Bitcoin: A Peer-to-Peer Electronic Cash System
Satoshi Nakamoto
[email protected]
https://t.co/G8BUvnF9nT
Abstract. A purely peer-to-peer version of electronic cash would allow online payments to be sent directly from one party to another without going through a financial
Commerce on the Internet has come to rely almost exclusively on financial
2. Transactions
We define an electronic coin as a chain of digital signatures.
We need a way for the payee to know that the previous owners did not sign any earlier transactions. For our purposes, the earliest transaction is the one that counts, so we don't care about later attempts to double-spend. The only way to confirm the absence of a
3. Timestamp Server
The solution we propose begins with a timestamp server. A timestamp server
4. Proof-of-Work
To implement a distributed timestamp server on a peer-to-peer basis, we will need to use a proof- of-work system similar to Adam Back's Hashcash [6],
For our timestamp network, we implement the proof-of-work by incrementing a nonce in the block until a value is found that gives the block's hash the required zero bits. Once the CPU effort has been expended to make it satisfy the proof-of-work, the block cannot be
The proof-of-work also solves the problem of determining representation in majority decision making. If the majority were based on
To compensate for increasing hardware speed and varying interest in running nodes over time, the proof-of-work
5. Network
The steps to run the network are as follows:
2) Each node collects new transactions into a block.
3) Each node works on finding a difficult proof-of-work for its block.
4) When a node finds a proof-of-work, it broadcasts the block to all nodes.
6) Nodes express their acceptance of the block by working on creating the next block in the
chain, using the hash of the accepted block as the previous hash.
New transaction broadcasts do not necessarily
By convention, the first transaction in a block is a special transaction that starts a new coin owned by the creator of the block. This adds an incentive for nodes to support the network, and provides a way to initially distribute coins into circulation, since there
The incentive may help encourage nodes to stay honest. If a greedy attacker is able to assemble more CPU power than all the honest nodes, he would have to choose
7. Reclaiming Disk Space
Once the latest transaction in a coin is buried under enough blocks, the spent transactions before it can be discarded to save disk space. To facilitate this without breaking the block's hash, transactions are hashed in a Merkle Tree
8. Simplified Payment Verification
It is possible to verify payments without running a full network node. A user only needs to keep a copy of the block headers of the longest proof-of-work
9. Combining and Splitting Value
Although it would be possible to handle coins individually, it would
The traditional banking model achieves a level of privacy by limiting access to information to the parties involved and the trusted third party. The necessity to announce all transactions publicly precludes this method, but privacy can still be maintained by breaking
We consider the scenario of an attacker trying to generate an alternate chain faster than the honest chain. Even if this is accomplished, it does not throw the system open to arbitrary changes, such as creating value out of thin air or taking money that never
The probability of an attacker catching up from a given deficit is analogous to a Gambler's Ruin problem. Suppose a gambler with unlimited credit starts at a deficit and plays potentially an infinite number of trials to try to reach breakeven.
p = probability an honest node finds the next block
q = probability the attacker finds the next block
The receiver generates a new key pair and gives the public key to the sender shortly before signing. This prevents the sender from preparing a chain of
The recipient waits until the transaction has been added to a block and z blocks have been linked after it. He doesn't know the exact amount of progress the attacker has made, but assuming the honest blocks took the average expected time per block, the
each amount of progress he could have made by the probability he could catch up from that point:
#include
double AttackerSuccessProbability(double q, int z) {
double p = 1.0 - q;
double lambda = z * (q / p); double sum = 1.0;
int i, k;
for (k = 0; k <= z; k++)
{
double poisson = exp(-lambda); for (i = 1; i <= k; i++)
poisson *= lambda / i;
}
return sum; }
Running some results, we can see the probability drop off exponentially with z.
q=0.1
z=0 P=1.0000000
z=1 P=0.2045873
z=2 P=0.0509779
z=3 P=0.0131722
z=4 P=0.0034552
z=5 P=0.0009137
z=6 P=0.0002428
z=7 P=0.0000647
z=9 P=0.0000046
z=10 P=0.0000012
q=0.3
z=0 P=1.0000000
z=5 P=0.1773523
z=10 P=0.0416605
z=15 P=0.0101008
z=20 P=0.0024804
z=25 P=0.0006132
z=30 P=0.0001522
z=35 P=0.0000379
z=40 P=0.0000095
z=45 P=0.0000024
z=50 P=0.0000006
P < 0.001 q=0.10 z=5
q=0.15 z=8
q=0.20 z=11
q=0.25 z=15
q=0.30 z=24
q=0.35 z=41
q=0.40 z=89
q=0.45 z=340
We have proposed a system for electronic transactions without relying on trust. We started with the usual framework of coins made from digital signatures, which provides strong control of ownership, but is incomplete without a way to prevent double-spending.
References
[1] W. Dai, "b-money," https://t.co/kahMDkp7TM, 1998.
[2] H. Massias, X.S. Avila, and J.-J. Quisquater, "Design of a secure timestamping service with minimal
trust requirements," In 20th Symposium on Information Theory in the Benelux, May 1999.
2, pages 99-111, 1991.
[4] D. Bayer, S. Haber, W.S. Stornetta, "Improving the efficiency and reliability of digital time-stamping,"
In Sequences II: Methods in Communication,
[5] S. Haber, W.S. Stornetta, "Secure names for bit-strings," In Proceedings of the 4th ACM Conference
on Computer and Communications Security, pages 28-35, April 1997.
[6] A. Back, "Hashcash - a denial of service
https://t.co/ElYZGUzPRd, 2002.
[7] R.C. Merkle, "Protocols for public key cryptosystems," In Proc. 1980 Symposium on Security and
Privacy, IEEE Computer Society, pages 122-133, April 1980.
[8] W. Feller, "An introduction to probability theory and its
More from Bitcoin
Agree mate. Well done @ttmygh @profplum99 and @nic__carter on a ripping show. Im obviously in the "gold is superior" camp, though I am long #BTC (tiny position). I thought the best/most interesting point of whole debate was raised by @profplum99 regarding the fact that a 1/n
#Bitcoin transaction is never really final, given the energy required to keep the network running, and obviously its scale issues will only grow over time. That said, I actually though @nic__carter "won" the debate as it were, and I was unconvinced by the threat to national 2/n
security or undermining Fed policy angles Mike put forward. Two areas that are super interesting to me. One is the issue of #Bitcoin ownership, and how concentrated it is in terms of a small % of addresses that own most of it (2% addresses > 95% of holdings I think). 3/n
made great point a lot of this is omnibus/exchange related - so exchange or fund - ie @Grayscale holds #bitcoin for multiple investors. That may well be true - but it brings up 2 other issues. One - it proves that #bitcoin doesn't really "work" without 4/n
centralisation - as this implies most people need exchanges or funds (or @Paypal) to buy it. If so, that kills off a major "bitcoin is better than gold argument" - as in reality, gold is way more decentralised (from mine supply to ownership distribution). It also brings up a 5/n
Exceptional listen on #Bitcoin.
— Joseph Skewes (@josephskewes) January 26, 2021
In particular Nic's responses to Mike's aggressive anti-BTC stance.
One dispute with Nic: Even if crypto mail list was best place to announce BTC, if Satoshi wanted fair distribution, surely creating 50% of the supply by Nov 2012 was too fast? https://t.co/e1Hpx4wWOu
#Bitcoin transaction is never really final, given the energy required to keep the network running, and obviously its scale issues will only grow over time. That said, I actually though @nic__carter "won" the debate as it were, and I was unconvinced by the threat to national 2/n
security or undermining Fed policy angles Mike put forward. Two areas that are super interesting to me. One is the issue of #Bitcoin ownership, and how concentrated it is in terms of a small % of addresses that own most of it (2% addresses > 95% of holdings I think). 3/n
made great point a lot of this is omnibus/exchange related - so exchange or fund - ie @Grayscale holds #bitcoin for multiple investors. That may well be true - but it brings up 2 other issues. One - it proves that #bitcoin doesn't really "work" without 4/n
centralisation - as this implies most people need exchanges or funds (or @Paypal) to buy it. If so, that kills off a major "bitcoin is better than gold argument" - as in reality, gold is way more decentralised (from mine supply to ownership distribution). It also brings up a 5/n
I have a different take on bitcoin, tether, and dollars
Can also speak with authority on nation state violence
"Nothing makes you feel more free than taking another person's freedom"
and @profplum99 concerns with tether, bitcoin, and decentralization make sense yet I remain long BTC
They are correct on force, I worked in decentralized societies, they are dangerous because the state does not have a monopoly on violence
For those in the first world who have never seen a milita ride out of the desert, kill and enslave farmers, and the government cannot stop it because the 21st century slave trade pays better than the UN, the reality of decentralization is might equals right
I know, that isn't the decentralized future Buterin talks about while wearing a t-shirt with a cat fighting space invaders on it (love those shirts)
But we need to be real, disrupting the global centralized economy won't be like Uber putting taxis out of work
It will be war and faminine level disruption as old empires come alive again
For decentralization to rise the centralized global power of the last 70 years (US Hegemony) has to weaken
Yes we will be rich, but as the Big Short says,
"you can be happy, just don't fucking dance"
Can also speak with authority on nation state violence
"Nothing makes you feel more free than taking another person's freedom"
After much investigation and conversations with people on here, I\u2019ve formed a relatively robust theory of what may be happening with Tether.
— Travis Kimmel (@coloradotravis) January 18, 2021
This thread will attempt to lay it out with neutral language for the purpose of discussion.
1/
and @profplum99 concerns with tether, bitcoin, and decentralization make sense yet I remain long BTC
They are correct on force, I worked in decentralized societies, they are dangerous because the state does not have a monopoly on violence
For those in the first world who have never seen a milita ride out of the desert, kill and enslave farmers, and the government cannot stop it because the 21st century slave trade pays better than the UN, the reality of decentralization is might equals right
I know, that isn't the decentralized future Buterin talks about while wearing a t-shirt with a cat fighting space invaders on it (love those shirts)
But we need to be real, disrupting the global centralized economy won't be like Uber putting taxis out of work
It will be war and faminine level disruption as old empires come alive again
For decentralization to rise the centralized global power of the last 70 years (US Hegemony) has to weaken
Yes we will be rich, but as the Big Short says,
"you can be happy, just don't fucking dance"