Although it would be possible to handle coins individually, it would be unwieldy to make a separate transaction for every cent in a transfer.

It is possible to verify payments without running a full network node.

Once a predetermined number of coins have entered circulation, the incentive can transition entirely to transaction fees and be completely inflation free.

By convention, the first transaction in a block is a special transaction that starts a new coin owned by the creator of the block.

New transaction broadcasts do not necessarily need to reach all nodes.

The steps to run the network are as follows: 1) New transactions are broadcast to all nodes. 2) Each node collects new transactions into a block. 3) Each node works on finding a difficult proof-of-work for its block. 4) When a node finds a proof-of-work, it broadcasts the block to all nodes. 5) Nodes accept the block only if all transactions in it are valid and not already spent. 6) Nodes express their acceptance of the block by working on creating the next block in the chain, using the hash of the accepted block as the previous hash.

As later blocks are chained after it, the work to change the block would include redoing all the blocks after it.

To implement a distributed timestamp server on a peer-to-peer basis, we will need to use a proof- of-work system similar to Adam Back's @Adam Back Hashcash.

Each timestamp includes the previous timestamp in its hash, forming a chain, with each additional timestamp reinforcing the ones before it.

The timestamp proves that the data must have existed at the time, obviously, in order to get into the hash.

The solution we propose begins with a timestamp server.

The problem of course is the payee can't verify that one of the owners did not double-spend the coin. A common solution is to introduce a trusted central authority, or mint, that checks every transaction for double spending. After each transaction, the coin must be returned to the mint to issue a new coin, and only coins issued directly from the mint are trusted not to be double-spent. The problem with this solution is that the fate of the entire money system depends on the company running the mint, with every transaction having to go through them, just like a bank.

A payee can verify the signatures to verify the chain of ownership.

Each owner transfers the coin to the next by digitally signing a hash of the previous transaction and the public key of the next owner and adding these to the end of the coin.

We define an electronic coin as a chain of digital signatures.

The system is secure as long as honest nodes collectively control more CPU power than any cooperating group of attacker nodes.

In this paper, we propose a solution to the double-spending problem using a peer-to-peer distributed timestamp server to generate computational proof of the chronological order of transactions.

No mechanism exists to make payments over a communications channel without a trusted party.

A certain percentage of fraud is accepted as unavoidable.

Merchants must be wary of their customers, hassling them for more information than they would otherwise need.