Episode 38: Decoding Satoshi Nakamoto's Vision - A Deep Dive into the Bitcoin White Paper

Show Notes

Prepare to take a deep dive into the DNA of digital currency, exploring not just the technical innovations but the philosophical underpinnings that led to the creation of Bitcoin. Our journey takes us from the cryptography mailing list, where Bitcoin first came to life, through the corridors of the cypherpunk movement, to the pivotal moment of the 2008 financial crisis. We also ponder the enigma of Satoshi's identity and the early days of Bitcoin reception and critique, all while examining original code snippets and discussing scaling challenges that continue to shape the cryptocurrency conversation.

In a world where digital transactions reign supreme, Pierre breaks down how Bitcoin stands apart through non-reversible transactions and an absence of counterparty risk, challenging the traditional paradigms of physical and digital currencies. We demystify the Federal Reserve's money creation process and articulate Bitcoin's revolutionary approach to the double-spending problem. Listen as we reflect on the evolution of mining technology and suggest updates to the original white paper to align with modern blockchain vernacular. Satoshi's foresight into the network's scalability and security is a testament to his genius, and we speculate on what he might have envisioned for the future of mining hardware.

Follow Blocktime on Twitter: https://twitter.com/BlocktimebyRiot
Follow Blocktime on YouTube: https://www.youtube.com/@RiotPlatforms/podcasts

Chapters

• 0:07: Exploring the Bitcoin White Paper
• 13:23: Understanding Electronic Cash and Bitcoin
• 24:35: The Problem With Reversible Transactions
• 40:09: Decentralized Timestamp Server and Bitcoin Mining

Transcript

Speaker 1: 0:07

Welcome to the Block Time podcast produced by Riot Platforms, where we talk about Bitcoin, bitcoin mining and the grid. Today we're doing a deep dive on a topic that comes up quite often, which is the white paper initially written by and published by, satoshi Nakamoto in 2008. So we're going to actually read through it line by line, because it's not that long, but, as I was telling Gabe, this might be a long episode because it's not. It's the white paper is not long compared to the code. If we were to read through the Bitcoin code, that would take a few days, and it's shorter. It's probably shorter than the Declaration of Independence. It's a pretty compact document that is technical in nature, talking about Satoshi's discovery or his invention, depending on your perspective on it.

Speaker 1: 1:11

So we're going to start with the initial email that Satoshi Nakamoto sent. He sent this email to a cryptography mailing list, and this mailing list was frequented not just by cryptographers but also by what today we term cypherpunks. So these were folks who were really interested in using the technology of cryptography to accomplish political ends, usually about increasing human flourishing, increasing human freedom in cyberspace, in this new world, and on this mailing list there had been previous discussions about how one would go about creating a monetary system that uses cryptography. There were various proposals, including, for example, adam Beck's Hashcash, nick Szabo's Bitgold, um. But, uh, satoshi Nakamoto was a pseudonym, so we don't know who it was. Um. There are, uh, some people on the short list. I haven't seen any persuasive evidence, uh in any direction of who Nakamoto uh was Um, but, you know, for our purposes we'll just pretend that it was one person. Might have been multiple I'll usually use his preferred pronouns, which are he, him but it might have been, you know, lady, we don't know. So in any case. So he sent this email. It had a link to a PDF bitcoinorg slash, bitcoinpdf and in that PDF was his white paper.

Speaker 1: 2:52

Now, before we go into that, I want to first make a point that Satoshi made in one of his private emails, actually to Hal Finney. He said I had to write all of the code before I could convince myself that I could solve every problem. Then I wrote the paper, and so it's hypothesized that Satoshi was writing the code probably 2006, 2007, and into 2008. And into 2008. And then he wrote the paper in some point mid-2008 and then published it on October 31st 2008. So it's really interesting because, on one hand, we hear people try to tie Bitcoin in with the financial crisis in 2008, which I think it is appropriate to do so which I think it is appropriate to do so, but we also have to balance it that Satoshi was not reacting to the financial crisis and then going out to code Bitcoin. He had already coded Bitcoin when the financial crisis started happening, and so it was really more about coincidence than some kind of reactionary process.

Speaker 2: 4:07

I find that super interesting. Yeah, and in the context of time too, I mean, I often think about how human flourishing has had an exponential growth, especially with the age of technology. When was the Internet released? When did that start?

Speaker 1: 4:25

Yeah, I think that it really started in the 70s with ARPANET, and this was the Department of Defense. There's also a really good conspiracy theory about the NSA created Bitcoin and that it's like it's a lab leak. You know that it escaped to the lab and is now out in the wild. I don't know if that has any truth to it, but I like it.

Speaker 2: 4:44

But in that context it's like for Satoshi has any truth to it, but I like it. But in that context it's like for satoshi or for anybody to come up with this currency, this crypto. You know world so close to the birth of the internet is just wild to me yeah, it is, and um, if people had gotten close to it beforehand.

Speaker 1: 5:01

Uh, and it's just satoshi thatoshi that fit the puzzle pieces together correctly. All the puzzle pieces were already there. It was just a matter of how do you integrate it into a system that's going to work.

Speaker 2: 5:13

Another quick question. Was there any evidence or any other examples of Satoshi's work prior to his white paper?

Speaker 1: 5:21

No, he did privately communicate with some folks, including adam, back before he released the white paper, um, and then also when he released the code, um, I believe that you can, uh, no. So when he released the code, it was kind of just where he was at at the end of 2008. He didn't include like a history. Sometimes software developers will have a history through their version control system, like Git, for example. That would show okay, here was kind of day zero, here's the code I wrote, and then day one, but he just kind of launched it as a lump Interesting, yeah. And the other fascinating part about the code is that it had all sorts of other extraneous functionality to it. So, for example, he basically tried to create a decentralized ebay uh. He also tried to create decentralized poker, uh. So he was thinking of use cases, uh, for for bitcoin, the currency, um, as part of the Bitcoin code base.

Speaker 2: 6:25

That's cool. That's the first time I'm hearing of that.

Speaker 1: 6:27

Yeah, it went by the wayside, though, because it didn't work and it was like, hey, we're just trying to get Bitcoin to work. So maybe, you know, adding in decentralized poker is not going to help us very much, but it's a cool idea. Um, so when he, when he sent this email to the cryptography mailing list and people started reading his white paper, he got some different reactions. Uh, so one reaction was and this is like in the first dozen emails that he received back uh, in november of 2008, people said it does not seem to scale to the required size. Still hear that today. Someone said people cannot hold assets in this highly inflationary currency if they can help it. We're going to come back to that later, because Satoshi Nakamoto's white paper does not have the 21 million cap in it. So people thought that it was just like very inflationary without that element and that it wouldn't accrue value. Third, this is from Hal Finney Bitcoin seems to be a very promising idea. This is November 2008,. Before the code came out, before the network started, before the network started. I mean, it's just, it gives me goosebumps. Okay, so I'm going to rely on two sources as I go through the slides here. One is obviously the white paper that Satoshi Nakamoto published. The second, I think, is really important because this, I think, has been a huge misunderstanding in the Bitcoin community, in the cryptocurrency community and the world at large.

Speaker 1: 8:08

The white paper if we think about genre, right, what kind of writing is the white paper? Let's be clear the white paper is a technical document highlighting. It really focuses on two aspects of Bitcoin out of maybe several dozen aspects. Right, and Satoshi Nakamoto really wanted to zoom in in particular on the proof of work mining mechanism, because that is really the central invention to the system is how that is integrated. All the other aspects of Bitcoin existed before Bitcoin were well known, didn't really need a white paper. This is a technical document explaining a particular invention, and it's well. Here's what it's not, and it's well, here's what it's not.

Speaker 1: 9:03

It's not what I would consider to be a vision statement. Ok, it's not, and you know we could debate this, but to me, a vision statement would be far more abstract. Ok, it would not get into some of some of the concrete technical information that the white paper gets into. It's also on the opposite end. It's not a specification. It doesn't have every single last detail of the Bitcoin system or even of proof-of-work mining. Rather, it's trying to introduce a new intuition or a new understanding of how we can piece together hash functions and architect a decentralized system.

Speaker 1: 9:51

So with that, it's really important to read the white paper through the lens of 2024. And that's really what I wanted to do with these slides is the Bitcoin white paper in 2024. Because, if you, these slides is the Bitcoin white paper in 2024. Because if you want to read the Bitcoin white paper in 2008, that's really easy Just go to bitcoinorg, you know, slash bitcoinpdf and read the white paper. What I want to do is update the white paper using information from and this is from David Harding. He has compiled a lot of updates to the white paper or ways to edit the white paper so that it's reflective of reality rather than you know, because let's keep in mind, when Satoshi wrote the Bitcoin white paper, the Bitcoin network did not exist right and nobody had reviewed it either. So in the sense of kind of a rigorous peer review. So it's really been a 15 years of people building on top of the knowledge and, you know, improving our understanding of Bitcoin. So a lot of the text here is verbatim from the white paper or verbatim from the errata that David Harding put together. Very little of it is my own, definitely standing on the shoulders of giants. So I don't want to imply that I wrote the white paper or that I wrote the errata. You know those are much smarter people than myself but what I'll do is try to explain both. Okay, so let's get into the Bitcoin white paper Starts with an abstract of a purely peer-to-peer version of electronic cash would allow online payments to be sent directly from one party to another without going through a financial institution.

Speaker 1: 11:47

First sentence of the white paper I think that the one term that I've seen throw people off, especially non-accountants, is the term cash. People think of cash as physical, paper money and coins, and so that is one meaning of the word cash. The other meaning of the word cash, which I think is more applicable here because obviously, being electronic, there is no paper or coins the other meaning of cash is about cash versus credit, and so, basically it's are you sending me the asset or are you creating a liability, saying that you owe me the asset? The traditional financial system is almost all credit. Cash is a small sliver of that. In that context, we can think of cash as both physical, paper money and coins, but also the dollars that are held at the Federal Reserve. You know you could think of those as cash, right, because they're electronic, but they're as good as cash in the sense that they don't have the counterparty risk that you would have holding dollars at a commercial bank. You still have the counterparty risk of the Federal Reserve and so, arguably, us dollars are always credit because you're always relying on the creditworthiness of the US government. In fact, there was just a video from our friend, gary Gensler at the SEC, who was explaining this to his Twitter audience.

Speaker 1: 13:23

So when we read electronic cash, we shouldn't load it with lots of presuppositions. So we shouldn't assume that we're only talking about a use case where we would use a $30, not a $30 bill. That doesn't exist. A $20 bill, I don't know why $30. A $20 bill and a $10 bill. So you go to Home Depot, you might use physical cash there, but to put electronic cash in the title of Bitcoin or in the first sentence of the Bitcoin white paper doesn't mean that Satoshi was designing a system that's purely about point of sale transactions or a small or a small dollar value, right, or, you know, small purchasing power. Rather, he's talking about the reversibility. So that's part of it. And the counterparty risk right. And so he's saying this doesn't have any counterparty risk and it's irreversible, and so this is electronic cash, okay.

Speaker 2: 14:24

Yeah, it's interesting. Like becoming an adult you kind of learn those things. I mean, you don't have to be an accountant to understand what liquid cash versus assets are. You know an asset could be your home but you don't have. You know the cash that is that home right or the home's value, and the same with like stocks and stuff like that. But the stuff that's in your checking account, although it is not physical money, it is your cash.

Speaker 1: 14:47

Yeah, now, on the other hand, you're lending it to the banks, correct. So with the homes, I mean it's interesting now because even adults they'll look at the price of their home on Zillow and they're doing the mental math of like, yeah, this is what I have, but really you have a house, you don't have five hundred thousand dollars or whatever correct?

Speaker 2: 15:08

yeah, um, I also wondered while you were talking yeah when the fed prints money. Are they physically printing money or are they sending out electronic ones and zeros to people's accounts?

Speaker 1: 15:20

both. So, um, technically, the it's not the Fed that does the physical printing of the money. There's a Bureau of Engraving that example. And the way they do this is by. So the US Treasury will issue debt and then, you know, I'll go and buy the Treasury's debt, earn 8%, and then the Fed will come and say, hey, we'll buy that from you for a little bit of a premium. Do you want to sell us your you know your treasury bill? And then I'll sell it to them, and then they'll credit my account dollars, and to me it feels like, hey, that was a trade For the Fed. They actually created those dollars in order to buy the treasury Correct, and so that didn't cost them anything Sweet business, all right. And so that didn't cost them anything Sweet, business, all right.

Speaker 1: 16:28

So the next sentence digital signatures provide part of the solution, but the main benefits are lost if a trusted third party is still required to prevent double spending. We propose a solution to the double spending problem using a peer-to-peer network. We propose a solution to the double spending problem using a peer-to-peer network. So you know right out the gate, this establishes the key number one problem that Bitcoin solves, bitcoin mining solves, is double spending spending the same Bitcoin twice. The network timestamps transactions by hashing them into an ongoing chain of hash-based proof of work, forming a record that cannot be changed without redoing the proof of work. So we'll get into the details of this right, because this is just the summary abstract.

Speaker 1: 17:19

The longest chain not only serves as proof of the sequence of events witnessed, but proof that it came from the largest pool of CPU power. Now this is where you know we're going to start editing, because we don't really talk about CPU power anymore. Now we talk about really hash rate, right, slight change of technology. Since Satoshi was writing the white paper, I don't think anybody quite fully envisioned what CPU power would become in 2024, you know, with a giant mining rig. But here we are. So you know, going forward, I'm going to be substituting in some more modern language to make it more understandable for today.

Speaker 1: 18:07

So as long as a majority of hash rate is controlled by nodes that are not cooperating to attack the network, they'll generate the chain demonstrating the most proof of work and outpace attackers. Here I've deleted longest chain and put in demonstrating the most proof of work, because this is actually something that Satoshi got wrong. So the code was updated and we should update the white paper here, because the longest chain is not reflective of the most proof ofwork chain. There are ways where you could have a longer chain by having numerically more blocks, but they have less work, less mining behind them hash rate than the other chain. So then Satoshi goes on.

Speaker 1: 18:59

The network itself requires minimal structure. Messages are broadcast on a best-eff, best effort basis and nodes can leave and rejoin the network at will, accepting the longest. Well, here I'd say the most proof of work chain as proof of what happened while they were gone. So the ability to go offline. I think this is actually underrated in the sense that one it's great for Bitcoin nodes, because your Bitcoin node, you could be running it on your laptop and you can close it and then reopen it later and nothing bad will happen, and so that is a great security assurance of the Bitcoin network. The other, as a minor, is that you can stop hashing and then restart hashing, and that's not a problem either as well, and so that enables miners like Riot here in Texas to curtail when electricity prices are high. And so even in Satoshi's white paper we see that he was foreseeing this opportunity, although not explicitly right, not only implicitly.

Speaker 2: 20:08

Speaking of foresight, do you think that Satoshi could I mean imagine that we would have A6?

Speaker 1: 20:14

I believe he did so not in the white paper but in other writings. He is having premonitions of what will develop into mining, and I think in a future episode we'll want to dive into that as well.

Speaker 2: 20:33

Sounds good. Yeah, that's an interesting topic.

Speaker 1: 20:35

Yeah, yeah, and maybe it would be worthy of an episode full of predictions, because Hal Finney had predictions as well as to how the Bitcoin network would develop. So that's the abstract, right, establishing the problem the double spending problem and then starting to describe the solution using hash rate controlled by honest nodes, that you only need a certain threshold of honest nodes to outpace the attackers. Now here he says a majority of hash rate. There's actually been academic research on a phenomenon called selfish mining, which might reduce this to a third of the hash rate, or sorry, two thirds of the hash rate. So essentially saying that now, instead of needing 51% to attack the Bitcoin network, maybe you only need like 33% to attack the network, which is bad, right, in the sense that, hey, satoshi overestimated the assurances of proof of work, but at the same time, it's marginal and so it actually has not in practice caused any problems. So we'll see. Maybe in the future that won't be the case, but in any case, we'll note that Satoshi was not perfect, right, and you know, this is really important.

Speaker 1: 22:08

I'll re-emphasize here that the Bitcoin white paper is not a religious document, right? There's no claims that the Bitcoin white paper is infallible and was revealed to us. By God. This white paper is a technical document, subject to revision, and that's what we should be doing in order to better reflect reality, because, at the end of the day, the reality is. It's interesting. The reality is not even. It's not the white paper and it's not even the code. The reality is what code are people running? What software are people using? That is what defines the reality of the Bitcoin network, not what are people writing about the Bitcoin network. Right, that's a layer on top that can be right or wrong. Here, you know, some parts are right. In fact, let's say it, it's astonishing how much Satoshi got right. He, you know, when he launched the system. It's required very few changes to continue to operate. Most of the changes have been about improving it right, making it operate better. They haven't been about fixing critical bugs that Satoshi introduced. Making it operate better. They haven't been about fixing critical bugs that Satoshi introduced. So that's the abstract.

Speaker 1: 23:25

Now let's dive into the first section, the introduction, where Satoshi Nakamoto talks about trusted third parties. So he's talking about the present day. Commerce on the internet has come to rely almost exclusively on financial institutions serving as trusted third parties to process electronic payments. So here he's talking about Visa, paypal, mastercard, right All of, and then of course, all the banks right All of this electronic banking where you have to trust all of these third parties to process your payments. So while the system works well enough for most transactions, it still suffers from the inherent weaknesses of the trust-based model. So you know I mentioned that the double spending problem is. You know what Satoshi's going after. But it's really a subset. It is a symptom of a bigger problem, which is this trust-based situation where you have to trust third parties, so Satoshi goes on.

Speaker 1: 24:35

Completely non-reversible transactions are not really possible, since financial institutions cannot avoid mediating disputes. And this is particularly timely because there has been some controversy within the fiat payment systems of is it okay to have a fiat payment system for consumers that is irreversible and that you know. The financial institutions have been trying to say yes, so that they're not liable for having to go and reverse payments if there's fraud. But regulators, legislators, policymakers, consumer advocates as well, look at that and say well, hold on, financial institutions could reverse a payment and so it's not right that they tell people that the payments are irreversible and so they do have to adjudicate all of this. So it's a particularly difficult situation for a centralized system where, by virtue of being centralized, they can control it, and so then they are asked to exercise that control, even though that has a cost associated with it that nobody wants to pay. So it's a particularly interesting paradox, all right. So the cost of mediating increases transaction costs, limiting the number of practical transaction size, limiting the minimum practical transaction size. So here he's talking about micropayments, right? So if I want to send Gabe a penny and I can't send a penny through the payments network because it'll cost 10 cents, because maybe I'll want to reverse that penny and then we'll have to pay a lawyer to go take a look at our penny payment, so impractical, right. And there's a broader cost in the loss of ability to make non-reversible payments for non-reversible services. I'll try to avoid any examples there.

Speaker 1: 26:38

Okay, with the possibility of reversal, the need for trust spreads. Merchants must be wary of customers hassling them for more information than they otherwise would need. So, for example, if you go to a theme park and you pay with you know, or if you go anywhere and you pay with your debit or credit card, the merchant actually gets lots of information about you, right, just even your name. Why do they need your name? If you had paid with a $20 bill, they wouldn't know your name. But if you pay with a credit card, now they know your name. Why do they know your name? Well, they want to make sure they're not getting defrauded, right. Whereas with a $20 bill, they'll check to make sure it's not a fake bill, right. But beyond that you can be on your way, they don't need more information. And then what do we see? We see identity theft, right. We see people's data getting stolen, we see cyber attacks. So all of this really creates a mess that does not exist with cash.

Speaker 1: 27:38

And then he says a certain percentage of fraud is accepted as unavoidable. And then that fraud obviously the cost of that fraud, gets passed on to consumers. So when we have to pay high fees with the banking system to pay for fraud, that's not a great situation. These costs and payment uncertainties can be avoided in person by using physical currency, right, pay-per-money, as I was saying. But no mechanism exists to make payments over a communications channel without a trusted third party, meaning that, let's say, you're like okay, well, I can just send $20 through the mail, right, checkmate Satoshi. Well, now you have to trust the US Postal Service that they won't take your $20 bill. It might be an interesting experiment. Let's see. Yeah, lost in the mail.

Speaker 1: 28:33

So I wanted to add an excerpt here. It's not in the white paper, but it is in a forum post from February 2009. So after Satoshi launched the network, about a month later Satoshi posted in a P2P foundation forum. He said the problem with conventional currency is all the trust that's required to make it work. The central bank must be trusted not to debase the currency, but the history of fiat currencies is full of breaches of that trust. Banks must be trusted to hold our money and transfer it electronically, but they lend it out in waves of credit bubbles with barely a fraction in reserve. Lately now they've gone to like 0%. So you know it's 0% reserve banking. But I wanted to bring this post in because I think it reemphasizes the real root of the problem, right, that Satoshi Nakamoto wanted to tackle with this suite of technologies.

Speaker 1: 29:41

You know that Bitcoin is composed, composed of, and it's really focused on, trust. Now you know some people might look at that and say, wow, this guy is, he's a psycho, right. He's got trust issues. Okay, he's clearly uh, paranoid and, uh, he needs to develop relationships with the Federal Reserve so that he can get over his trust issues. But I think that that would be an uncharitable reading. I think that it's actually quite the opposite, that we have been very trusting historically over the past hundreds of years, and that we keep being abused by this trust and other people are enriching themselves, right? So you've got these bankers who are creating, let's say, the real estate bubble, and they get rich off of that, and then they need to get bailed out by printing more fiat currency at the expense of everyone else in society. So I do think Satoshi is not being paranoid. I think he's identified a real problem here, and then, when we go forward and think about how the Bitcoin system is designed, we have to keep that front and center in our minds.

Speaker 1: 30:58

Of any changes to Bitcoin. Does it increase trust or does it decrease? How much trust is needed for it to function? Right? So we want to minimize the trust associated with the system. Okay, so back to the introduction. All right, so Satoshi has described the problem.

Speaker 1: 31:20

Now let's talk about the solution. What is needed is an electronic payment system based on cryptographic proof instead of trust, allowing any two willing parties to transact directly with each other without the need for a trusted third party. Transactions that are computationally impractical to reverse would protect sellers from fraud, and routine escrow mechanisms could easily be implemented to protect buyers. So these escrow mechanisms? We actually have not seen a tremendous amount of adoption of escrow mechanisms in the Bitcoin world. In the Bitcoin world, in fact, sadly, people have reintroduced financial institutions to perform some of this functionality of escrow mechanisms to protect buyers. So now maybe that's just the most practical solution. But the most important part here is that we always have the option to have transactions that are irreversible.

Speaker 1: 32:26

Okay, in this paper we propose a solution to the double spending problem using a peer-to-peer distributed timestamp server to generate computational proof of the chronological order of transactions. Now this part is really important. So what Satoshi's invention is? Bitcoin mining is a distributed peer-to-peer timestamp server, meaning that it's a decentralized clock in order to have Sorry, I shouldn't say in order to, I need to think of a better transition word there to enable the ordering of transactions right, so that you're not spending the same Bitcoin twice. The system is secure as long as honest hash rate. Honest nodes collectively control more hash rate than any cooperating group of attacker nodes. So, again, somewhat repeating what we had earlier. So I'll just Continue plugging along here. Let's see, I'm just changing here CPU power to a rate, just to help our modern audience. Okay, so Now we get into the second section about transactions.

Speaker 1: 33:54

Here we've got a few more edits. So Satoshi wrote we define an electronic coin as a chain of digital signatures. This could be better understood as a directed acyclic graph, which is a concept from computer science. We'll leave that to a future episode of encumbrances, because Satoshi talked about digital signatures. But that's not the only way to lock up Bitcoin. There's other ways that you can lock up Bitcoin using smart contracts, and so we need to generalize to encumbrances right, which is stipulations, right, terms and conditions on how to unlock Bitcoin.

Speaker 1: 34:39

On how to unlock Bitcoin, each owner transfers the coin to the next by satisfying an encumbrance of the previous transaction output and creating a new encumbrance, adding it to the he says, and adding these to the end of the coin.

Speaker 1: 34:51

So what he means is that there's a certain amount, a certain number of Satoshis right that are locked up by an encumbrance and that is in the new output that the transactor is creating. Then the payee can verify the cryptographic encumbrances and verify the entire chain of ownership by downloading all the blockchain data. So the problem, of course, is the payee can't verify that one of the owners did not double spend the coin, because if you're looking at a transaction in a vacuum, you don't have the full context of hey, has somebody else in a separate transaction already spent these coins? Else in a separate transaction already spent these coins? So a common solution would be to introduce a trusted central authority, right Like a mint, that checks every transaction for double spending. After each transaction, the coin must be returned to the mint to issue a new coin, and only coins issued directly from the mint are trusted not to be double spent. So he's describing, kind of historically, what have other solutions been like to this problem of double spending, and inevitably it involves a coordinator, centralized coordinator, who is trusted.

Speaker 2: 36:08

There's that word trust again.

Speaker 1: 36:10

Yeah, it's no good. So the problem with this solution is that the fate of the entire monetary system depends on the company running the mint, with every transaction having to go through them just like a bank. And so, while you could have cryptographic transactions, you could even have a blockchain that does not have Bitcoin mining all you've done is recreate the traditional banking system, because you still need that coordinating mechanism that is going to order these transactions over time. So Satoshi goes on. We need a way for the payee to know that the previous owners did not sign any earlier transactions. For our purposes, the earliest transaction is the one that counts, right? So it's a first-come, first-served system, right? So you could imagine other ways of resolving a double spend, but this is really the most foolproof one of which transaction spent the coins first? That's going to be the valid one, and then the second transaction that tries to spend the same. First, that's going to be the valid one, and then the second transaction that tries to spend the same Bitcoin twice. That one will be marked as invalid and discarded.

Speaker 1: 37:24

The only way to confirm the absence of a transaction is to be aware of all transactions. This is kind of a surprising one, right? So let me repeat it the only way to confirm the absence of a transaction is to be aware of all transactions. So, if you know about all of the transactions, then and you have guarantees about that, right, you know that there's not any other transactions out there Then if you're trying to verify that there is not a transaction, you have to look at all of the transactions, right, and see if any of them are matching, uh, the transaction that is not supposed to be there. Uh, and that's how you would know that, hey, look, this transaction doesn't exist. Um, this is, this is bizarre to us in the sense that we're always used to looking at our own transactions. Right, you log on to your online banking, you can see your transactions, but here, what we're describing is looking at everybody's transactions, right, having a global view of the system so that we can verify, because that's essentially what the bank does, right, the bank, when it's debiting and crediting its ledgers, it has a view of all of its customers' transactions. If you send a payment from one Chase customer to another Chase customer, the bank has total visibility of that. And when we're running a Bitcoin node, that's what we're doing, right, we're looking at all the transactions. We are the bank, we are the central bank, we are verifying everything. And Satoshi says, in the mint-based model that we just described, that is centralized, the mint was always aware of all the transactions and the mint is what decided which transactions arrived first. So to accomplish this, without a trusted third party, transactions must be publicly announced so that everyone has all the transactions, and we need a system for participants to agree on a single history of the order in which they were received. The payee needs proof that, at the time of each transaction, the majority of and here we have nodes, I'm going to say hash rate, because that's really the particularly relevant player here that the hash rate has agreed that it was first received, because the hash rate ultimately is what is controlling the order of the transactions, not the validity, right, that's the nodes, but the order of the transactions.

Speaker 1: 40:04

Okay, so let's get into this piece. It transitions into section number three, the timestamp server. The solution we propose begins with a timestamp server. A timestamp server works by taking a hash of a block of items to be timestamped and widely publishing the hash, such as in a newspaper or a Usenet post. The timestamp proves that the data must have existed at that time, obviously, in order to get into the hash, Each time stamp includes the previous time stamp in its hash, forming a chain with each additional time stamp reinforcing the ones before it. Now this really works, because you know you're publishing it. You know in a newspaper, right? You're able to broadcast it out to the world that you have a hash of this data at a particular time. But we have to keep adding to it. So, to implement a time, a distributed timestamp server, right?

Speaker 1: 41:14

So what we just described was a centralized timestamp server. To make it distributed on a peer-to-peer basis, we'll need to use a proof-of-work system similar to AtomBack's hash cache, rather than a newspaper or Usenet posts. The proof-of-work involves scanning for a value that, when hashed, such as with SHA-256, the hash begins with a number of zero bits. The average work required is exponential in the number of zero bits required and can be verified by executing a single hash. All right, I won't spend too much time here, because this is really it's describing Adam Beck's hash cache, but let's further evolve it into Bitcoin's use case For our timestamp server.

Speaker 1: 42:06

We implement the proof of work by incrementing a nonce in the block until a value is found that gives the block's hash as an integer less than a target value. Okay, this part we're going to delve into, because this is Bitcoin mining in one sentence, right? And so in Bitcoin mining, when you increment the knots in the block, you're doing that so that you're generating a hash that is unique, right? So to get a fresh new hash and let's keep in mind like a typical S19 will generate 100 trillion hashes per second so that means that it is trying out 100 million nonces in the input data, passing it through the hash function right on its chips, consuming lots of electricity there, and then on the other side, looking at the hash, converting that hash into and now the hash is completely random, right. So it really is a bit of a lottery. It converts that hash into a number. You could think of this as the lottery ticket number, but rather than trying to get a specific, you know, winning lottery ticket number, you're trying to get the lowest number possible that is below a the nodes.

Speaker 1: 43:34

So in past episodes I've told you, our dear listeners, that we're looking for a certain number of leading zeros in the hash. That was completely wrong. I apologize Now in my defense, the end result is the same, but the way we get there, that was wrong. So I'd like to retract my statements about the leading number of zeros, because really, the entire block hash is being converted into a number and so, yes, the leading zeros are part of that number and they help decrease that number. But then if, for example, after the leading zeros you have a one, that will actually help reduce the integer as well. If you had a two, that would be greater than having a one there, right? And so it's the whole hash that gets quantified, not just the number of leading zeros, and for that mistake I apologize. And I also would emphasize that I learned something new about Bitcoin almost every day. Yesterday, as I was preparing this slide, was one of those days, and I was scratching my head and found it fascinating, because quantifying the whole hash instead of just quantifying the number of leading zeros, quantifying the whole hash instead of just quantifying the number of leading zeros allows you to have much more granular control about the target that you are setting in terms of the difficulty. So food for thought. Once the computational effort has been expended so I'm just continuing to read here from Satoshi has been expended, so I'm just continuing to read here from Satoshi To make it satisfy the proof of work.

Speaker 1: 45:21

The block cannot be changed without redoing the work. Okay, this is very important. So you find the winning knots and so the hash, if quantified, has a value lower than the target set by the nodes. You're excited and then you realize, actually I wanted to go back and I wanted to add a transaction to that block. So you add a transaction to the block, you run that nonce and your new block through the hash function and you get a different hash that no longer meets the target. So if you go back and change any of the block data after you found the knots, the knots is no longer valid. You need to go back to square one and go search for the knots again, because the knots was specific to the set of data that you were hashing before you made the change. And so that's really what people talk about when they talk about bitcoin being immutable. It means that you can't go and you know, change data in the past and expect it to. You know hash, uh, correctly, um, going forward. So as later blocks are chained after it, the work to change the block would include redoing all the blocks after it. Okay, let's keep going here. So Satoshi continues.

Speaker 1: 46:46

The proof of work also solves the problem of determining representation in majority decision making. Okay, now we're really entering into an area that is highly political, so, you know, let's dive into it. If the majority were based on one IP address, one vote, it could be subverted by anyone able to allocate many IP addresses. So an IP address is, you know, it's, it's, it's how to put it, it's a way of identifying your computer on a network. But you can actually just have lots of IP addresses. You can just create virtual IP addresses. There's, it's something that is abundant, right? And that means that we can't really say that, hey, if we have one IP address, then that counts as a vote to ratify anything. Now, this in computer science is called a Sybil attack, right? If you're able to spin up lots of computers and pretend that you are a large population and force a system to operate a specific way, that's a Symbol attack.

Speaker 1: 47:58

Now, proof of work is essentially one CPU, one vote, although today you could say you know, one hash, one vote, or something like that. But what are we voting on? Let's be very clear about here, because what we're voting on is a very narrow set of issues, and if we start saying, oh well, bitcoin miners are voting on things outside of this, then we're really on shaky territory and it doesn't make a lot of sense. But what we're voting on is the ordering of the transactions in order to provide assurances that an electronic coin cannot be easily double spent, right? So we're just we're voting on transaction finality than Bitcoin miners are. They're not voting on anything else. Ok, so rest assured, they're not voting on how many Bitcoin they can get or how often a block comes out right, or anything like that. Okay, so Satoshi goes on.

Speaker 1: 49:02

The majority decision is represented by the longest chain. So, as I mentioned, that is incorrect. It actually is the most work chain which has the greatest proof of work effort invested in it. So, essentially, you know, I think that he understood the most work part, but he conflated it with the longest, and then it turns out those are two different things. Anyway, if a majority of CPU power here, we'll say hash rate is controlled by honest nodes and I actually I still think that we can keep honest nodes here in the sense that, well, we'll talk about how this gets unbundled, but it's not. That part is not completely. In fact. I would say it's not wrong at all Because ultimately, all hash rate is controlled by one node or another. How the system is architected, we'll talk I've got a visual in one minute. So the honest chain will grow the fastest and outpace any competing chains. To modify and pass the block, an attacker would have to redo the proof of work of all the blocks and then catch up with and surpass the work of the honest nodes. We will show later that the probability of a slower attacker caching up diminishes exponentially as subsequent blocks are passed or added.

Speaker 1: 50:27

Okay, so proof of work has a mechanism called a difficulty adjustment. So Satoshi almost got it completely right. Now, I think that he did change some implementation details in the code, but let's talk about that. So, to compensate for increasing hardware speed in a way, you know, gabe, to your earlier question, he's already thinking about, right, increasing hardware speed. What does that mean? Gpus, a6, one gigawatt course, canna facility, right, um? And varying interest in running nodes over time. Um, now, this I think we could. I think we can leave it as is. Uh, because, uh, well, it's a longer conversation. The proof of work difficulty is determined by a moving average targeting an average number of 2016 blocks per two weeks. So this is the famous difficulty adjustment that happens every two weeks. So if blocks are generated too fast, the difficulty increases and vice versa, and this adjustment is performed by the Bitcoin nodes and they look back, and if the 2016 blocks came in too quickly, they're going to increase the difficulty.

Speaker 1: 51:52

Here I've put together an infographic showing how we can think about unbundling what Satoshi called a node into different parts. So I would say that in the middle is the actual node. So the actual node is what maintains the ledger, the ledger meaning there's two parts to it. One is the historical transactions, so I would describe this as the journal, right? Or it's kind of accounting. Speak of journalizing all of the transactions. But there's also the UTXO set, which you could talk about as kind of what is the current balance sheet of Bitcoin, how you know who holds what Bitcoin. That's the UTXO set, all the unspent outputs, and maintaining that UTXO set and verifying all the transactions. That is what the nodes are doing, and they're verifying the blocks that are being produced by the mining pools. So the mining pools, they get data from a node, so each mining pool is connected to a node.

Speaker 1: 53:06

Usually, the mining pools operate their own nodes, and now a mining pool could not run a node, and now, a mining pool could not run a node, and we've seen them do this in the past. So they'll do what you know in the past is called SPV mining. Now then they end up mining invalid information and so, just out of self-interest, they also run a node. So I think that it's important to keep in mind that mining pools don't have to run Bitcoin nodes, and mining pools also don't have to hash, meaning that the hash power, the hash rate, can be pointed to a mining pool from third parties, like Riot, for example. So the mining pool itself is not doing the mining. Rather, the mining pool is a server software that is aggregating hash rate and applying it to hash a particular block header, and it is getting that block header data on the other end from a network node Right. And then the third constituency here or maybe fourth constituency, if we say so the fourth one is the wallets right that are being used to create transactions. So the mining pools create blocks, the wallets create transactions and the nodes verify all of this information.

Speaker 1: 54:37

So now that we've covered half of the white paper and we've kind of unbundled some of the issues at stake here, we're going to close out as kind of the first half of explaining the Bitcoin white paper, and I'll see you next week for the second half, where we're going to get into some of the other issues related to the Bitcoin white paper. Really appreciate your interest in this. I think that you know a lot of. I've heard a lot of people say that the Bitcoin white paper was something that was really important to them to read through, and so I think it is. Given its length, it's relatively short. I think that it's short enough for us to read through, but obviously too long for one episode. So we'll see you next week and if you enjoyed learning about Satoshi Nakamoto and the white paper and Bitcoin, please leave a review, share this episode with your friends and family and co-workers who are curious about Bitcoin, and we'll see you next week.

Speaker 2: 55:48

Thank you.