Notes on 'Bitcoin: A Peer-to-Peer Electronic Cash System'

Link: https://bitcoin.org/bitcoin.pdf

Bitcoin is the first electronic coin to succeed, and it’s truly a child of its time. It’s hard to compare it to normal money because so many of the concepts are foreign to non-tech people. Despite being foreign, the fundamentals are all there: store of value, transactions, incentives, money supply, etc.

The paper was published almost 10 years ago by Satoshi Nakamoto. It signifies the start of cryptocurrencies being taken seriously. If you are interested in cryptocurrency, you should read this paper. It is very short and readable.

These rough working notes were taken after (re-)reading the paper and without referencing it. This is part of an experiment I am doing in getting better at note taking and absorbing what I am reading. Thus these notes are incomplete and might contain errors.

The paper

Bitcoin is a new kind of money. It allows for the transaction of value directly between two individuals, as opposed to via a third-party financial institution, such as a bank. It does this using public key cryptography, where one person can sign a transaction saying: “I want person with with this digital signature to have this money”. Since it lacks a central point of authority, it works as a peer to peer network. The transactions are kept in a public ledger called the blockchain.

This allows for showing intent of transferring money, but there’s a long standing problem of double-spending, whereby an individual can spend the same money twice. The way to solve that is to be aware of all transactions that have taken place at a given point in time. Assuming we know money has already been spent once at time t, at time t+1 we can see validate that money hasn’t been spent already.

If we have a public record of transactions, we need to come to a consensus about the order of these transactions. Bitcoin does this by using a distributed timestamp server that chains blocks of transactions together, i.e. a blockchain. Each block is mined by miners that solve a hard math problem that takes some amount of CPU power.

Motivations

One of the aims of Bitcoin is to eliminate the trust issue trust which pervades the traditional financial system. Fraud is inevitable, since transactions are reversible and there are a lot of messy parts when it comes to figuring out the state of bank transactions. Examples of things that can, and routinely do go wrong: (a) stealing a credit card number (b) customer issues chargeback © bank error, and more. It seems to me that the main reason this is solved is because of (a) the immutabile nature of the public ledger and (b) a decoupling of identity and keys/transactions, which means each individual is in charge of their money. It’s more like the wild west, but it also gives the individual who knows what they are doing more control.

Another, not explicitly stated goal, is to have a currency not controlled by a central government. This is quite clear if you read the background literature in Cypherpunk, which is where the idea of electronic cash first came about. This is called into question with the current (year 2017) scaling controversy around the group controlling the development of the official Bitcoin client.

Another interesting propery is that the money supply is controlled in advance, which is very unlike fiat currency, and makes Bitcoin more similar to gold. This is also not talked about in this specific paper.

Mining

Mining a block requires time and effort. Once some miner finds a block, it publishes this to the rest of the network. Each node verifies that the transactions in that block haven’t already taken place, as well as making sure the proof of work hash makes sense. This works because, just like in public key cryptography, we can construct a function f: x -> y where it is very hard to find x given y, but it is easy to find y given x. This is a one-way function. I wish I could give some visual example of this difficulty, or perhaps simulate it. But it’s an implementation detail, as far as Bitcoin is concerned.

If an individual node receives a block and it is valid, it incorporates that into its blockchain and start working on the next block. As an individual user (or node, for that matter) wants to check what the source of truth of the system is, it simply queries a bunch of nodes to figure out which chain of blocks is the longest.

Sometimes two blocks are found at roughly the same time. The way this gets resolved is that each node keeps track of multiple chains until it is clear which one is longest. The longest one is the valid one. 1 CPU = 1 vote in this system. This is why multiple confirmations are often needed to ensure a transaction went through.

A block consists of some state, such as hash of the previous block, a list of transactions, a block number and a nonce. The nonce is the number such that the SHA256 of the whole block starts with a specified number of zeroes. This is how the difficulty of mining a block is determined. It’s very easy to check that the SHA256 of the block has the desired property, but if you change the nonce it is very difficult to get the SHA256 to be right. There’s some code that each node is running which ensures that it takes, on average, 10 minutes to find the next block.

It isn’t clear to me how it is ensured each node is running the same or a similar client. This is also not touched upon in the paper, but I assume there are some codified rules that means nodes accept block updates from other nodes that fulfill certain properties.

Incentives

Why should people mine blocks? By convention, the first transaction in a block consists of a free coin. This is the reward for the miner who mines the block successfully. In fact, this is the only way bitcoins come into existence.

There’s another point Satoshi makes with regards to a 51% attack. The idea as far as I can tell is that, if an attacker has control of over 50% of the CPU power, they can falsely claim to have found blocks. One way around this is for each node to publish that they have received a block which doesn’t validate. Another idea here is that a miner has more to gain from being honest and play the long game and reap mining rewards, as opposed to pulling a quick one and as a side effect cause a loss of faith in Bitcoin as a whole. Intuitively this makes sense, but I am not convinced a covert 51% of some sort wouldn’t still be in the interest of the attackers.

Privacy

Unlike in the traditional financial system, where a third party (usually a bank) ensures that not everyone can see what you buy, in Bitcoin all transactions are public. However, while a transaction Bitcoin can be traced throughout its history, this doesn’t necessarily mean it belongs to a specific individual. Each individual can have many keys, and this collection of keys makes up a wallet.

It is still inescapable that there’s a money trail though, unlike cash, diamonds and (melted and reminted) gold. This is an area that has spawned multiple solutions, especially in black markets such as Silk Road, with automatic money laundering services, as well as other coins like ZCash and Monero, that attempts ot preserve privacy.

Conclusion and further reading

I’m amazed at how elegant and straightforward this paper is. It has a lot of implications and context that is hinted at, using very precise language. I suspect there’s a lot to gain from both going back and foward in time. There’s a good reading list by the Nakamoto Institute for background context. Going forward, there is the code itself, other things Satoshi and others wrote, as well as reading about as new developments such as Ethereum and smart contracts, etc.

The note taking experiment itself went fairly well, as it somewhat accurately mirrors my current understanding of Bitcoin using free recall. The structure could probably be improved, both in terms of flow but also in terms of more accurately representing the main points of the paper. As far as a timeboxed note taking session goes it was a success, though.