index.scroll
Changed around line 40: The problem of course is the payee can't verify that one of the owners did not d
- We need a way for the payee to know that the previous owners did not sign any earlier transactions. For our purposes, the earliest transaction is the one that counts, so we don't care about later attempts to double-spend. The only way to confirm the absence of a transaction is to be aware of all transactions. In the mint based model, the mint was aware of all transactions and decided which arrived first. To accomplish this without a trusted party, transactions must be publicly announced^[1], and we need a system for participants to agree on a single history of the order in which they were received. The payee needs proof that at the time of each transaction, the majority of nodes agreed it was the first received.
+ We need a way for the payee to know that the previous owners did not sign any earlier transactions. For our purposes, the earliest transaction is the one that counts, so we don't care about later attempts to double-spend. The only way to confirm the absence of a transaction is to be aware of all transactions. In the mint based model, the mint was aware of all transactions and decided which arrived first. To accomplish this without a trusted party, transactions must be publicly announced^dai, and we need a system for participants to agree on a single history of the order in which they were received. The payee needs proof that at the time of each transaction, the majority of nodes agreed it was the first received.
- The solution we propose begins with a timestamp server. A timestamp server works by taking a hash of a block of items to be timestamped and widely publishing the hash, such as in a newspaper or Usenet post^[2-5]. The timestamp proves that the data must have existed at the time, obviously, in order to get into the hash. Each timestamp includes the previous timestamp in its hash, forming a chain, with each additional timestamp reinforcing the ones before it.
+ The solution we propose begins with a timestamp server. A timestamp server works by taking a hash of a block of items to be timestamped and widely publishing the hash, such as in a newspaper or Usenet post^massias^haber^bayer^haber2. The timestamp proves that the data must have existed at the time, obviously, in order to get into the hash. Each timestamp includes the previous timestamp in its hash, forming a chain, with each additional timestamp reinforcing the ones before it.
- To implement a distributed timestamp server on a peer-to-peer basis, we will need to use a proof-of-work system similar to Adam Back's Hashcash^[6], rather than newspaper or Usenet posts. The proof-of-work involves scanning for a value that when hashed, such as with SHA-256, the hash begins with a number of zero bits. The average work required is exponential in the number of zero bits required and can be verified by executing a single hash.
+ To implement a distributed timestamp server on a peer-to-peer basis, we will need to use a proof-of-work system similar to Adam Back's Hashcash^back, rather than newspaper or Usenet posts. The proof-of-work involves scanning for a value that when hashed, such as with SHA-256, the hash begins with a number of zero bits. The average work required is exponential in the number of zero bits required and can be verified by executing a single hash.
Changed around line 89: The incentive may help encourage nodes to stay honest. If a greedy attacker is a
- Once the latest transaction in a coin is buried under enough blocks, the spent transactions before it can be discarded to save disk space. To facilitate this without breaking the block's hash, transactions are hashed in a Merkle Tree^[7][2][5], with only the root included in the block's hash. Old blocks can then be compacted by stubbing off branches of the tree. The interior hashes do not need to be stored.
+ Once the latest transaction in a coin is buried under enough blocks, the spent transactions before it can be discarded to save disk space. To facilitate this without breaking the block's hash, transactions are hashed in a Merkle Tree^merkle^massias^haber2, with only the root included in the block's hash. Old blocks can then be compacted by stubbing off branches of the tree. The interior hashes do not need to be stored.
Changed around line 125: We consider the scenario of an attacker trying to generate an alternate chain fa
- The probability of an attacker catching up from a given deficit is analogous to a Gambler's Ruin problem. Suppose a gambler with unlimited credit starts at a deficit and plays potentially an infinite number of trials to try to reach breakeven. We can calculate the probability he ever reaches breakeven, or that an attacker ever catches up with the honest chain, as follows^[8]:
+ The probability of an attacker catching up from a given deficit is analogous to a Gambler's Ruin problem. Suppose a gambler with unlimited credit starts at a deficit and plays potentially an infinite number of trials to try to reach breakeven. We can calculate the probability he ever reaches breakeven, or that an attacker ever catches up with the honest chain, as follows^feller:
Changed around line 231: The network is robust in its unstructured simplicity. Nodes work all at once wit
- - [1] W. Dai, "b-money," http://www.weidai.com/bmoney.txt, 1998.
- - [2] H. Massias, X.S. Avila, and J.-J. Quisquater, "Design of a secure timestamping service with minimal trust requirements," In 20th Symposium on Information Theory in the Benelux, May 1999.
- - [3] S. Haber, W.S. Stornetta, "How to time-stamp a digital document," In Journal of Cryptology, vol 3, no 2, pages 99-111, 1991.
- - [4] D. Bayer, S. Haber, W.S. Stornetta, "Improving the efficiency and reliability of digital time-stamping," In Sequences II: Methods in Communication, Security and Computer Science, pages 329-334, 1993.
- - [5] S. Haber, W.S. Stornetta, "Secure names for bit-strings," In Proceedings of the 4th ACM Conference on Computer and Communications Security, pages 28-35, April 1997.
- - [6] A. Back, "Hashcash - a denial of service counter-measure," http://www.hashcash.org/papers/hashcash.pdf, 2002.
- - [7] R.C. Merkle, "Protocols for public key cryptosystems," In Proc. 1980 Symposium on Security and Privacy, IEEE Computer Society, pages 122-133, April 1980.
- - [8] W. Feller, "An introduction to probability theory and its applications," 1957.
+ ^dai W. Dai, "b-money," http://www.weidai.com/bmoney.txt, 1998.
+ ^massias H. Massias, X.S. Avila, and J.-J. Quisquater, "Design of a secure timestamping service with minimal trust requirements," In 20th Symposium on Information Theory in the Benelux, May 1999.
+ ^haber S. Haber, W.S. Stornetta, "How to time-stamp a digital document," In Journal of Cryptology, vol 3, no 2, pages 99-111, 1991.
+ ^bayer D. Bayer, S. Haber, W.S. Stornetta, "Improving the efficiency and reliability of digital time-stamping," In Sequences II: Methods in Communication, Security and Computer Science, pages 329-334, 1993.
+ ^haber2 S. Haber, W.S. Stornetta, "Secure names for bit-strings," In Proceedings of the 4th ACM Conference on Computer and Communications Security, pages 28-35, April 1997.
+ ^back A. Back, "Hashcash - a denial of service counter-measure," http://www.hashcash.org/papers/hashcash.pdf, 2002.
+ ^merkle R.C. Merkle, "Protocols for public key cryptosystems," In Proc. 1980 Symposium on Security and Privacy, IEEE Computer Society, pages 122-133, April 1980.
+ ^feller W. Feller, "An introduction to probability theory and its applications," 1957.
index.scroll
Changed around line 133: code
- \[
- q_z =
+ q_z =
- 1 & \text{if } p \leq q, \\[10pt]
- \left(\frac{q}{p}\right)^z & \text{if } p > q.
+ 1, & \text{if } p \leq q \\[8pt]
+ \left(\frac{q}{p}\right)^z, & \text{if } p > q
- \]
-
.requests.scroll
Changed around line 1
+ title Traffic Data
+ metaTags
+ homeButton
+ buildHtml
+ theme gazette
+
+ printTitle
+
+ container
+
+ Real time view
+ /globe.html?folderName=blank_template
+
+ button Refresh
+ link /summarizeRequests.htm?folderName=blank_template
+ post
+ // Anything
+
+ .requests.csv
+
ReadersWriters
ReadersWriters
+ sparkline
+ y Readers
+ color blue
+ width 200
+ height 200
+ sparkline
+ y Writers
+ color green
+ width 200
+ height 200
+ printTable
+
+ tableSearch
+ scrollVersionLink
.stats.json
Changed around line 1
+ {
+ "files": [
+ ".gitignore",
+ "bitcoin.pdf",
+ "figure1.png",
+ "figure2.png",
+ "figure3.png",
+ "figure4.png",
+ "figure6.png",
+ "figure7.png",
+ "index.scroll"
+ ],
+ "stats": {
+ "folder": "satoshi",
+ "folderLink": "https://hub.scroll.pub/satoshi",
+ "created": "2024-12-20T22:23:47.000Z",
+ "revised": "2024-12-20T22:23:47.000Z",
+ "files": 9,
+ "mb": 1,
+ "revisions": 35,
+ "hash": "8043477c96"
+ }
+ }
figure5.png
index.scroll
Changed around line 133: code
+ \[
+ \]
index.scroll
Changed around line 133: code
- [
- ]
index.scroll
Changed around line 133: code
- \[
+ [
- \]
+ ]
index.scroll
Changed around line 133: code
- q_z =
+ \[
+ q_z =
- 1 & \text{if } p \leq q \\
- \left(\frac{q}{p}\right)^z & \text{if } p > q
+ 1 & \text{if } p \leq q, \\[10pt]
+ \left(\frac{q}{p}\right)^z & \text{if } p > q.
+ \]
+
index.scroll
Changed around line 133: code
- \[
- \]
index.scroll
Changed around line 133: code
- q_z = \begin{cases}
- 1 & \text{if } p \leq q\\
- (q/p)^z & \text{if } p > q
+ \[
+ q_z =
+ \begin{cases}
+ 1 & \text{if } p \leq q \\
+ \left(\frac{q}{p}\right)^z & \text{if } p > q
+ \]
index.scroll
Changed around line 160: katex
- z
- 1 - ∑ λk e-λ / k! * (1 - (q/p)^(z-k))
- k=0
+ 1 - \sum_{k=0}^{z} \frac{\lambda^k e^{-\lambda}}{k!} \cdot (1-(q/p)^{z-k})
index.scroll
Changed around line 152: katex
- ∞
- ∑ λk e-λ / k! * { (q/p)^(z-k) if k≤z
- k=0 { 1 if k>z }
-
+ \sum_{k=0}^{\infty} \frac{\lambda^k e^{-\lambda}}{k!} \cdot \begin{cases}
+ (q/p)^{z-k} & \text{if } k\leq z\\
+ 1 & \text{if } k>z
+ \end{cases}
+