What the H#ll is Bitcoin? Fool's Gold or the Real Thing?
Every gold rush starts the same way. A cry of delight upon discovering precious metal—unbounded riches for the taking. Then the rush—a vanguard grabs what it can, word spreads, and soon a multitude joins the fray. Some miners are well equipped, some less so, and all toil mightily.
Gold rushes also end the same way. The euphoria dissipates as everyone realizes the opportunity may not be as grand as all had hoped, is considerably harder to exploit than promoters’ handbills let on—and is certainly not unbounded. Disruption ensues. Prices go haywire, companies go bust, fortunes are made, fortunes are unmade. As tempers fray, disputes erupt, and the vanguard arrays into victims and perpetrators according to the gains or losses they face.
Winners emerge—outfitters who equipped the miners, entrepreneurs with the financial resources to adopt promising ideas and technologies the miners may have hit upon, even some miners who beat the odds. About this time, The Law arrives to restore order. Some of those who arrived on the scene early act as guides to the wild, helping the established players sluice ounces of ore from tons of dirt, or revealing the customs, code words and lore of the dodgy element that arises in the wake of every boom, to help The Law pursue buccaneers skimming easy money from those who don’t understand the dangers of the frontier.
So it is with Bitcoin, the best known of several active digital currencies based on cryptographic formulas. Bitcoin’s rise and fall is Silicon Valley’s remake of the 1849 Gold Rush, complete with its own Genesis story, miners craving riches, a frothy ecosystem supplying the miners’ needs and a flourishing popular lore with a rogues’ gallery of digital bandits. Gold Rush 2.0 also brought that most essential feature of every boom—a stunning crash that exposed the difficulties of Bit-mining, and some weak—or missing—links in the miners’ plans.
But the Bitcoin Rush brought another agenda—to replace the existing financial order with a global online network that does away with centralized monetary authorities and financial regulators. It’s unlikely Bitcoin or any cryptocurrency will ever replace government-issued fiat currencies. But Bitcoin is a financial technologywith a bold value proposition—computing power begets money supply. Bitcoin is staking its claim by leveraging and helping to accelerate a revolution in software and hardware design that optimizes computing power and energy use, while offering a new, albeit bumpy, path to move money online in a world full of digital security threats.
Just five years after Satoshi Nakamoto, a named but unknown founder, posted source code on the Internet, Bitcoin has become the first crossover hit from the cryptocurrency realm. It has garnered the attention of major business media; financial regulators in the United States, Canada and Japan; and the CEOs of global credit card companies. Silicon Valley’s top venture capital firms have staked claims in digital wallet companies and specialized semiconductor companies that supply Bitcoin miners. Numerous exchanges, all unregulated, offer consumers the ability to buy and sell Bitcoins with dollars, yen and other real-world currencies. New data services calculate indexes of Bitcoin prices from different exchanges, which reflect the Bitcoin community’s views about the safety or reputation of the exchanges. The Winklevoss twins even got in on the action, proposing a public fund that would invest in Bitcoin. As cybercriminals attacked exchanges and hijacked the system for illicit activity, financial cryptographers developed countermeasures, including a digital forensic toolkit to track down Bitcoin abusers.
The value of Bitcoin soared from $13 at the start of 2013 to peak at more than $1,100 in November. The stunning move resulted from Bitcoin’s direct linkage of computing power and the supply of Bitcoin, known as BTC. But by early 2014, the bankruptcy of the biggest Bitcoin exchanges highlighted vulnerabilities in the Bitcoin code that threaten the viability of the system. With all that going on, the world’s top payments chieftain, Visa CEO Charlie Scharf, told analysts in a January conference call that while it is too early to understand all the implications of Bitcoin, the phenomenon is “far more complex” than it’s often portrayed.
Make a Hash of It
Cryptocurrency and digital money were first proposed in a 1984 research paper. In general, cryptocurrencies use mathematical formulas to create money. Cryptographers write functions that scramble an input message, like the account password you type on your keyboard, into a random-looking string of numbers and letters called a hash. But it’s not a random string; the scrambling takes place according to a set of rules—an algorithm—and hackers work hard to figure out those rules or ways around them so they can get into bank accounts, steal credit card numbers and generally wreak havoc in the digital economy.
A Bitcoin account consists of a public name that allows a user to send funds to another user or a merchant, and a private name that allows the user to move the funds from the public name into a personal account. Both are identified by unique strings of letters and numbers; the public string is your Bitcoin identity that others interact with; the private string is your personal identity, and listen up—there is no record of it in the Bitcoin system, and therefore no way to “reset” your private string and recover your Bitcoins if you lose it.
Bitcoin’s code is based on one of the most widely used and strongest cryptographic functions, a “secure hash algorithm,” SHA-256. Secure hash algorithms are one family of computer security standards published by the National Institute of Standards and Technology, or NIST, a division of the Department of Commerce based in Gaithersburg, Md. The code for the SHA-2 series was originally written by the National Security Agency. The SHA-2 series became the standard in 2005, after researchers who had figured out how to break the previous SHA-1 code revealed the exposure at a major security conference.
In simplified terms, SHA-256 takes an input of random length, like passwords, and generates a corresponding string of letters and numbers. Several Web sites have SHA-256 processors online for those who want to see how it works, such as www.xorbin.com/tools/sha256-hash-calculator. If one character in the input is altered, the algorithm generates a different string of numbers and letters that doesn’t match the string that corresponds to your password—that’s the basic security wall that keeps thieves out of your bank account.
“Bitcoin’s source code is surprisingly simple,” says Michael Taylor, professor of computer science and engineering at the University of California at San Diego and director of the UCSD Center for Dark Silicon. Each Bitcoin transaction is grouped into a block that is posted to a “blockchain,” a digital public ledger that records every Bitcoin transaction as it moves between parties. Each block is identified by a specific name, a hash. Bitcoin miners compete to figure out that name and then win the fixed number of Bitcoins awarded to transaction verifiers. Cryptographers call that unknown name the “nonce,” a word taken from the Middle English of Chaucer’s “Canterbury Tales” that means “for a unique purpose.” To figure out the name, the miners must guess the value that will make the algorithm produce the hash string that is the block’s name. In essence, the miners are solving an equation, such as 6x = 12. In that case, “x” is obviously 2. But security hash functions are much more complicated, involving dozens of numbers and letters generated by functions contained in the algorithm. Taylor says Bitcoin mining uses “Eureka style computation,” which stops the function when the answer is found.
There’s a catch. Bitcoin’s code varies the difficulty of solving the algorithm, which increases the number of guesses required to find the answer. The number of guesses needed to find the answer is called the hash rate—it’s the key measure of the computing power of the Bitcoin network, measured continuously on the “genesis block” dashboard. When a lot of miners are active, it’s more difficult to find the answer and the hash rate rises. The goal is to have miners figure out the name of a block and post it to the chain about every 10 minutes, a time boundary that controls the number of Bitcoins created. Only 21 million Bitcoin will be created, about 3,600 per day. Because the SHA-256 algorithm is a one-way function, miners can’t just run it in reverse to arrive at the answer. So what to do? “The primary approach is to use brute force,” says Taylor, referring to the cryptographer’s inelegant term for guessing a lot, and guessing fast. “If the difficulty value is twice as large, then it takes twice as many brute-force tries to find the corresponding nonce.”
The fundamental tension of Bitcoin, then, is the interplay of how many tries miners can make, how fast they can make those tries and the level of difficulty that the Bitcoin code creates depending on how many miners are digitally digging. It’s like your algebra teacher changing the problem in the middle of a pop quiz when the class math whiz shows up—the quiz is harder for everyone, and the whiz is likely to have an edge. To harness the power to put their brute-force approach into action, bit-miners brought on a new era of semiconductor engineering, says Taylor. In a recent paper, “Bitcoin and the Age of Bespoke Silicon,” Taylor contends that Bitcoin’s development shows how to make small batches of chips that are superefficient at one task—a new era of hardware innovation.
Successful Bitcoin mining requires a computer that performs one type of calculation at the highest possible speed. General-purpose central processing units (CPUs) and graphics processing units (GPUs) are designed to perform a range of computations, which wastes performance and energy when running a single computation. Between 2009 and 2011, Bitcoin miners used basic rigs with widely available CPUs and GPUs, in effect panning for gold in open streams. Some realized there was power in collaboration, and formed mining pools that share rewards in proportion to the processing power that each member contributes. The influx of miners started to raise the difficulty rating, but the price of Bitcoin kept pace, so early miners were still rewarded for their efforts.
Since Bitcoin-mining calculations don’t utilize some parts of a generic microprocessor, it made no sense to continue using general-purpose chips that left computation capacity unused. The third generation of bitcoin mining, Taylor says, began in June 2011, when miners began using field-programmable gate array chips (FPGAs), which could be configured for a specific purpose by a customer or a designer after being manufactured—hence the name “field-programmable.” That flexibility made FPGAs well-suited to Bitcoin mining, but the chips used more power than GPUs.
A better solution would be chips manufactured to run nothing but mining code. The answer was application-specific integrated circuits, or ASICs, which concentrate chip resources on performing one function at low power. ASICs are typically used in consumer devices, which spread hefty development costs over millions of chips, says John Blyler, chief content officer at Extension Media and editor-in-chief of Chip Design magazine. ASICs are fabricated at high-end plants, including Taiwan Semiconductor Manufacturing Company, in Taiwan, and GlobalFoundries in New York. Using FPGAs as a bridge to ASICs was an innovative step by the Bitcoin community, which was funding development with pre-orders, since FPGAs use specification language similar to what’s used to design ASICs. Ultimately, an ASIC is the right tool for Bitcoin mining, Blyler says. “It’s small, and it’s fast.”
Taylor notes that the difficulty level when Bitcoin was introduced meant that a miner would have to try about 7 million hashes per second to find the name of a block. By September 2013, as early Bitcoin-dedicated ASICs came into use, the difficulty of finding the right value was about 50 million times greater, requiring about 350 “terahash” tries per second. By winter, the total number of guesses active mining computers could make each second had mushroomed to a nearly inconceivable 30 petahashes. (The prefix “tera-“ signifies “trillion.” “Peta-“ stands for “quadrillion.”)
The system “provides strong incentives for early adopters—the earlier in the game, the cheaper the coins minted,” according to Simon Barber, cofounder and chief technology officer at San Francisco-based HashFast Technologies, which produces one of the top ASIC chips for Bitcoin mining, aptly named the Golden Nonce. Barber studied Bitcoin as a lead researcher at Xerox’s Palo Alto Research Center before cofounding HashFast. The Golden Nonce was one of the first mining chips to use 28-nanometer circuits, the smallest then in production. Austin, Tex.-based CoinTerra, which claims its 28-nanometer chips account for more than 6 percent of the Bitcoin network’s computation capacity, is readying the next big thing in Bitcoin mining—a water-cooled chip that uses a radiator to circulate coolant over the microprocessors. Initial delivery is scheduled for June.
Gold Gone Missing
The discovery of gold coins from the California Gold Rush buried on a property in what was once California gold country was a reminder that physical coins can go missing. The travails of what was once the largest-volume Bitcoin exchange, Tokyo-based Mt. Gox, showed that digital coins may not be any more secure. As of this writing, Mt. Gox had filed for bankruptcy in Japan, saying it appeared that 740,000 coins owned by customers had been stolen, about 6 percent of outstanding Bitcoin at the time. Mt. Gox said the problem stemmed from a software glitch called “transaction malleability” that allowed hackers to alter the code on Bitcoin transactions to make it appear that transactions were not processed. When the unpaid recipient requested payment a second time, Mt. Gox paid, eventually running out of coins. The Bitcoin Foundation, a trade group that supports the use of Bitcoin, blamed Mt. Gox for failing to protect against an exposure in the code that developers had been aware of since 2011.
It wouldn’t have been the first time Bitcoins had been stolen. Last August, cybercriminals stole Bitcoins from digital wallets on Google Android devices. The thieves exploited a weakness in the Android random-number generator that resulted in some wallets not having “cryptographically strong” protection. Google confirmed the flaw and quickly posted a fix on the Android developer site. A virus designed to steal cryptocurrency has also grown in step with Bitcoin’s increasing value. One security firm says there are 146 types of Bitcoin malware, up from 45 a year ago and 13 two years ago.
But hacking leaves a trail. Despite conventional wisdom that Bitcoin provides a surefire way for criminals to hide their tracks, Bitcoin transactions are not anonymous. The blockchain records the digital history of every Bitcoin’s journey through cyberspace. A team of Italian cryptographers has developed tools to enable law enforcement agencies to use the blockchain to identify likely owners of Bitcoin account numbers.
Aptly named BitIodine, the toolkit analyzes online behavior—and it turns out that Bitcoin bandits display a “digital M.O.” every bit as illuminating as the habits of convenience-store robbers. BitIodine’s creator, Michele Spagnuolo, is a young Italian computer scientist who has won four Google Application Security awards for identifying critical vulnerabilities in Google sites. He devised BitIodine as his master’s thesis in information engineering at the Politecnico di Milano, Italy. A generalized paper, “BitIodine: Extracting Intelligence from the Bitcoin Network,” was presented at the International Financial Cryptography Association annual conference in February by Spagnuolo, Federico Maggi and thesis advisor Stefano Zanero. Spagnuolo graduated in December and now works as an information security engineer in Zurich—at Google.
“A lot of potentially interesting information can be mined from the blockchain,” says Spagnuolo. “It is possible to automatically find out how much an address is used for gambling activities or mining, if it was used for scamming users in the past, if and how it is related to other addresses and entities.” The team grouped more than 18 million blockchain addresses into about 4 million groups for linkage analysis. Spagnuolo tested his tools by trying to identify malefactors who had already been unveiled by law enforcement. In the most striking example, BitIodine identified the notorious Dread Pirate Roberts, or DPR. The FBI identified DPR as 29-year-old Ross William Ulbricht when it arrested him last October on suspicion of being the creator and operator of the infamous Silk Road black market.
The FBI seized some Silk Road funds from a Bitcoin operating capital pool that sent funds to addresses controlled by the FBI, which are publicly known. “But Ulbricht held the majority of his funds separately in an encrypted ‘cold wallet,’ ” according to Spagnuolo, and that address had not been made known at the time the research was published. “Using BitIodine alone, we are able to find an interesting connection between an address known to belong to DPR and 1933phfhK3ZgFQNLGSDXvqCn32k2b-uXY8a, an address with a balance exceeding 111,114 BTC (more than USD 22,000,000), likely belonging to the cold wallet.” The paper details the digital chase to the dread pirate’s cabin door. “BitIodine found a meaningful connection between the addresses, leading us to argue—with some grounding—that 1933 was part of the cold wallet of the Silk Road.”
Winner Take All
It may be some time before the FBI releases DPR’s account number. But Wall Street is already looking for opportunities after the gold rush. At Bank of America Merrill Lynch, foreign exchange strategists developed a valuation model of Bitcoin as three segments. “As a medium of exchange, Bitcoin has clear potential for growth,” according to BAML. “Bitcoin could become a major means of payment for e-commerce, and may emerge as a serious competitor to traditional money-transfer providers.” The bank assigns a maximum market capitalization of nearly $15 billion: $5 billion as a medium of exchange for business-to-consumer e-commerce, $4.5 billion as a means for payments such as those handled by Western Union and $5 billion as a store of value.
While the increasing acceptance and popularity of Bitcoin raises its likelihood of success, Mt. Gox’s failure highlighted the weakness of Bitcoin exchange security. The episode may help Bitcoin, says New York State’s chief financial regulator, Benjamin M. Lawsky, who plans to issue “BitLicenses” to establish solid oversight. The Bitcoin community needs to address security before a competing digital currency can gain traction, says BAML. Like any gold rush, the stakes are high: “We believe the structure of the digital currency market is one of ‘winner takes all,’ ” the bank analysts concluded.
SIDEBAR / Who is Satoshi Nakamoto?
“I am not Dorian Nakamoto.” With that sentence, the mystery surrounding the identity of Bitcoin founder Satoshi Nakamoto deepened. Coming a day after a Newsweek article claimed to have found the man who wrote the computer code that runs Bitcoin, the denial alone would have fueled the long-running speculation about the originator of the first successful cybercurrency.
What made the denial more powerful was that it was posted on a network that promotes peer-to-peer technology by the same e-mail address that had posted one of the first papers to describe Bitcoin in 2009, according to Bitcoin bloggers. That e-mail address hadn’t been heard from since, they say.
Whoever created Bitcoin is a modern Prometheus. Money fuels global commerce and finance, and Bitcoin is the digital equivalent of fire, a fundamentally new tool for human activity in the Internet age. Like fire, Bitcoin has had unintended consequences, which are only starting to unfold as central bankers and financial regulators ponder the impact of the new technology and how to control it.
Despite yeoman efforts, Nakamoto’s true identity may never be discovered. In that case, Bitcoin’s founder will become Prometheus
Encoded, the first mythological icon of the digital age.