Bitcoin: What's in the whitepaper?

In August of 2008, the domain bitcoin.org was registered, and only three months later, a mysterious entity posted the original bitcoin whitepaper. Authored by Satoshi Nakamoto, an entity claiming to be a 36-year old Japanese man, the whitepaper is only a nine page document outlining the core fundamentals of bitcoin, and was followed by the first open source bitcoin client in January of 2009. Satoshi himself mined the first block, called the genesis block, which had a reward of 50 bitcoins.

Strangely enough, Satoshi seemed to be a real person, albeit a genius at that, and interacted heavily with other developers for several years, improving bitcoin while never revealing anything that could pin down who he really was. Then in April 2011, Nakamoto announced he had “moved on to other things”, and was never heard of again. Through the same genius that was able to invent a cryptographically secured currency, Satoshi Nakamoto fully obfuscated his identity, and to this day no one knows who he really was. Whoever it was must have had an extreme mastery of economics, cryptography, C++ programming, and peer to peer networking. Nakamoto was also incredibly skilled at writing in English.

So what did Satoshi write in the whitepaper that started this all? Well, he starts with an abstract, which I encourage everyone to read, where he lays out the goal of an entirely peer to peer payment system in which no broker entity is required other than the payment network itself.

After the abstract, Satoshi writes a basic introduction. The problem bitcoin is trying to solve is the lack of trust in electronic payments. Specifically, without a banking authority acting as the broker of online transactions, two entities attempting to transact have no way of ensuring the other is trustworthy.

What is needed is an electronic payment system based on cryptographic proof instead of trust, allowing any two willing parties to transact directly with each other without the need for a trusted third party.

Historically, the problem that mainly occurred in electronic payment systems is double spending, in which a single piece of currency could be spent multiple times when proper mechanisms were not in place. Bitcoin addresses this through its timestamp based chronological ledger of transactions. 

An electronic coin is defined as a chain of digital signatures, where the transfer of coins - or fractions thereof - is handled by digitally signing a hash of the previous transaction along with the cryptographic public key of the next owner. A receiver of coins can still not verify that the previous owner of that coin did not spend it multiple times, and this is where a minting authority usually comes into play in traditional exchange of money. Instead, though, Satoshi writes that another way to ensure double spending does not occur is through public announcement of all transactions, where the timestamp is critical. Based on when the transaction happened, a second transaction would need to be refused based on its timestamp, which would clearly state it occurred after the first.

How can we ensure the first transaction is known to everyone, though?

Satoshi digs into this exact question, diving right into how the timestamp server would need to behave. The timestamp server broadcasts a hash, which holds the previously diagrammed transaction records. By broadcasting this hash publicly, the timestamp generated by this public announcement serves as proof that the transaction must have existed then. Each new hash includes the previous hash along with a new block of data, forming a chain where each subsequent timestamp reinforces the one before it. 

The actual implementation of this timestamp server would occur through a proof-of-work mechanism, according to Satoshi. Similar to Adam Back’s Hashcash, the proof involves scanning for a value that when hashed begins with a specific number of zero bits. The work required to accomplish this grows exponentially with the number of zeros desired, and can be verified in a single hashing operation. 

Proof-of-work is meant to give each CPU in the network a single vote, where the subject of voting is validity of transactions.

The majority decision is represented by the longest chain, which has the greatest proof-of-work effort invested in it. If a majority of CPU power is controlled by honest nodes, the honest chain will grow the fastest and outpace any competing chains.

Satoshi writes about honest nodes here, where a dishonest node would be a potential attacker on the cryptocurrency’s network. By the mechanisms outlined so far, an attacker would have to redo the proof-of-work of all blocks in a specific chain to overtake the honest nodes’ chain. Through probabilistic algebra outlined in section 11 of the whitepaper, Satoshi showed that this is very unlikely.

Proof-of-work is dictated by a difficulty, which is determined by a moving average targeting a specific number of blocks per hour, so as to avoid the effects of ever improving hardware, among other things. If blocks are generated too fast, the difficulty increases automatically. The goal time per block is 10 minutes, and with the current craze the difficulty has risen exponentially as global hashing power has flown into the network. Unlike the price graph, difficulty very rarely dips: 

The fifth section of the original bitcoin whitepaper lays out fairly simply how the network approval of transactions should occur. 

1) New transactions are broadcast to all nodes. 

2) Each node collects new transactions into a block. 

3) Each node works on finding a difficult proof-of-work for its block. 

4) When a node finds a proof-of-work, it broadcasts the block to all nodes. 

5) Nodes accept the block only if all transactions in it are valid and not already spent. 

6) Nodes express their acceptance of the block by working on creating the next block in the chain, using the hash of the accepted block as the previous hash. 

The longest chain is always assumed to be the correct one, and in times of competing chains of same length the earliest one received is worked on, while the second one is kept around in case it was actually the correct one all along. When a new block is then approved on one of the chains, this breaks that tie and the shorter chain is then abandoned. 

Bitcoin has two main sources for mining incentive. First is fairly straightforward, and is the transaction fee component. For every transaction sent in bitcoin, what is sent is always more than what is received by the designated receiver, and the difference is left to miners as a transaction fee reward. In addition, until all 21 million coins are mined, each new block has a coin reward associated with it which are entirely new bitcoins. This reward halves every 210,000 blocks, and is currently projected to halve again from 12.5 coins to 6.25 coins in 2020. As was mentioned earlier, the genesis block had a reward of 50 coins, and has already halved twice to the current 12.5 coin/block reward.

The seventh section dives into the fact that all blocks need not be broadcast everywhere all the time, a good thing since the current blockchain of over half a million blocks is well over 100GB of data. Satoshi writes about how some elements of the chain can be pruned over time to reduce the size of the chain passed around to the various bitcoin nodes. Basically, transactions that have been verified and buried under other accepted blocks can start being pruned off without breaking the block’s hash. Using a Merkle tree, the chain can be compacted, which today means a node does not need to store the entire bitcoin blockchain, and instead can run with only several gigabytes of space. 

The paper then dives into how a payment is verified. Users on the network, writes Satoshi, do not need to run a full node, and really only need the block headers of the longest chain, which they can ascertain by querying other nodes on the network until they are convinced the longest chain is in hand. The node can then link a transaction to the block it’s timestamped in, and while the node cannot verify the transaction by itself, by linking it to the network based chain, other nodes will then broadcast that block containing the linked transaction, and more blocks on top of that will then be added, further verifying the transaction by the network.  

As long as honest nodes control the network, says Satoshi, verification is reliable. If a single attacker can overpower the network, however, this malicious actor could verify their own transactions willy-nilly as long as they could continue to overpower the network.

Privacy is a big concern when the ledger of transactions is public. Just like the stock market tape, bitcoin publicly announces the size and timing of transactions, but the parties involved is not included in the transaction data itself.

Satoshi was a master in obfuscating his own identity, and he even writes that a new public private key pair should be used for each new transaction, which is not fool proof but can protect owners of transactions from being linked to many transactions should a single one be linked to them.

The 11th section dives into probabilistic math, specifically centered around showing the unlikeliness of a malicious actor being able to overpower the network. Satoshi relies on the assumption that the probability of a honest network node finding the next block is always greater than the probability of a malicious network node catching up, and goes on to show that once the honest chain is far enough ahead of an attacker chain it becomes exponentially more difficult for an attacker to overtake the honest network chain.

Satoshi concludes by stating:

We have proposed a system for electronic transactions without relying on trust.

The paper ends by declaring that any needed improvements to the network can be enforced through the voting mechanism used to verify transactions. This is how Bitcoin continues to evolve, years after the mysterious Satoshi Nakamoto disappeared back into the Internet. Bitcoin does rely on trust, however, trust that the software will do what it was written to do. Thankfully, that has definitely been the case so far, with many researchers, including world renowned security research Dan Kaminsky being unable to find severe flaws in the system Satoshi built. Who knows if Satoshi will reappear one day, but until then Bitcoin is growing like crazy, and I can only imagine Mr. Nakamoto would be proud of his invention.