Bitcoin Is Time
The relentess beating of this clock is what gives rise to all magical properties of Bitcoin.
“One luminary clock against the sky
Proclaimed the time was neither wrong nor right.”
— Robert Frost, Acquainted with the Night (1928)
“Time is still the great mystery to us. It is no more than a concept; we don’t know if it even exists”…
— Clifford D. Simak, Shakespeare’s Planet (1976)
Time is money, or so the saying goes.
It follows that money is also time: a representation of the collective economic energy stored by humanity.
However, the link between time and money is more intricate than it might initially seem. If money requires no time to create, it doesn’t work as money very well or not for long. More profoundly, as we shall see, keeping track of things in the informational realm always implies keeping track of time.
As soon as money goes digital, we have to agree on a definition of time, and herein lies the whole problem. You might think telling the time is as easy as glancing at whatever clock is nearby, and you would be right when it comes to everyday tasks. But when it comes to synchronizing the state of a global, adversarial, distributed network, telling the time becomes an almost intractable problem.
How do you tell the time if clocks can’t be trusted?
How do you create the concept of a singular time if your system spans the galaxy?
How do you measure time in a timeless realm?
And what is time anyway?
To answer these questions, we will have to take a closer look at the concept of time itself and how Bitcoin makes up its own time: block time — more commonly known as block height. We will explore why the problem of timekeeping is intimately related to keeping records, why there is no absolute time in a decentralized system, and how Bitcoin uses causality and unpredictability to build its own sense of now.
Timekeeping devices have transformed civilizations more than once.
As Lewis Mumford pointed out in 1934:
“The clock, not the steam engine, is the key-machine of the modern industrial age.” Today, it is again a timekeeping device that is transforming our civilization: a clock, not computers, is the true key-machine of the modern informational age. And this clock is Bitcoin.”
“Let the child learn to count things, thus getting the notion of numbers. These things are, for the purpose of counting, considered alike, and they may be single objects or groups.”
— David Eugene Smith, The Teaching of Elementary Mathematics (1900)
Very broadly speaking, there are two ways to keep track of things: physical tokens and ledgers. You can either use real-world artifacts directly, e.g., give someone a sea shell, a coin, or some other tangible thing, or you can replicate the state of the world by writing down what happened on a piece of paper.
Imagine you are a shepherd and want to ensure that your whole flock returns home. You can put a collar on each sheep, and as soon as a sheep returns home, you simply remove the collar and hang it up in your shed. If you have one hanger for every collar, you will know that every sheep is returned safely as soon as all hangers are filled. Of course, you can also count them and keep a list. However, you will have to create a new list every time you start counting, and you will also have to make sure not to count a single sheep twice (or not at all).
Money is essentially a tool to keep track of who owes what to whom. Broadly speaking, everything we have used as money up to now falls into two categories: physical artifacts and informational lists. Or, to use more common parlance: tokens and ledgers.
It is important to realize the inherent difference of these categories, so let me point it out explicitly: The first method — a physical token — directly represents the state of things. The second one — a ledger — indirectly reflects the state of things. Each comes with advantages and disadvantages.
For example, tokens are physical and distributed; ledgers are informational and centralized. Tokens are inherently trustless; ledgers are not.
In the digital realm — no matter how intensely marketing gurus try to convince you of the opposite — we can only use ledgers. It is an informational realm, not a physical one. Even if you call a certain kind of information a “token, ” it is still a malleable piece of information, written down on a hard drive or some other medium that can hold information, effectively rendering it an informational record.
The ledger-like nature of all digital information is the root cause of the double-spend problem. Information never represents the state of the world directly. Further, the movement of information implies copying. Information exists in one place, and to “move” it, you have to copy it to another place and erase it at its origin. This problem doesn’t exist in the physical realm. In the physical realm, we can move things from A to B. The informational realm doesn’t have this property.
If you want to “move” information from List A to List B, you have to copy it from A to B. There is no other way.
Another way to think about it is in terms of uniqueness. Physical tokens are unique composites of atoms whose assembly is not easily replicable. Pure information does not have this property. If you can read the information, you can also copy it perfectly. Practically speaking, physical tokens are unique, and digital tokens are not.
I would even argue that “digital token” is a misnomer. A token might represent secret information, but it will never represent unique, singular, uncopyable information.
This difference in properties shows that there really is no way to “hand over” information. It is impossible to pass on a digital token like you would pass on a physical one since you can never be sure if the original owner destroyed the information on his end.
Digital tokens, like all information, can only be spread, like an idea.
… “if you have an apple and I have an apple, and we swap apples — we each end up with only one apple. But if you and I have an idea and we swap ideas — we each end up with two ideas.”
— Charles F. Brannan (1949)
Physical tokens — what we call physical bearer assets, or “cash” — are free from this dilemma. In the real world, if you hand me a coin, your coin is gone. There is no magical duplication of the coin, and the only way to give it to me is to physically hand it over. The laws of physics do not allow you to double-spend it.
While double-spending does exist in the non-digital realm — George Parker, a con artist who famously “double-spent” the Brooklyn Bridge and other landmarks comes to mind — it requires elaborate deception and gullible buyers. Not so in the digital realm.
In the digital realm, because we are always dealing with information, double-spending is an inherent problem. As everyone who has ever copied a file or used copy-and-paste knows, information is something that you can copy perfectly, and it is not bound to the medium that hosts it.
If you have a digital photograph, for example, you can copy it a million times, store some copies on a USB stick, and send it to thousands of different people. Perfect copies are possible because information allows for flawless error correction, which eliminates degradation. And to top things off, there is virtually no cost to duplication and no way to tell what the original was.
Again: When it comes to information, copying is all there is.
There simply is no way to move digital information from A to B. Information is always copied from A to B. If the copying process is successful, the original copy of A is deleted. This is why the double-spending problem is so tricky.
Absent of a central authority, there is no way to move anything from A to B in a trustless manner. You always have to trust that the original will be deleted. A natural side-effect is that, when it comes to digital information, it is impossible to tell how many copies are in existence and where these copies might be.
Because of this, using digital “tokens” as money can not and will never work. Since tokens derive their reliability from being hard to reproduce as a result of their unique physical construction, this advantage disappears in the digital realm. In the digital realm, tokens cannot be trusted. As a result of the nature of information’s intrinsic properties, the only viable format for digital money is not a token but a ledger — which brings us to the problem of time.
“For the things seen are temporary, but the things unseen are everlasting.”
— Paul of Tarsus, Corinthians 4:18b
When it comes to physical tokens, the time of a transaction does not matter. You either have the coins in your pocket, or you don’t; you can either spend them, or you can’t. The simple act of possession is the only prerequisite for spending. The laws of nature take care of the rest. In that sense, physical tokens are trustless and timeless.
When it comes to ledgers, physical possession falls by the wayside.
Whoever controls the ledger needs to ensure that things are in order. What is otherwise given by physical laws, namely that you can’t spend money that you don’t have and can’t spend money that you have already spent previously, has to be enforced by man-made rules. These rules govern the orderly operation and maintenance of a ledger, not physical laws.
Moving from physical laws to man-made rules is the crux of the matter.
Man-made rules can be bent and broken; physical laws — not so much. For example, you can’t simply “make up” a physical gold coin. You have to dig it out of the ground. You can, however, absolutely make up a gold coin on paper.
To do this, you simply add an entry to the ledger and give yourself a couple of coins. Or, in the case of central banks, simply add a couple trillion with a few computer keystrokes. (Fancy financial people call this “Rehypothecation, ” “Fractional Reserve Banking, ” or “Quantitative Easing” — but don’t be fooled, it’s all the same: making up money.)
To keep ledgers and those who manipulate them honest, regular, independent audits are required. The ability to account for every single entry in a ledger is not a luxury. Auditors need to be able to go over the books — backward in time — to keep ledgers honest and functioning. Without reliable timestamps, verifying the internal consistency of a ledger is impossible. A mechanism to establish an unambiguous order is essential.
Without an absolute sense of time, there is no way to have a defined order of transaction. And without a defined order of transactions, the rules of a ledger can not be followed.
How else can you make sure how much money you actually have?
How else can you make sure that things are in order?
The distinction between tokens and ledgers highlights the necessity for keeping track of time. In the physical realm, coins are timeless artifacts that can be exchanged without oversight. In the digital sphere, coin stamping requires timestamping.
“Time: a great engraver, or eraser.”
— Yahia Lababidi (b. 1973)
The common way to solve the double-spending problem — the problem of making sure that a digital transfer only happens once — is to have a central list of transactions. Once you have a central list of transactions, you have a single ledger that can be the sole source of truth.
Solving the double-spending problem is as easy as reviewing the list and ensuring that everything adds up correctly. This is how PayPal, Venmo, Alipay, and all the world’s banks — including central banks — solve the double-spending problem: via a central authority.
“The problem of course is the payee can’t verify that one of the owners did not double-spend the coin. A common solution is to introduce a trusted central authority, or mint, that checks every transaction for double-spending…
[T]he problem with this solution is that the fate of the entire money system depends on the company running the mint, with every transaction having to go through them, just like a bank.”
— Satoshi Nakamoto (2009)
It is worth pointing out that Satoshi didn’t manage to make information non-copyable. Every part of Bitcoin — its source code, the ledger, your private key — can be copied. All of it can be duplicated and tampered with.
However, Satoshi managed to build a system that makes rule-breaking copies entirely and utterly useless.
The Bitcoin network performs an intricate dance to decide which copies are useful and which aren’t, and this dance brings scarcity into the digital realm.
And, like with every dance, a temporal measuring stick is required to dictate the rhythm.
Even a centralized ledger can only solve the double-spending problem if it has a consistent way of keeping track of time. You always need to know who gave how much to whom and, most importantly: when. In the realm of information, there is no coin-stamping without timestamping.
“It must be stressed that the impossibility of associating events with points in time in distributed systems was the unsolved problem that precluded a decentralized ledger from ever being possible until Satoshi Nakamoto invented a solution.”
— Gregory Trubetskoy (2018)
“Time brings all things to pass.”
— Aeschylus (525 BC — 456 BC)
Time and order have a very intimate relationship. As Leslie Lamport pointed out in his 1978 paper Time, Clocks, and the Ordering of Events in a Distributed System:
“The concept of time is fundamental to our way of thinking. It is derived from the more basic concept of the order in which events occur.”
Absent a central point of coordination, seemingly intuitive notions of “before,” “after,” and “simultaneously” break down.
In the words of Lamport:
“The concept of 'happening before' defines an invariant partial ordering of the events in a distributed multiprocess system.”
Phrased Differently: Who should be in charge of time if putting someone in charge is not allowed?
How can you have a reliable clock without a central frame of reference?
You might think solving this problem is easy because everyone could just use their own clock. This only works if everyone’s clock is accurate and, more importantly, everyone plays nice. In an adversarial system, relying on individual clocks would be a disaster.
And, because of relativity, it does not work consistently across space.
As a thought experiment, imagine how you could cheat the system if everyone was in charge of keeping time for themselves. You could pretend that the transaction you’re sending now is actually from yesterday — it just got delayed for some reason — thus, you would still have all the money you’ve spent today.
Because of the asynchronous communication that is inherent in every decentralized system, this scenario is more than a theoretical thought experiment. Messages get delayed, timestamps are inaccurate, and thanks to relativistic effects and the natural speed limit of our universe, it is anything but easy to tell apart the order of things absent of a central authority or observer.
So you both swipe the card at precisely the same moment.
(Dear physicists, please excuse my use of “the same moment” — we will ignore relativistic effects and the fact that there is no absolute time in our universe for now. We will also ignore that the concept of synchronous events doesn’t really exist. Bitcoin is complicated enough as it is!)
The central ledger at your bank will probably receive one transaction before the other one, so one of you will be lucky, the other not so much. If the transactions happen to arrive in the same tick — let’s say in the same millisecond — the bank would have to decide who gets to spend the money.
Now, what would happen if there was no bank?
Who decides who was the first one to swipe?
What if it wasn’t only you two, but hundreds or even thousands of people coordinating?
What if you didn’t trust those people?
What if some of those people are trying to cheat, e.g., by setting their clocks back so that it looks like they spent the money a couple of minutes earlier?
“A time-related tool [is] needed to establish a canonical ordering and to enforce a unique history in the absence of any central coordinator.”
— Giacomo Zucco, Discovering Bitcoin (2019)
This problem is precisely why all previous attempts at digital cash required a centralized registry. You always had to trust someone to correctly identify the order of things. A centralized party was required to keep the time.
Bitcoin solves this problem by re-inventing time itself. It says no to seconds and yes to blocks.
“Time’s glory is to calm contending kings,
To unmask falsehood and bring truth to light,
To stamp the seal of time in aged things,
To wake the morn and sentinel the night,
To wrong the wronger till he render right,”
— William Shakespeare, The Rape of Lucrece (1709)
All clocks rely on periodic processes, something we might call a “tick.” The familiar tick-tock of a grandfather’s watch is, in essence, the same as the molecular-atomic buzzing of our modern Quartz and Cesium clocks. Something swings — or oscillates — and we simply count these swings until it adds up to a minute or a second.
For large pendulum clocks, these swings are long and easy to see. For smaller and more specialized clocks, special equipment is required. The frequency of a clock — how often it ticks — depends on its use-case.
Most clocks have a fixed frequency. After all, we want to know the time precisely. There are, however, clocks that have a variable frequency. A metronome, for example, has a variable frequency that you can set before you make it tick. While a metronome keeps its pace constant once it is set, Bitcoin’s time varies for each tick because its internal mechanism is probabilistic. The purpose, however, is all the same: keep the music alive, so the dance can continue.
“The fact that Bitcoin is a clock is hiding in plain sight. Indeed, Satoshi points out that the Bitcoin network acts as a clock, or, in his words: a distributed timestamp server.
In this paper, we propose a solution to the double-spending problem using a peer-to-peer distributed timestamp server to generate computational proof of the chronological order of transactions.”
— Satoshi Nakamoto (2009)
That timestamping was the root problem to be solved, also apparent by examining the reference at the end of the Bitcoin whitepaper.
Out of the eight references in total, three are about timestamping:
How to timestamp a digital document by S. Haber, W.S. Stornetta (1991)
Improving the efficiency and reliability of digital timestamping by D. Bayer, S. Haber, W.S. Stornetta (1992)
Design of a secure timestamping service with minimal trust requirements by H. Massias, X.S. Avila, and J.-J. Quisquater (May 1999)
As Haber and Stornetta outlined in 1991, digital timestamping is about computationally practical procedures that make it infeasible for a user — or an adversary, for that matter — to either back-date or forward-date a digital document. Contrary to physical copies, digital documents are easy to tamper with, and the change doesn’t necessarily leave any tell-tale signs on the physical medium itself. In the digital realm, forgeries and manipulations can be perfect.
The malleable nature of information makes timestamping digital documents an elaborate and sophisticated process. Naive solutions do not work. Take a text document, for example. You can’t simply add the date at the end of the document since everyone — including yourself — could simply change the date. You could also make up any date in the first place.
“In an extreme view, the world can be seen as only connections, nothing else.”
— Tim Berners-Lee, Weaving the Web (1999)
Making updates is a general problem, even in the non-digital realm. What is known in the kidnapping world as “Authentication by Newspaper” is an available solution to the problem of arbitrary timestamps.
This works because a newspaper is hard to fake and easy to verify. It is hard to fake because today’s front page refers to yesterday’s events, events that the kidnapper could not have predicted if the picture had been weeks old. By proxy of these events, the picture proves that the hostage was still alive on the day the newspaper came out.
This method highlights one of the key concepts regarding time: causality. The arrow of time describes the causal relationship of events. No causality, no time. Causality is also the reason why cryptographic hash functions are so crucial when it comes to timestamping documents in cyberspace: they introduce a causal relationship. Since it is practically impossible to create a valid cryptographic hash without having the document in the first place, a causal relationship between the document and the hash is introduced: the data in question existed first, and the hash was generated later.
In other words: without the computational irreversibility of one-way functions, there would be no causality in cyberspace.
With this causal building block in place, one can devise schemes that create a chain of events, causally linking A to B to C and so on. In that sense, secure digital timestamping moves us from a timeless place in the ether into the realm of digital history.
“Causality fixes events in time. If an event was determined by certain earlier events, and determines certain subsequent events, then the event is sandwiched securely into its place in history.”
— Bayer, Haber, Stornetta (1992)
It goes without saying that causality is of the utmost importance when it comes to economic calculations. And since a ledger is nothing but the embodiment of economic calculations of multiple cooperating participants, causality is essential for every ledger.
“We need a system for participants to agree on a single history […]. The solution we propose begins with a timestamp server.”
— Satoshi Nakamoto (2009)
It is fascinating that all of the puzzle pieces that make Bitcoin work did already exist. As early as 1991, Haber and Stornetta introduced two schemes that make it “‘difficult or impossible to produce false timestamps.’”
The first relies on a trusted third party; the second, more elaborate “‘distributed trust’” scheme, does not. The authors even identified the inherent problems of trusting a causal chain of events and what would be required to rewrite history.
In their words,
“The only possible spoof is to prepare a fake chain of timestamps, long enough to exhaust the most suspicious challenger that one anticipates.”
A similar attack vector exists in Bitcoin today in the form of a 51% attack (more on that in a later chapter).
One year later, Bayer, Haber, and Stornetta built upon their previous work and proposed to use trees instead of simple linked lists to tie events together.
What we know as Merkle Trees today are simply efficient data structures to create a hash from multiple hashes deterministically. For timestamping, you can efficiently bundle numerous events into one “‘tick.’”
In the same paper, the authors propose that the distributed trust model introduced in 1991 could be improved by carrying out a recurring “‘world championship tournament’” to determine a single “‘winner’” who widely publishes the resulting hash somewhere public, like a newspaper.
As we shall see, it turns out that newspapers are also an excellent way to think about the second ingredient of time: unpredictability.
“Time is not a reality [hupostasis], but a concept [noêma] or a measure [metron],”
— Antiphon the Sophist, On Truth (3rd century AD)
While causality is essential, it is not sufficient. We also need unpredictability for time to flow. In the physical realm, we observe natural processes to describe the flow of time.
We observe a general increase in entropy and call that the arrow of time. Even though the laws of nature seem to be oblivious regarding the direction of this arrow in most cases, certain things can’tcan’t be undone, practically speaking. You can’tcan’t unscramble an egg, as they say.
Similarly, entropy-increasing functions are required to establish an arrow of time in the digital realm. Just like it is practically impossible to unscramble an egg, it is practically impossible to unscramble a SHA256 hash or cryptographic signature.
Without this increase in entropy, we could go forward and backward in time willy-nilly. The sequence of Fibonacci Numbers, for example, is causal but not entropic. Every number in the series is caused by the two numbers before it. In that sense, it is a causal chain.
However, it is not helpful to tell the time because it is entirely predictable. In the same way that a kidnapper can’tcan’t simply stand in front of a calendar that shows the current date, we can’t use predictable processes as proof of time. We always have to rely on something that can’t be predicted in advance, like the front page of today’stoday’s newspaper.
Bitcoin relies upon two sources of unpredictability: transactions and proof-of-work. Just like nobody can predict what tomorrow’stomorrow’s newspaper will look like, nobody can predict what the next Bitcoin block will look like. You can’t predict what transactions are going to be included because you can’tcan’t predict what transactions are going to be broadcast in the future.
And more importantly, you can’t predict who will find the solution to the current proof-of-work puzzle and what this solution will be.
In contrast to the kidnapper’s newspaper, however, proof-of-work is physically linked to what happened directly. It is not just a record of an event — it is the event itself. It is the probabilistic directness of proof-of-work that removes trust from the equation. The only way to find a valid proof-of-work is by making a lot of guesses, and making a single guess takes a little bit of time.
The probabilistic sum of these guesses is what builds up the timechain that is Bitcoin.
By utilizing the causality of hash-chains and the unpredictability of proof-of-work, the Bitcoin network provides a mechanism for establishing an indisputable history of events witnessed.
Without causality, what came before and what came after is impossible to tease apart. Without unpredictability, causality is meaningless.
What is intuitively understood by every kidnapper was explicitly pointed out by Bayer, Haber, and Stornetta in 1992:
“To establish that a document was created after a given moment in time, it is necessary to report events that could not have been predicted before they happened.”
It is the combination of causality and unpredictability that allows the creation of an artificial “now” in the otherwise timeless digital realm.
As Bayer, Haber, and Stornetta point out in their 1991 paper:
“The sequence of clients requesting time-stamps and the hashes they submit cannot be known in advance. So if we include bits from the previous sequence of client requests in the signed certificate, then we know that the time-stamp occurred after these requests…
“[B]ut the requirement of including bits from previous documents in the certificate also can be used to solve the problem of constraining the time in the other direction because the time-stamping company cannot issue later certificates unless it has the current request in hand.”
All the puzzle pieces were already there. Satoshi managed to put them together in a way that removes the “time-stamping company” from the equation.
“Causa latet: vis est notissima. The cause is hidden, but the result is known.”
— Ovid, Metamorphoses, IV. 287 (8 AD)
Let us recapitulate: to use money in the digital realm, we must rely on ledgers. To make ledgers reliable, unambiguous order is required. To establish order, timestamps are necessary. Thus, if we want to have trustless money in the digital realm, we must remove any entity that creates and manages timestamps and any single entity in charge of time itself.
It took a genius like Satoshi Nakamoto to realize the solution:
“To implement a distributed timestamp server on a peer-to-peer basis, we will need to use a proof-of-work system similar to Adam Back’s Hashcash.”
We need a proof-of-work system because we need something native to the digital realm. Once you understand that the digital realm is informational in nature, the obvious conclusion is that computation is all we have. If your world is made of data, manipulation of data is all there is.
Proof-of-work works in a peer-to-peer setting because it is trustless, and it is trustless because it is disconnected from all external inputs — such as the readings of clocks (or newspapers, for that matter).
It relies on one thing and one thing only: computation requires work, and in our universe, work requires energy and time.
“I know it works for me. As we cross the bridge — the burning bridge — With flames behind us,
We front the line. It’s you and me, baby, against the world.”
— Kate Bush, Burning Bridge (1985)
Without proof-of-work, one would always run into the Oracle problem because the physical and informational realms are eternally disconnected. The markings on your list of sheep aren’t your sheep, the map is not the territory, and whatever was written in yesterday’s newspaper isn’t necessarily what happened in the real world.
Similarly, just because you use a real-world clock to write down a timestamp doesn’t mean that this is actually what the time was.
Put bluntly, there is no way to trust that data represents reality, except if the reality in question is inherent in the data itself. The brilliant thing about Bitcoin’s difficulty-adjusted proof-of-work is that it creates its own existence, along with its own space and time.
Proof-of-work provides a direct connection between the digital realm and the physical realm. More profoundly, it is the only connection that can be established in a trustless manner. Everything else will always rely on external inputs.
The difficulty of mining a new Bitcoin block is adjusted to ensure that the thin thread between Bitcoin’s time and our time remains intact. Like clockwork, the mining difficulty readjusts every 2016 ticks. The goal of this readjustment is to keep the average time between ticks at ten minutes. These ten minutes maintain a stable connection between the physical and the informational realm. Consequently, a sense of human time is required to readjust the ticks of the Bitcoin clock. A purely block-based readjustment wouldn’t work since it would be utterly disconnected from our human world, and the whole purpose of the readjustment is to stop us ingenious humans from finding blocks too fast (or too slow).
As Einstein has shown us, time is not a static thing. There is no such thing as a universal time we can rely upon. Time is relative, and simultaneity is nonexistent. This fact alone makes all timestamps — especially across large distances — inherently unreliable, even without adversarial actors. (This is why timestamps of GPS satellites have to be adjusted constantly, by the way.)
For Bitcoin, the fact that our human timestamps are imprecise doesn’t matter too much. It also doesn’t matter that we have no absolute reference frame in the first place. They only have to be precise enough to calculate a somewhat reliable average across 2016 blocks.
To guarantee that, a block’s “meatspace” timestamp is only accepted if it fulfills two criteria:
The timestamp has to be greater than the median timestamp of the previous 11 blocks.
The timestamp has to be less than the network-adjusted time plus two hours. (The “network-adjusted time” is simply the median of the timestamps returned by all nodes connected to you.)
In other words, the difficulty-adjustment is about keeping a constant time, not a constant level of security, difficulty, or energy expenditure. This is ingenious because good money has to be costly in time, not energy. Linking money to energy alone is not sufficient to produce absolute scarcity since every improvement in energy generation would allow us to create more money.
Time is the only thing we will never be able to make more of. It is The Ultimate Resource, as Julian Simon points out. This makes Bitcoin the ultimate form of money because its issuance is directly linked to the ultimate resource of our universe: Time.
The difficulty adjustment is essential because, without it, the internal clock of Bitcoin would tend to go faster and faster as more miners join the network or the efficiency of mining devices improves. We would quickly run into the coordination problem that Bitcoin sets out to solve. As soon as the block time falls below a certain threshold, say, 50 milliseconds, it would be impossible to agree on a shared state, even in theory. It takes light around 66 milliseconds to travel from one side of the earth to the other.
Thus, even if our computers and routers were perfect, we would be back at square one:
Given two events, it would be futile to tell which event happened before and which event happened after. Without a periodic adjustment of Bitcoin’s ticks, we would run into the hopeless problem of solving the coordination problem faster than the speed of light.
Time is also at the root of the problem of cryptographic instability, which was outlined in Chapter 1.
Cryptography works because of an asymmetry in time: it takes a short time to build a cryptographic wall and a long time to break it down — unless you have a key.
Thus, in some sense, proof-of-work — and the difficulty adjustment that goes along with it — artificially slows down time, at least from the perspective of the Bitcoin network.
In other words: Bitcoin enforces an internal rhythm whose low frequency allows ample buffer for the latency of communications between peers.
Every 2016 block, Bitcoin’s internal clock readjusts so that — on average — only one valid block will be found every 10 minutes.
From an outside perspective, Bitcoin funnels the chaotic mess of globally broadcast asynchronous messages into a parallel universe, restricted by its own rules and sense of space and time. Transactions in the mempool are timeless from the point-of-view of the Bitcoin network. Only when a transaction is included in a valid block is it assigned a time: the number of blocks it is included in.
It is hard to overstate how elegant a solution this is. Once you are able to create your own definition of time, deciphering what came before and what came after is trivial. In turn, agreeing on what happened, in what order, and, consequently, who owes what to whom, becomes trivial as well.
The difficulty adjustment makes sure that the ticks of Bitcoin’s internal metronome are somewhat constant. It is the conductor of the Bitcoin orchestra. It is what keeps the music alive.
But why can we rely on work in the first place?
The answer is threefold. We can rely on it because computation requires work, work requires time, and the work in question — guessing random numbers — can not be done efficiently.
“Time forks perpetually toward innumerable futures.”
— Jorge Luis Borges, The Garden of Forking Paths (1958)
Finding a valid nonce for a Bitcoin block is a guessing game. It is like rolling a die, flipping a coin, or spinning a roulette wheel. You are, in essence, trying to find a beyond-astronomically large random number. There is no progress toward finding a solution. You either hit the jackpot or you don’t.
Every time you flip a coin, the chance of it coming up heads or tails is 50% — even if you flipped it twenty times before, and it came up heads every time. Similarly, every time you wait for a Bitcoin block to come in, the chance that it will be found this second is ~0.16%.
It doesn’t matter when the last block was found. The approximate waiting time for the next block is always the same: ~10 minutes.
It follows that every individual tick of this clock is unpredictable. Relative to our human clocks, this clock appears to be spontaneous and imprecise.
This is irrelevant, as Gregory Trubetskoy points out:
“It doesn’t matter that this clock is imprecise. What matters is that it is the same clock for everyone and that the state of the chain can be tied unambiguously to the ticks of this clock.”
Bitcoin’s clock might be probabilistic, but it isn’t illusory.
“Time is an illusion, lunchtime doubly so.”
— Douglas Adams (1979)
The present moment, however, can absolutely be an illusion in Bitcoin. Since there is no central authority in the network, strange situations can arise.
While unlikely, a valid block may be found simultaneously (again: apologies to all physicists), which will make the clock tick forward in two different places at once.
However, since the two different blocks will very likely differ in their content, they will contain two different histories, both equally valid.
This is known as a chain split and is a natural process of Nakamoto consensus. Like a flock of birds that briefly splits in two only to merge again, nodes on the Bitcoin network will eventually converge to a shared history after some time, thanks to the probabilistic nature of guessing.
Nakamoto consensus simply states that the correct history is to be found in the heaviest chain, i.e., the chain with the most amount of proof-of-work embedded in it.
Thus, if we have two histories A and B, some miners will try to build upon history A, and others will try to build upon history B.
As soon as one of them finds the next valid block, the other group is programmed to accept that they were on the wrong side of history and switch over to the heaviest chain — the chain that represents what actually happened by definition.
“In Bitcoin, history is truly written by the victors. The payee needs proof that at the time of each transaction, the majority of nodes agreed it was the first received. […]
When there are multiple double-spent versions of the same transaction, one and only one will become valid. The receiver of a payment must wait an hour or so before believing that it’s valid. The network will resolve any possible double-spend races by then.”
— Satoshi Nakamoto (2009)
In this simple statement lies the secret of the distributed coordination problem. This is how Satoshi solved the problem of the “simultaneous payment” our fictitious business partners encountered previously. He solved it once and for all, relativistic effects be damned!
Because of this probabilistic nature of Bitcoin’s clock, the present moment — what we call the chain tip — is always uncertain. The past — blocks buried below the chain tip — is ever more certain.
“The more thorough the understanding needed, the further back in time one must go.”
— Gordon Clark, A Christian View of Men and Things, p. 58. (1951)
Consequently, the Bitcoin clock might rewind occasionally, for some peers, for a tick or two.
If your chain tip — the present moment — happens to lose to a competing chain tip, your clock will first rewind and then jump forward, overriding the last few ticks that you thought were history already.
“If your clock is probabilistic, your understanding of the past has to be too.
Tick tock tick tock tick — what is the time?
Tick tock tick tock… it ends in c619.
Are you sure this is fine?
Are we probably late?
Absolutes do not matter: before nine there comes eight.
The clock isn’t exact; it sometimes goes in reverse.
Exact time implies center; that’s the root of this curse!
Yet this clock keeps on ticking, tock-tick and tick-tock.
There’s no profit in tricking; just tick-tock and next block.”
— A Funny Little Rhyme on Bitcoin and Time (2020)
Time is still one of the great mysteries in physics, one that calls into question the very definition of what physics is.
Jorge Cham and Daniel Whiteson: We Have No Idea: A Guide to the Unknown Universe, pp. 117 — 118 (2017)
Keeping track of things in the informational realm implies keeping track of a sequence of events, which in turn requires keeping track of time.
Keeping track of time requires agreeing on a “now” — a moment in time that eternally links the settled past with the uncertain future. In Bitcoin, this “now” is the tip of the heaviest proof-of-work chain.
Two building blocks are essential for the structure of time: causal links and unpredictable events.
Causal links are required to define a past, and unpredictable events are required to build a future. If the sequence of events would be predictable, it would be possible to skip ahead.
If the individual steps of the sequence aren’t linked, it would be trivial to change the past. Because of its internal sense of time, it is insanely difficult to cheat Bitcoin. One would have to rewrite the past or predict the future. Bitcoin’s timechain prevents both.
Viewing Bitcoin through the lens of time should make clear that the “block chain” — the data structure that causally links multiple events together — is not the main innovation. It is not even a new idea, as is evident by studying the timestamp literature of the past.
“A blockchain is a chain of blocks.”
— Peter Todd
What is a new idea — what Satoshi figured out — is how to independently agree upon a history of events without central coordination. He found a way to implement a decentralised timestamping scheme that:
(A) doesn’t require a time-stamping company or server.
(B) doesn’t require a newspaper or any other physical medium as proof, and © can keep the ticks more-or-less constant, even when operating in an environment of ever-faster CPU clock times.
Timekeeping requires causality, unpredictability, and coordination. In Bitcoin, causality is provided by one-way functions: the cryptographic hash functions and digital signatures at the protocol’s core.
Unpredictability is provided by both the proof-of-work puzzle and the interaction with other peers: you can’t know in advance what others are doing, and you can’t know in advance what the solution to the proof-of-work puzzle will be.
Coordination is made possible by the difficulty adjustment, the magic sauce that links Bitcoin’s time to ours. Without this bridge between the physical and the informational realm, it would be impossible to agree on a time by relying on nothing but data.
Bitcoin is Time in more ways than one. Its units are stored time because they are money, and its network is time because it is a decentralized clock. The relentless beating of this clock gives rise to all the magical properties of Bitcoin. Without it, Bitcoin’s intricate dance would fall apart.
But with it, everyone on earth has access to something truly marvelous: Magic Internet Money.
"Bitcoin Is Time" is one of twenty-one chapters of Gigi’s upcoming book 21 Ways.
Sign up to start saving Bitcoin
Buy automatically every day, week, or month, starting with as little as $10.
Gigi is the author of 21 Lessons, a popular book about lessons learned from falling down the Bitcoin rabbit hole. He launched various projects in the space such as bitcoin-resources.com, bitcoin-quotes.com, “Einundzwanzig”, and others. Prior to taking the orange pill he was a researcher and software engineer leading multiple development teams that worked on critical large-scale apps. He is passionate about security, privacy, and of course, Bitcoin. The article is protected under the Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.
More from Swan Signal Blog
Thoughts on Bitcoin from the Swan team and friends.