Bitcoin: A Peer-to-Peer Electronic Cash System By Satoshi Nakamoto

The Bitcoin Whitepaper Annotated, Summarized, and Explained

Satoshi Nakamoto (a pseudonym) published his infamous white paper titled Bitcoin: A Peer-to-Peer Electronic Cash System in 2008 detailing the system that would become Bitcoin. We explain his white paper.

READ: Bitcoin: A Peer-to-Peer Electronic Cash System.

The Concept: Satoshi lays out a peer-to-peer electronic payments system based on cryptography instead of trust AKA Bitcoin. He describes how the technology we now call “blockchain” works, how transactions are broadcast by the network, and how transaction are added to a public blockchain-based ledger.

What is needed is an electronic payment system based on cryptographic proof instead of trust, allowing any two willing parties to transact directly with each other without the need for a trusted third party.

The Gist: Transactions are encrypted and broadcast to a network of computers running Bitcoin software. Those transactions are then recorded on a digital public ledger called a blockchain. Transactions are added to the ledger sequentially in blocks connected by cryptographic codes called “hashes.” The order and content of the blocks is ensured by consensus (many people running the Bitcoin software around the world) and cryptography (the blocks are connected by hashes and one must solve cryptographic puzzles using computer programs to add them). The system is a proof-of-work system where the computational power required to solve the cryptographic puzzles required to add transactions to the ledger is the work.

Abstract. A purely peer-to-peer version of electronic cash would allow online payments to be sent directly from one party to another without going through a financial institution. Digital signatures provide part of the solution, but the main benefits are lost if a trusted third party is still required to prevent double-spending. We propose a solution to the double-spending problem using a peer-to-peer network. The network timestamps transactions by hashing them into an ongoing chain of hash-based proof-of-work, forming a record that cannot be changed without redoing the proof-of-work. The longest chain not only serves as proof of the sequence of events witnessed, but proof that it came from the largest pool of CPU power. As long as a majority of CPU power is controlled by nodes that are not cooperating to attack the network, they’ll generate the longest chain and outpace attackers. The network itself requires minimal structure. Messages are broadcast on a best effort basis, and nodes can leave and rejoin the network at will, accepting the longest proof-of-work chain as proof of what happened while they were gone.

How Bitcoin Works Under the Hood.

Transactions: In the section “transactions” Satoshi describes how public key cryptography is used to move balances of Bitcoin around on the ledger. Essentially if a person has knowledge of a “private key,” they can move balances around associated with that private key by signing transactions. Only a person with knowledge of a private key can sign such a transaction. The system solves the problem of double-spending without centralization by making all users aware of every transaction in an encrypted form (this builds consensus in terms of what the correct version of the ledger is). Thus, one cannot double spend, since the first time they spent funds has already been recorded on the blockchain. TIP: The system relies on consensus and classic public key cryptography. Public key cryptography is a type of one-way cryptography that creates a type of hash called a token. Tokens don’t contain identifying data and can be sent across the internet and stored on the public ledger without compromising data like private keys.

FACT: A public address is a hash of a public key, a public key is a hash or a private key, and a signature is a hash created using a private key. The private key is… “the key” in public key cryptography. The term public key is referring to the fact that the public key can be known by anyone, but the private key is needed to decrypt it. In this sense, public key cryptography is a good example of one-way cryptography.

Timestamp Server: Blocks of transactions added to the blockchain have to be added sequentially for the ledger to have meaning (otherwise there would be a double spending issue). This section describes how that works. Essentially, a hash of a block is timestamped and broadcast to the public. Each timestamp includes the previous timestamp in its hash, forming a chain, with each additional timestamp reinforcing the ones before it (this chain of timestamped blocks is “a blockchain”).

FACT: “Distributed timestamp server” = “blockchain.” Satoshi suggests the hashes could be published in a newspaper in this section, in the next section he describes a more elegant solution, proof-of-work.

Proof-of-Work: To add a block sequentially in a peer-to-peer system a proof-of-work solution is suggested. This section simply describes how that works. Essentially, in simple terms, one uses a computer to solve a cryptographic puzzle that allows them to add one block of transactions to the blockchain. Once that block is added the work has to be redone every time (so if you wanted to change 3 blocks back you would have to redo the work for each block after that). This section is a little heady, but the idea is to create a democratic system for securing the ledger. One-CPU-one-vote. The system uses difficulty adjustments to compensate for the inevitable increase of hardware speeds.

Proof-of-work is essentially one-CPU-one-vote. The majority decision is represented by the longest chain, which has the greatest proof-of-work effort invested in it. If a majority of CPU power is controlled by honest nodes, the honest chain will grow the fastest and outpace any competing chains. To modify a past block, an attacker would have to redo the proof-of-work of the block and all blocks after it and then catch up with and surpass the work of the honest nodes. We will show later that the probability of a slower attacker catching up diminishes exponentially as subsequent blocks are added. To compensate for increasing hardware speed and varying interest in running nodes over time, the proof-of-work difficulty is determined by a moving average targeting an average number of blocks per hour. If they’re generated too fast, the difficulty increases.

Network: This section is useful in that it describes sequentially how the network works (the network being everything from a transaction being broadcast to it being recorded). This is probably the best answer as to “how Bitcoin works” (although the last few sections were important). As you can read below, with every node (that is computer connected to the network) solving the proof-of-work puzzle, it builds consensus and keeps the ledger honest. Faking a ledger would require doing a lot of work, but even if that work was done the fake ledger would lack consensus.

The steps to run the network are as follows: 1) New transactions are broadcast to all nodes. 2) Each node collects new transactions into a block. 3) Each node works on finding a difficult proof-of-work for its block. 4) When a node finds a proof-of-work, it broadcasts the block to all nodes. 5) Nodes accept the block only if all transactions in it are valid and not already spent. 6) Nodes express their acceptance of the block by working on creating the next block in the chain, using the hash of the accepted block as the previous hash.

Nodes always consider the longest chain to be the correct one and will keep working on extending it. If two nodes broadcast different versions of the next block simultaneously, some nodes may receive one or the other first. In that case, they work on the first one they received, but save the other branch in case it becomes longer. The tie will be broken when the next proofof-work is found and one branch becomes longer; the nodes that were working on the other branch will then switch to the longer one.

Incentive: Why would you spend all that time and money running a node? Because you get awarded Bitcoin for it. New Bitcoins are actually created as rewards for mining blocks. This system even helps incentivize a would be hacker to actually mine instead of trying to alter the ledger (as they would forfeit all their rewards if they spent their time trying to steal coins instead).

The incentive may help encourage nodes to stay honest. If a greedy attacker is able to assemble more CPU power than all the honest nodes, he would have to choose between using it to defraud people by stealing back his payments, or using it to generate new coins. He ought to find it more profitable to play by the rules, such rules that favour him with more new coins than everyone else combined, than to undermine the system and the validity of his own wealth.

Reclaiming Disk Space: Obviously keeping a running record of everything is going to create a really large file (just ask Ethereum). A solution is presented which uses a Merkle Tree.

Simplified Payment Verification: Payments can be made without running a full node.

It is possible to verify payments without running a full network node. A user only needs to keep a copy of the block headers of the longest proof-of-work chain, which he can get by querying network nodes until he’s convinced he has the longest chain, and obtain the Merkle branch linking the transaction to the block it’s timestamped in. He can’t check the transaction for himself, but by linking it to a place in the chain, he can see that a network node has accepted it, and blocks added after it further confirm the network has accepted it.

Combining and Splitting Value: Multiple inputs and outputs are allowed so one doesn’t have to do separate transactions for every “cent.”

Privacy: The system is public, but private due to the way it is encrypted. Everything is known, but no one is identified. Kind of like Satoshi himself.

Calculations: A bunch of calculations, see the paper.

Bitcoin Protocol Explained 1 – Bitcoin paper broken down step by step.