Satoshi Nakamoto
October 31, 2008
A purely peer-to-peer form of electronic cash would allow online payments to be sent directly between parties without relying on financial institutions. While digital signatures provide part of the solution, they do not fully address the issue of double-spending if no trusted intermediary exists.
This system proposes a decentralized solution using a peer-to-peer network. Transactions are grouped into blocks and timestamped through a proof-of-work mechanism, forming a chain of records that cannot be altered without redoing the computational work. The longest chain serves as proof of the sequence of events and reflects the majority of computational power.
The network operates with minimal structure. Messages are broadcast on a best-effort basis, and nodes can leave and rejoin at will, accepting the longest valid chain as the authoritative record.
Digital commerce depends heavily on trusted third parties to process electronic payments. While this model works for most transactions, it introduces inefficiencies due to reliance on intermediaries. Transactions are not truly irreversible, as financial institutions must mediate disputes, increasing costs and limiting practical transaction sizes.
This leads to a need for trust, where merchants must collect more customer information than would otherwise be necessary. Additionally, fraud is unavoidable under this system, and small-value transactions become impractical due to overhead costs.
A system based on cryptographic proof rather than trust would allow two parties to transact directly without requiring a trusted intermediary. Transactions that are computationally impractical to reverse would protect sellers, while escrow mechanisms could still be used for buyers.
The main challenge is preventing double-spending without a central authority. This system addresses the problem by using a peer-to-peer network that timestamps transactions into a chain of proof-of-work, creating a public record that cannot be altered without majority computational control.
A digital coin can be represented as a chain of digital signatures. Each owner transfers the coin by signing a hash of the previous transaction along with the public key of the next owner. This signature is then appended to the coin, forming a verifiable chain of ownership.
Each step includes:
- Hash of previous transaction
- Next owner’s public key
- Current owner’s digital signature
A recipient verifies ownership by validating each signature in the chain.
However, this alone does not solve the double-spending problem. A previous owner could attempt to spend the same coin again by creating a competing transaction. The only way to prevent this is to establish a shared record of all transactions.
A centralized system would maintain a ledger of transactions, but this introduces reliance on a trusted authority. Instead, a decentralized approach requires participants to agree on a single history of transactions.
The solution is to publicly announce all transactions and establish a system where participants agree on the order in which they occurred. This ensures that a coin cannot be spent more than once, as the network collectively recognizes only one valid sequence.
To establish a reliable order of transactions, the system uses a timestamp server. This server works by taking a collection of items (in this case, transactions), hashing them into a single value, and publishing the hash along with a timestamp.
Each timestamp:
- Commits to a batch of transactions
- Includes the previous hash
- Forms a chain of cryptographic commitments
This structure creates a sequence where each new record reinforces the validity of the previous ones. Altering any earlier data would require recomputing all subsequent hashes, making tampering computationally impractical.
Each block depends on the previous one, forming an immutable timeline of events.