0 reply
0 recast
0 reaction
Bitcoin: A Peer-to-Peer Electronic Cash Systemâ¨Satoshi Nakamotoâ¨[email protected]â¨www.bitcoin.org
Abstractâ¨A peer-to-peer electronic cash system enables direct online payments without financial institutions. Digital signatures ensure ownership, but double-spending requires a trusted third party. We propose a peer-to-peer network using proof-of-work to timestamp transactions, creating an immutable chain. The longest chain, backed by the most CPU power, proves transaction order. Security holds if honest nodes control most CPU power. The network is unstructured, with nodes freely joining or leaving, accepting the longest proof-of-work chain.
1. Introductionâ¨Internet commerce depends on financial institutions as trusted intermediaries, raising transaction costs and limiting small payments. Non-reversible transactions are hard, enabling fraud. We propose a cryptographic, trustless system for direct transactions. A peer-to-peer timestamp server prevents double-spending if honest nodes dominate CPU power.
2. Transactionsâ¨An electronic coin is a chain of digital signatures. Owners sign a hash of the prior transaction and the next ownerâs public key, appending it to the coin. Payees verify signatures to confirm ownership. Preventing double-spending without a central authority requires public transactions and node consensus on their order, ensuring most nodes accept a transaction as first received.
3. Timestamp Serverâ¨A timestamp server hashes a block of items and publishes the hash, proving data existence at that time. Each timestamp includes the prior one, forming a reinforcing chain.
4. Proof-of-Workâ¨Using a proof-of-work system like Hashcash, a hash (e.g., SHA-256) must have leading zeros, requiring significant computation but easy verification. Each blockâs proof-of-work links to the prior block, making changes costly. Proof-of-work ensures majority decisions via CPU power, not IP addresses. The longest chain, with the most proof-of-work, is valid. Difficulty adjusts to maintain consistent block creation.
5. Networkâ¨The network operates as:
1 Transactions broadcast to all nodes.
2 Nodes collect transactions into a block.
3 Nodes compute proof-of-work for the block.
4 Block is broadcast when proof-of-work is found.
5 Nodes accept valid, unspent transaction blocks.
6 Nodes build the next block using the accepted blockâs hash.â¨Nodes follow the longest chain, switching if a longer branch appears. Broadcasts tolerate faults, and missed blocks are requested later.
6. Incentiveâ¨The first block transaction creates a new coin for the creator, encouraging network support. Transaction fees (input-output difference) also fund incentives. After a fixed coin issuance, fees sustain the system, avoiding inflation. Incentives discourage attacks, as generating coins is more profitable than undermining the system.
7. Reclaiming Disk Spaceâ¨Old transactions are discarded using a Merkle Tree, with only the root hash in the block, saving space. Block headers (80 bytes) generate ~4.2MB yearly, manageable with modern storage.
8. Simplified Payment Verificationâ¨Users verify payments without a full node by keeping longest-chain block headers and using Merkle branches to link transactions to timestamps. This is secure if honest nodes dominate but vulnerable if attackers overpower the network. Node alerts for invalid blocks improve security. Businesses may run full nodes for faster verification.
9. Combining and Splitting Valueâ¨Transactions combine or split value with multiple inputs and outputs, typically one for payment and one for change. Fan-out dependencies are manageable without a full transaction history.
10. Privacyâ¨Unlike bankingâs restricted data access, Bitcoin transactions are public but anonymous via unlinked public keys. New key pairs per transaction enhance privacy, though multi-input transactions may reveal common ownership.
11. Calculationsâ¨An attacker racing the honest chain faces a Binomial Random Walk. If honest nodes have more CPU power (p > q), the attackerâs success probability drops exponentially with blocks (z). Examples:
⢠q=0.1, z=5: P=0.0009137
⢠q=0.3, z=24: P<0.001â¨Recipients wait for z blocks to ensure transaction permanence. Attacker progress follows a Poisson distribution.
12. Conclusionâ¨Bitcoin enables trustless transactions using digital signatures and proof-of-work to prevent double-spending. The peer-to-peer network records a public transaction history, secure if honest nodes control most CPU power. Nodes operate without coordination or identity, following the longest proof-of-work chain. Consensus enforces rules and incentives.
References
1 W. Dai, âb-money,â 1998.
2 H. Massias et al., âDesign of a secure timestamping service,â 1999.
3 S. Haber, W.S. Stornetta, âHow to time-stamp a digital document,â 1991.
4 D. Bayer et al., âImproving the efficiency and reliability of digital time-stamping,â 1993.
5 S. Haber, W.S. Stornetta, âSecure names for bit-strings,â 1997.
6 A. Back, âHashcash - a denial of service counter-measure,â 2002.
7 R.C. Merkle, âProtocols for public key cryptosystems,â 1980.
8 W. Feller, âAn introduction to probability theory and its applications,â 1957. 3 replies
1 recast
7 reactions
1 reply
0 recast
2 reactions
0 reply
0 recast
1 reaction
