Bitcoin White Paper: A Peer-to-Peer Electronic Cash System

Abstract

A purely peer-to-peer version of electronic cash would enable online payments to be sent directly from one party to another without relying on financial institutions. Digital signatures provide part of the solution, but the primary benefits are lost if a trusted third party is still required to prevent double-spending. We propose a solution to the double-spending problem using a peer-to-peer network. The network timestamps transactions by hashing them into an ongoing chain of proof-of-work, forming a record that cannot be altered without redoing the proof-of-work. The longest chain serves as proof of the sequence of events witnessed and confirms that it originated from the largest pool of CPU power. As long as honest nodes control the majority of CPU power, they will outpace attackers.

1. Introduction

Traditional online commerce relies heavily on financial institutions as trusted third parties to process payments. While this system works for most transactions, it suffers from inherent weaknesses:

• Irreversibility: Transactions cannot be truly irreversible, as financial institutions mediate disputes.
• High Costs: Mediation increases transaction costs, limiting small or casual payments.
• Trust Requirements: Merchants must collect excessive customer information to mitigate fraud.

Bitcoin solves these issues with a system based on cryptographic proof instead of trust, enabling direct transactions without intermediaries.

2. Transactions

A Bitcoin coin is defined as a chain of digital signatures. Each owner transfers the coin by signing a hash of the previous transaction and the next owner’s public key. To prevent double-spending:

• Transactions must be publicly announced.
• Participants must agree on a single history of transaction order.

3. Timestamp Server

The solution begins with a timestamp server. It hashes blocks of transactions and publishes the hash publicly, linking each timestamp to the previous one. This creates an immutable chain.

4. Proof-of-Work

To implement a decentralized timestamp server, Bitcoin uses proof-of-work (like Hashcash). Key steps:

• Nodes search for a nonce that creates a hash with a required number of leading zeros.
• Once found, the block cannot be changed without redoing the work.
• The longest chain represents the majority decision and the most CPU effort.

Difficulty adjusts dynamically to maintain a steady block creation rate.

5. Network Operation

1. Broadcast Transactions: New transactions are broadcast to all nodes.
2. Collect Transactions: Nodes gather transactions into a block.
3. Find Proof-of-Work: Nodes compete to solve the computational puzzle.
4. Broadcast Block: The winning node broadcasts the block.
5. Validate Block: Nodes accept the block if transactions are valid.
6. Extend Chain: Nodes work on the next block using the accepted block’s hash.

The longest chain is always considered valid. Temporary forks resolve when one chain overtakes another.

6. Incentives

• Block Reward: The first transaction in a block creates new coins for the miner.
• Transaction Fees: Fees incentivize miners to include transactions.

Honest nodes are incentivized to maintain the network’s integrity, as attacking it would devalue their rewards.

7. Disk Space Efficiency

Old transactions can be pruned using Merkle trees:

• Only the Merkle root is included in the block hash.
• Discarding spent transactions saves space without breaking the chain.

Annual storage is minimal (~4.2MB/year for block headers).

8. Simplified Payment Verification

Users can verify payments without running a full node by:

• Storing block headers of the longest chain.
• Checking Merkle branches linking transactions to blocks.

This method relies on honest nodes dominating the network.

9. Combining and Splitting Value

Transactions can have multiple inputs and outputs, enabling flexibility:

• Inputs: Combine smaller amounts from prior transactions.
• Outputs: Allocate payments and change.

No need to track full transaction history for validation.

10. Privacy

Bitcoin ensures privacy by:

• Keeping public keys anonymous.
• Using new key pairs for each transaction.

Transactions are public but not linked to identities (similar to stock exchange "tape" data).

11. Security Calculations

The probability an attacker catches up with the honest chain decreases exponentially with the number of blocks (z):

• Formula: P < (q/p)^z, where q = attacker’s CPU power, p = honest nodes’ power.
• Example: For q = 0.3 (30% attacker power), z = 24 blocks ensure P < 0.1%.

12. Conclusion

Bitcoin offers a trustless electronic payment system:

• Decentralized peer-to-peer network.
• Proof-of-work secures transaction history.
• Incentives align nodes with honest behavior.

This innovation enables transparent, secure, and accessible digital transactions.

FAQs

Q: How does Bitcoin prevent double-spending?
A: The network timestamps transactions into a proof-of-work chain, making alterations computationally impractical.

Q: What incentivizes miners?
A: Block rewards (new coins) and transaction fees.

Q: Can transactions be traced to individuals?
A: No—public keys are anonymous, though multi-input transactions may reveal linkages.

Q: How is storage efficiency achieved?
A: Merkle trees allow pruning of spent transactions while preserving block integrity.

Q: What’s the role of proof-of-work?
A: It secures the network by requiring computational effort to add blocks, deterring attacks.

👉 Learn more about Bitcoin’s technology