Nobody Understands Bitcoin (And That's OK)

When I first became interested in bitcoin, I found myself spending countless hours absorbing as much information about it as possible, trying to put all of the pieces together.

After years of learning, I now devote a fair amount of my time trying to help others understand bitcoin better. While many people have referred to me as a "bitcoin expert," I still consider myself a student – I have yet to determine how deep the rabbit hole goes.

Andreas Antonopoulos had this to say about explaining (and thus understanding) bitcoin:

"I wrote a book that answers the question 'What is Bitcoin?' It's 300 pages long, was obsolete the moment it was printed and has to be corrected and updated every three months just to keep up with changes."

The multifaceted nature of bitcoin

With enough studying you can teach yourself how bitcoin currently works from a technical standpoint.

I maintain a list of educational resources that is sufficient to keep anyone busy for several months in pursuit of this goal. However, this approach of information ingestion will only expose the tip of the bitcoin iceberg.

Meltem Demirors posted a chart that’s spot on:

One challenge to understanding bitcoin is that it is a multifaceted cross-disciplinary system that is constantly evolving.

Ferdinando Ametrano put it well:

Ferdinando hits a key point that I’ll be delving into – bitcoin is not just a technology; it's a technology that represents something even less tangible.

Bitcoin is a living protocol that emerges from a melting pot of ideas, philosophies, cultures and politics after they undergo trial by fire.

You can read the "Rise of the Cypherpunks" to learn how we came to be where we are today.

Satoshi's understanding of bitcoin

"Writing a description for this thing for general audiences is bloody hard. There's nothing to relate it to." – Satoshi, July 5, 2010

Even Satoshi didn’t fully understand what he built with regard to bitcoin’s security model. He (or she) ended up fixing a multitude of bugs in the first few years of bitcoin’s existence.

After it was 18 months old, the rate of bug fixes had slowed down to the point that new vulnerabilities were categorized and documented. Let's cover a few of the flaws that were fixed before bitcoin gained adopters.

In the first versions of bitcoin, anyone could spend anyone else’s coins:

"The opcode OP_RETURN originally just caused the script to end early instead of fail, so you could steal anyone's bitcoins by simply using the scriptSig OP_TRUE OP_RETURN. It was also possible to put a pushdata opcode right at the end of a scriptSig to turn the entire scriptPubKey into a constant (which evaluates to true). Satoshi fixed these bugs by changing the behavior of OP_RETURN to cause the transaction to immediately fail and making it so that scriptSig and scriptPubKey are evaluated in two separate steps.”

– Theymos

Satoshi fixed a major consensus flaw by changing the 'best chain' logic from using the longest chain to using the chain with most proof-of-work. Technically, it could be argued that this was a hard fork, though it didn’t actually cause a chain fork because the longest chain at the time was also the one with the most proof-of-work.

Satoshi also set the block-size limit as protection against denial-of-service attacks. The block size was originally only implicitly limited by the network message size of 32MB.

There is also a bug in OP_CHECKMULTISIG that exists to this day. It’s mentioned in BIP-011:

"(OP_0 is required because of a bug in OP_CHECKMULTISIG; it pops one too many items off the execution stack, so a dummy value must be placed on the stack)."

– Gavin Andresen

And who could forget the value overflow bug that allowed someone to create 184 billion bitcoins!

In my quest to find more early Satoshi bugs that aren't well-known, Greg Maxwell recalled a juicy one:

"In the early versions of bitcoin, any user could hard fork any released versions from any other versions! This design flaw showed he didn't fully understand the required conditions for safe upgrades when it was first released, but his fix showed he did understand them later.

There was an opcode called OP_VER which pushed the verifying node's version number onto the stack. (Satoshi always believed there should only be one piece of bitcoin node software.) The apparent purpose of that opcode was so that you could add features to script and have only the newer supporting versions see those new opcodes (there also was originally 16 bits of opcode space in the codebase.) But someone could have used this maliciously like "OP_VER 1234 IF FALSE RETURN ENDIF TRUE" to make version 1,234 reject a block mined by any other version. So, any user could make the system fork any any time! When he removed OP_VER, he added the OP_NOP, which is what makes modern style script soft forks possible. This change itself was a soft fork because the original versions ignored unknown opcodes.”

Researchers have also discovered some flaws in Satoshi's white paper regarding the description of the system's security.

For example, there are issues of 'miner luck' and 'selfish mining'. There is even a compilation of known problems with the white paper available here.

Bitcoin clearly didn’t follow a 'code is law' view, but rather 'Satoshi’s vision is law' given that he made a number of tweaks in the first few years as it was discovered that the code didn’t fully align with the intent of the code creator.

I think this distinction is particularly relevant given that: a) Satoshi stopped contributing to bitcoin many years ago, and b) bitcoin has no formal specification.

Software is never finished

You can tell how little bitcoin is understood simply by the vast amount of research being done to analyze and improve upon it...

...

Read the rest