Chris Natoli

Bitcoin for mathematicians, part 1: Distilling the problem

published 27 December 2017

( next part )

This series of blog posts is an exposition of Satoshi Nakamoto’s original whitepaper from 2008, supplemented by’s developer guide. Since there are already plenty of Bitcoin explainers for laypeople, the intended audience of this series is more niche, so that mathematicians could benefit from a brief yet still precise explanation of Bitcoin.

Despite the obvious benefits of electronic payments, they lack some advantages of physical cash. Anyone even passingly familiar with cryptocurrencies would identify anonymity as one of the key advantages. But Satoshi seems preoccupied with another, perhaps primary advantage: that it is inherently impossible for a coin to be spent multiple times by the same person, since once it is spent it is no longer possessed by the spender.

Preventing so-called double-spending in electronic commerce is not easy. The solution until 2008 was to process all electronic payments through trusted third parties – such as banks, credit card companies, and payment platforms like PayPal and Venmo – who verify the presence of the money to be spent at the point of sale. But for Satoshi, facilitation by third parties is somewhat of an original sin.

In the whitepaper, he wrote that the inhererent flaw of such centralized systems was that completely non-reversible transactions are not really possible, since financial institutions cannot avoid mediating disputes. I.e., third parties always have the power to reverse the payment since it is they who handle the cash. This provides, at least in theory, the opportunity for either party to dispute it. However, three months later when announcing his creation on the p2p Foundation’s forums, he reallocates the original sin, placing more blame on banks in particular:

The root problem with conventional currency is all the trust that’s required to make it work. The central bank must be trusted not to debase the currency, but the history of fiat currencies is full of breaches of that trust. Banks must be trusted to hold our money and transfer it electronically, but they lend it out in waves of credit bubbles with barely a fraction in reserve. We have to trust them with our privacy, trust them not to let identity thieves drain our accounts. Their massive overhead costs make micropayments impossible.

(Perhaps this shift in blame was informed by the ongoing financial crisis. Indeed, Satoshi baked into the first bitcoin ever mined a front-page headline from The TimesChancellor on brink of second bailout for banks – likely as a jab at monetarist governance over fiat currencies.)

Either way, the disadvantages of centralized electronic payment systems all stem, at least in Satoshi’s eyes, from trusted third parties: First, the inevitability of mediation increases transaction costs. Second, it precludes non-reversible payments for non-reversible services. On one hand, reversible payments might be useful, e.g., PayPal can help customers get a refund if the product never arrives, and credit card companies can protect cardholders against fraudulent charges (often at the merchant’s expense if the payment is reversed). On the other hand, reversible payments can be used to scam sellers, too. Fraud – but also some customer protections – could be avoided by a system non-reversible payments. Third, the risk that merchants face compels them to request extra information from their customers, thus eroding whatever anonymity is left after linking third parties to bank accounts.

The problem, therefore, is to construct an electronic cash system that

  1. is anonymous,

  2. avoids the double-spending problem without resorting to third parties, and

  3. has non-reversible payments.

Satoshi seeks a solution in cryptography.