[gwern]

More importantly: if Bitcoin was invented and released for that reason, then it will turn out to be one of the more epic backfires in security agency history, for the simple reason that everyone involved knows that inventing the first successful distributed pseudonymous e-cash is much, much harder than inventing the first successful distributed anonymous e-cash.

As soon as Bitcoin became clearly successful, it also became inevitable that things like Monero or Zerocoin or Coinjoin would be invented. Once the genie of distributed e-cash has been let out of the bottle, it not merely can evolve but will evolve.

So in exchange for a brief period of visibility through Bitcoin, they would have permanently and irrevocably damaged their ability to spy via banks, Western Union, PayPal etc (entities which they pwn lock stock and barrel) as usage diverts to anonymous currencies (Bitcoin with extensions or mixes, or anonymous coins).

[johnsoft]

>everyone involved knows that inventing the first successful distributed pseudonymous e-cash is much, much harder than inventing the first successful distributed anonymous e-cash

Assuming "much, much harder" isn't hyperbole, could you elaborate on this please? I'm interested in the tech aspect. The existing anonymous solutions I've looked at are all more complex and difficult to grasp than the simplicity of bitcoin's global ledger.

[gwern]

What I'm saying is that before Bitcoin no one had a good idea for a distributed e-cash which met the basic criteria of no trusted third parties. Given such a system, then you can fairly easily imagine building an anonymity layer on top of it: if nothing else, to name only the very most obvious solution, people can use a mixer service hosted on a Tor hidden service. The jump from ???->Bitcoin is much bigger than Bitcoin->Bitcoin+Tor, and with a working system, one can go back and look at all the fancy anonymity-related math and ideas which had been published or speculated about in the past and see which can be added in, and dollars to donuts, at least one will work and that's all you need. Any group smart enough to invent Bitcoin would be able to foresee that at some point, anonymous currency would follow as a consequence and I believe Satoshi said as much somewhere (although I don't have a quote on hand).