A Peer-to-Peer Electronic Cash System Using Proof-of-Work and Timestamp Servers

Abstract: Although digital signatures address some issues, reliance on third‑party support to prevent double‑spending undermines the value of cash systems. This work presents a solution enabling a peer‑to‑peer cash system that prevents double‑spending by timestamping all transactions via a continuously extending proof‑of‑work chain; the longest chain, generated by the pool with the most CPU power, serves as the immutable record.

Introduction: Current online commerce depends on trusted financial intermediaries, which introduce costs, limit transaction sizes, and expose users to fraud. A cryptographically based, trust‑less electronic payment system is needed to allow direct, irreversible transactions without third‑party mediation.

Transactions: An electronic coin is defined as a chain of digital signatures where each owner signs the previous transaction and the next owner’s public key. Validation requires checking the signature chain, but without a trusted mint, double‑spending detection is problematic.

Timestamp Server: The solution introduces a timestamp server that hashes blocks of data, includes the previous timestamp in each new hash, and broadcasts the result, forming a tamper‑evident chain.

Proof‑of‑Work: Inspired by Hashcash, nodes repeatedly hash block headers with a nonce until the hash meets a difficulty target (e.g., leading zeros). The required work grows exponentially with difficulty, while verification remains cheap.

Network Operation: Nodes broadcast new transactions, assemble them into blocks, perform proof‑of‑work, and broadcast valid blocks. The longest chain, representing the most cumulative work, is accepted as the canonical transaction history. Forks are resolved when one branch becomes longer.

Incentives: The first transaction in each block creates a new coin for the block creator (mining reward), and transaction fees are added to block rewards, eventually allowing the system to rely solely on fees.

Block Pruning: Once a transaction is buried under enough blocks, its data can be discarded, retaining only the Merkle root in the block header, reducing storage requirements.

Simplified Payment Verification (SPV): Light clients store only block headers and can verify payments by requesting Merkle branches, trusting the longest chain as long as honest nodes control the majority of CPU power.

Combining and Splitting Value: Transactions may have multiple inputs and up to two outputs (payment and change), enabling efficient value aggregation and division without needing to examine the full transaction history.

Privacy: While broadcasting transactions reduces the privacy of the mint‑based model, anonymity is preserved by using new public keys for each transaction; however, parallel inputs can still reveal ownership links.

Computation and Security Analysis: The race between honest nodes and an attacker is modeled as a binomial random walk, with the probability of an attacker catching up decreasing exponentially with the number of confirmations. Detailed probability calculations and C‑style pseudocode illustrate the security bounds.

Conclusion: The proposed system provides a trust‑less electronic cash mechanism using proof‑of‑work and timestamped chains, requiring minimal infrastructure, allowing nodes to join or leave freely, and offering incentives that sustain network security without central authorities.

References: Works by S. Haber, W.S. Stornetta, A. Back (Hashcash), R.C. Merkle, and others on digital timestamping, proof‑of‑work, and probability theory are cited.