The Bitcoin White Paper is a freaking rabbit hole. To understand it you need to know about cryptography, networking, game theory, economics, computer science and so on. I’ll try to simplify it for you!
To understand the paper you’ll have first to understand:
- The Byzantine Generals’ Problem (BGP), watch the video to grasp the concept.
- Double-spending problem: this is the central topic of the paper, how to avoid someone to copy/paste the digital cash in a decentralized system.
- Hash functions, used for finger-printing transactions and other things.
- Asymmetric Cryptography, used for digital signatures.
Bitcoin: A Peer-to-Peer Electronic Cash System
The paper was published by Satoshi Nakamoto in October 2008 on The Cryptography Mailing List.
❓Who is Satoshi? Still a mystery.
⚠️ Satoshi owns ~ 1 million bitcoins!
Peer-To-Peer electronic cash can be achieved with digital signatures, but the problem is we avoid double-spending.
The proposed solution is a P2P network that timestamps the transactions by hashing them into an ongoing chain of hash-based proof-of-work — the blockchain.
⚠️ Satoshi built the code before writing the paper.
Online payments rely completely on financial institutions. Transactions are reversible so fraud is accepted and priced into the system.
A payment system based on cryptographic proof instead of trust would make transactions irreversible.
⚠️ Bitcoin is censorship-resistant. This important feature is not mentioned in the paper.
Bitcoin defines a coin as a chain of digital signatures. Each owner transfers a coin to the next owner by digitally signing the hash of the previous transaction and the public key of the next owner. Sounds good? 👍
How does the payee know that the payer didn’t double spend?
To solve this w/o a central authority we need to publish all the transactions, and the participants of the network need to agree on which order they happened.
3. Timestamp Server
A timestamp server could take a list of items and publish their hash into a newspaper or Usenet. The timestamp proves that that piece of information existed at a certain time.
To implement a peer-to-peer distributed timestamp Satoshi proposed to use a Proof of Work system similar to Adam Back’s Hashcash. Hashcash is a clever way to reduce email spam by using Proof of Work (PoW). Proof of Work is a mathematical puzzle that requires time to be solved.
The puzzle goes this way: it takes an input, add a random string to it (nonce), runs it through a hash function, the PoW is found when the output starts with a number of 0s. Finding a PoW with more 0s becomes increasingly difficult. In the following example, we’re searching PoW with difficulty 4 of “Hello World!”:
In Bitcoin, we find the PoW of the block including the previous hash. When we change any information in any block we need to re-run PoW in that block and all the next blocks.
⚠️ The network follows the correct chain with the most work (PoW), not the longest chain.
⚠️ The genesis block and other blocks are hardcoded in the Bitcoin code as checkpoints. Attackers can’t revert the chain below those checkpoints. The last checkpoint is in 2014.
⚠️ Bitcoin dynamically adjusts the difficulty every 2016 blocks (2 weeks), so that the network keeps mining block every ~ 10 minutes.
The network adds all the transactions into a block, then run PoW.
When PoW is found, the block is broadcasted. When the block is accepted the network starts working on the next block.
The first transaction in each new block is the mining reward. This is the incentive that goes to the winning miner in their efforts to support the network. Its function is also to fairly distribute the coins in circulation, via this PoW competition. The steady addition of new coins is analogous to gold mining—hence the term Bitcoin mining 🤯!
Another incentive to mine honestly is to capture the transaction fees.
When all the coins have been mined by the year 2140, the mining network can transition to profit entirely from transaction fees without the need for a block subsidy.
Basically the rewards structure is such as an attacker will find more profitable to play by the rule.
⚠️ There will be only 21 million bitcoins. That is defined in the code.
⚠️ The last coin may never be mined.
7. Reclaiming Disk Space and 8. Simplified Payment Verification
Satoshi was aware that the blockchain could have grown in space. To solve this problem the transactions are organized into a data structure called Merkle Tree. The tree can be used to verify transactions and can be pruned to save space.
Simplified Payment Verification nodes, or SPV nodes, keep a pruned version of the blockchain, making the node lighter.
⚠️ SPV nodes are not considered secure. A new better solution called Neutrino is in the work.
9. Combining and Splitting Value
A common misconception is that Bitcoin’s transaction system is based on accounts and balances. It uses a transaction system called the UTXO model.
Each transaction contains multiple inputs and outputs.
Normally each transaction has one input and at most two outputs, one for the receiver and one for the sender to take the rest. Think of paying $7 with a $10 bill, we’ll get back $3 in form of changes. Input and output must be the same amount to be a valid transaction.
In the traditional privacy model, the central authority knows the identities and transactions. In the Bitcoin privacy model, transactions are public and identities are private.
However, if the owner of a key is revealed, linking UTXOs can reveal all the transactions from that identity (Bitcoin address).
⚠️ Today is possible to make it much harder to follow the bread crumbs 🥖🍞 by using coinjoins, lightning network, hierarchical deterministic wallets.
An attacker can’t create new coins or invalid transactions, he can only reverse one of his transactions to take back the coins he recently spent. The probability an attacker finds the next block decreases as the number of blocks added to the chain increased. This section has a lot of math and statistics. Go read it if you’re into it, it’s quite fascinating.
⚠️The paper only noted the 51% attack, many new attacks on the system have been found since.
In conclusion, Satoshi proposed a cryptocurrency network. Amazing!
The system’s rules are enforced by its PoW consensus mechanism, and economic incentives help ensure that honest mining is more rewarding than malicious mining.
Ther reference section is also golden. It refers to, B-money, an early precursor of Bitcoin by Wei Dai. Haber and Stornetta paper on timestamping digital documents. Adam Back with Hashshcash. RC Merkle for the Merkle trees.
Curiously Bitgold by Nick Zsabo is not referenced here.
I hope you enjoy reading 🐰!
- Proof Of Work, this blog post explains with spreadsheets how PoW works
- The White Paper — Down Into The Rabbit Hole we read the white paper in the Learning Bitcoin meetup. Join us if you want to learn more about Bitcoin.
- Bitcoin paper errata and details, A description of known problems in the paper, as well as notes on terminology changes and how Bitcoin’s implementation differs from that described in the paper.
Thanks to Alex Min for reviewing and suggesting changes.