Search
An attempt to find someone or something.
0 reply
0 recast
7 reactions
2 replies
0 recast
9 reactions
1 reply
0 recast
9 reactions
2 replies
3 recasts
15 reactions
6 replies
3 recasts
15 reactions
7 replies
1 recast
14 reactions
5 replies
1 recast
10 reactions
3 replies
1 recast
6 reactions
4 replies
1 recast
14 reactions
4 replies
1 recast
9 reactions
Bitcoin: A Peer-to-Peer Electronic Cash System
Satoshi Nakamoto
[email protected]
www.bitcoin.org
Abstract
A peer-to-peer electronic cash system enables direct online payments without financial institutions. Digital signatures ensure ownership, but double-spending requires a trusted third party. We propose a peer-to-peer network using proof-of-work to timestamp transactions, creating an immutable chain. The longest chain, backed by the most CPU power, proves transaction order. Security holds if honest nodes control most CPU power. The network is unstructured, with nodes freely joining or leaving, accepting the longest proof-of-work chain.
1. Introduction
Internet commerce depends on financial institutions as trusted intermediaries, raising transaction costs and limiting small payments. Non-reversible transactions are hard, enabling fraud. We propose a cryptographic, trustless system for direct transactions. A peer-to-peer timestamp server prevents double-spending if honest nodes dominate CPU power.
2. Transactions
An electronic coin is a chain of digital signatures. Owners sign a hash of the prior transaction and the next owner’s public key, appending it to the coin. Payees verify signatures to confirm ownership. Preventing double-spending without a central authority requires public transactions and node consensus on their order, ensuring most nodes accept a transaction as first received.
3. Timestamp Server
A timestamp server hashes a block of items and publishes the hash, proving data existence at that time. Each timestamp includes the prior one, forming a reinforcing chain.
4. Proof-of-Work
Using a proof-of-work system like Hashcash, a hash (e.g., SHA-256) must have leading zeros, requiring significant computation but easy verification. Each block’s proof-of-work links to the prior block, making changes costly. Proof-of-work ensures majority decisions via CPU power, not IP addresses. The longest chain, with the most proof-of-work, is valid. Difficulty adjusts to maintain consistent block creation.
5. Network
The network operates as:
1 Transactions broadcast to all nodes.
2 Nodes collect transactions into a block.
3 Nodes compute proof-of-work for the block.
4 Block is broadcast when proof-of-work is found.
5 Nodes accept valid, unspent transaction blocks.
6 Nodes build the next block using the accepted block’s hash.
Nodes follow the longest chain, switching if a longer branch appears. Broadcasts tolerate faults, and missed blocks are requested later.
6. Incentive
The first block transaction creates a new coin for the creator, encouraging network support. Transaction fees (input-output difference) also fund incentives. After a fixed coin issuance, fees sustain the system, avoiding inflation. Incentives discourage attacks, as generating coins is more profitable than undermining the system.
7. Reclaiming Disk Space
Old transactions are discarded using a Merkle Tree, with only the root hash in the block, saving space. Block headers (80 bytes) generate ~4.2MB yearly, manageable with modern storage.
8. Simplified Payment Verification
Users verify payments without a full node by keeping longest-chain block headers and using Merkle branches to link transactions to timestamps. This is secure if honest nodes dominate but vulnerable if attackers overpower the network. Node alerts for invalid blocks improve security. Businesses may run full nodes for faster verification.
9. Combining and Splitting Value
Transactions combine or split value with multiple inputs and outputs, typically one for payment and one for change. Fan-out dependencies are manageable without a full transaction history.
10. Privacy
Unlike banking’s restricted data access, Bitcoin transactions are public but anonymous via unlinked public keys. New key pairs per transaction enhance privacy, though multi-input transactions may reveal common ownership.
11. Calculations
An attacker racing the honest chain faces a Binomial Random Walk. If honest nodes have more CPU power (p > q), the attacker’s success probability drops exponentially with blocks (z). Examples:
• q=0.1, z=5: P=0.0009137
• q=0.3, z=24: P<0.001
Recipients wait for z blocks to ensure transaction permanence. Attacker progress follows a Poisson distribution.
12. Conclusion
Bitcoin enables trustless transactions using digital signatures and proof-of-work to prevent double-spending. The peer-to-peer network records a public transaction history, secure if honest nodes control most CPU power. Nodes operate without coordination or identity, following the longest proof-of-work chain. Consensus enforces rules and incentives.
References
1 W. Dai, “b-money,” 1998.
2 H. Massias et al., “Design of a secure timestamping service,” 1999.
3 S. Haber, W.S. Stornetta, “How to time-stamp a digital document,” 1991.
4 D. Bayer et al., “Improving the efficiency and reliability of digital time-stamping,” 1993.
5 S. Haber, W.S. Stornetta, “Secure names for bit-strings,” 1997.
6 A. Back, “Hashcash - a denial of service counter-measure,” 2002.
7 R.C. Merkle, “Protocols for public key cryptosystems,” 1980.
8 W. Feller, “An introduction to probability theory and its applications,” 1957. 3 replies
1 recast
7 reactions
0 reply
1 recast
3 reactions
1 reply
1 recast
2 reactions
4 replies
3 recasts
9 reactions
2 replies
1 recast
4 reactions