https://blossom.primal.net/99dea78e19ae71b2d35f346ff5160eeb34dc6c52f70988e321b7b099740d24bd.mp4

> Bitcoin*](https://bitcoinmagazine.com/articles/discovering-bitcoin-a-brief-overview-from-cavemen-to-the-lightning-network)

> (2019)

This problem is *precisely* why all previous attempts of digital cash

required a central­ized registry. You always had to trust someone to

correctly identify the order of things. A central­ized party was

required to keep the time.

Bitcoin solves this problem by re-inventing time itself. It says no to

seconds and yes to blocks.

## Keeping the Time, One Block at a Time

> Time's glory is to calm contending kings,

> To unmask false­hood and bring truth to light,

> To stamp the seal of time in aged things,

> To wake the morn and sentinel the night,

> To wrong the wronger till he render right;

>

> —William Shake­speare, *The Rape of Lucrece* (1594)

All clocks rely on periodic processes, something that we might call a

"tick." The familiar *tick-tock* of a grand­fa­ther's clock is, in

essence, the same as the molec­ular-atomic buzzing of our modern Quartz

and Caesium clocks. Something swings — or oscil­lates — and we simply

count these swings until it adds up to a minute or a second.

For large pendulum clocks, these swings are long and easy to see. For

smaller and more special­ized clocks, special equip­ment is required.

The frequency of a clock — how often it ticks — depends on its

use-case.

Most clocks have a fixed frequency. After all, we want to know the time

*precisely*. There are, however, clocks that have a variable frequency.

A metronome, for example, has a variable frequency that you can set

before you make it tick. While a metronome keeps its pace constant once

it is set, Bitcoin's time varies for each tick because its internal

mecha­nism is proba­bilistic. The purpose, however, is all the same:

keep the music alive, so the dance can continue.

| Clock | Tick Frequency |

| --------------------------|-----------------------------------------|

| Grandfather's clock | ~0.5 Hz |

| Metronome | ~0.67 Hz to ~4.67 Hz |

| Quartz watch | 32768 Hz |

| Caesium-133 atomic clock | 9,192,631,770 Hz |

| Bitcoin | 1 block (0.00000192901 Hz* to ∞ Hz**) |

\* first block (6 days)

\*\* timestamps between blocks can show a negative delta

The fact that Bitcoin is a clock is hiding in plain sight. Indeed,

Satoshi points out that the Bitcoin network as a whole acts as a clock,

or, in his words: a distrib­uted timestamp server.

> In this paper, we propose a solution to the double-spending problem

> using a peer-to-peer distrib­uted timestamp server to generate

> compu­ta­tional proof of the chrono­log­ical order of trans­ac­tions.

>

> —Satoshi Nakamoto (2009)

That timestamping was the root problem to be solved is also apparent by

examining the refer­ence at the end of the Bitcoin whitepaper. Out of

the eight refer­ences in total, three are about timestamping:

- *How to time-stamp a digital document* by S. Haber, W.S.

Stornetta (1991)

- *Improving the efficiency and relia­bility of digital time-stamping*

by D. Bayer, S. Haber, W.S. Stornetta (1992)

- *Design of a secure timestamping service with minimal trust

require­ments* by H. Massias, X.S. Avila, and J.-J. Quisquater

(May 1999)

As Haber and Stornetta outlined in 1991, digital time-stamping is about

compu­ta­tion­ally practical proce­dures that make it infea­sible for

a user — or an adver­sary, for that matter — to either back-date or

forward-date a digital document. Contrary to physical documents, digital

documents are easy to tamper with, and the change doesn't neces­sarily

leave any tell-tale signs on the physical medium itself. In the digital

realm, forgeries and manip­u­la­tions can be perfect.

The malleable nature of infor­ma­tion makes time-stamping digital

documents an elabo­rate and sophis­ti­cated process. Naive solutions do

not work. Take a text document, for example. You can't simply add the

date at the end of the document since everyone — including

yourself — could simply change the date in the future. You could also

make up any date in the first place.

## Time is a Causal Chain

> In an extreme view, the world can be seen as only connec­tions,

> nothing else.

>

> —Tim Berners-Lee, *Weaving the Web* (1999)

Making up dates is a general problem, even in the non-digital realm.

What is known in the kidnap­ping world as "Authen­ti­ca­tion by

Newspaper" is a general solution to the problem of arbitrary timestamps.

![]()

This works because a newspaper is hard to fake and easy to verify. It is

hard to fake because today's front page refers to yester­day's events,

events that could not have been predicted by the kidnapper if the

picture would be weeks old. By proxy of these events, the picture is

proof that the hostage was still alive on the day the newspaper came

out.

This method highlights one of the key concepts when it comes to time:

*causality*. The arrow of time describes the causal relation­ship of

events. No causality, no time. Causality is also the reason why

crypto­graphic hash functions are so crucial when it comes to

timestamping documents in cyber­space: they intro­duce a causal

relation­ship. Since it is practi­cally impos­sible to create a valid

crypto­graphic hash without having the document in the first place,

a causal relation­ship between the document and the hash is intro­duced:

the data in question existed first, the hash was gener­ated later. In

other words: without the compu­ta­tional irreversibility of one-way

functions, there would be no causality in cyber­space.

![]()

With this causal building block in place, one can come up with schemes

that create a chain of events, causally linking A to B to C and so on.

In that sense, secure digital timestamping moves us from a timeless

place in the ether into the realm of digital history.

> Causality fixes events in time. If an event was deter­mined by certain

> earlier events, and deter­mines certain subse­quent events, then the

> event is sandwiched securely into its place in history.

>

> —Bayer, Haber, Stornetta (1992)

It goes without saying that causality is of the utmost impor­tance when

it comes to economic calcu­la­tions. And since a ledger is nothing but

the embod­i­ment of economic calcu­la­tions of multiple cooper­ating

partic­i­pants, causality is essen­tial for every ledger.

> We need a system for partic­i­pants to agree on a single history

> \[...\]. The solution we propose begins with a timestamp server.

>

> —Satoshi Nakamoto (2009)

It is fasci­nating that all of the puzzle pieces that make Bitcoin work

did already exist. As early as 1991, Haber and Stornetta intro­duced two

schemes that make it "diffi­cult or impos­sible to produce false

time-stamps." The first relies on a trusted third party; the second,

more elabo­rate "distrib­uted trust" scheme, does not. The authors even

identi­fied the inherent problems of trusting a causal chain of events

and what would be required to rewrite history. In their words, "the only

possible spoof is to prepare a fake chain of time-stamps, long enough to

exhaust the most suspi­cious challenger that one antic­i­pates."

A similar attack vector exists in Bitcoin today, in the form of a 51%

attack (more on that in a later chapter).

One year later, Bayer, Haber, and Stornetta built upon their previous

work and proposed to use trees instead of simple linked lists to tie

events together. What we know as *Merkle Trees* today are simply

efficient data struc­tures to create a hash from multiple hashes

deter­min­is­ti­cally. For timestamping, this means that you can

efficiently bundle multiple events into one "tick." In the same paper,

the authors propose that the distrib­uted trust model intro­duced in

1991 could be improved by carrying out a recur­ring "world champi­onship

tourna­ment" to deter­mine a single "winner" who widely publishes the

resulting hash somewhere public, like a newspaper. Sounds familiar?

As we shall see, it turns out that newspa­pers are also an excel­lent

way to think about the second ingre­dient of time: unpre­dictability.

## Causality and Unpredictability

> Time is not a reality \[*hupostasis*\], but a concept \[*noêma*\] or

> a measure \[*metron*\]...

>

> —Antiphon the Sophist, *On Truth* (3rd century AD)

While causality is essen­tial, it is not suffi­cient. We also need

*unpre­dictability* for time to flow. In the physical realm, we observe

natural processes to describe the flow of time. We observe a general

increase in entropy and call that the arrow of time. Even though the

laws of nature seem to be obliv­ious in regards to the direc­tion of

this arrow in most cases, certain things can't be undone, practi­cally

speaking. You can't unscramble an egg, as they say.

Similarly, entropy-increasing functions are required to estab­lish an

arrow of time in the digital realm. Just like it is practi­cally

impos­sible to unscramble an egg, it is practi­cally impos­sible to

unscramble a SHA256 hash or crypto­graphic signa­ture.

Without this increase in entropy, we could go forward and backward in

time willy-nilly. The sequence of Fibonacci Numbers, for example, is

causal but not entropic. Every number in the sequence is caused by the

two numbers that came before it. In that sense, it is a causal chain.

However, it is not useful to tell the time because it is entirely

predictable. In the same way that a kidnapper can't simply stand in

front of a calendar that shows the current date, we can't use

predictable processes as proof of time. We always have to rely on

something that can't be predicted in advance, like the front page of

today's newspaper.

Bitcoin relies upon two sources of unpre­dictability: trans­ac­tions and

proof-of-work. Just like nobody can predict what tomor­row's newspaper

will look like, nobody can predict what the next Bitcoin block will look

like. You can't predict what trans­ac­tions are going to be included

because you can't predict what trans­ac­tions are going to be broad­cast

in the future. And, more impor­tantly, you can't predict who will find

the solution to the current proof-of-work puzzle and what this solution

will be.

In contrast to the kidnap­per's newspaper, however, proof-of-work is

physi­cally linked to what happened *directly*. It is not just a record

of an event — it is the event itself. It is the proba­bilistic

direct­ness of proof-of-work that removes trust from the equation. The

only way to find a valid proof-of-work is by making a lot of guesses,

and making a single guess takes a little bit of time. The proba­bilistic

sum of these guesses is what builds up the timechain that is Bitcoin.

By utilizing the causality of hash-chains and the unpre­dictability of

proof-of-work, the Bitcoin network provides a mecha­nism for

estab­lishing an indis­putable history of events witnessed. Without

causality, what came before and what came after is impos­sible to tease

apart. Without unpre­dictability, causality is meaning­less.

What is intuitively under­stood by every kidnapper was explic­itly

pointed out by Bayer, Haber, and Stornetta in 1992: "To estab­lish that

a document was created after a given moment in time, it is neces­sary to

report events that could not have been predicted before they happened."

![]()

It is the combi­na­tion of causality and unpre­dictability that allows

the creation of an artifi­cial "now" in the other­wise timeless digital

realm. As Bayer, Haber, and Stornetta point out in their 1991 paper:

"the sequence of clients requesting time-stamps and the hashes they

submit cannot be known in advance. So if we include bits from the

previous sequence of client requests in the signed certifi­cate, then we

know that the time-stamp occurred after these requests. \[...\] But the

require­ment of including bits from previous documents in the

certifi­cate also can be used to solve the problem of constraining the

time in the other direc­tion, because the time-stamping company cannot

issue later certifi­cates unless it has the current request in hand."

All the puzzle pieces were already there. What Satoshi managed to do is

put them together in a way that removes the "time-stamping company" from

the equation.

## Proof of Time

> *Causa latet: vis est notis­sima.*

> The cause is hidden, but the result is known.

>

> —Ovid, *Metamor­phoses*, IV. 287 (8 AD)

Let us recapit­u­late: to use money in the digital realm, we have to

rely on ledgers. To make ledgers reliable, unambiguous order is

required. To estab­lish order, timestamps are neces­sary. Thus, if we

want to have *trust­less* money in the digital realm, we must remove any

entity that creates and manages timestamps and any single entity that is

in charge of time itself.

It took a genius like Satoshi Nakamoto to realize the solution: "To

imple­ment a distrib­uted timestamp server on a peer-to-peer basis, we

will need to use a proof-of-work system similar to Adam Back's

Hashcash."

We need to use a proof-of-work system because we need something that is

native to the digital realm. Once you under­stand that the digital realm

is infor­ma­tional in nature, the obvious conclu­sion is that

compu­ta­tion is all we have. If your world is made of data,

manip­u­la­tion of data is all there is.

Proof-of-work works in a peer-to-peer setting because it is

*trust­less*, and it is trust­less because it is discon­nected from all

external inputs — such as the readings of clocks (or newspa­pers, for

that matter). It relies on one thing and one thing only: compu­ta­tion

requires work, and in our universe, work requires energy and time.

## Bridging Times

> I know it works for me.

> As we cross the bridge — the burning bridge —

> With flames behind us,

> We front the line.

> It's you and me, baby, against the world.

>

> —Kate Bush, *Burning Bridge* (1985)

Without proof-of-work, one would always run into the Oracle problem

because the physical realm and the infor­ma­tional realm are eternally

discon­nected. The markings on your list of sheep aren't your sheep, the

map is not the terri­tory, and whatever was written in yester­day's

newspaper isn't neces­sarily what happened in the real world. In the

same manner, just because you use a real-world clock to write down

a timestamp doesn't mean that this is actually what the time was.

Put bluntly, there simply is no way to trust that data repre­sents

reality, except if the reality in question is inherent in the data

itself. The brilliant thing about Bitcoin's diffi­culty-adjusted

proof-of-work is that it creates its own reality, along with its own

space and time.

Proof-of-work provides a direct connec­tion between the digital realm

and the physical realm. More profoundly, it is the only connec­tion that

can be estab­lished in a trust­less manner. Every­thing else will always

rely on external inputs.

The diffi­culty to mine a new Bitcoin block is adjusted to make sure

that the thin thread between Bitcoin's time and our time remains intact.

Like clock­work, the mining diffi­culty readjusts every 2016 ticks. The

goal of this readjust­ment is to keep the *average* time between ticks

at ten minutes. It is these ten minutes that maintain a stable

connec­tion between the physical and the infor­ma­tional realm.

Conse­quently, a sense of human time is required to readjust the ticks

of the Bitcoin clock. A purely block-based readjust­ment wouldn't work

since it would be completely discon­nected from our human world, and the

whole purpose of the readjust­ment is to stop us ingenious humans from

finding blocks too fast (or too slow).

As Einstein has shown us, time is not a static thing. There is no such

thing as a universal time we could rely upon. Time is relative, and

simul­taneity is nonex­is­tent. This fact alone makes all

timestamps — especially across large distances — inher­ently

unreli­able, even without adver­sarial actors. (This is why timestamps

of GPS satel­lites have to be adjusted constantly, by the way.)

For Bitcoin, the fact that our human timestamps are impre­cise doesn't

matter too much. It also doesn't matter that we have no absolute

refer­ence frame in the first place. They only have to be precise enough

to calcu­late a somewhat reliable average across 2016 blocks. To

guarantee that, a block's "meatspace" timestamp is only accepted if it

fulfills two criteria:

1. The timestamp has to be greater than the median timestamp of the

previous 11 blocks.

2. The timestamp has to be less than the network-adjusted time plus two

hours. (The "network-adjusted time" is simply the median of the

timestamps returned by all nodes connected to you.)

In other words, the diffi­culty-adjust­ment is about keeping a constant

time, *not* a constant level of security, diffi­culty, or energy

expen­di­ture. This is ingenious because good money *has* to be costly

in time, not energy. Linking money to energy alone is not suffi­cient to

produce absolute scarcity since every improve­ment in energy

gener­a­tion would allow us to create more money. Time is the only thing

we will never be able to make more of. It is *The Ultimate Resource*, as

Julian Simon points out. This makes Bitcoin the ultimate form of money

because its issuance is directly linked to the ultimate resource of our

universe: time.

The diffi­culty adjust­ment is essen­tial because, without it, the

internal clock of Bitcoin would tend to go faster and faster as more

miners join the network or the efficiency of mining devices improves. We

would quickly run into the coordi­na­tion problem that Bitcoin sets out

to solve. As soon as the block time falls below a certain threshold,

say, 50 millisec­onds, it would be impos­sible to agree on a shared

state, even in theory. It takes light around 66 millisec­onds to travel

from one side of the earth to the other. Thus, even if our computers and

routers were perfect, we would be back at square one: given two events,

it would be futile to tell which event happened before and which event

happened after. Without a periodic adjust­ment of Bitcoin's ticks, we

would run into the hopeless problem of solving the coordi­na­tion

problem faster than the speed of light. Time is also at the root of the

problem of crypto­graphic insta­bility, which was outlined in Chapter 1.

Cryptog­raphy works because of an asymmetry in time: it takes a short

time to build a crypto­graphic wall and a long time to break it

down — unless you have a key.

Thus, in some sense, proof-of-work — and the diffi­culty adjust­ment

that goes along with it — artifi­cially slows down time, at least from

the perspec­tive of the Bitcoin network. In other words: Bitcoin

enforces an internal rhythm whose low frequency allows ample buffer for

the latency of commu­ni­ca­tions between peers. Every 2016 blocks,

Bitcoin's internal clock readjusts, so that — on average — only one

valid block will be found every 10 minutes.

From an outside perspec­tive, Bitcoin funnels the chaotic mess of

globally broad­cast asynchro­nous messages into a parallel universe,

restricted by its own rules and its own sense of space and time.

Trans­ac­tions in the mempool are timeless from the point-of-view of the

Bitcoin network. Only when a trans­ac­tion is included in a valid block

does it get assigned a time: the number of the block it is included in.

![]()

It is hard to overstate how elegant a solution this is. Once you are

able to create your own defin­i­tion of time, deciphering what came

before and what came after is trivial. In turn, agreeing on what

happened, in what order, and, conse­quently, who owes what to whom,

becomes trivial as well.

The diffi­culty adjust­ment makes sure that the *ticks* of Bitcoin's

internal metronome are somewhat constant. It is the conductor of the

Bitcoin orchestra. It is what keeps the music alive.

But why can we rely on work in the first place? The answer is

three­fold. We can rely on it because compu­ta­tion requires work, work

requires time, and the work in question — guessing random

numbers — can not be done efficiently.

## Probabilistic Time

> Time forks perpet­u­ally toward innumer­able futures.

>

> —Jorge Luis Borges, *The Garden of Forking Paths* (1941)

Finding a valid nonce for a Bitcoin block is a guessing game. It is very

much like rolling a die, or flipping a coin, or spinning a roulette

wheel. You are, in essence, trying to find a beyond-astro­nom­i­cally

large random number. There is no progress toward finding a solution. You

either hit the jackpot, or you don't.

Every time you flip a coin, the chance of it coming up heads or tails is

50% — even if you flipped it twenty times before, and it came up heads

every time. Similarly, every time you wait for a bitcoin block to come

in, the chance that it will be found *this second* is \~0.16%. It

doesn't matter when the last block was found. The approx­i­mate waiting

time for the next block is always the same: \~10 minutes.

It follows that every individual tick of this clock is unpre­dictable.

Relative to our human clocks, this clock appears to be sponta­neous and

impre­cise. This is irrel­e­vant, as Gregory Trubet­skoy points out: "It

doesn't matter that this clock is impre­cise. What matters is that it is

the same clock for everyone and that the state of the chain can be tied

unambigu­ously to the ticks of this clock." Bitcoin's clock might be

proba­bilistic, but it isn't illusory.

> Time is an illusion,

> lunchtime doubly so.

>

> —Douglas Adams (1979)

The present moment, however, can absolutely be an illusion in Bitcoin.

Since there is no central authority in the network, strange situa­tions

can arise. While unlikely, it is possible that two valid blocks are found at

the same time (again: apolo­gies to all physi­cists), which will make

the clock tick forward in two different places at once. However, since

the two different blocks will very likely differ in their content, they

will contain two different histo­ries, both equally valid.

This is known as a chain split and is a natural process of Nakamoto

consensus. Like a flock of birds that briefly splits in two only to

merge again, nodes on the Bitcoin network will eventu­ally converge to

a shared history after some time, thanks to the proba­bilistic nature of

guessing.

Nakamoto consensus simply states that the correct history is to be found

in the heaviest chain, i.e., the chain with the most amount of

proof-of-work embedded in it. Thus, if we have two histo­ries A and B,

some miners will try to build upon history A, others will try to build

upon history B. As soon as one of them finds the next valid block, the

other group is programmed to accept that they were on the wrong side of

history and switch over to the heaviest chain — the chain that

repre­sents what actually happened, by defin­i­tion. In Bitcoin, history

is truly written by the victors.

> The payee needs proof that at the time of each trans­ac­tion, the

> majority of nodes agreed it was the first received. \[...\] When there

> are multiple double-spent versions of the same trans­ac­tion, one and

> only one will become valid. The receiver of a payment must wait an

> hour or so before believing that it's valid. The network will resolve

> any possible double-spend races by then.

>

> —Satoshi Nakamoto (2009)

In this simple state­ment lies the secret of the distrib­uted

coordi­na­tion problem. This is how Satoshi solved the problem of the

"simul­ta­neous payment" our ficti­tious business partners encoun­tered

previ­ously. He solved it once and for all, relativistic effects be

damned!

Because of this proba­bilistic nature of Bitcoin's clock, the present

moment — what we call the chain tip — is always uncer­tain. The

past — blocks buried below the chain tip — is ever more certain.

> The more thorough the under­standing needed, the further back in time

> one must go.

>

> —Gordon Clark, *A Chris­tian View of Men and Things*, p. 58. (1951)

Conse­quently, the Bitcoin clock might rewind from time to time, for

some peers, for a tick or two. If your chain tip — the present

moment — happens to lose to a competing chain tip, your clock will

first rewind and then jump forward, overriding the last few ticks that

you thought were history already. If your clock is proba­bilistic, your

under­standing of the past has to be too.

> Tick tock tick tock tick — what is the time?

> Tick tock tick tock... it ends in

> [c619](https://www.blockstream.info/block/000000000000000000095eaf76a73a7986ea2e6a3b0d190fb10ab986b683c619).

> Are you sure this is fine? Are we probably late?

> Absolutes do not matter: before nine there comes

> [eight](https://www.blockstream.info/block/0000000000000000000318291249db2c9b658d087e4f06bcd2ed24481e81533c).

> The clock isn't exact; it sometimes goes in reverse.

> Exact time implies center; that's the root of this curse!

> Yet this clock keeps on ticking, tock-tick and tick-tock,

> there's no profit in tricking; just tick-tock and next block.

>

> —A Funny Little Rhyme on Bitcoin and Time (2020)

## Conclusion

> Time is still one of the great mysteries in physics, one that calls

> into question the very defin­i­tion of what physics is.

>

> —Jorge Cham and Daniel Whiteson: *We Have No Idea: A Guide to the

> Unknown Universe*, pp. 117 -- 118 (2017)

Keeping track of things in the infor­ma­tional realm implies keeping

track of a sequence of events, which in turn requires keeping track of

time. Keeping track of time requires agreeing on a "now" — a moment in

time that eternally links the settled past with the uncer­tain future.

In Bitcoin, this "now" is the tip of the heaviest proof-of-work chain.

Two building blocks are essen­tial for the struc­ture of time: causal

links and unpre­dictable events. Causal links are required to define

a past, and unpre­dictable events are required to build a future. If the

sequence of events would be predictable, it would be possible to skip

ahead. If the individual steps of the sequence aren't linked, it would

be trivial to change the past. Because of its internal sense of time, it

is insanely diffi­cult to cheat Bitcoin. One would have to rewrite the

past or predict the future. Bitcoin's timechain prevents both.

Viewing Bitcoin through the lens of time should make clear that the

"block chain" — the data struc­ture that causally links multiple

events together — is not the main innova­tion. It is not even a new

idea, as is evident by studying the timestamp liter­a­ture of the past.

> A blockchain is a chain of blocks.

>

> —Peter Todd

What is a new idea — what Satoshi figured out — is how to

indepen­dently agree upon a history of events without central

coordi­na­tion. He found a way to imple­ment a decen­tralised

timestamping scheme that (a) doesn't require a time-stamping company or

server, (b) doesn't require a newspaper or any other physical medium as

proof, and (c) can keep the *ticks* more-or-less constant, even when

operating in an environ­ment of ever-faster CPU clock times.

Timekeeping requires *causality*, *unpre­dictability*, and

*coordi­na­tion*. In Bitcoin, *causality* is provided by one-way

functions: the crypto­graphic hash functions and digital signa­tures

that are at the core of the protocol. *Unpre­dictability* is provided by

both the proof-of-work puzzle as well as the inter­ac­tion with other

peers: you can't know in advance what others are doing, and you can't

know in advance what the solution to the proof-of-work puzzle will be.

*Coordi­na­tion* is made possible by the diffi­culty adjust­ment, the

magic sauce that links Bitcoin's time to ours. Without this bridge

between the physical and the infor­ma­tional realm, it would be

impos­sible to agree on a time by relying on nothing but data.

**Bitcoin is time** in more ways than one. Its units are stored time

because they are money, and its network is time because it is

a decen­tral­ized clock. The relent­less beating of this clock is what

gives rise to all the magical proper­ties of Bitcoin. Without it,

Bitcoin's intri­cate dance would fall apart. But with it, everyone on

earth has access to something truly marvelous: Magic Internet Money.

---

This article first appeared on [dergigi.com](https://dergigi.com/2021/01/14/bitcoin-is-time/).

⚡ Right now at nostr:npub1hyxet20dqk5nach0kc4a4evydch58dh9pu3x35kl9myhaezn823sd2tug7, nostr:npub1qqqqqqqx2tj99mng5qgc07cgezv5jm95dj636x4qsq7svwkwmwnse3rfkq & nostr:npub1zvyeff7d26lxmhzyh4jlmdjwvvkg5pmd9uxrwa82q45agmr0a0as6rvfj0 are presenting “Privacy, Freedom and Mostro: the return of the cypherpunk.”

“Privacy is necessary for an open society in the electronic age.” -Eric Hughes (1993)

Mostro 🧌 embodies that principle.

A P2P exchange over Nostr and Lightning where:

🔹 Each order uses ephemeral keys.

🔹 No KYC. No custodians.

🔹 Code is open, unstoppable, and censorship-resistant.

This is the cypherpunk legacy: alive through Bitcoin, Lightning, and now Mostro.

👉 mostro.network

https://bitkey.build/not-our-keys-not-our-business/?ref=bitkey-newsletter