Bitcoin: A Peer-to-Peer Electronic Cash System

When trying to understand what Bitcoin is and does, it's helpful to start with an understanding of the context in which it was build and the problem it was trying to solve. There were many digital currencies before Bitcoin, but Bitcoin was the first decentralized digital currency. Creating a digital currency without a central authority was the problem that was being solved for. 

Bitcoin was first introduced to the world On October 31, 2008, with the publishing of the Bitcoin white paper Bitcoin: A Peer-to-Peer Electronic Cash System. The paper gives insight into the motivations and architecture of the system. Much of what is covered in the paper are topics that we will dive into in later units. So, we recommend reading through it briefly now and coming back to it often throughout your studies. 

4. Proof-of-Work

To implement a distributed timestamp server on a peer-to-peer basis, we will need to use a proof-of-work system similar to Adam Back's Hashcash, rather than newspaper or Usenet posts. The proof-of-work involves scanning for a value that when hashed, such as with SHA-256, the hash begins with a number of zero bits. The average work required is exponential in the number of zero bits required and can be verified by executing a single hash.

For our timestamp network, we implement the proof-of-work by incrementing a nonce in the block until a value is found that gives the block's hash the required zero bits. Once the CPU effort has been expended to make it satisfy the proof-of-work, the block cannot be changed without redoing the work. As later blocks are chained after it, the work to change the block would include redoing all the blocks after it.


The proof-of-work also solves the problem of determining representation in majority decision making. If the majority were based on one-IP-address-one-vote, it could be subverted by anyone able to allocate many IPs. Proof-of-work is essentially one-CPU-one-vote. The majority decision is represented by the longest chain, which has the greatest proof-of-work effort invested in it. If a majority of CPU power is controlled by honest nodes, the honest chain will grow the fastest and outpace any competing chains. To modify a past block, an attacker would have to redo the proof-of-work of the block and all blocks after it and then catch up with and surpass the work of the honest nodes. We will show later that the probability of a slower attacker catching up diminishes exponentially as subsequent blocks are added.

To compensate for increasing hardware speed and varying interest in running nodes over time, the proof-of-work difficulty is determined by a moving average targeting an average number of blocks per hour. If they're generated too fast, the difficulty increases.