Bitcoin: A Peer-to-Peer Electronic Cash System

Satoshi Nakamoto

satoshin@gmx.com

www .bitcoin.org

Abstract. A purely peer -to-peer version of electronic cash would allow online

payments to be sent directl y from one part y to another without going through a

financial institution. Digital signatures pr ovide part of the solution, but the main

benefits are lost i f a trusted third party is still required to prevent double-spending.

W e propose a solution to the double-spending problem using a peer-to-peer network.

The network timestamps transactions by hashing them into an ongoing chain of

hash-based proof-of-work, forming a rec ord that cannot be changed without redoing

the proof-of-work. The longest chain not onl y serves as proof of the se quence of

events witnessed, but proof that it came from the largest pool of CP U power . As

long as a maj ority of CP U power i s controll ed by nodes that are not cooperating to

attack th e network, they'll generate th e longest chain and outpace attackers. Th e

network i tself requires minimal structure. Messages are broadcast on a best effort

basis, and n odes can leave and rejoin th e network at will, accepting the longest

proof-of-work chain as proof of what happened while they were gone.

1. Introduction

Commerce o n the I nternet has come to rely a lmost exclusively on financia l institutions serving a s

trusted third partie s to process electronic payments. While the system works well enough for

most transactions, it still su ff ers from the inherent wea knesses of the trust based mode l.

Completely non-reversible transactions are n ot really possible, since financial institutions cannot

avoid mediating disputes. The cost of mediation increases transaction costs, limiting the

minimum practical transaction size and cutting off the possibility for small casual tr ansactions,

and there is a broader cost in the loss of ability to make non-reversible payments for non-

reversible services . With the possibility of reversal, the need for trust spreads. Me rchants must

be wary of their customers, hassling th em for more information than they would otherwise need .

A certain perc entage of fraud is accepted as u navoidable. The se costs and payment uncertainties

can be avoided in person b y using ph ysical currency , but no mechanism exists to make p ayments

over a communications channel without a tr usted party .

What is needed is an electronic payment system based on cryptograph ic proof instead of trust,

allowing any two willing parties to transac t directly with each other without the need for a trusted

third party . Transactions that are computationally impractical to reverse would protect sellers

from fraud, and routine escrow mechanisms could easily be imple mented to protec t buyers. In

this paper , we propose a solution to the double-spending problem u sing a peer -to-peer distributed

timestamp server to generate computational proof of the chronological order of transactions. The

system is secure as long as honest nodes collectively control more CPU power than any

cooperating group of attacker nodes.

1