Bitcoin represents a radical innovation in digital currency, introduced through a groundbreaking 2008 white paper by the pseudonymous creator Satoshi Nakamoto. This document outlines the framework for a peer-to-peer electronic cash system that operates without centralized financial intermediaries. While the current Bitcoin ecosystem has evolved beyond the original specifications, the foundational principles remain highly relevant for understanding cryptocurrency fundamentals.
This article explores key sections from the first half of Nakamoto's paper, explaining the core mechanics that enable Bitcoin to function as a decentralized digital currency.
The Problem With Traditional Digital Payments
Internet commerce relies almost exclusively on financial institutions serving as trusted third parties to process electronic payments. While this system works adequately for most transactions, it suffers from inherent weaknesses rooted in its trust-based model.
The necessity for mediation increases transaction costs, limiting the practicality of small everyday payments and eliminating the possibility of irreversible payments for non-reversible services. With the potential for fraud, merchants must request more personal information from consumers than necessary. These costs and payment uncertainties can be avoided when using physical currency, but no mechanism exists to make payments over a communications channel without a trusted party.
The Bitcoin Solution: Cryptographic Proof Instead of Trust
What's needed is an electronic payment system based on cryptographic proof instead of trust, allowing any two willing parties to transact directly without requiring a trusted third party. Transactions that are computationally impractical to reverse would protect sellers from fraud, while routine escrow mechanisms could easily protect buyers.
Bitcoin solves this through a peer-to-peer distributed timestamp server that generates computational proof of a chronological sequence of transactions. The system remains secure as long as honest nodes collectively control more CPU power than any cooperating group of attacker nodes.
How Bitcoin Transactions Work
An electronic coin is defined as a chain of digital signatures. Each owner transfers the coin to the next by digitally signing a hash of the previous transaction and the next owner's public key, then adding these to the end of the coin. A payee can verify the signatures to verify the chain of ownership.
The problem with this approach is that the payee cannot verify that the owner didn't double-spend the coin. The standard solution involves introducing a trusted central authority or mint that checks every transaction for double-spending. After each transaction, the coin must be returned to the mint to issue a new coin, with only coins issued directly by the mint trusted not to be double-spent.
The problem with this solution is that the entire money system depends on the company running the mint, much like how banks operate. We need a way for the payee to know that the previous owners did not sign any earlier transactions. The only way to confirm the absence of a transaction is to be aware of all transactions.
The Timestamp Server Solution
The Bitcoin solution begins with a timestamp server. A timestamp server works by taking a hash of a block of items to be timestamped and widely publishing the hash, similar to how news organizations publish content in newspapers or Usenet posts. The timestamp proves that the data must have existed at the time to get into the hash.
Each timestamp includes the previous timestamp in its hash, forming a chain that reinforces previous timestamps by incorporating them into each new one.
Proof-of-Work: Securing the Timestamp System
To implement a distributed timestamp server on a peer-to-peer basis, Bitcoin uses a proof-of-work system similar to Adam Back's Hashcash rather than newspaper or Usenet publishing methods.
The proof-of-work involves scanning for a value that, when hashed (with SHA-256 for example), produces a hash with a certain number of leading zero bits. The average work required grows exponentially with the number of leading zero bits required, while verification can be done with a single hash.
In our timestamp network, we implement proof-of-work by incrementing a nonce in the block until a value is found that gives the block's hash the required number of leading zero bits. Once the CPU effort has been expended to satisfy the proof-of-work, the block cannot be changed without redoing the work. As later blocks are chained after it, the work to change the block would include redoing all blocks after it.
Proof-of-work also solves the problem of determining representation in majority decision making. If the majority were based on one-IP-address-one-vote, it could be subverted by anyone able to allocate many IP addresses. Proof-of-work is essentially one-CPU-one-vote. The majority decision is represented by the longest chain, which has the greatest proof-of-work effort invested in it.
Network Operation: How Nodes Reach Consensus
The steps to run the network are as follows:
- New transactions are broadcast to all nodes
- Each node collects new transactions into a block
- Each node works on finding a difficult proof-of-work for its block
- When a node finds a proof-of-work, it broadcasts the block to all nodes
- Nodes accept the block only if all transactions in it are valid and not already spent
- Nodes express their acceptance of the block by working on creating the next block in the chain, using the accepted block's hash as the previous hash
Nodes always consider the longest chain to be the correct one and will keep working on extending it. If two nodes broadcast different versions of the next block simultaneously, some nodes may receive one or the other first. In that case, they work on the first one they received but save the other branch in case it becomes longer.
The tie is broken when the next proof-of-work is found and one branch becomes longer; nodes then switch to the longer chain. New transaction broadcasts don't necessarily need to reach all nodes. As long as they reach many nodes, they will get into a block before long.
Incentive Structure: Rewarding Network Participation
By convention, the first transaction in a block is a special transaction that creates new coins owned by the creator of the block. This adds an incentive for nodes to support the network and provides a way to initially distribute coins into circulation, since there's no central authority to issue them.
The steady addition of a constant amount of new coins is analogous to gold miners expending resources to add gold to circulation. In our case, the resources being expended are CPU time and electricity.
The incentive can also be funded with transaction fees. If the output value of a transaction is less than its input value, the difference is a transaction fee that is added to the incentive value of the block containing the transaction. Once a predetermined number of coins have entered circulation, the incentive can transition entirely to transaction fees and be completely inflation-free.
The incentive may help encourage nodes to stay honest. If a greedy attacker is able to assemble more CPU power than all honest nodes, he would have to choose between using that power to defraud people by stealing back his payments or using it to generate new coins. He ought to find it more profitable to play by the rules that favor him with more new coins than everyone else combined, rather than undermining the system and the validity of his own wealth.
👉 Explore advanced cryptocurrency strategies
Frequently Asked Questions
What problem does Bitcoin solve that traditional digital payments couldn't?
Bitcoin solves the double-spending problem without requiring a trusted central authority. Traditional digital payment systems require financial institutions to verify transactions and prevent users from spending the same money twice. Bitcoin uses cryptographic proof and a distributed consensus mechanism to achieve this in a decentralized manner.
How does proof-of-work secure the Bitcoin network?
Proof-of-work requires participants to expend computational effort to add new blocks to the blockchain. This process makes it economically impractical to alter past transactions because an attacker would need to redo all the proof-of-work for the block they want to change and all subsequent blocks, which would require overwhelming computational resources.
What incentives do nodes have to participate in the Bitcoin network?
Nodes are incentivized through block rewards (newly created bitcoins) and transaction fees. The first transaction in each new block creates new coins owned by the block creator. This reward system encourages participants to contribute computational power to secure the network and process transactions.
Can Bitcoin transactions be reversed?
Once confirmed and added to the blockchain, Bitcoin transactions are practically irreversible. This protects merchants from fraud while escrow services can be used to protect buyers. This irreversibility differs significantly from traditional electronic payments which often allow chargebacks and reversals.
How does the Bitcoin network handle conflicting transactions?
The network resolves conflicts through the longest chain rule. Nodes always consider the longest blockchain to be the valid one. If two nodes broadcast different versions of a block simultaneously, the network will eventually converge on one chain as more proof-of-work is added, making one branch longer than the other.
What happens if different parts of the network receive different transactions?
The system is designed to handle temporary inconsistencies. Nodes save alternative branches and eventually switch to the longest chain once it becomes apparent which branch has more computational work behind it. This ensures the network eventually reaches consensus on the valid transaction history.