Bitcoin: A Peer-to-Peer Electronic Cash System

A purely peer-to-peer version of electronic cash would allow online payments to be sent directly from one party to another without going through a financial institution. Digital signatures provide part of the solution, but the main benefits are lost if a trusted third party is still required to prevent double-spending. We propose a solution to the double-spending problem using a peer-to-peer network. The network timestamps transactions by hashing them into an ongoing chain of hash-based proof-of-work, forming a record that cannot be changed without redoing the proof-of-work. The longest chain not only serves as proof of the sequence of events witnessed, but proof that it came from the largest pool of CPU power. As long as a majority of CPU power is controlled by nodes that are not cooperating to attack the network, they'll generate the longest chain and outpace attackers. The network itself requires minimal structure. Messages are broadcast on a best effort basis, and nodes can leave and rejoin the network at will, accepting the longest proof-of-work chain as proof of what happened while they were gone.

[1]  Feller William,et al.  An Introduction To Probability Theory And Its Applications , 1950 .

[2]  Claude E. Shannon,et al.  Prediction and Entropy of Printed English , 1951 .

[3]  Edwin Weiss,et al.  A user authentication scheme not requiring secrecy in the computer , 1974, Commun. ACM.

[4]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[5]  Robert J. McEliece,et al.  A public key cryptosystem based on algebraic coding theory , 1978 .

[6]  Ralph C. Merkle,et al.  Secure communications over insecure channels , 1978, CACM.

[7]  Martin E. Hellman,et al.  Hiding information and signatures in trapdoor knapsacks , 1978, IEEE Trans. Inf. Theory.

[8]  Ralph C. Merkle,et al.  Secrecy, authentication, and public key systems , 1979 .

[9]  Ralph C. Merkle,et al.  Protocols for Public Key Cryptosystems , 1980, 1980 IEEE Symposium on Security and Privacy.

[10]  Manuel Blum,et al.  How to generate cryptographically strong sequences of pseudo random bits , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[11]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[12]  Leonid A. Levin,et al.  One-way functions and pseudorandom generators , 1985, STOC '85.

[13]  Howard M. Kanare,et al.  Writing the Laboratory Notebook , 1985 .

[14]  Ivan Damgård,et al.  Collision Free Hash Functions and Public Key Signature Schemes , 1987, EUROCRYPT.

[15]  Moni Naor,et al.  Universal one-way hash functions and their cryptographic applications , 1989, STOC '89.

[16]  Russell Impagliazzo,et al.  One-way functions are essential for complexity based cryptography , 1989, 30th Annual Symposium on Foundations of Computer Science.

[17]  Ivan Damgård,et al.  A Design Principle for Hash Functions , 1989, CRYPTO.

[18]  Ralph C. Merkle,et al.  One Way Hash Functions and DES , 1989, CRYPTO.

[19]  John Rompel,et al.  One-way functions are necessary and sufficient for secure signatures , 1990, STOC '90.

[20]  Moti Yung,et al.  On the Design of Provably Secure Cryptographic Hash Functions , 1991, EUROCRYPT.

[21]  Yorktown Heights,et al.  One-Way Group Actions , 1991 .

[22]  Moni Naor,et al.  Pricing via Processing or Combatting Junk Mail , 1992, CRYPTO.

[23]  Ronald L. Rivest,et al.  The MD4 Message-Digest Algorithm , 1990, RFC.

[24]  Ronald L. Rivest,et al.  The MD5 Message-Digest Algorithm , 1992, RFC.

[25]  Stuart Haber,et al.  Improving the Efficiency and Reliability of Digital Time-Stamping , 1993 .

[26]  Mihir Bellare,et al.  The Security of Cipher Block Chaining , 1994, CRYPTO.

[27]  James W. Moore,et al.  The use of encryption to ensure the integrity of reusable software components , 1994, Proceedings of 1994 3rd International Conference on Software Reuse.

[28]  Karen R. Sollins,et al.  Functional Requirements for Uniform Resource Names , 1994, RFC.

[29]  Jack J. Dongarra,et al.  Location-independent naming for virtual distributed software repositories , 1995, SSR '95.

[30]  Aviel D. Rubin Trusted distribution of software over the Internet , 1995, Proceedings of the Symposium on Network and Distributed System Security.

[31]  Ronald L. Rivest,et al.  Time-lock Puzzles and Timed-release Crypto , 1996 .

[32]  Hans Dobbertin Cryptanalysis of MD5 Compress , 1996 .

[33]  Stuart Haber,et al.  Secure names for bit-strings , 1997, CCS '97.

[34]  Hans Dobbertin,et al.  Cryptanalysis of MD4 , 1996, Journal of Cryptology.

[35]  Markus Jakobsson,et al.  Proofs of Work and Bread Pudding Protocols , 1999, Communications and Multimedia Security.

[36]  .. Massias,et al.  DESIGN OF A SECURE TIMESTAMPING SERVICEWITH MINIMAL TRUST REQUIREMENTH , 1999 .

[37]  John G. Brainard,et al.  Client Puzzles: A Cryptographic Countermeasure Against Connection Depletion Attacks , 1999, NDSS.

[38]  David Mazières,et al.  Self-certifying file system , 2000 .

[39]  Aviel D. Rubin,et al.  Publius: a robust, tamper-evident, censorship-resistant web publishing system , 2000 .

[40]  Ian Clarke,et al.  Freenet: A Distributed Anonymous Information Storage and Retrieval System , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[41]  Andy Oram,et al.  Peer-to-Peer: Harnessing the Power of Disruptive Technologies , 2001 .

[42]  David Mazières,et al.  Tangler: a censorship-resistant publishing system based on document entanglements , 2001, CCS '01.

[43]  James F. Doyle,et al.  Peer-to-Peer: harnessing the power of disruptive technologies , 2001, UBIQ.

[44]  Adam Back,et al.  Hashcash - A Denial of Service Counter-Measure , 2002 .

[45]  Stuart Haber,et al.  How to time-stamp a digital document , 1990, Journal of Cryptology.

[46]  Robert Wilensky,et al.  A framework for distributed digital object services , 2006, International Journal on Digital Libraries.