search. Moreover, Nakamoto did not
care for academic peer review and did
not fully connect it to its history. As a
result, academics essentially ignored
bitcoin for several years. Many academic communities informally argued that Bitcoin could not work,
based on theoretical models or experiences with past systems, despite the
fact it was working in practice.
We have seen repeatedly that ideas
in the research literature can be gradually forgotten or lie unappreciated,
especially if they are ahead of their
time, even in popular areas of research. Both practitioners and academics would do well to revisit old
ideas to glean insights for present systems. Bitcoin was unusual and successful not because it was on the cutting edge of research on any of its
components, but because it combined
old ideas from many previously unrelated fields. This is not easy to do, as it
requires bridging disparate terminology, assumptions, and so on, but it is a
valuable blueprint for innovation.
Practitioners would benefit from
being able to identify overhyped technology. Some indicators of hype: difficulty identifying the technical innovation; difficulty pinning down the
meaning of supposedly technical
terms, because of companies eager to
attach their own products to the
bandwagon; difficulty identifying the
problem that is being solved; and finally, claims of technology solving social problems or creating economic/
In contrast, academia has difficulty selling its inventions. For example,
it’s unfortunate that the original
proof-of-work researchers get no
credit for bitcoin, possibly because
the work was not well known outside
academic circles. Activities such as
releasing code and working with
practitioners are not adequately rewarded in academia. In fact, the original branch of the academic proof-of-work literature continues today
without acknowledging the existence
of bitcoin! Engaging with the real
world not only helps get credit, but
will also reduce reinvention and is a
source of fresh ideas.
Acknowledgments. Thanks to Adam
Back, Andrew Miller, Edward Felten,
Harry Kalodner, Ian Goldberg, Ian
Grigg, Joseph Bonneau, Malte Möser,
Mike Just, Neha Narula, Steven Gold-feder, and Stuart Haber for their valuable feedback.
1. Aspnes, J., et al. Exposing computationally challenged
Byzantine imposters. Yale University Department
of Computer Science, 2005; http://cs.yale.edu/
2. Back, A. A partial hash collision based postage
scheme, 1997; http://www.hashcash.org/papers/
3. Back, A. Hash cash, 2001; https://web.archive.org/
4. Back, A. Hashcash—a denial of service counter
measure, 2002; http://www.hashcash.org/papers/
5. Bayer, D., Haber, S. and Stornetta, W.S. Improving the
efficiency and reliability of digital time-stamping. In
Proceedings of Sequences (1991); https://link.springer.
6. Benaloh, J., de Mare, M. Efficient broadcast
timestamping, 1991; http://citeseerx.ist.psu.edu/
viewdoc/summary?doi= 10. 1. 1. 38.9199.
7. Boyle, T.F. GLT and GLR: Component architecture for
general ledgers, 1997; https://linas.org/mirrors/www.
8. Castro, M. and Liskov, B. Practical Byzantine fault
tolerance. In Proceedings of the Third Symposium
on Operating Systems Design and Implementation
9. Chaum, D. Untraceable electronic mail, return
addresses, and digital pseudonyms. Commun. ACM
24, 2 (Feb. 1981), 84–90; https://dl.acm.org/citation.
10. Chaum, D. Blind signatures for untraceable payments.
Advances in Cryptology, 1983, 199-203.
11. Chaum, D. Security without identification: transaction
systems to make Big Brother obsolete. Commun ACM
28, 10 (Oct. 1985), 1030–1044; https://dl.acm.org/
12. Chaum, D., et al. Untraceable electronic cash.
Advances in Cryptology, 1988, 319–327; https://
13. Dai, W. 1998; http://www.weidai.com/bmoney.txt.
14. Douceur, J. R. The Sybil attack, 2002; https://dl.acm.
15. Dwork, C. and Naor, M. Pricing via processing or
combatting junk mail, 1992; https://dl.acm.org/
16. Felten, E. Smart contracts: neither smart nor
contracts? Freedom to tinker, 2017; https://freedom-
17. Franklin, M.K. and Malkhi, D. Auditable metering and
lightweight security, 1997; http://www.hashcash.org/
18. Gabber, E., et al. Curbing junk e-mail via secure
classiffication, 1998; http://www.hashcash.org/papers/
19. Garay, J A., et al. The bitcoin backbone protocol:
analysis and applications. Advances in Cryptology,
2015, 281–310; https://eprint.iacr.org/2014/765.pdf.
20. Goldberg, I. A pseudonymous communications
infrastructure for the Internet. Ph.D. dissertation.
University of California Berkeley, 2000; http://moria.
21. Grigg, I. Triple entry accounting, 2005; http://iang.org/
22. Haber, S. and Stornetta, W.S. How to
timestamp a digital document. J. Cryptology
3, 2 (1991), 99–111; https://link.springer.com/
23. Haber, S. and Stornetta, W.S. Secure names for bit-strings. In Proceedings of the 4th ACM Conference on
Computer and Communications Security, 1997, 28–35;
24. Jakobsson, M. and Juels, A. Proofs of work and bread
pudding protocols, 1999; http://www.hashcash.org/
25. Juels, A. and Brainard, J. Client puzzles: a
cryptographic countermeasure against connection
completion attacks. In Proceedings of Networks and
Distributed Security Systems, 1999, 151–165; https://
26. Just, M. Some timestamping protocol failures, 1998;
27. Lamport, L., et al. The Byzantine Generals Problem.
ACM Trans. Programming Languages and Systems
4, 3 (1982), 382–401; https://dl.acm.org/citation.
28. Lamport, L. The part-time parliament. Digital
Equipment Corp., 1989; https://computerarchive.org/
29. Lamport, L. Paxos made simple, 2001; http://lamport.
30. Laurie, B. Certificate transparency. acmqueue 12, 1
31. Levy, K.E.C. Book-smart, not street-smart: blockchain-based smart contracts and the social workings of law.
Engaging Science, Technology, and Society 3 (2017),
32. Melara, M., et al. CONIKS: Bringing key transparency
to end users. In Proceedings of the 24th Usenix
Security Symposium, 2015; https://www.usenix.org/
33. Merkle, R.C. Protocols for public key cryptosystems.
In Proceedings of the IEEE Symposium on Security
and Privacy, 1980; http://www.merkle.com/papers/
34. Nakamoto, S. Bitcoin: A peer-to-peer electronic cash
system, 2008; https://bitcoin.org/bitcoin.pdf.
35. Nakamoto, S. Re: Bitcoin P2P e-cash paper, 2008;
36. Narayanan, A., et al. Bitcoin and Cryptocurrency
Technologies: A Comprehensive Introduction.
Princeton University Press, 2016; http://bitcoinbook.
37. Pass, R., et al. Analysis of the blockchain protocol
in asynchronous networks. In Proceedings
of the 2017 International Conference on the
Theory and Applications of Cryptographic
38. Pinkas, B. and Sander, T. Securing passwords against
dictionary attacks. In Proceedings of the Ninth ACM
Conference on Computer and Communications
Security, 2002, 161–170; https://dl.acm.org/citation.
39. Reuters. Mind your wallet: Why the underworld loves
bitcoin, 2014; http://www.cnbc.com/2014/03/14/mind-
40. Rivest, R.L. and Shamir, A. Pay Word and MicroMint:
Two simple micropayment schemes. In Proceedings
of the 1996 International Workshop on Security
41. Sirer, E.G. Bitcoin guarantees strong, not eventual,
consistency. Hacking, Distributed, 2016; http://
42. Szabo, N. Smart contracts, 1994; http://www.fon.hum.
43. Szabo, N. Bit gold. Unenumerated, 2008; https://
44. Vishnumurthy, S., Chandrakumar, S. and Sirer, E. G.
Karma: A secure economuc framework for P2P
resource sharing. In Proceedings of the Workshop on
the Economics of Peer-to-Peer Systems (Berkeley, CA,
45. Wattenhofer, R. The Science of the Blockchain.
Inverted Forest Publishing, 2016.
Arvind Narayanan is an assistant professor of computer
science at Princeton University. He leads the Princeton
Web Transparency and Accountability Project to uncover
how companies collect and use our personal information.
Jeremy Clark is an assistant professor at the Concordia
Institute for Information Systems Engineering.
He has also worked with several municipalities on voting
technology and testified to the Canadian Senate on bitcoin.
Copyright held by owners/authors.