The Bitcoin Whitepaper: A Guided Meditation

Let's break it down as far as we can.

Jan 11, 2022

Pictured - Not an actual Bitcoin (those don’t exist…kind of) - Thx Bermix Studio

Curious about crypto? Wondering where to start? Boom.

Everything in crypto was born from this whitepaper. Most of the core ideas today might seem random and different, but the fundamental idea of a decentralized network CRYPTOgraphically validating transactions instead of a centralized entity (like Mastercard) validating all the payments is truly at the heart of the space (among some other antigovernment, ultra-libertarian, live in my mountain cabin but somehow benefit from all the luxuries created by a globalized economy fantastical paradoxes).

All of the memes, protocols, and dApps that fuel NFTs, Dogecoin, and Ether (among many others) have their rootiest roots in 2008 when Satoshi Nakamoto (we’re 99.999% sure that’s not a real name) published this whitepaper as part of a now deadlinked metzdowd.com cryptography email list. There’s a fascinating story around the search for the true identity of Satoshi which you can read here if you’re trying to avoid doing something productive by reading this (same).

This whitepaper more or less set the standard for how credible projects try (at least initially) to demonstrate the value of their ideas. This one is cleaner, more academic, and has a higher lucidity than most.

That’s why it’s a great first whitepaper to try to understand from the bottom up.

The best way to use this walkthrough is to have the actual whitepaper open in a separate tab so you can flip back and forth ← so click click pls.

By the numbers! One section at time - Let’s do this

Introduction

This one is easy. We buy a lot of things on the internet. We trust the centralized payment networks (like Visa) we utilize to not steal all our money and to make the network operate like we expect it to.

This “middle man” generally makes transactions more expensive (you gotta pay for trust) and also creates an interesting problem where you have non-reversible goods & services (like the sandwich I just ate), but potentially reversible transactions (I can get my sandwich money back, but the deli can’t get their sandwich back).

This asymmetry exacerbates the trust problem.

For IRL spending, verifiable physical currency ($$$) mostly solves this, but in digital payments you still needed that centralized entity…until now (or rather 2008).

What if you built a system to conduct peer-to-peer transactions (AKA without Visa) that were irreversible (good for deli’s) and made decentralized escrow a breeze (good for deli customers)? What if you built this using math?

What if?

Transactions

Coins aren’t coins anymore. They’re a chain of signatures. Huh?

Assume I have $1 and you have $0.

In physical space I can hand you that dollar. Now you have $1 and I have $0.

On the internet, I can’t hand you a dollar. But I can SAY to you that I give you $1.

Usually that doesn’t actually give you $1, but if someone we trust knows I have $1 and if someone we trust knows you have $0 and someone we trust hears me say that I give you $1 then they can decide that I now have $0 and you have $1. NOTE - We can guarantee (mostly) that I am who I say I am by using a private signature that only I have (think like your bank PIN, but a lot longer) to convince that person we trust it’s me.

Then we can repeat that process over and over and that’s an economy.

That someone we trust is Visa. And your bank. And every other centralized financial intermediary that has their own tally of who’s paid who what and when.

Except we don’t want to have to rely on them or any single party for that matter.

So rather than someone we trust hearing me say I give you $1, what if we shouted it at everyone at the same time?

Everyone can verify it’s me shouting by looking at my signature (the same as before except in a clever way) and everyone can keep track of the time I shouted to make sure I don’t spend more than I have (the first time I shouted is the time I spent the $1 so shouting again does nothing). That would be cool.

Timestamp Server

So how do we all keep track of the times I (and you and everyone else) shouted where my money was going? Math mostly.

Hash math specifically. Not hash. Hash.

Basically, we first represent a set of transaction data (my shouting) as a number. This number is called a hash ← try it yourself right here by typing in “I bought a banana for $10” (NOTE this isn’t exactly how it works but close enough). See how that turns into a string of numbers/letters? Letters can be numbers. Let’s call this is H1.

Then we multiply H1 by the set of times that were shouted (also represented as a number we’ll call H2). So H1 x H2.

This gives us a new number H3. So H1 x H2 = H3

Then we multiply that new number (H3) by a new set of transaction data (H4 aka MORE SHOUTING) and a new set of times (H5) to get a newer number.

So H3 x H4 x H5 = H6

Then we do that forever to make more and more H’s and because the hash math is deterministic (2+2 pretty much always equals 4) and mostly one-way (meaning it is easy to go forward, but hard to go backwards) this can be really useful for everyone to keep track of times together but ONLY IF WE DO SOME OTHER THINGS TOO.

Proof-of-Work

Ok I lied. We don’t just have H1 x H2 = H3. We also have to find a random number called a nonce (Number only used ONCE = NONCE lol) that we’ll called R1 ← as in “Random 1”. Why do we need to do this?

Because we’ve decided that H3 needs to be a special H3 that begins with some zeros (let’s say two).

So what we’re really doing is H1 x H2 x R1 = Special H3 with two zeros.

Why does it need to be special?

Because we want to waste people’s time and resources. Really!

Try to type stuff into the hashing thingy again. Anything. Can you get zeros to appear in the front of the hash you’re generating? I can only get one zero with random typing (try 1111 if you’re stuck).

If I want a hash with more zeros at the front, I’m gonna need to try a lot more inputs.

It’s totally possible, but it’s totally a waste of my time and resources. Great!

So back to our multiplication, remember that we decided we don’t just need an H3 - we need a Special H3 with two zeros at the front. So we’ll have to do H1 x H2 x Many different R1’s until we find an R1 that gives us that special H3 with two zeros.

Why are we wasting time and resources on this stupid zero thing?

You gotta remember that we’re shouting at everyone. Some of the people we’re shouting at are bad and will intentionally keep track of the shouted transactions and times in intentionally bad ways that give them extra money (fraudulently) if we let them.

Adding these stupid zeros makes it expensive for bad guys to maliciously participate in the network.

It makes it expensive for good guys too, but fortunately good guys will get paid enough for their work (explained later) to make it worth it.

The final piece of the puzzle here is that we don’t just accept the first person who finished their shouting homework and says “Here’s H3 with multiple zeros”. We do a majority vote and then the first person who found the “right” special H3 gets the reward. So everyone still has to do their homework and make their list of shouts before they can vote.

As long as more than half the participants are honest good guys (and rational economic actors), we’ll always reach accurate consensus.

Network

Step by step:

I shout that I want to give you $1
Everyone else hears my shout and calculates H1 and H2
Everyone else then starts working on finding R1 to find Special H3 using H1 x H2 x R1 = Special H3
When someone figures out Special H3, they shout it at everyone else
Everyone else checks their math (H1 x H2 X R1 = H3)
Everyone accepts Special H3 as being correctomundo and then starts looking for H4, H5, and R2 with the next set of shouted transactions that they hear

Everyone is always listening to all the shouting and whoever has the longest list of shouts (which implies it has the most valid/checked math out of all the other potential lists) is considered the “most right”. Remember, we’re always trying to make our lists longer and longer (with correct information) because that’s an economy.

Incentive

How do the good guys get paid for their work? We forgot to mention that we made it a rule that you’re allowed to shout that you’re getting paid a bit whenever you find Special H3 first. Also we might charge people to shout at the network and pay the good guys from that. Depends on what we want to do.

Also, there’s a clever thing where even if a lot of Bad Guys band together to break the network to steal everyone’s money, with this rule we’ve made it more appealing to just…find Special H3 like normal because you’ll probably get paid more for being a Good Guy than you can make by breaking the network which makes everyone lose faith in your fake internet money (tanking the value of the money you just stole).

Reclaiming Disk Space

Over time, we’re going to be writing a lot of shouted stuff down.

That might take up a lot of hard drive space.

We can use math (called Merkle Trees) to find a “Root Hash” which we can PROVE is representative of all the shouts we’ve been writing down, but doesn’t actually require us to keep track of all the old shouts.

That’s pretty neat!

Simplified Payment Verification

You (a person) can verify payments without keeping track of ALL the shouting. You just need to keep track of the Block Header (basically one of the Special H3’s in the long sequence of chained together H3’s) and have the payment’s Merkle Branch position (for example some portion of H2 that we calculated earlier). With these two parts, you only need to redo SOME of the math to be pretty sure its right.

Combining and Splitting Value

We’ve decided it makes sense to send the full value at a time ($1.50) rather than each individual atomic unit (150 separate $0.01 transactions) because that would be annoying.

Privacy

We decided to not give anyone a name other than a string of numbers/letters (wallet). We decided this because…because. In real life, it’s not too hard to figure out who people are if they use the same wallet or repeat purchase patterns.

Calculations

The private signature we set up earlier helps stop bad guys from pretending like they’re spending OUR money, but they can still try to double spend THEIR money.

Early on (like around H3 or H6), it’s hard, but not THAT hard for the Bad Guys to try to double spend. Over time it get’s a LOT harder for Bad Guys to change more than just a teeny bit of our list.

13 years later we’re on Block 718,206 (or H2,154,618). Once the Good Guys get a lead (which they have), they pretty much keep it unless something really catastrophically bad happens. I wouldn’t worry about it.

Conclusion

We’ve built a system to keep track of shouting at each other that is mathematically reliable, expensive for bad guys to break, and (crucially) doesn’t rely on any single individual or entity to keep the participants honest. Wow!

This stuff is pretty cool.

Did this light a degenerate fire in you? Are you thirsting for more white papers? Cool. Me too. Have a project you think is cool or hear the name of something that sounded interesting (like wtf is a ZK Rollup)?

Straight up the best way to find a whitepaper is to:

Try to Google the “Project name whitepaper”
If that doesn’t work, go directly to the project’s website to see if it’s visible somewhere in the directory or landing page
Still no luck? Use the site search bar and type in whitepaper
Finally, you can try using the Google site search operator like so -
- site:uniswap.org whitepaper

If you get to number 4 you’re probably out of luck, but it’s worth a try anyway.

We’re still super early Web3 and all the information is spread out across the internet (if it exists at all). That’s what makes it so fun and frankly part of what makes it so potentially valuable to try and learn.

If you could learn it all easily in one spot we’d probably be much closer to EMH nirvana than we are today and all of this analysis would just be chasing martingales.

Wysr by Cameron Armstrong

Discussion about this post