Abstract
This work proposes a peer-to-peer network solution for electronic cash that allows online payments to be sent directly between parties without the need for a trusted third party or financial institution. It introduces a system to solve the double-spending problem using a distributed timestamp server based on hash-based proof-of-work, forming a chain of timestamps where the longest chain represents the valid sequence of events controlled by the majority of CPU power. This approach enables non-reversible transactions and a secure electronic payment system based on cryptographic proof rather than trust.
Key Concepts
- Peer-to-Peer Network: A system with minimal structure where nodes broadcast messages, join and leave at will, and accept the longest proof-of-work chain as the history of events.
- Chain of Digital Signatures: Ownership of electronic coins is transferred by digitally signing a hash of the previous transaction and the public key of the next owner.
- Distributed Timestamp Server: A mechanism to record chronological order using hash-chained blocks rather than trusted central authority.
- Proof-of-Work: A computational puzzle requiring CPU effort to find a nonce where the block hash begins with a specific number of zero bits, verifying one-CPU-one-vote consensus.
- Longest Chain Rule: The consensus protocol where nodes accept the longest chain as the correct one, as it represents the greatest proof-of-work effort.
- Merkle Tree: A hashing structure that allows for efficient discarding of spent transactions to reclaim disk space while maintaining block integrity.
- Simplified Payment Verification (SPV): A method allowing clients to verify payments without running a full network node by maintaining a copy of block headers and Merkle branches.
Key Equations and Algorithms
- Proof-of-Work Hash Requirement: A block must satisfy , requiring exponential work to find a valid nonce.
- Expected Attacker Progress: The expected value of the Poisson distribution for an attacker’s potential progress is defined as , where is the blocks behind and are probabilities of honest and attacker success.
- Poison-Distribution Logic for Attack Success: The probability of a successful attack is calculated by multiplying the Poisson density for each potential progress amount by the probability of catching up from that point.
- Block Header Construction: Block headers include the previous hash, nonce, and Merkle root, allowing blocks to be compacted by stubbing off branches of the Merkle Tree.
Key Claims and Findings
- The system is secure as long as honest nodes collectively control more CPU power than any cooperating group of attacker nodes.
- The probability of an attacker catching up from a deficit drops exponentially as the number of blocks increases.
- Incentive mechanisms (new coins mined and transaction fees) encourage nodes to support the network and play by the rules rather than attack it.
- Simplified Payment Verification is reliable as long as honest nodes control the network, though it is vulnerable if a network is overpowered by an attacker.
- The network is robust in its unstructured simplicity, requiring no node identification and allowing best-effort message delivery.
Terminology
- Electronic Coin: Defined as a chain of digital signatures representing ownership transfer.
- Timestamp Server: A system of hash chains used to record the chronological order of transactions without a trusted party.
- Proof-of-Work: A mechanism involving CPU power expenditure to create a block, effectively serving as one-CPU-one-vote in decision making.
- Merkle Tree: A tree of hashes allowing block transactions to be hashed with only the root included in the block’s hash.
- Simplified Payment Verification: A verification method where a user keeps block headers and a Merkle branch to see a network node has accepted a transaction.