Bitcointalk 2010: A short story about Improving Bitcoin

There’s a rather popular bitcointalk comment by Satoshi that I’ve seen interpreted in different ways by the people working on some other chains.

Interpretation by Zooko from ZCash https://twitter.com/zooko/status/1499478874375163904
Interpretation by fluffypony from Monero https://twitter.com/fluffypony/status/1534709478368714753

They do have some points. Privacy improvements along with stealth addresses and ring signatures were a part of the discussion. But the main thing they were discussing, and what Satoshi’s comment was referring to, is a hash-based chain construction. A chain where a block is just a bunch of hashes. Since both ZCash and Monero have their own interpretation of what Satoshi found interesting in that comment and called “a much better, easier, more convenient implementation of Bitcoin”, we can have ours as well. Here’s what I believe was really discussed.

mw111920×2776 364 KB

A solution was indeed found, but I don’t think either ZCash or Monero describe what they were discussing. I don’t think either of the two is actually the idea described by Red. Monero is probably closer here than ZCash.

Satoshi commented:

It’s the need to check for the absence of double-spends that requires global knowledge of all transactions. The challenge is, how do you prove that no other spends exist? It seems a node must know about all transactions to be able to verify that. If it only knows the hash of the in/outpoints, it can’t check the signatures to see if an outpoint has been spent before. Do you have any ideas on this?

Unless I understand it wrong, the idea or solution he was looking for seems precisely Mimblewimble. In fact, Mimblewimble does even more than he was looking for.

Satoshi further comments:

The network would track a bunch of independent outpoints. It doesn’t know what transactions or amounts they belong to.

This sounds familiar.

Red comments:

I had hoped the condition to pass all transactions to all validators could be weakened but I can’t see how (yet) without relying on trusted delegation.

Also familiar.

There, now we have our own version. I wonder if Satoshi would call this a HashChain or in our case, a HashTimeChain. :))

Let me know if I’ve missed things or misunderstood them.

I ve seen them. He is talking much more about Grin MW than zcash and Monero. Fluffypony trying to geta monero hint is funny . It is clear that MW

Great post.
When I was on Bitcoin Wednesday, I discussed that to my understanding Mimblewimble was roughly what Satoshi had in mind, but could not realize at the time due to various reasons. I was asked for a source but could not remember where I got that information. Now I have source.

I thought to remember there was a patent on some crypto needed for Mimblewimble, but to my surprise II see the patent for Schnorr signatures was only till 2008, so maybe my memory is wrong there.

Schnorr isn’t required for Mimblewimble. You can do Mimblewimble with just about any signature scheme e.g. it could be done with ECDSA. The reason Satoshi could not realize Mimblewimble is because it’s extremely hard if not near impossible to get to it in the first try. Even in this linked post from 2010, he seems to have known what the problems were, but had no idea how to solve them. The research just wasn’t there. It took many years of very bright researchers coming up with other related ideas until someone deeply familiar with them saw they can be combined to produce a chain format very similar to what they were discussing. It’s in fact even better.

satoshiz1836×364 37.4 KB

Maybe slatepack email attachment?

Not really, the comment is made in a very different context, nothing related to interactive transactions and such. I believe this is about sending a history chain of a transaction between two users in case the history wasn’t on the chain itself. But we know today that we don’t really need the history to keep the ability to verify it.

i dont know any other blockchain using email or signal or telegram or pigeon for tx.

They don’t have to since they’re nitx

Now also on What is Grin Commitment-based blockchain | what-is-grin

Nice choice of fonts. A bit hackernoon like.
It interesting content to share. Maybe something for a newsletter @Cobragrin?

yes, for the second June newsletter added to materials. It will replace a big chunk at 2nd letter. Thanks for this material to phyro, we need to highlight it as long as we can. He expects a little more technical discussion about the subject atm. I am collecting the comments