The Bitcoin whitepaper, simplified.

[This is original content, not GPT generated (proof). Please point out any mistakes if you find them.]

Doing your own research is hard. Reading whitepapers is hard. In this post I've attempted to break down the Bitcoin whitepaper into easy to read summaries of each section. I know it seems like a long post, but it's really a short read compared to the 8 page paper. Hopefully it helps you learn something new about Bitcoin. Enjoy!

1. Introduction: Satoshi identifies the issues with the existing trust-based payment system: reversible transactions, fees, minimum amounts, and the need for trust in a central authority. He proposes a trustless model: using cryptographic proof, two parties can transact directly instead of going through a trusted intermediary.

2. Transactions: A trustless model needs a way to ensure that a user can only spend their electronic coins once (this is the "double spend problem"). To achieve this, transactions must be made public to all the participants of the system, and there has to be an agreed upon order in which they occurred. If a user tries to spend the same bitcoin twice, whichever transaction happened first is counted and the other ignored.

Definition: A hash function is a cryptographic function that takes an input and returns a number of a specific format (in this case a 256 digit binary number). The key property of a hash function is that it only works in one direction: you can compute the hash of an input but can't determine the input from a given hash. You can only verify a hash if you know the input, compute it's hash and compare them.

3. Timestamp Server: Bitcoin uses a timestamp server to log transactions. In a timestamp server, a group of items to be timestamped (in this case transactions) are grouped into a block and then hashed. The hash is then included when computing the next block's hash: this proves that the first block must have existed before the second block, or else it couldn't have been included in the second block's hash. This forms a chain of hashes, proving the order in which the hashed transactions occurred.

4. Proof-of-Work: In the trustless payment model, all the nodes in the system are receiving the broadcasted transactions and combining them into a block. Then they combine the block with the hash of the previous block and a variable called a nonce, and compute the hash of this combination. All of the nodes are racing to find a hash that meets a certain requirement (the hash must start with a certain number of zeros). They increment the value of the nonce, which changes the hash, until they find a nonce value that satisfies the requirement. Then they broadcast the hash to all the other nodes, who verify the transactions within, and begin assembling and hashing the next block. The requirement for the block hash changes depending on the total CPU power in the system, in order to keep the time between new block at around 10 minutes.

This process essentially "sets in stone" the transactions in the block. If someone wanted to go back and reverse a transaction, they would have to redo the hashing calculation for that block, and all the blocks after it, until they reach the newest block. All the while, the honest nodes continue to grow the chain, increasing the work the attacker needs to do. See section 11 for calculations regarding the probability of success for this attack.

5. Network: The network is run like this: Transactions are broadcast to all nodes, who collect them into a block and begin computing the proof-of-work (the hash that meets the requirement). When a node finds a proof-of-work, it broadcasts it to all the other nodes, who then verify the validity of the transactions within. If the nodes accept the block, they then repeat the process, using the hash of the accepted block in the proof-of-work of the new block. If two blocks are broadcast at the same time, some nodes receive one first and some receive the other. The nodes work on whichever block they received until one branch of the chain becomes longer than the other. The nodes working on the shorter branch then accept the longer one and begin working on it.

6. Incentive: Nodes are rewarded for creating new blocks. The block reward is made up of the block subsidy (new coins that are given directly to the miner) and transaction fees (a small percentage of each transaction amount). The block subsidy is a means of adding new coins into circulation and decreases with time, eventually reaching zero. The node collects the block reward by adding transactions into its block that award itself the block subsidy and collect the transaction fees. The block reward has the added benefit of discouraging attacks on the network, since it would be more profitable to continue creating honest blocks and collecting the reward, and the accumulated bitcoins would be legitimate.

7. Reclaiming Disk Space: Sufficiently old transactions can be compacted using a data structure called a Merkle Tree. This structure combines transaction hashes into new hashes, and then combines the new hashes, again and again into a single "root hash". This allows old transaction data to be compacted while preserving the ability to verify their validity.

8. Simplified Payment Verification: Non-node users can verify payments by checking that the transaction has been accepted into a block of the longest chain (the "true" blockchain). Each added block further confirms the validity of the transaction (the transaction gets "buried" in the honest chain). This method works as long as the network is controlled by honest nodes: if the longest chain is being maintained by dishonest nodes, the transactions within are not necessarily honest, but they are verified.

9. Combining and Splitting Value: Instead of treating each satoshi individually (i.e. having a separate transaction for each satoshi sent), transaction take multiple inputs (to combine coins from previous transactions) and up to two outputs (one for sending, one for receiving change). So if I want to send you 1.5 BTC, I might send you two 1 BTC "coins" that I received separately (two inputs), and 1.5 BTC would go to you and 0.5 BTC would go back to my wallet (two outputs).

10. Privacy: The traditional, centralized banking model maintains privacy by keeping transaction information private. Nobody can see where you send your money except you, the recipient, and the central authority. However, we've established that in the trustless model, all transactions must be made public. The solution is to not include any information regarding who is involved in the transactions. Transaction amounts and public keys are shown, but nobody knows what public key belongs to who. To prevent public keys from being linked to your identity, use a new public/private key pair for each transaction.

11. Calculations: This section calculates the probability of success of an attack on the blockchain. Specifically, the probability of a dishonest chain being generated and overtaking the honest chain. Think of an attack as a race between the attacker and the honest nodes. For every new honest block, the attacker has to produce an equivalent block, and eventually this dishonest chain has to outpace the honest one. As long as the attacker holds less than 50% of the system's CPU power, the probability of success always tends towards zero as more honest blocks are created. However, if the dishonest CPU power surpasses 50%, the dishonest chain may overtake and replace the honest chain.

12. Conclusion: Satoshi summarizes what he has presented, and briefly mentions that the Proof-of-Work consensus mechanism can also be used to vote on new rules/changes to the system.