Another key component of Bitcoin is the blockchain: a ledger in which all Bitcoin transactions are securely recorded. The ideas behind the blockchain are again quite old and traced back to a series of papers by Haber and Stornetta starting in 1991. Their proposal was a method for secure timestamping of digital documents rather than a digital money scheme. The goal of timestamping is to give an approximate idea of when a document came into existence.
In Haber and Stornetta’s scheme, there’s a timestamping service to which clients send documents to timestamp. When the server receives a document, it signs the document together with the current time and a link or a pointer to the previous document and issues a “certificate” with this information.
What this protocol achieves is that each document’s certificate ensures the integrity of the contents of the previous document. In fact, you can apply this argument recursively: each certificate essentially fixes the entire history of documents and certificates up until that point. If we assume that each client in the system keeps track of at least a few certificates—their own documents’ certificates, and those of the previous and following documents —then collectively the participants can ensure that the history cannot be changed after the fact. In particular, the relative ordering of documents is preserved.
Bitcoin refines it in a subtle but important way: a Hashcash-Esque protocol is used to delay how fast new blocks are added to the chain. This modification has profound and favorable consequences for Bitcoin’s security model. There is no longer the need for trusted servers; instead, events are recorded by a collection of untrusted nodes called “miners.” Every miner keeps track of blocks, rather than having to rely on regular users to do it. Anyone can become a miner by solving computational puzzles to create blocks. Bitcoin also eliminates the need for signatures, relying only on hash pointers to ensure the integrity of the data structure. Finally, the actual timestamps aren’t of much importance in Bitcoin, and the point of the system is to record the relative ordering of transactions in a tamper-resistant way. In fact, Bitcoin blocks aren’t created in a fixed schedule. The system ensures that a new one is created every 10 minutes on average, but there’s considerable variation in the time between successive blocks.
In essence, Bitcoin combines the idea of using computational puzzles to regulate the creation of new currency units with the idea of secure timestamping to record a ledger of transactions and prevent double-spending. There were earlier, less sophisticated, proposals that combined these two ideas. The first is called b-money, proposed by Wei Dai in 1998. In b-money, anyone can create money using a Hashcash-like system. It has a peer-to-peer network, sort of like the one in Bitcoin. Each node maintains a ledger, but it’s not a global ledger as in the Bitcoin blockchain. Each node has its own ledger of what it thinks everyone’s balance is.
Popper notes that the blog post’s timestamps were changed after Satoshi posted the Bitcoin white paper so that the Bitgold proposal looks like it was written up about two months after Bitcoin was released. Popper believes, like many other observers, that Szabo could be Satoshi, even though Szabo denies it. Popper cites the timestamp change as evidence of Szabo/Satoshi trying to obscure the link by covering up the fact that he invented a predecessor of Bitcoin (i.e., by making it look like Bitgold didn’t precede Bitcoin). The problem with this explanation is that if you actually read the contents of the blog posts, Szabo is clear about having had this idea in 1998, and he doesn’t try to change those dates. So a more reasonable explanation is that he just bumped the post to the top of his blog after Bitcoin popularized similar ideas, to make sure that people were aware of his prior proposal.
Bitcoin has several important differences from b-money and Bitgold. First, in the latter two proposals, computational puzzles are used directly to mint currency. Anyone can solve a puzzle, and a solution is a unit of money itself. In Bitcoin, puzzle solutions themselves don’t constitute money. They are used to secure the blockchain and only indirectly lead to minting money. Second, b-money and Bitgold rely on timestamping services that sign off on the creation or transfer of money. Bitcoin, as we’ve seen, doesn’t require trusted timestamping and merely tries to preserve the relative order of blocks and transactions.