[Banana699]

Modulo summation is a good hash function to teach non-CS people what hash functions are in principle. But, judging by my experience in learning about how Bitcoin works, is not sufficient to see why it's a secure currency (and PoW explanations are only invoked in that context). I knew about hash functions long before I knew why bitcoin works.

I think the first thing people need to get over to understand de-centralized currencies like bitcoin is that money is just an illusion, a big fat shared delusion, or more accurately an inter-subjective fantasy, a way of keeping track of labor\value by agreeing on some scarce valuable thing and declaring that it represents every other scarce valuable thing if everybody agrees to trade any scarce valuable thing they have against it. I don't think most people truly relize this at the gut level (and this is not an insult to the intelligence of people, it was mind blowing and deeply enraging\upsetting to me when I worked through it to the end as well). Concept #1 : Money is any (possibly artificially) scarce thing that people with things you care about want to trade against.

Next, you observe that a currency doesn't actually has to be an actual thing you own, it just has to be an entry in a trusty and available record of all the favors you did\was done to you. Physical things are merely a convenient way to maintain a distributed record of favors in real life, but in principle all of our paper money could be replaced by a huge paper spreadsheet recorded by an infalliable angel who never lies or cheats, recording in each entry who did what favor to whom, and the amount of "favorism" that was done (so that it can be traded against other favors in the future). If everyone had an always-updated read-only access to that spreadsheet somehow, then this is a perfectly good and perfectly secure money system. You "pay" by invoking the earlier favors owed to you, "paid" to you by others, invoking favors "spends" them : turns them into the ownership of the entity you are paying. New favors are created by the infalliable angel whenever they deem necessary, they simply write in the spreadsheet "I now own 20 more favors than before, by the sheer force of my will". Concept #2 : Money doesn't actually have to be a scarce thing, it just needs to be a trusty record of transactions, scarce things approximate that fairly well in real life but are not the only way. Money is simply any promise backed by trust, scarce things are just one way of implementing that.

The final push is actually the hardest. You can't understand bitcoin without understanding even the tiniest bit of distributed systems. The fundamental difficulty of distributing a soft record and yet still preserving it's append-only nature while the machines the record is stored on can tick at 4 billion times a second must be appreciated and truly understood in all its impossiblity. Distributed blockchains' delightfully bizarre solution must be appreciated in all its counter-intuitevity. I was stuck at this stage for a long long time, knowing hashing and crypto (public API wise) but finding it difficult to understand why can't I just make-up money as I please, who's going to stop me ? who's going to know ? How can bitcoin stop me or even detect me without a central authority ? Distributed Systems are simply magic, and crypto-currencies get most of their magic and brilliance from that component. But eventually you get there if you're motivated enough and manage to dodge\discard all the trash pop-sci false explanations. Concept #3 : Bitcoin utilized super-smart magic from several apparently-unrelated fields of CS to make the fantastical spreadsheet from concept #2 come to reality.

Anyway, all of that long rant was just to say I don't think hyper-focusing on the intricacies of hashing and public-private cryptography is actually helpful for people to understand the 'why' of decentralized currencies. I don't mean they're not important building blocks, they are invaluable of course, I just mean the vast majority of work in decntralized currencies is done by the decentralized blockchain they are running on, and those work because PoW is a piece of magic and also distributed systems and also NP-hardness.

>The suggestion that a mathematical problem is being solved (while not completely inaccurate) sounds a bit more elegant in my opinion than what is really going on.

That's a very human centric way of putting it, but I agree. If a computer is searching through the library of babel to find a treatment for cancer, the computer is still 'solving' cancer, it just doesn't do it by studying medicine. "Elegance" is a human value, and my personal philsophical belief about intelligence is that its all really Search, Neural Networks and Reinforcement Learning Agents and Evolutionary Computing and Human Brain Heuristics and Knowledge are all really more efficient way of searching spaces and trees. Medicine is just there to tell what branches not to search. So the library of babel computer is just doing intelligence a bit more naively and expensively than its more efficient artifical or natural cousins, but its still "solving" a problem, like all intelligences do.

[bawolff]

> Concept #3 : Bitcoin utilized super-smart magic from several apparently-unrelated fields of CS to make the fantastical spreadsheet from concept

Not really. Bitcoin (i.e. the original satoshi version) is hashcash, data structure merging and some game theory. Its an ingenious system, no doubt, but its ingenious because it put together some really well known building blocks in a smart way. It definitely did not use super advanced stuff from any field of CS, let alone multiple.

And that's not a dig at it either. In many ways that makes it more impressive.

[Banana699]

Bitcoin effectively invented, completely from scratch with no precedents I'm aware of, a probabilistic Atomic Total-Order Broadcast algorithm, that's a pretty damn advanced Distributed Systems problem to me, and a solution that was never investigated in Distributed Systems orthodox literature before it as far as I know. So, in no way "really well known".

And public-private crypto & hash pointer data structures are both fairly advanced CS from multiple fields. Public Key Crypto was discovered in the late 1970s and only further explored in the 1980s, hash data structures only in the 1980s and 1990s. That's fairly young, most vanilla CS ideas date from the 1960s or before. Just because the public APIs of those things can be explained in an afternoon doesn't mean at all that they aren't advanced concepts: I can explain what a hydrogen bomb does to a 10 year old, but that wouldn't imply the Hbomb isn't advanced nuclear physics.

[bawolff]

> Bitcoin effectively invented, completely from scratch with no precedents I'm aware of, a probabilistic Atomic Total-Order Broadcast algorithm,

Yes, the new thing bitcoin invented was novel and quite interesting. I'm not sure that is the words i would use to name it, but the result still stands.

> Just because the public APIs of those things can be explained in an afternoon doesn't mean at all that they aren't advanced concepts

Of course not. They are advanced concepts because they are some of the most basic concepts in the field and used throughout the industry. Hash functions are so prevalent that we literally have special x86 instructions just to speed up calculating sha256.

Compare for example to things like ZK-SNARKs, or homomorphic encryption which are actually cutting edge cryptography.

[osigurdson]

I think many people already know that fiat currencies depreciate and something like gold without the digging might be useful. I find people want to know more about the how than the why. If they understand a little more about how it works, they can build a bit of an intuition and can formulate their own opinions regarding whether they trust it or not (vs simply trusting another person that has an opinion on the topic one way or the other).

Of course, the hashing/nonce part is only one part of the mechanism and probably not even the most important part. However, it is where the bulk of the energy is used - most people have heard that Bitcoin uses a lot of energy and would like to understand that a bit better. I have other "parables" for explaining public/private key encryption, etc., but I was primarily responding to the parent comment.

>> That's a very human centric way of putting it

Humans are the ones assigning the value to this and they may be more likely to assign a higher value if it appeals to their sense of aesthetic. Solving beautiful equations sounds better than trial and error to many. That being said, I do think there is beauty in crypto - just maybe not in the nonce guessing bit.

[landemva]

Nice write up. I noticed a couple things you may want to consider.

>>> Money doesn't actually have to be a scarce thing, it just needs to be a trusty record of transactions

Physical cash or coin, exchanged between parties, is trusted by both parties yet leaves no transaction record.

>>> Money is simply any promise backed by trust

Credit is backed by trust.

A finalized and appended bitcoin block needs no further trust. It is settled.

[tsimionescu]

> Physical cash or coin, exchanged between parties, is trusted by both parties yet leaves no transaction record.

The cash/coins are the record in this case: that was the point the GP was trying to make. But, they are not required for the transaction to take place: a trusted ledger also works.

> A finalized and appended bitcoin block needs no further trust. It is settled.

Of course it needs trust: you have to trust that Bitcoin is doing what it promises. Every time you sell something in exchange for bitcoin, you have to trust that:

- the network is working as advertised

- your client is working as advertised, it's not infected with some Malware to report the wrong info to you

- there is possibility of a 51% attack

Also, the latest finalized and appended block often changes. You actually have to wait until there are several other blocks appended after the one that contains your transaction until you can be sure the transaction won't be reverted.