In The previous article, we studied the first parts of the Bitcoin White Paper together. We discovered that the original purpose of Bitcoin is to offer a peer-to-peer electronic payment system based on cryptographic evidence rather than trust.
We also looked at the principles explained in the first few parts of the White Paper:
digital signatures;
The distributed timestamp server;
And proof of work.
In this second chapter, we continue our exploration of the White Paper together from part 5, where we left off, to the conclusion of the paper.
In this fifth part of the White Paper, Satoshi describes how Bitcoin nodes work. Note that at that time, the difficulty of proof-of-work on Bitcoin was low. Mining was therefore not yet industrialized as it is today, and each node automatically took part in this process.
Satoshi summarizes the basic functioning of the Bitcoin system beautifully in just a few points:
New transactions are broadcast to all nodes;
Each node gathers the new transactions into a block;
Each node works to find a difficult proof-of-work for its block;
When a node finds a proof-of-work, it broadcasts the block to all the other nodes;
Nodes accept the block only if all transactions are valid and not already spent;
Nodes express their acceptance of the block by working to create the next block in the chain, using the digital fingerprint of the accepted block as the previous imprint.
The other two paragraphs in this section describe how the Bitcoin network itself works. In particular, Satoshi explains to us the behavior that must be adopted by the nodes in the event of a division of the chain.
Since Bitcoin's proof-of-work establishes a cost in CPU time and electricity to multiply votes, we had to find an incentive to take part in mining. This section describes how miners can be paid on Bitcoin.
Initially, this economic incentive is based on the creation of new bitcoins ex nihilo. This makes it possible to create a performance bonus, while ensuring the circulation of the money supply. The advantage of this distribution process is that it does not require the intervention of a central authority.
Satoshi tells us that this incentive may also, in the long run, be based solely on Bitcoin transaction fees. Thanks to this, a monetary system that is completely non-inflationary can be created.
📌 Did you know? Even though the idea of a finite money supply is discussed in this section, it should be noted that Satoshi Nakamoto never mentions the famous 21 million limit in the Bitcoin White Paper.
This incentive is distributed to the miner through the first transaction in each block. It's a special transaction, called “coinbase,” which allows the winning miner to collect transaction fees and create new bitcoins.
In this seventh part, we can discover how Bitcoin blocks are built. They have a small header with metadata. Transactions, on the other hand, are structured with a cryptographic accumulator called the “Merkle Tree”. In this way, you can get a very small summary of all the transactions in a block. This digest, called a “Merkle Root”, is included in the header of each block.
Note that since the implementation of SegWit in 2017, there are now 2 different Merkle trees in the same Bitcoin block.
By using the Merkle tree to organize transactions in a block, Bitcoin users can choose not to run a full node in order to save storage space. They have the option of keeping only the header of each block, while maintaining the ability to verify each transaction, by requesting proof from the full nodes.
This option is what we now call a lightweight node or an SPV (Simplified Payment Verification) node.
In the last paragraph of this part, Satoshi nevertheless cautions us about the need for trust that this type of lightweight knot requires compared to a full knot.
Combining and separating values
The ninth part of the White Paper describes how bitcoin coins can be managed within a transaction. We learn that it is possible to merge and divide coins within the same transaction.
Transaction entries define which bitcoin coins are used to pay. In return for consuming UTXos as inputs, it is possible to create new UTXos as outputs. These exits therefore represent the destinations of payment.
This means that the sum of the outputs of a Bitcoin transaction must be less than or equal to the sum of the inputs. The difference between entries and exits represents transaction fees that can be regenerated by the miner.
Private life
In this tenth part, Satoshi Nakamoto explains the privacy model of the Bitcoin protocol.
He tells us that in the traditional banking system, user privacy is maintained since transactions are not broadcast publicly. In other words, when you pay for your baguette with your bank card, only the bank is aware of your payment.
The problem with the Bitcoin protocol is that it requires a public announcement of all existing transactions. This is what makes it possible to avoid double spending. So, Bitcoin's privacy model is based on the separation between the identity of users and their transactions.
Finally, the last paragraph of this part 10 describes how we could, as a user, improve our privacy. He explains that a new pair of cryptographic keys could be used for any new transaction. This is why we advise you today to use a new blank address each time you receive a bitcoin payment.
Satoshi also informs us that it is impossible to avoid a link between different coins if they are used as input to the same transaction. This is what we called in the previous part the “fusion” of UTxOS. This onchain tracking heuristic is now known under the acronym “CIOH” for “Common-input-ownership heuristic”.
This last paragraph demonstrates all the foresight of Satoshi Nakamoto, since even today, address reuse and CIOH are the two main heuristics used by chain analysis companies to trace your transactions. This shows that he already had a thorough understanding of his protocol and its implications in the future.
Calculations
The last part of the white paper is probably the most complex of all. Satoshi shows us a scenario in which an attacker tries to double-spend his bitcoins by harming the first recipient of the payment in the process.
For example, let's say Oscar (the attacker) sent 2 bitcoins to Alice. His transaction is included in block No. 403. Afterwards, Oscar tries to spend these same 2 bitcoins again, when he normally no longer has them, to send them to Bob.
To do this, Oscar must repeat block No. 403 by modifying the payment transaction to Alice, even though it is already confirmed in the blockchain. He is going to propose an alternative block that will not be accepted by the honest chain. He must therefore redo all the proof of work already done on the honest chain, since block No. 403, in order to try to overcome it. If this attack succeeds, the consequence is that Alice will have accepted Oscar's payment, but will ultimately be left without any Bitcoin.
In this last part, Satoshi wants to show that the difficulty of this attack increases exponentially with the new blocks added since the one observed (no. 403 in our example). The objective is to be able to determine a reasonable number of confirmations from which the receiver of a transaction can consider it to be probabilistically unchangeable. To model the probability of success of this attack, Satoshi determines that the attacker's progress follows a Poisson law.
It then gives us the probability that the attacker succeeds in his attack (p), according to the number of blocks mined over the observed one (z) and by assuming a 10% share of the total computing power held by the attacker (q).
He performs his modeling a second time, this time assuming that the attacker has 30% of the total computing power of the network.
As you can see, the chance of success of this attack (p) decreases very quickly with each new block mined. After a certain number of blocks, this probability becomes ridiculously low. This is especially why we advise you today to wait for 6 confirmations to consider a Bitcoin transaction as unchangeable. If the attacker is unable to maintain computing power greater than 50% of the total network power, he will not be able to carry out this type of attack.
The system is secure as long as honest nodes collectively control more CPU power than that of each of the cooperative attacker node groups.
Conclusion
To conclude his paper, Satoshi Nakamoto recalls that the objective of Bitcoin is to offer an electronic transaction system that does not require any form of trust. He also recalls that his protocol makes it possible to solve the problem of double spending on a peer-to-peer monetary system.
The network is robust in its unstructured simplicity.
He also explains to us that Bitcoin nodes can freely leave the network and join it by agreeing on the chain that has the largest amount of accumulated work.
Finally, Satoshi cites the references that allowed him to arrive at this reflection. In particular, we discover the work of Wei Day on B-Money, one of the ancestors of Bitcoin that never saw the light of day. Among these references, there is also the work of Adam Back on protocol Hashcash, the denial of service attack resistance system that inspired the Bitcoin proof of work.
This short book of only 9 pages explains to us the functioning and objectives of Bitcoin in a clear and concise manner. Even though the protocol has evolved a lot since 2008, regardless of the action of its creator, the main guidelines remain unchanged. It is therefore always interesting to go back to this White Paper, as well as to the few messages that Satoshi Nakamoto left us on the online forums before leaving the project in April 2011.
.png)
.png)
.png)
.png)
.png)
