The cryptocurrency survived and thrived thanks to a small group of pioneers who chose not to attack the network when they easily could have, says the study, which was co-authored by nine researchers from six universities around the globe. (The academics’ names and affiliations are listed at the bottom of this article; one of them, Alyssa Blackburn, will speak at Consensus 2022 in Austin, Texas, this week.)
Bitcoin’s formative years thus offer an interesting window into cooperation between anonymous parties. “Anonymity can interfere with the cooperative mechanisms of reciprocity, relatedness and reputation and is thus believed to reduce cooperation in general,” the paper notes. Yet counterintuitively, the data shows that even though 64 parties controlled most of the computing power during this era, they all acted in the best interest of the network. Even when they didn’t know each other.
To be clear: The study makes no concrete claims about the security of the Bitcoin network today, more than a decade after the end of the period analyzed.
“We sought to understand the socioeconomic process by which bitcoin transitioned from a digital object with no market, to a functional medium of exchange,” researcher Erez Lieberman Aiden told CoinDesk. “We therefore chose to study the period between launch and price parity with the U.S. dollar: the 25 months after Bitcoin's launch.”
Aiden noted that the forms of data leakage that the research is focused on were selected because of their usefulness in studying that defined 25-month time frame.
“In the end, we found that there was a lot of data leakage that we could exploit, which made our study possible,” he said. “Now, obviously Bitcoin has been through extensive changes since 2011! So some forms of data leakage may work less well now, and some may work better.”
On the other hand, he also noted that the project “was able to succeed because of a high degree of metadata leakage from the blockchain during the period we studied. There's no particular reason to believe that the data leakage is limited to the period of time we studied.”
Nevertheless, the paper, which the New York Times has covered, is likely to provoke heated discussions about longstanding challenges to Bitcoin network users’ privacy, given the novel combination of address-linking techniques the researchers employed – and, more broadly, about the motivations that enable decentralized networks to function.
Group of 64 bitcoin miners
According to the study, 64 separate actors mined a significant proportion of the BTC created from Jan. 3, 2009, the day the currency launched, to Feb. 9, 2011, the day its price climbed to $1.
This era long predated the advent of specialized mining machines, known as ASICs (application-specific integrated circuits). Early adopters mined BTC with the central processing units found in standard home computers, and later on with the more powerful graphics processing units favored by gamers.
The idiosyncrasies of these early mining computers helped the researchers identify pseudonymous Bitcoin addresses that were all controlled by the same actors, the paper says.
To successfully mine BTC, a computer must randomly generate a string of numbers called a nonce that, when fed into a mathematical formula along with a few other inputs, produces an output below a certain target. Just as individual humans have distinctive handwriting patterns (even if they write gibberish), early miners’ computers left “fingerprints” on the nonces they generated, according to the paper.
“There are extensive correlations between all of the apparently meaningless strings associated with a single user,” it says. These “extranonces” combined with other established blockchain forensic techniques allowed the researchers to zero in on the miners that mined many of the first 25 months’ worth of BTC and generated those early transaction addresses. This method was first described by Sergio Demian Lerner in 2013.
The team combined those correlations with a couple established address-linking techniques to arrive at the group of 64.
The fewer miners there are, the greater the chances for one to dominate the network or for more than one to collude to do so. The small number of miners during Bitcoin’s formative years means the network was “routinely” vulnerable to so-called 51% attacks, where someone controlling a simple majority of computing power can spend the same BTC twice, the study says.
For example, three of the 64 “top agents” each mined six or more blocks in a row. In the most extreme example, in October 2010, there were five six-hour periods during which one miner, among the first to use a GPU, could have carried out a 51% attack, the study says.
Emphasis: Could have.
“Strikingly, we find that potential attackers always chose to cooperate instead,” the researchers wrote.
On one hand, their takeaway clashes with the stereotype (and perhaps, in some cases, self-image) of Bitcoin users, particularly early adopters, as cold-blooded individualists: “Rather than relying exclusively on a decentralized, trustless network of anonymous actors, Bitcoin depended on altruistic behavior by a group of anonymous agents,” the paper states.
On the other hand, that observation builds on previous research by Sergio Demian Lerner, head of innovation at IOVLabs, a blockchain technology company, and a designer at RSK Labs, a smart-contract development firm. Lerner has studied the so-called “Patoshi stash” of 1.1 million BTC believed to have been mined by Satoshi Nakamoto. Lerner suggested in a study released in 2020 that early miners (specifically, “Patoshi”) took measures to foster healthy mining competition while also ensuring that there were enough miners online to secure the network and produce blocks in a timely fashion.
This most recent study also describes game-theory experiments whose results support the notion that anonymous actors will cooperate for the good of the group rather than betray each other for a fast buck. Of course, in the context of a cryptocurrency, “the good of the group” can be defined as continued price gains, and the paper poses an unsettling question in what appears to now be a bear market: “Can participants be relied upon to cooperate if a cryptocurrency stops appreciating?”
Bitcoin privacy implications
The paper also claims that as of December 2017, 99% of Bitcoin network addresses were at most six transaction hops away from one of those 64 early miners. (If Bob sends 1 BTC to Alice, that’s one hop; if Alice sends the coin to Ted, that’s two hops between him and Bob, and so on.)
Although the researchers don’t claim to have identified the real names behind any of the 64 miners (except two who were already known), they warn that if someone did, many other users’ privacy might be compromised.
“Our results imply that, were the identities of the 64 top agents to become known, it would become easy to identify short transaction paths linking any target address to an already de-identified top agent address,” the study says.
The shorter the path between two addresses, the easier it is for someone who knows one user’s identity to figure out the other’s, the authors note. In the example above, if the FBI knows Ted is a drug lord, it can subpoena Alice’s transaction history from the crypto exchange she used to send him the BTC. From there, the feds might just have to google the address that sent her the coins to find it prominently displayed in the tip jar on Bob’s blog.
If nothing else, the researchers’ address-linking exercise underscores a well-known risk of using public, immutable ledgers like the Bitcoin blockchain. “The sources of information leakage, even once discovered, cannot be retroactively patched,” the paper says.
“The fact that we could find leaks in the period we studied suggests that there might be leaks elsewhere, too,” Aiden added.
The researchers avoid wading into the minefield of trying to unmask Satoshi Nakamoto, Bitcoin’s creator, whose identity has been a hotly debated mystery since he (or she or they) published the original white paper in 2008.
However, they reiterate a previously examined data point that may offer a clue. Or not.
Satoshi’s emails, forum posts and code updates were usually sent during Western hemisphere daytime hours, and his (or her or their) mining computer was generally inactive at nighttime in that part of the world.
“These data are in line with the possibility that Satoshi Nakamoto was living in either North or South America,” the academics write.
They don’t rule out another possibility: that like many coders, Satoshi was a night owl.
The paper, entitled ‘Cooperation among an anonymous group protected Bitcoin during failures of decentralization,’ was written by the following:
- Alyssa Blackburn (Baylor College of Medicine, Rice University)
- Christoph Huber (WU Vienna University of Economics and Business)
- Yossi Eliaz (Rice, University of Houston)
- Muhammad S. Shamim (Baylor, Rice)
- David Weisz (Baylor, Rice)
- Goutham Seshardri (Baylor)
- Kevin Kim (Baylor)
- Shengqi Hang (Baylor)
- Erez Lieberman Aiden (Baylor, Rice, Shanghai Tech University, University of Western Australia)
What the new Bitcoin study really says (and what it doesn’t) about Satoshi & Co.
New research on Bitcoin’s early years undermines its foundational myths of privacy through pseudonymity and decentralization, Jaron Lanier and Glen Weyl write.
UPDATE (June 7, 13:35 UTC): Clarifies passages about address-linking techniques. Sergio Demian Lerner discovered the "extranonce" method; what is novel about the new study is the way it combines this with other methods.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.