Devising Bitcoin

I don't believe we shall ever have a good money again before we take the thing out of the hands of government, that is, we can't take it violently out of the hands of government, all we can do is by some sly roundabout way introduce something that they can't stop.  —  F.A. Hayek (1984)

A monetary system is a set of balances which owners can change voluntarily.

Set of balances

The info from the set of balances can be represented on a chart or a spreadsheet like the above image.

Different info imply different monetary systems, a common chart/spreadsheet is needed. 

-Balances on a physical monetary systems (like gold): each individual keeps information only about his balance i.e. his corresponding part of the spreadsheet.  

-Balances on centralized digital monetary systems (like fiat): the information is centralized.

The Central Bank is the only one that keeps the general spreadsheet with commercial banks reserves. Each commercial bank keeps the chart of balances of each of its users. 

Each individual is vulnerable to the behaviour of commercial banks and Central Banks.

Creation of new units: monetary inflation

-At physical monetary systems: It is limited by the difficulty of extracting it from nature. It can be done in a semi-permissionless way because it strongly depends on location. E.g. Minings for gold.

-At centralized digital monetary systems: Central Bank has the absolute monopoly. It does so in form of bank reserves = more numbers in its chart of balances. Those numbers are exchangeable for paper money, that is why this action of creation of new balances is popularly known as "printing money" and meme it as "printer go brrr". Each individual is vulnerable to the vulnerable to limitless inflation of new units by the Central Bank. 

Change of balances: transactions (txs)                         

-At physical monetary systems: txs may be directly executed by individuals.

-At centralized digital monetary systems: txs are executed by a central party that must be trusted. 

if e.g. Henry (a client of Bank A) wants to send fiat to Bob (a client of Bank B), Henry orders it to his bank A

Bank A must be trusted to order to the Central Bank the change of its reserves to Bank B reserves. 

The Central Bank must be trusted to execute the tx.

Bank B must be trusted to show it on Bob's balance.

*This process do not happen continuously with each user tx: the Central Bank takes into account the net result of all txs that are happening between banks once a day, and then it settles those changes.

Each individual is vulnerable to censorship or the creation of an unauthorized tx by his bank or the central bank.

Satoshi Nakomoto had the goal of creating a decentralized monetary system where users don't need to rely on a central entity to perform any monetary function, they are going to be self-sovereign and not vulnerable to the third parties then. 

It required advanced computer science that flew in the face of traditional proofs of that trust-minimizing a centralized application was impossible, computer scientists rejected these ideas on such grounds.

All economists of all stripes, who heard the idea either ignored or rejected it.

The intersection of people who knew the proofs applied only to absolute consensus & people who believed in a very unusual econonomic & political ideas was minutely small. We were on the internet when it was far smaller than today & could not find each other. (Szabo)


Satoshi believed it was possible. Each user was going to need a copy of the spreadsheet to be able to easily verify it and agree. This chart in Bitcoin is called UTXO set.

Monetary inflation should be programed, enforced by math, and known advance. Each user should be able to order voluntary changes in the spreadsheet. The execution of transaction should be done in a distributed way, it should be a task for each user.  

Each circle represents a computer, a node of the network:

Each computer (node) should be able to create txs and to propagate existing ones.


A node decides to order a tx (represented as .....). That order is transmitted like a gossip from node to node: 

(The first figure on the left represents a first stage and each consequent figure to the right a later moment).

But how to agree on a single and common spreadsheet? If each spreadsheet is updated just at the time new transactions are received, there will be disputes about which tx should be executed first. 


A new tx represented as . is published by other node. The tx is also propagated, some of the nodes receive this new tx before tx  .....

The last of the previous images (bottom right) represents a stage of the network where some nodes will have heard only about the tx  ....., other nodes will have heard about both txs but some of think tx .....  should go first and others think tx . should go first instead. 

If momentarily there are different set of balances, it means momentarily there are different monetary systems. This is especially problematic when the dispute about which tx should go first is between conflicting txs. Conflicting txs are transactions that once the first tx is executed, the second one is invalid. 


The possibility of both txs being executed is called the"double-spend problem".  Henry could receive 2 different products of 1 btc price each of them. If both receivers end up being recognized as true owners of the 1 btc each, there would be monetary inflation (1 coin created 2 coins). Or, there would be 2 different monetary systems coexisting if some participants recognize Eva as the true owner of the btc and others recognize Amy. 

Chronological order should determine validity. In physical monetary systems this is evident and enforced naturally. Centralized digital systems partially solve this problem by giving the power to decide the chronological order to a trusted single entity.


If commercial bank A tries to spend its balance twice at the same time, the Central Bank will declare invalid the tx it considers last. 

But it is not possible to exactly determine nor mathematically proof which tx was ordered first in a distributed system. Different computers will receive txs at a different order. It is not possible to have a common exact clock in such a system. 

Also balances are not linked to specific nodes, so any bitcoin owner could try to spend the same coin on different txs:

-From the same node, each tx could initially go to different connecting nodes:

-From different nodes. Each node could publish a different tx.

Someone should have the power to decide the chronological order of txs.

If this power were given by privilege, the privileged entities could censor txs by stalling its execution. 

Access to that power should be permissionless (everybody should be able to opt for it) -> connected to the physical world, it should depend on resources that are external to the network.  

Because there is no identity in the system (a security feature for privacy and openness), identity is substituted by the effort of showing interest to participate in the process.  

prevent a monopoly -> run a frequent lottery (=probabilistic) between all effort shown . 10' . Enough time for everybody to receive this info, usually before next update.


Also it should be easy to verify the proof of lottery winner and txs validity by the rest of the network. Any dispute on conflicting txs should be solved in a straightforward way. PoW or Nakamoto Consensus.


Txs should include a fee to incentivize the miner to include them in the ledger.

In any system where there is no privilege: cost of production ~ reward. 

The more just way to distribute the coins. Limited for being scarce. Inflation is lowered, coins can be permissionless redistributed by fees of txs. 

Difficulty adjustment for a predictable issuance. 

Como funcionan los bloques .

In a decentralized network there is no central authority to validate txs. Each node is an authority, so the same ledger is needed in every node.

A naive approach would be to use the mempool as that ledger and when conflicting txs appear, validate only the first one. But then mempools would vary between nodes. In a decentralized network it is not possible to proof exactly wich tx was sent first if txs were sent within a relatively small timeframe (=more than just a few seconds in a distributed digital network), each node can only know which tx it received first. It takes different time for data to get to different nodes, also,. No common database-> double spend problem: a bitcoin owner may try to spend the same coin on different txs: 

 there is a novel core idea which is actually very clever—the hash chain is a compromise which thinks outside the box and gives us a sidestep around classic problems of distributed computing, which gives us something similar enough to a trustworthy non-centralized authority that we can use it in practice.


People send petition probing  the will to do and 1 entity execute them from time to time and the rest of network verifies funds and will. Oh no! centralized. the rest of users could verify but he could censor or double-spend his money or money of a friend.

So everybody should be able to execute transaction applications giving enough time for everybody to update their spreadsheet. Everybody should have the option of being that central entity each time.

How we select that person?

How to verify he did not cheat with him being elected?

Consensus if different people say they were elected)

We have seen time in decentrelized systems can not be precised. So we could try to make a lottery but sybil attack, to verify majority..sybil attacks. ->Identify nodes. Proof of identity. not very scalable nor easy to verify. PoS centralization, not very scalable, not permisionless. 

OK, Aleatory between all interest shown, it does not matter who. fish in a lake and cañas. anybody new may enter, maybe the adquire balance this way. if a tx is censored, more fee. mathematically is easy to proof and very easy to verify for the rest of the network, easy consensus. PoW.

->Bitcoin txs: users send its desired txs, if valid (comparing to their spreadsheet) txs are relayed, one node takes the lead updating his spreadsheet (creating a block), the new spreedsheet have to be accepted by the rest of nodes. It is executed by that node but it will not but completely executed until the rest of nodes update the balance sheet. Decentralized execution.

Mechanism to execute transactions from time to time. That is the clock. Easy to verify if a miner spam. Costly for miners if they misbehave. 

bitcoin inflation->Math. Predicted. 

Txs that are included in a block, are removed from the mempool.

Nodes will accept the first block seen, so in case that 2 blocks are mined at almost the same time and are not linked each other, some nodes will accept one block valid (yellow block in the example) and discard the other (pink block in the example) while the rest of nodes will do the opposite:

At these point there would be 2 different blockchains coexisting for a short period of time, but this kind of conflict can only last while both chains have the same number of blocks. That dispute is solved when another block is created (a pink block in this example). Nodes follow the chain with "the most accumulated PoW", that almost always is, and we will understand for now, as the longest chain (the chain with a bigger number of blocks). So the nodes that were following the shorter chain will forget about it and will embrace the longer one. 

The txs that were included into the discarded block are returned to the meempool if they are not included in the new accepted chain.

The block discarded in called an orphan block and the process of discarding the shorter chain is called a reorg

Two different tx are published. Tx .,. and tx ._..  Some nodes have incorporated them into their mempool, others not yet.


Bitcoin idea not popular cause: 

-ideological beliefs about the nature of money (liberals not interested in non-state currencies, and Austrians believing that currencies must have intrinsic value

-requiring a proof-of-work to be a node in the Byzantine-resilient peer-to-peer system to lessen the threat of an untrustworthy party controlling the majority of nodes and thus corrupting a number of important security features

Vocabulary: distributed network

Spreadsheet. Adresses, wallets. Hash?

Creating new accounts. Controlling created accounts. Nodes and accounts are not linked

That is enough for a basic knowledge about the network.


More advanced explanation of some topics.

Naive approach: meempool -> spreadsheet using unconfimed tx as the execution txs. 

Even if we somehow get the same initial mempool by all nodes, they will end up differing at least in order.

This is necessarily so because each node receives txs in different order. This means the spreadsheet will differ when conflicting transactions arrive at different order. This can happen involuntarily or voluntarily "Double spend attack. Different spreadsheets = different monetary systems.

No possible to know exactly wich tx was sent first.

A common ledger is needed. 

A common order of txs is needed. How to agree? no majority, in a decentralized way.

Someone should lead, but he should not lead always. Easily remplazable. Privacy of identity. Permisionless.

Lottery. If nodes->not possible, sybil attack. Effort to create that block, if 100% of network working on that would find a "fish at an average of 10'"

The fisher send the order to everybodyesle and miners have the incentive to write that order because this way they have more probability to get the next reward.

Then we consider tx is finalized. To prevent double spend, wait more.

low probability of creating a fork. 

Sheet limited and also the updates. Fees. incentivize to continue in the chain by miners that already mined by reward (it prevent double-spending). Other miners dont care much, they are incentivized to start mining in the longest chain as soon as possible

Mechanism for updating the spreadsheet.


Ledger of txs. Ledger is a register of the changes produced in the database. In Bitcoin is the power is limited to simply accept and order desired txs.

In Bitcoin new spreadsheet have to be accepted by the users.

Physical -> nature HISTORY. Each part of a tx knows about it.

Digital -> 1 Ledger of txs. Centralized: 1 location Distributed: same ledger different locations.

initial txs: not 1 ledger.  

Why the need of agreeing on a ?

Why the need of keeping txs in a ledger?

To maintain scarcity. 

Why the need of a common ledger?

In a pure physical monetary system, like gold bullion, that common ledger is imposed by the laws of nature. 

The physical nature maintains scarcity because it avoids the infinite creation of new units and it avoids the double spend problem (an user could spend the same balance more than once). ships. countries.

If the monetary system is digital, the monetary units are only data in a spreadsheet, so scarcity is not guaranteed by the force of nature. Anyone with the power to change that database can create new units or could perform a double spend.

E.g. Current fiat system:


 then a common ledger (=a commonly accepted order/hierarchy or txs) is needed to keep track of each balance. If not, the "double spend problem" arises.


E.g. Traditional banking system: the ledger of the reserves of all commercial banks is keeped by the Central Bank who has control over it. When a commercial bank A wants to make a transfer to commercial bank B, commercial bank A simply noticies the Central Bank and the Central Bank will make a new entry on its ledger removing balance from commercial bank A and adding the same balance to commercial bank B.  

If commercial bank A tries to spend its balance twice, usually the Central Bank will declare invalid the second tx received.

In a decentralized network there is no central authority to validate txs. Each node is an authority, so the same ledger is needed in every node.

A naive approach would be to use the mempool as that ledger and when conflicting txs appear, validate only the first one. But then mempools would vary between nodes. In a decentralized network it is not possible to proof exactly wich tx was sent first if txs were sent within a relatively small timeframe (=more than just a few seconds in a distributed digital network), each node can only know which tx it received first. It takes different time for data to get to different nodes, also, balances are not linked to specific nodes, any user can control different nodes so two conflicting txs could be sent at the same time. So if following a "only the first received conflicting tx is valid" approach, databases would differ/there would different versions of the s because different nodes receive txs in different order. No common database-> double spend problem: 

A naive approach would be to make only use of the mempool. Txs would be peer-to-peer and each peer would update its spreadsheets of balances. The first and biggest problem is that different peers would have different versions of the spreadsheet. If so,  One of those txs should be declared invalid by all of the network.​

It is necessary to establish an order of txs, to proof which fish came first.  E.g. with

So a ledger is needed.

and it  would make sense to declare the first tx sent as the valid one


Unconfirmed txs could be seen as gossips. Different gossips can be transmitted to different persons or from different places. E.g. one gossip says "It's going to be a rainy day" and other says "It's going to be a sunny day", both can not be true at the same time, so maybe people will assume the one received first is the true one. If the different gossips starts to propagate in whatsapp nearly at the same time to different groups, not all people will receive the same message first.

In a decentralized network a mechanism is needed to make possible for users to agree on an specific order. 

Txs are not ordered in mempools.

A mempool it is like

There would be a dispute between different nodes that recognize a different tx as valid.


When establishing an order, only the 1st tx would be recognized as valid.

Blocks have a limited space of data that depends on the txs included. The theoretical maximum size is 4 megabytes and the more realistic maximum size is 2 megabytes maximum which allows around 3500 transactions.

Txs compete to enter in the block, this is why the sender can choose a fee to incentive miners to choose that tx with a higher/lower priority.

The miner that produces a block collects the fees of txs that end up inside the block, and also he collects the block subsidy.

The block subsidy is a fixed quantity of bitcoin that the miner earns automatically when creating a block. When Bitcoin first started, 50 Bitcoins per block were given but that subsidy halves every every 210,000 blocks (approximately every 4 years) and will keep on halving until the block reward per block becomes 0 (approximately by year 2140). As of now, the block reward is 12.5 coins per block and will decrease to 6.25 coins per block post halving.

Block subsidy + fees = block reward.

Competition to create blocks is so high that the probability of creating a block for a single miner is extremely low. So some users join forces forming mining pools. When a mining pool is able to create a block and gets the reward, it is distributed between the mining pool members/miners.


Mining. Proof of work.

Reality is that normal nodes are most certain of not being able to main. Specialized.

Tx. Addresses. Private key, public key.


PoW 10' average but randomly.

Each node when it is connected, it can download mempool and blockchain. 

That reward consists in a subsidy and fees collected from txs allocated into that block.

Fees: limited space.

Empty blocks.


A node that possesses access to the keys of an address with a balance of 1 btc: publish the tx, if it is valid it is propagated from node to node like a gossip.

One of the nodes that knows about that tx create a block and includes that tx. The block is propagated through the network from node to node. The nodes that receive the block, after verifying its validity, update their copy of the blockchain and relay that block to other nodes than don't know yet about it.

Nodes maintain a mempool with unconfirmed txs they received, and a copy of the blockchain.

When unconfirmed txs are included in a new valid block, they remove them from the mempol update their blockchain with the new block and remove 

deeper in the blockchain more secure, like a mosquito en ambar vs corteza.

Why is it necessary to record the txs in the blockchain?

To prevent double-spending.

common list. legder

blocks: convinient to check, easy to verify. more secure. organize. easy to verify miners y nodes. check what came late. more secure.

They can store it partially or the entire copy (full node).

Txs->blocks: prevent double-spending

How to allow censorship resistance -> decentralization? Easy verifiability.

It is important to establish a previous order, because this way is not necessary to verify everything at any moment. It is easy to verify new information since the last check. So user can easily verify new information.

Miners sign only the most recent block of tx while still, indirectly via the previous block ID pointer, signing all historic txs.

who establishes the new order?

Lottery. Decentralization. Permisionless. Resilience (no identity, no fixed location), physical world. PoW. 

To agree in the established order. Nakamoto Consensus.

How to agree?

Most accumulated PoW. Nakamoto Consensus.

A more detailed explanation:

Tx: Pub key, private key. Address.

Block: hash. Reorgs, orphans, empty blocks.

Who is going to want to include that tx in a block? How can people get new bitcoins in a permissionless way? Physical world. 

Block reward.

10 minutes?

Difficulty adjustment.


UTXO set

-Agreeing on the "right" blockchain

Txs are considered confirmed/ when they are included into a block, that is, the are registered in the blockchain. So in order to send a tx, a node needs to first have bitcoin, later send the information, be included in ab block.

open source


Number of tx is limited so, they compete to be included by paying a fee. 

Who collects that fee?

Miners, are nodes that include info of requested tx into blocks. PoW consensus or nakamoto consensus. Energy. Real world. preventing double spend, all together. archivar en carpetas, todo el mundo deacuerdo, hashes asi que ocupa menos. prevent disputes and changes about history.  m                                                   

Technical explanation:


Private key and public key. 


Interesting stuff: