Why Bitcoin?
Digital money was tried for 30 years before Bitcoin. Every attempt failed. Understanding why is the key to understanding what made the difference.
The Problem: Digital Money is Just a Number
Physical cash has a built-in property that digital files do not: if I hand you a €10 note, I no longer have it. But a digital file can be copied infinite times at zero cost. This is the fundamental problem.
The Copy Problem
If digital money is just a file — say coin.dat — what stops you from emailing that file to ten different people simultaneously? Each copy is as valid as the original. This is the double-spend problem, and solving it was the central challenge of digital currency for three decades.
Physical money
- Handing over the object transfers ownership
- Counterfeiting is hard (watermarks, holograms)
- No central authority needed for cash transactions
Digital money (naïve approach)
- Copy/paste duplicates value infinitely
- No physical scarcity constraint
- Requires someone to keep track of who owns what
The Traditional Answer: Trust a Bank
Today's digital payments (Visa, PayPal, bank transfers) solve double-spending by putting a trusted intermediary in the middle. The bank keeps the real ledger. You don't send money — you ask the bank to update its records. This works, but it requires trust, creates a single point of failure, enables censorship, and excludes billions who lack access.
David Chaum's eCash (1983)
The first serious attempt at digital cash came from cryptographer David Chaum. His 1983 paper "Blind Signatures for Untraceable Payments" introduced a brilliant idea: digital coins that a bank could issue but could not trace.
Blind Signatures — The Key Innovation
Imagine writing a cheque, sealing it in a carbon-paper envelope, and asking the bank to sign through the envelope. The bank's signature is valid, but the bank never sees the cheque's content. Applied to digital cash: the bank signs a coin but cannot link it to the person who withdrew it — privacy by design.
How eCash Worked
1. Withdraw2. Pay3. DepositWhy It Failed
Chaum founded DigiCash in 1990 to commercialise eCash. A few banks ran trials, but the system had a fatal dependency: the central bank server. If DigiCash the company went down, so did the money. DigiCash filed for bankruptcy in 1998. The technology worked — but it was centralised.
The Double-Spend Problem
Every digital currency attempt ultimately hits the same wall. Let's state the problem precisely.
How can two strangers agree that a digital payment happened — without trusting any third party?
If Alice sends Bob a digital coin, what guarantees that she hasn't already sent the same coin to Carol? In the physical world, matter can't be in two places at once. In the digital world, data can. The three historical approaches:
Trusted Third Party
A central server keeps the real ledger. Works, but creates a single point of failure and requires permission.
Hardware Tokens
Tamper-proof chips that physically can't copy value. Expensive, brittle, and ultimately trusted (the manufacturer).
Distributed Consensus
Every participant keeps a copy of the ledger and agrees on updates. Nobody tried this successfully — until 2008.
The Byzantine Generals Problem
Computer scientists formalised this in 1982: how can distributed nodes reach agreement when some may be faulty or malicious? It was called the Byzantine Generals Problem (Lamport, Shostak & Pease). The proven result? You need at least ⅔ honest participants — and even then, only if you know who is participating. This seemed to kill the dream of open, permissionless digital money.
30 Years of Attempts
Bitcoin didn't appear in a vacuum. Each predecessor solved part of the puzzle — and failed on the rest.
eCash — David Chaum
Blind signatures for anonymous digital coins. ✓ Privacy ✗ Centralised
HashCash — Adam Back
Proof of Work to fight email spam. Spend CPU cycles to "stamp" a message. ✓ No central authority ✗ Not a currency
b-money — Wei Dai
First proposal for distributed digital money with PoW for money creation. ✓ Decentralised idea ✗ Never implemented
Bit Gold — Nick Szabo
Chain of PoW solutions as digital gold. Closest precursor to Bitcoin. ✓ Chained proofs ✗ No anti-inflation mechanism
RPOW — Hal Finney
Reusable Proofs of Work. First working implementation of transferable PoW tokens. ✓ Working prototype ✗ Central server
Bitcoin — Satoshi Nakamoto
Combined all predecessors: blind-ish signatures (pseudonymous, not anonymous), PoW, distributed ledger, economic incentives. ✓ Fully decentralised ✓ Working system
HashCash & the Birth of Proof of Work
In 1997 Adam Back proposed HashCash to fight email spam. The idea was deceptively simple: force the sender to do some computational work before sending each email. For legitimate users sending a few dozen emails, the cost is negligible. For spammers sending millions, it becomes prohibitive.
How HashCash Works
To "stamp" an email, the sender must find a number (called a nonce) such that when combined with the email content and hashed with SHA-1, the resulting hash starts with a certain number of zero bits. Finding this nonce requires trial and error — there is no shortcut. Verifying it takes a single hash computation.
Hard to compute
- Must try millions of nonces to find a valid one
- Each attempt takes real CPU time and electricity
- More leading zeros = exponentially more work
Easy to verify
- Hash the claimed nonce + data once
- Check: does the hash start with enough zeros?
- Verification is instant — one operation
The Key Insight for Bitcoin
HashCash was never a currency. But Satoshi realised something: if finding a valid hash costs real energy, then a proof of work is itself a form of unforgeable costliness. You can't fake it. You can't copy it. You had to burn real resources to produce it. This is the bridge from "computational puzzle" to "digital scarcity".
function findProofOfWork(data, difficulty) {
let nonce = 0;
while (true) {
const hash = sha256(data + nonce);
if (hash.startsWith('0'.repeat(difficulty))) {
return { nonce, hash }; // Found!
}
nonce++;
}
}
// difficulty=4 → hash must start with "0000"
// ~65,000 attempts on averageSatoshi's Breakthrough
On October 31, 2008, someone calling themselves Satoshi Nakamoto posted a 9-page paper to the Cryptography Mailing List: "Bitcoin: A Peer-to-Peer Electronic Cash System". Two months later, on January 3, 2009, the genesis block was mined.
The White Paper in One Paragraph
A purely peer-to-peer version of electronic cash would allow payments to be sent directly without going through a financial institution. Digital signatures provide part of the solution, but the main benefits are lost if a trusted third party is still required. We propose a solution to the double-spending problem using a peer-to-peer network that timestamps transactions by hashing them into an ongoing chain of hash-based proof-of-work.
Satoshi Combined Five Ingredients
Distributed LedgerProof of WorkHash ChainPublic Key CryptoEconomic IncentivesThe Genius Move: Economic Game Theory
Every predecessor tried to solve double-spending through technology alone — cryptography, hardware, protocols. Satoshi added economic incentives. A miner who cheats (includes invalid transactions) wastes their proof-of-work and earns nothing. A miner who follows the rules earns real money. The system is secured not by trust, but by rational self-interest.
The Genesis Block Message
Block #0 contained a message in its coinbase transaction: "The Times 03/Jan/2009 Chancellor on brink of second bailout for banks". A timestamp proving the block was not pre-mined, and a statement about why Bitcoin was needed.
Exercise: Read the Bitcoin White Paper
Time to go straight to the source. This exercise connects everything you've learned in this module — from Chaum's blind signatures to Satoshi's game-theoretic breakthrough — by reading the document that started it all.
Your Task
Read the original Bitcoin white paper. It's only 9 pages. You don't need to understand everything — focus on recognising the ideas we've just covered.
Questions to answer while reading
- What does Satoshi mean by "timestamp server"?
- How does the paper handle the problem of a malicious miner with > 50% computing power?
- Where in the paper does Satoshi reference HashCash?
- What is the "longest chain" rule and why does it prevent double-spending?
- Can you identify which section corresponds to each of the five ingredients we listed above?
You now understand the 30-year story behind Bitcoin. In the next module, we'll build the cryptographic toolkit — hashing, asymmetric keys, and digital signatures — so you can code these ideas yourself.