The Bitcoin whitepaper, formally titled "Bitcoin: A Peer-to-Peer Electronic Cash System," was authored by the pseudonymous creator Satoshi Nakamoto. This foundational document outlines the technical framework for a decentralized digital currency that operates without the need for trusted intermediaries like banks or financial institutions.
Below, we explore the key concepts and mechanisms described in the original whitepaper, providing a detailed yet accessible overview of Bitcoin’s underlying technology.
Introduction to Bitcoin’s Core Philosophy
Traditional electronic commerce relies heavily on financial institutions acting as trusted third parties to process online payments. While this system works adequately for most transactions, it suffers from inherent weaknesses rooted in its trust-based model. Disputes and reversals lead to increased transaction costs, limit the feasibility of micropayments, and eliminate the possibility of truly irreversible transactions for irreversible services.
Bitcoin introduces a cryptographic proof-based system that enables two willing parties to transact directly without relying on a trusted intermediary. Transactions are computationally impractical to reverse, protecting sellers from fraud, while buyers benefit from routine escrow mechanisms. This system solves the long-standing problem of double-spending in digital cash systems through a peer-to-peer distributed timestamp server.
How Bitcoin Transactions Work
An electronic coin in Bitcoin is defined as a chain of digital signatures. Each owner transfers the coin to the next by digitally signing a hash of the previous transaction and the public key of the next owner, then adding these to the coin. The recipient can verify the signatures to confirm the chain of ownership.
The challenge lies in preventing double-spending—ensuring that a previous owner hasn’t already signed another transaction with the same coin. Bitcoin’s solution replaces the need for a central mint with a public transaction ledger, where all transactions are broadcast to the network, and participants agree on a single chronological history of events.
The Role of the Timestamp Server
The Bitcoin network utilizes a distributed timestamp server to assign chronological order to transactions. This server works by taking a hash of a block of items to be timestamped and widely publishing the hash, similar to a newspaper or Usenet post. Each timestamp includes the previous timestamp in its hash, forming a continuous chain that reinforces all prior timestamps.
Proof-of-Work: Securing the Network
To implement a distributed timestamp server on a peer-to-peer basis, Bitcoin uses a proof-of-work system similar to Adam Back’s Hashcash. This involves scanning for a value that, when hashed (e.g., with SHA-256), produces a hash with a required number of leading zero bits. The average work required is exponential to the number of zero bits required, and the result can be verified with a single hash.
Proof-of-work secures the network by making it computationally expensive to alter past transactions. Changing any block would require redoing the proof-of-work for that block and all subsequent blocks. The longest chain of blocks not only serves as proof of the sequence of events but also as proof that it came from the largest pool of computational power.
The system also addresses the issue of majority representation. Instead of one-IP-address-one-vote, which could be subverted by anyone able to allocate many IPs, Bitcoin uses one-CPU-one-vote through proof-of-work.
Network Operation and Consensus
The steps to run the network are as follows:
- New transactions are broadcast to all nodes.
- Each node collects new transactions into a block.
- Each node works on finding a proof-of-work for its block.
- When a node finds a proof-of-work, it broadcasts the block to all nodes.
- Nodes accept the block only if all transactions in it are valid and not already spent.
- Nodes express their acceptance of the block by working on creating the next block in the chain, using the accepted block’s hash as the previous hash.
Nodes always consider the longest chain to be the correct one and will continue to extend it. If two nodes broadcast different versions of the next block simultaneously, some nodes may receive one version first and others the second. In this case, nodes work on the first version they received but save the other branch in case it becomes longer. The tie is broken when the next proof-of-work is found, and one branch becomes longer; nodes then switch to the longer chain.
👉 Explore real-time blockchain tools
Incentives for Participation
By convention, the first transaction in a block is a special transaction that creates new coins owned by the creator of the block. This incentivizes nodes to support the network and provides a mechanism for initially distributing coins into circulation without a central authority.
The steady addition of a constant amount of new coins is analogous to gold miners expending resources to add gold to circulation. In Bitcoin, the resources expended are computational power, time, and electricity.
Incentives can also be funded by transaction fees. If the output value of a transaction is less than its input value, the difference is a transaction fee added to the incentive value of the block containing that transaction. Once a predetermined number of coins have entered circulation, incentives can transition entirely to transaction fees, making the system inflation-free.
Incentives encourage nodes to remain honest. If a greedy attacker amasses more computational power than all honest nodes, they must choose between using that power to defraud others by stealing back payments or using it to generate new coins. They would find it more profitable to play by the rules—earning more new coins than everyone else combined—than to undermine the system and the validity of their own wealth.
Optimizing Storage with Merkle Trees
Once the latest transaction in a coin is buried under enough blocks, spent transactions can be discarded to save disk space. To facilitate this without breaking the block’s hash, transactions are hashed in a Merkle tree, with only the root included in the block’s hash. Old blocks can be compacted by pruning off branches of the tree; the inner hashes do not need to be stored.
A block header without transactions is about 80 bytes. Assuming blocks are generated every 10 minutes, 4.2MB of storage per year is required. Given the growth in storage capacity predicted by Moore’s Law, storing the block headers is not expected to be a problem.
Simplified Payment Verification
It is possible to verify payments without running a full network node. A user only needs to keep a copy of the block headers of the longest proof-of-work chain, which can be obtained by querying network nodes until convinced of its validity. The user can then obtain the Merkle branch linking the transaction to the block it is timestamped in.
While this verification is reliable as long as honest nodes control the network, it is more vulnerable if the network is overpowered by an attacker. For greater security, businesses receiving frequent payments may want to run their own nodes for independent verification.
Privacy in the Bitcoin Network
The traditional banking model achieves privacy by limiting access to information to the parties involved and the trusted intermediary. Bitcoin’s public transaction broadcast makes this impractical, but privacy can still be maintained by keeping public keys anonymous. The public can see that someone is sending an amount to someone else but without information linking the transaction to anyone.
As an additional firewall, a new key pair should be used for each transaction to prevent them from being linked to a common owner. Some linkage is still inevitable with multi-input transactions, which necessarily reveal that their inputs were owned by the same owner.
Frequently Asked Questions
What is the main goal of the Bitcoin whitepaper?
The whitepaper aims to introduce a peer-to-peer electronic cash system that enables online payments to be sent directly from one party to another without going through a financial institution. It solves the double-spending problem using a decentralized network and proof-of-work.
How does proof-of-work secure the Bitcoin network?
Proof-of-work involves solving computationally difficult puzzles to add new blocks to the blockchain. This process requires significant resources, making it impractical for attackers to alter past transactions without controlling a majority of the network’s computational power.
What are the incentives for miners to participate?
Miners are rewarded with newly created bitcoins and transaction fees for validating transactions and securing the network. This incentive structure encourages honest participation and maintains the system’s decentralized nature.
Can Bitcoin transactions remain private?
While all transactions are publicly recorded on the blockchain, users can maintain privacy by using new key pairs for each transaction and avoiding reuse of addresses. However, some transaction patterns may still reveal linkages.
How does simplified payment verification work?
Users can verify transactions without running a full node by downloading block headers and checking Merkle branches. This method is efficient but relies on the assumption that honest nodes control the network.
What is the role of the timestamp server?
The timestamp server orders transactions chronologically by including hashes of previous blocks in new blocks. This creates an immutable chain where altering any block would require redoing all subsequent proof-of-work.
Conclusion
Bitcoin presents a system for electronic transactions without relying on trust in intermediaries. It begins with the framework of digital signatures for ownership control and enhances it with a proof-of-work-based peer-to-peer network to prevent double-spending.
The network is robust due to its simplicity and lack of centralized structure. Nodes work simultaneously with minimal coordination, messages are broadcast on a best-effort basis, and nodes can leave and rejoin the network at will. They vote with their computational power, accepting valid blocks by working on extending them and rejecting invalid ones by refusing to work on them.
This consensus mechanism allows for the enforcement of any necessary rules and incentives, creating a secure, decentralized digital currency system.