/02/20/smart-contracts-neither-smart-not-contracts/.

Franklin, M. K., Malkhi, D. 1997. Auditable metering and lightweight security; http://www.hashcash.org/papers/auditable-metering.pdf.

Gabber, E., et al. 1998. Curbing Junk E-Mail via Secure Classification. http://www.hashcash.org/papers/secure-classification.pdf.

Garay, J. A., et al. 2015. The bitcoin backbone protocol: analysis and applications. Advances in Cryptology: 281-310; https://eprint.iacr.org/2014/765.pdf.

Goldberg, I. 2000. A pseudonymous communications infrastructure for the Internet. Ph.D. dissertation, University of California Berkeley; http://moria.freehaven.net/anonbib/cache/ian-thesis.pdf.

Grigg, I. 2005. Triple entry accounting; http://iang.org/papers/triple_entry.html.

Haber, S., Stornetta, W. S. 1991. How to timestamp a digital document. Journal of Cryptology 3(2): 99-111; https://link.springer.com/chapter/10.1007/3-540-38424-3_32.

Haber, S., Stornetta, W. S. 1997. Secure names for bit-strings. In Proceedings of the 4th ACM Conference on Computer and Communications Security: 28-35; http://dl.acm.org/citation.cfm?id=266430.

Jakobsson, M., Juels, A. 1999. Proofs of work and bread pudding protocols; http://www.hashcash.org/papers/bread-pudding.pdf.

Juels, A., Brainard, J. 1999. Client puzzles: a cryptographic countermeasure against connection completion attacks. Proceedings of Networks and Distributed Security Systems: 151-165; https://www.isoc.org/isoc/conferences/ndss/99/proceedings/papers/juels.pdf.

Just, M. 1998. Some timestamping protocol failures; http://www.isoc.org/isoc/conferences/ndss/98/just.pdf.

Lamport, L., et al. 1982. The Byzantine Generals Problem. ACM Transactions on Programming Languages and Systems 4(3): 382-401; https://dl.acm.org/citation.cfm?id=357176.

Lamport, L. 1989. The part-time parliament. Digital Equipment Corporation; https://computerarchive.org/files/mirror/www.bitsavers.org/pdf/dec/tech_reports/SRC-RR-49.pdf.

Lamport, L. 2001. Paxos made simple; http://lamport.azurewebsites.net/pubs/paxos-simple.pdf.

Laurie, B. 2014. Certificate Transparency. acmqueue 12(8); https://queue.acm.org/detail.cfm?id=2668154.

Levy, K. E. C. 201

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.