ExchangeDEX+
Buy CryptoMarketsSpotFutures500XEarnEvents
More
Blue Chip Blitz
PANews Editor's Note: On October 31, 2008, Satoshi Nakamoto published the Bitcoin white paper, and today marks its 17th anniversary. The following is a translation of the white paper by Li Xiaolai, for everyone to revisit this classic work. Summary: A purely peer-to-peer version of electronic cash would allow online payments to be sent directly from one party to another without going through a financial institution. While digital signatures offer a partial solution, the main advantage of electronic payments is negated if a trusted third party is still required to prevent double-spending. We propose a scheme using a peer-to-peer network to address the double-spending problem. The peer-to-peer network timestamps each transaction by recording the transaction's hash data onto a continuously expanding, hash-based proof-of-work chain, forming a record that cannot be altered unless completely rewritten. The longest chain serves two purposes: proving witnessed events and their order, and simultaneously proving it originated from the largest pool of CPU power. As long as the vast majority of CPU power is controlled by benign nodes—that is, nodes that do not cooperate with those attempting to attack the network—benign nodes will generate the longest chain and outpace attackers. The network itself requires a minimal structure. Information will propagate on a best-effort basis, and nodes are free to come and go; however, upon joining, they must always accept the longest proof-of-work chain as proof of everything that happened during their absence. 1. Introduction Internet commerce relies almost entirely on financial institutions as trusted third parties to process electronic payments. While this system works reasonably well for most transactions, it is still hampered by the inherent flaws of its trust-based model. Completely irreversible transactions are practically impossible because financial institutions cannot avoid arbitrating disputes. Arbitration costs increase transaction costs, which in turn limit the minimum possible transaction size and effectively prevent many small payments. Beyond this, there are even greater costs: the system cannot provide irreversible payments for irreversible services. The possibility of reversibility creates an omnipresent need for trust. Merchants must be wary of their customers, requiring them to provide additional information that would otherwise be unnecessary (if trusted). A certain percentage of fraud is considered unavoidable. These costs and payment uncertainties, while avoidable when paying with physical currency directly between people, lack any mechanism that allows payments to be made through communication channels when one party is not trusted. What we truly need is an electronic payment system based on cryptographic proofs rather than trust, allowing any two parties to transact directly without needing to trust a third party. Irreversible transactions guaranteed by computational power help sellers avoid fraud, while everyday guarantee mechanisms to protect buyers are easily implemented. In this paper, we propose a solution to double-spending by using peer-to-peer, distributed timestamping servers to generate computational power-based proofs, recording each transaction chronologically. This system is secure as long as honest nodes collectively possess more CPU power than colluding attackers. 2. Transactions We define an electronic coin as a digital signature chain. When an owner transfers a coin to another person, they append the following digital signature to the end of this chain: the hash of the previous transaction and the new owner's public key. The recipient can verify ownership of the digital signature chain by verifying the signature. The problem with this approach is that the recipient cannot verify that none of the previous owners have double-spended the currency. A common solution is to introduce a trusted centralized authority, or "mint," to check every transaction for double-spending. After each transaction, the coin must return to the mint, which then issues a new coin. Thus, only coins directly issued by the mint are considered trustworthy and free from double-spending. The problem with this solution is that the fate of the entire monetary system is tied to the company operating the mint (much like a bank), and every transaction must go through it. We need a way for the recipient to confirm that the previous owner did not sign any previous transactions. For our purposes, only the earliest transaction counts, so we are not concerned with subsequent double-spending attempts. The only way to confirm the non-existence of a transaction is to know all transactions. In the mint model, the mint already knows all transactions and can confirm their order. To accomplish this without the involvement of a "trusted party," the transaction record must be publicly announced, thus requiring a system that allows participants to agree on the same unique transaction history they receive. The recipient needs to prove that at the time each transaction occurs, a majority of nodes agree that it was the first one received. 3. Timestamp Server This solution begins with a timestamp server. A timestamp server works by timestamping the hash of a block of items and then broadcasting the hash, much like a newspaper does or a post in a Usenet newsgroup [2-5]. Clearly, the timestamp proves that the data existed before that point in time; otherwise, the hash couldn't be generated. Each timestamp contains previous timestamps in its hash, thus forming a chain; each new timestamp is added after the previous ones. 4. Proof of Work To implement a peer-to-peer distributed timestamp server, we need a proof-of-work system similar to Adam Burke's HashCash, rather than something like a newspaper or newsgroup post. Proof-of-work involves finding a value that meets the following condition: after hashing it—for example, using SHA-256—the hash must begin with a certain number of zeros. Each additional zero increases the workload exponentially, while verifying this workload only requires calculating a single hash. In our timestamp network, we implement proof-of-work as follows: A random number is continuously added to each block until a value that meets a condition is found: the block's hash begins with a specified number of zeros. Once the CPU's computational power yields a result that satisfies the proof-of-work, the block can no longer be modified unless all previous work is redone. As new blocks are continuously added, modifying the current block means redoing the work for all subsequent blocks. Proof-of-Work (PoL) also solves the problem of determining who represents the majority in making decisions. If the so-called "majority" is determined by a "one IP address, one vote" system, then anyone who can control a large number of IP addresses could be considered part of the "majority." PoL, in essence, is "one CPU, one vote." The so-called "majority decision" is represented by the longest chain, because it's the chain with the most work invested. If the majority of CPU power is controlled by honest nodes, then the honest chain grows the fastest, far outpacing other competing chains. To change an already generated block, an attacker would have to re-complete the proof-of-work for that block and all subsequent blocks, and then catch up with and surpass the work done by the honest nodes. The following section explains why the probability of a delayed attacker catching up decreases exponentially with the number of blocks. To cope with the continuous increase in overall hardware computing power and the potential changes in the number of participating nodes over time, the proof-of-work difficulty is determined by a moving average based on the average number of blocks generated per hour. If blocks are generated too quickly, the difficulty will increase. 5. Network The steps to run a network are as follows: All new transactions are broadcast to all nodes; Each node packages new transactions into a block; Each node begins by finding a challenging proof-of-work for this block; When a block finds its proof of work, it must broadcast this block to all nodes; Many other nodes will accept a block if and only if all of the following conditions are met: all transactions in the block are valid and have not been double-spended; The way numerous nodes indicate to the network that they accept a block is to use the hash of the accepted block as the hash of the previous block when creating the next block. Nodes consistently recognize the longest chain as correct and continuously add new data to it. If two nodes simultaneously broadcast two different versions of the "next block," some nodes will receive one first, while others will receive the other. In this case, nodes will continue working on the block they received first, but will also save the other branch in case the latter becomes the longest chain. When the next proof-of-work is found, and one of the branches becomes the longer chain, this temporary divergence is resolved, and the nodes working on the other branch will switch to the longer chain. New transactions don't necessarily need to be broadcast to all nodes. Once they reach enough nodes, they will soon be packaged into a block. Block broadcasting also allows some messages to be dropped. If a node doesn't receive a block, it will realize it missed the previous block when it receives the next block, and will therefore issue a request to resubmit the missing block. 6. Incentive As agreed, the first transaction of each block is a special transaction that generates a new coin, owned by the block's creator. This rewards nodes that support the network and provides a way to issue coins into circulation—in this system, there's no centralized authority issuing those coins. This steady increase in the number of new coins entering circulation is analogous to gold miners continuously consuming their resources to add gold to the system. In our system, the resources consumed are CPU time and the electricity they use. Rewards can also come from transaction fees. If the output value of a transaction is less than its input value, the difference is the transaction fee; this fee is used to reward nodes for including the transaction in the block. Once a predetermined number of coins are in circulation, the rewards will be entirely distributed through transaction fees, and there will be absolutely no inflation. The reward mechanism may also incentivize nodes to remain honest. If a greedy attacker manages to acquire more CPU power than all honest nodes combined, he must choose: use that power to cheat others by stealing back the money he's spent, or use it to generate new coins? He should be able to see that following the rules is more advantageous; the current rules allow him to acquire more coins than all the others combined, which is clearly more profitable than secretly destroying the system and losing his wealth. 7. Reclaiming Disk Space If a coin's most recent transaction occurred a sufficient number of blocks ago, then all previous transactions involving that coin can be discarded—this is to save disk space. To achieve this without corrupting the block's hash, the transaction hashes are incorporated into a Merkle tree [7, 2, 5], with only the root of the tree included in the block's hash. By pruning the branches, older blocks can be compressed. The internal hashes do not need to be preserved. A block header without any transactions is approximately 80 bytes. Assuming a block is generated every ten minutes, 80 bytes multiplied by 6, 24, and 365 equals 4.2 MB per year. As of 2008, most computers on the market had 2GB of RAM, and according to Moore's Law, this would increase by 1.2 GB per year, so even if block headers had to be stored in memory, it wouldn't be a problem. 8. Simplified Payment Verification Payment confirmation is possible even without running a full network node. A user only needs a copy of the block header from the longest chain with proof-of-work—which they can verify by checking online nodes to confirm it comes from the longest chain—and then obtains the branch node of the Merkle tree, connecting to the transaction at the time the block was timestamped. The user cannot check the transaction themselves, but by connecting to somewhere on the chain, they can see that a network node has accepted the transaction, and subsequent blocks further confirm that the network has accepted it. As long as honest nodes retain control of the network, verification remains reliable. However, verification becomes less reliable if the network is controlled by an attacker. Although network nodes can verify transaction records themselves, simplified verification methods can be fooled by forged transaction records if an attacker maintains control of the network. One countermeasure is for client software to receive alerts from network nodes. When a network node discovers an invalid block, it issues an alert, displays a notification on the user's software, instructs the user to download the complete block, and warns the user to confirm transaction consistency. Merchants with high-frequency transactions should still prefer to run their own full nodes to ensure greater independent security and faster transaction confirmation. 9. Combining and Splitting Value While processing coins one by one is possible, keeping a separate record for each penny is cumbersome. To allow for the division and merging of value, transaction records contain multiple inputs and outputs. Typically, there is either a single input from a relatively large previous transaction, or a combination of many inputs from smaller amounts; meanwhile, there are at most two outputs: one is the payment (to the recipient), and if necessary, the other is the change (to the sender). It's worth noting that "fan-out" isn't the issue here—"fan-out" refers to a transaction that depends on several transactions, which in turn depend on even more transactions. There's never any need to extract a complete, independent historical copy of any single transaction. 10. Privacy Traditional banking models achieve a degree of privacy by restricting access to information about transacting parties and trusted third parties. This approach is rejected due to the need to make all transaction records public. However, maintaining privacy can be achieved by cutting off the flow of information elsewhere—public-key anonymity. The public can see that someone transferred a certain amount to someone else, but no information points to a specific individual. This level of information disclosure is somewhat like stock market transactions, where only the time and the amounts of each transaction are published, but no one knows who the transacting parties are. 11. Calculations Imagine an attacker attempting to generate an alternative chain that is faster than the honest chain. Even if he succeeds, it won't leave the current system in an ambiguous situation; he cannot create value out of thin air, nor can he acquire money that never belonged to him. Network nodes will not accept an invalid transaction as a payment, and honest nodes will never accept a block containing such a payment. At most, the attacker can only modify his own transactions, attempting to retrieve money he has already spent. The competition between the honest chain and the attacker can be described using a binomial random walk. A successful event is when a new block is added to the honest chain, increasing its advantage by 1; while a failed event is when a new block is added to the attacker's chain, decreasing the honest chain's advantage by 1. The probability that an attacker can catch up from a disadvantaged position is similar to the gambler's bankruptcy problem. Suppose a gambler with unlimited chips starts from a deficit and is allowed to gamble an unlimited number of times with the goal of making up the existing deficit. We can calculate the probability that he can eventually make up the deficit, which is the probability that the attacker can catch up with the honesty chain[8], as follows: Since we have already assumed that the number of blocks an attacker needs to catch up with is increasing, their probability of success decreases exponentially. When the odds are against them, if the attacker doesn't manage to make a lucky forward move at the beginning, their chances of winning will be wiped out as they fall further behind. Now consider how long a recipient of a new transaction needs to wait to be fully certain that the sender cannot alter the transaction. Let's assume the sender is an attacker attempting to mislead the recipient into believing they have paid the due, then transfer the money back to themselves. In this scenario, the recipient would naturally receive a warning, but the sender would prefer that by then the damage is done. The recipient generates a new public-private key pair and then informs the sender of the public key shortly before signing. This prevents a scenario where the sender prepares a block on a chain in advance through continuous computation and, with enough luck, gets ahead of the time until the transaction is executed. Once the funds have been sent, the dishonest sender secretly begins working on another parachain, attempting to insert a reverse version of the transaction. The recipient waits until the transaction is packaged into a block, and then another block is subsequently added. He doesn't know the attacker's progress, but can assume the average time for an honest block to be generated in each block generation process; the attacker's potential progress follows a Poisson distribution with an expected value of: To calculate the probability that the attacker can still catch up, we multiply the Passon density of each attacker's existing progress by the probability that he can catch up from that point: To avoid rearranging the data after summing the infinite series of the density distribution… Convert to C language program... From the partial results, we can see that the probability decreases exponentially as Z increases: If P is less than 0.1%... 12. Conclusion We propose an electronic transaction system that does not rely on trust. Starting with a simple coin framework using digital signatures, while providing robust ownership control, it cannot prevent double-spending. To address this, we propose a peer-to-peer network using a proof-of-work mechanism to record a public transaction history. As long as honest nodes control the majority of CPU power, attackers cannot successfully tamper with the system solely from a computational power perspective. The robustness of this network lies in its unstructured simplicity. Nodes can work simultaneously instantaneously with minimal coordination. They don't even need to be identified, as message paths do not depend on a specific destination; messages only need to be propagated with best-effort intent. Nodes are free to join and leave, and upon rejoining, they simply accept the proof-of-work chain as proof of everything that happened while they were offline. They vote with their CPU power, continuously adding new valid blocks to the chain and rejecting invalid ones, indicating their acceptance of valid transactions. Any necessary rules and rewards can be enforced through this consensus mechanism.PANews Editor's Note: On October 31, 2008, Satoshi Nakamoto published the Bitcoin white paper, and today marks its 17th anniversary. The following is a translation of the white paper by Li Xiaolai, for everyone to revisit this classic work. Summary: A purely peer-to-peer version of electronic cash would allow online payments to be sent directly from one party to another without going through a financial institution. While digital signatures offer a partial solution, the main advantage of electronic payments is negated if a trusted third party is still required to prevent double-spending. We propose a scheme using a peer-to-peer network to address the double-spending problem. The peer-to-peer network timestamps each transaction by recording the transaction's hash data onto a continuously expanding, hash-based proof-of-work chain, forming a record that cannot be altered unless completely rewritten. The longest chain serves two purposes: proving witnessed events and their order, and simultaneously proving it originated from the largest pool of CPU power. As long as the vast majority of CPU power is controlled by benign nodes—that is, nodes that do not cooperate with those attempting to attack the network—benign nodes will generate the longest chain and outpace attackers. The network itself requires a minimal structure. Information will propagate on a best-effort basis, and nodes are free to come and go; however, upon joining, they must always accept the longest proof-of-work chain as proof of everything that happened during their absence. 1. Introduction Internet commerce relies almost entirely on financial institutions as trusted third parties to process electronic payments. While this system works reasonably well for most transactions, it is still hampered by the inherent flaws of its trust-based model. Completely irreversible transactions are practically impossible because financial institutions cannot avoid arbitrating disputes. Arbitration costs increase transaction costs, which in turn limit the minimum possible transaction size and effectively prevent many small payments. Beyond this, there are even greater costs: the system cannot provide irreversible payments for irreversible services. The possibility of reversibility creates an omnipresent need for trust. Merchants must be wary of their customers, requiring them to provide additional information that would otherwise be unnecessary (if trusted). A certain percentage of fraud is considered unavoidable. These costs and payment uncertainties, while avoidable when paying with physical currency directly between people, lack any mechanism that allows payments to be made through communication channels when one party is not trusted. What we truly need is an electronic payment system based on cryptographic proofs rather than trust, allowing any two parties to transact directly without needing to trust a third party. Irreversible transactions guaranteed by computational power help sellers avoid fraud, while everyday guarantee mechanisms to protect buyers are easily implemented. In this paper, we propose a solution to double-spending by using peer-to-peer, distributed timestamping servers to generate computational power-based proofs, recording each transaction chronologically. This system is secure as long as honest nodes collectively possess more CPU power than colluding attackers. 2. Transactions We define an electronic coin as a digital signature chain. When an owner transfers a coin to another person, they append the following digital signature to the end of this chain: the hash of the previous transaction and the new owner's public key. The recipient can verify ownership of the digital signature chain by verifying the signature. The problem with this approach is that the recipient cannot verify that none of the previous owners have double-spended the currency. A common solution is to introduce a trusted centralized authority, or "mint," to check every transaction for double-spending. After each transaction, the coin must return to the mint, which then issues a new coin. Thus, only coins directly issued by the mint are considered trustworthy and free from double-spending. The problem with this solution is that the fate of the entire monetary system is tied to the company operating the mint (much like a bank), and every transaction must go through it. We need a way for the recipient to confirm that the previous owner did not sign any previous transactions. For our purposes, only the earliest transaction counts, so we are not concerned with subsequent double-spending attempts. The only way to confirm the non-existence of a transaction is to know all transactions. In the mint model, the mint already knows all transactions and can confirm their order. To accomplish this without the involvement of a "trusted party," the transaction record must be publicly announced, thus requiring a system that allows participants to agree on the same unique transaction history they receive. The recipient needs to prove that at the time each transaction occurs, a majority of nodes agree that it was the first one received. 3. Timestamp Server This solution begins with a timestamp server. A timestamp server works by timestamping the hash of a block of items and then broadcasting the hash, much like a newspaper does or a post in a Usenet newsgroup [2-5]. Clearly, the timestamp proves that the data existed before that point in time; otherwise, the hash couldn't be generated. Each timestamp contains previous timestamps in its hash, thus forming a chain; each new timestamp is added after the previous ones. 4. Proof of Work To implement a peer-to-peer distributed timestamp server, we need a proof-of-work system similar to Adam Burke's HashCash, rather than something like a newspaper or newsgroup post. Proof-of-work involves finding a value that meets the following condition: after hashing it—for example, using SHA-256—the hash must begin with a certain number of zeros. Each additional zero increases the workload exponentially, while verifying this workload only requires calculating a single hash. In our timestamp network, we implement proof-of-work as follows: A random number is continuously added to each block until a value that meets a condition is found: the block's hash begins with a specified number of zeros. Once the CPU's computational power yields a result that satisfies the proof-of-work, the block can no longer be modified unless all previous work is redone. As new blocks are continuously added, modifying the current block means redoing the work for all subsequent blocks. Proof-of-Work (PoL) also solves the problem of determining who represents the majority in making decisions. If the so-called "majority" is determined by a "one IP address, one vote" system, then anyone who can control a large number of IP addresses could be considered part of the "majority." PoL, in essence, is "one CPU, one vote." The so-called "majority decision" is represented by the longest chain, because it's the chain with the most work invested. If the majority of CPU power is controlled by honest nodes, then the honest chain grows the fastest, far outpacing other competing chains. To change an already generated block, an attacker would have to re-complete the proof-of-work for that block and all subsequent blocks, and then catch up with and surpass the work done by the honest nodes. The following section explains why the probability of a delayed attacker catching up decreases exponentially with the number of blocks. To cope with the continuous increase in overall hardware computing power and the potential changes in the number of participating nodes over time, the proof-of-work difficulty is determined by a moving average based on the average number of blocks generated per hour. If blocks are generated too quickly, the difficulty will increase. 5. Network The steps to run a network are as follows: All new transactions are broadcast to all nodes; Each node packages new transactions into a block; Each node begins by finding a challenging proof-of-work for this block; When a block finds its proof of work, it must broadcast this block to all nodes; Many other nodes will accept a block if and only if all of the following conditions are met: all transactions in the block are valid and have not been double-spended; The way numerous nodes indicate to the network that they accept a block is to use the hash of the accepted block as the hash of the previous block when creating the next block. Nodes consistently recognize the longest chain as correct and continuously add new data to it. If two nodes simultaneously broadcast two different versions of the "next block," some nodes will receive one first, while others will receive the other. In this case, nodes will continue working on the block they received first, but will also save the other branch in case the latter becomes the longest chain. When the next proof-of-work is found, and one of the branches becomes the longer chain, this temporary divergence is resolved, and the nodes working on the other branch will switch to the longer chain. New transactions don't necessarily need to be broadcast to all nodes. Once they reach enough nodes, they will soon be packaged into a block. Block broadcasting also allows some messages to be dropped. If a node doesn't receive a block, it will realize it missed the previous block when it receives the next block, and will therefore issue a request to resubmit the missing block. 6. Incentive As agreed, the first transaction of each block is a special transaction that generates a new coin, owned by the block's creator. This rewards nodes that support the network and provides a way to issue coins into circulation—in this system, there's no centralized authority issuing those coins. This steady increase in the number of new coins entering circulation is analogous to gold miners continuously consuming their resources to add gold to the system. In our system, the resources consumed are CPU time and the electricity they use. Rewards can also come from transaction fees. If the output value of a transaction is less than its input value, the difference is the transaction fee; this fee is used to reward nodes for including the transaction in the block. Once a predetermined number of coins are in circulation, the rewards will be entirely distributed through transaction fees, and there will be absolutely no inflation. The reward mechanism may also incentivize nodes to remain honest. If a greedy attacker manages to acquire more CPU power than all honest nodes combined, he must choose: use that power to cheat others by stealing back the money he's spent, or use it to generate new coins? He should be able to see that following the rules is more advantageous; the current rules allow him to acquire more coins than all the others combined, which is clearly more profitable than secretly destroying the system and losing his wealth. 7. Reclaiming Disk Space If a coin's most recent transaction occurred a sufficient number of blocks ago, then all previous transactions involving that coin can be discarded—this is to save disk space. To achieve this without corrupting the block's hash, the transaction hashes are incorporated into a Merkle tree [7, 2, 5], with only the root of the tree included in the block's hash. By pruning the branches, older blocks can be compressed. The internal hashes do not need to be preserved. A block header without any transactions is approximately 80 bytes. Assuming a block is generated every ten minutes, 80 bytes multiplied by 6, 24, and 365 equals 4.2 MB per year. As of 2008, most computers on the market had 2GB of RAM, and according to Moore's Law, this would increase by 1.2 GB per year, so even if block headers had to be stored in memory, it wouldn't be a problem. 8. Simplified Payment Verification Payment confirmation is possible even without running a full network node. A user only needs a copy of the block header from the longest chain with proof-of-work—which they can verify by checking online nodes to confirm it comes from the longest chain—and then obtains the branch node of the Merkle tree, connecting to the transaction at the time the block was timestamped. The user cannot check the transaction themselves, but by connecting to somewhere on the chain, they can see that a network node has accepted the transaction, and subsequent blocks further confirm that the network has accepted it. As long as honest nodes retain control of the network, verification remains reliable. However, verification becomes less reliable if the network is controlled by an attacker. Although network nodes can verify transaction records themselves, simplified verification methods can be fooled by forged transaction records if an attacker maintains control of the network. One countermeasure is for client software to receive alerts from network nodes. When a network node discovers an invalid block, it issues an alert, displays a notification on the user's software, instructs the user to download the complete block, and warns the user to confirm transaction consistency. Merchants with high-frequency transactions should still prefer to run their own full nodes to ensure greater independent security and faster transaction confirmation. 9. Combining and Splitting Value While processing coins one by one is possible, keeping a separate record for each penny is cumbersome. To allow for the division and merging of value, transaction records contain multiple inputs and outputs. Typically, there is either a single input from a relatively large previous transaction, or a combination of many inputs from smaller amounts; meanwhile, there are at most two outputs: one is the payment (to the recipient), and if necessary, the other is the change (to the sender). It's worth noting that "fan-out" isn't the issue here—"fan-out" refers to a transaction that depends on several transactions, which in turn depend on even more transactions. There's never any need to extract a complete, independent historical copy of any single transaction. 10. Privacy Traditional banking models achieve a degree of privacy by restricting access to information about transacting parties and trusted third parties. This approach is rejected due to the need to make all transaction records public. However, maintaining privacy can be achieved by cutting off the flow of information elsewhere—public-key anonymity. The public can see that someone transferred a certain amount to someone else, but no information points to a specific individual. This level of information disclosure is somewhat like stock market transactions, where only the time and the amounts of each transaction are published, but no one knows who the transacting parties are. 11. Calculations Imagine an attacker attempting to generate an alternative chain that is faster than the honest chain. Even if he succeeds, it won't leave the current system in an ambiguous situation; he cannot create value out of thin air, nor can he acquire money that never belonged to him. Network nodes will not accept an invalid transaction as a payment, and honest nodes will never accept a block containing such a payment. At most, the attacker can only modify his own transactions, attempting to retrieve money he has already spent. The competition between the honest chain and the attacker can be described using a binomial random walk. A successful event is when a new block is added to the honest chain, increasing its advantage by 1; while a failed event is when a new block is added to the attacker's chain, decreasing the honest chain's advantage by 1. The probability that an attacker can catch up from a disadvantaged position is similar to the gambler's bankruptcy problem. Suppose a gambler with unlimited chips starts from a deficit and is allowed to gamble an unlimited number of times with the goal of making up the existing deficit. We can calculate the probability that he can eventually make up the deficit, which is the probability that the attacker can catch up with the honesty chain[8], as follows: Since we have already assumed that the number of blocks an attacker needs to catch up with is increasing, their probability of success decreases exponentially. When the odds are against them, if the attacker doesn't manage to make a lucky forward move at the beginning, their chances of winning will be wiped out as they fall further behind. Now consider how long a recipient of a new transaction needs to wait to be fully certain that the sender cannot alter the transaction. Let's assume the sender is an attacker attempting to mislead the recipient into believing they have paid the due, then transfer the money back to themselves. In this scenario, the recipient would naturally receive a warning, but the sender would prefer that by then the damage is done. The recipient generates a new public-private key pair and then informs the sender of the public key shortly before signing. This prevents a scenario where the sender prepares a block on a chain in advance through continuous computation and, with enough luck, gets ahead of the time until the transaction is executed. Once the funds have been sent, the dishonest sender secretly begins working on another parachain, attempting to insert a reverse version of the transaction. The recipient waits until the transaction is packaged into a block, and then another block is subsequently added. He doesn't know the attacker's progress, but can assume the average time for an honest block to be generated in each block generation process; the attacker's potential progress follows a Poisson distribution with an expected value of: To calculate the probability that the attacker can still catch up, we multiply the Passon density of each attacker's existing progress by the probability that he can catch up from that point: To avoid rearranging the data after summing the infinite series of the density distribution… Convert to C language program... From the partial results, we can see that the probability decreases exponentially as Z increases: If P is less than 0.1%... 12. Conclusion We propose an electronic transaction system that does not rely on trust. Starting with a simple coin framework using digital signatures, while providing robust ownership control, it cannot prevent double-spending. To address this, we propose a peer-to-peer network using a proof-of-work mechanism to record a public transaction history. As long as honest nodes control the majority of CPU power, attackers cannot successfully tamper with the system solely from a computational power perspective. The robustness of this network lies in its unstructured simplicity. Nodes can work simultaneously instantaneously with minimal coordination. They don't even need to be identified, as message paths do not depend on a specific destination; messages only need to be propagated with best-effort intent. Nodes are free to join and leave, and upon rejoining, they simply accept the proof-of-work chain as proof of everything that happened while they were offline. They vote with their CPU power, continuously adding new valid blocks to the chain and rejecting invalid ones, indicating their acceptance of valid transactions. Any necessary rules and rewards can be enforced through this consensus mechanism.

Bitcoin White Paper: A Peer-to-Peer Cash System

By: PANews
2025/10/31 17:05
Whiterock
WHITE$0.0002318-1.15%
Orderly Network
ORDER$0.2129+0.23%
Notcoin
NOT$0.0007512+4.43%
FreeRossDAO
FREE$0.00012412+11.75%
WELL3
WELL$0.000055--%

PANews Editor's Note: On October 31, 2008, Satoshi Nakamoto published the Bitcoin white paper, and today marks its 17th anniversary. The following is a translation of the white paper by Li Xiaolai, for everyone to revisit this classic work.

Summary: A purely peer-to-peer version of electronic cash would allow online payments to be sent directly from one party to another without going through a financial institution. While digital signatures offer a partial solution, the main advantage of electronic payments is negated if a trusted third party is still required to prevent double-spending. We propose a scheme using a peer-to-peer network to address the double-spending problem. The peer-to-peer network timestamps each transaction by recording the transaction's hash data onto a continuously expanding, hash-based proof-of-work chain, forming a record that cannot be altered unless completely rewritten. The longest chain serves two purposes: proving witnessed events and their order, and simultaneously proving it originated from the largest pool of CPU power. As long as the vast majority of CPU power is controlled by benign nodes—that is, nodes that do not cooperate with those attempting to attack the network—benign nodes will generate the longest chain and outpace attackers. The network itself requires a minimal structure. Information will propagate on a best-effort basis, and nodes are free to come and go; however, upon joining, they must always accept the longest proof-of-work chain as proof of everything that happened during their absence.

1. Introduction

Internet commerce relies almost entirely on financial institutions as trusted third parties to process electronic payments. While this system works reasonably well for most transactions, it is still hampered by the inherent flaws of its trust-based model. Completely irreversible transactions are practically impossible because financial institutions cannot avoid arbitrating disputes. Arbitration costs increase transaction costs, which in turn limit the minimum possible transaction size and effectively prevent many small payments. Beyond this, there are even greater costs: the system cannot provide irreversible payments for irreversible services. The possibility of reversibility creates an omnipresent need for trust. Merchants must be wary of their customers, requiring them to provide additional information that would otherwise be unnecessary (if trusted). A certain percentage of fraud is considered unavoidable. These costs and payment uncertainties, while avoidable when paying with physical currency directly between people, lack any mechanism that allows payments to be made through communication channels when one party is not trusted.

What we truly need is an electronic payment system based on cryptographic proofs rather than trust, allowing any two parties to transact directly without needing to trust a third party. Irreversible transactions guaranteed by computational power help sellers avoid fraud, while everyday guarantee mechanisms to protect buyers are easily implemented. In this paper, we propose a solution to double-spending by using peer-to-peer, distributed timestamping servers to generate computational power-based proofs, recording each transaction chronologically. This system is secure as long as honest nodes collectively possess more CPU power than colluding attackers.

2. Transactions

We define an electronic coin as a digital signature chain. When an owner transfers a coin to another person, they append the following digital signature to the end of this chain: the hash of the previous transaction and the new owner's public key. The recipient can verify ownership of the digital signature chain by verifying the signature.

The problem with this approach is that the recipient cannot verify that none of the previous owners have double-spended the currency. A common solution is to introduce a trusted centralized authority, or "mint," to check every transaction for double-spending. After each transaction, the coin must return to the mint, which then issues a new coin. Thus, only coins directly issued by the mint are considered trustworthy and free from double-spending. The problem with this solution is that the fate of the entire monetary system is tied to the company operating the mint (much like a bank), and every transaction must go through it.

We need a way for the recipient to confirm that the previous owner did not sign any previous transactions. For our purposes, only the earliest transaction counts, so we are not concerned with subsequent double-spending attempts. The only way to confirm the non-existence of a transaction is to know all transactions. In the mint model, the mint already knows all transactions and can confirm their order. To accomplish this without the involvement of a "trusted party," the transaction record must be publicly announced, thus requiring a system that allows participants to agree on the same unique transaction history they receive. The recipient needs to prove that at the time each transaction occurs, a majority of nodes agree that it was the first one received.

3. Timestamp Server

This solution begins with a timestamp server. A timestamp server works by timestamping the hash of a block of items and then broadcasting the hash, much like a newspaper does or a post in a Usenet newsgroup [2-5]. Clearly, the timestamp proves that the data existed before that point in time; otherwise, the hash couldn't be generated. Each timestamp contains previous timestamps in its hash, thus forming a chain; each new timestamp is added after the previous ones.

4. Proof of Work

To implement a peer-to-peer distributed timestamp server, we need a proof-of-work system similar to Adam Burke's HashCash, rather than something like a newspaper or newsgroup post. Proof-of-work involves finding a value that meets the following condition: after hashing it—for example, using SHA-256—the hash must begin with a certain number of zeros. Each additional zero increases the workload exponentially, while verifying this workload only requires calculating a single hash.

In our timestamp network, we implement proof-of-work as follows: A random number is continuously added to each block until a value that meets a condition is found: the block's hash begins with a specified number of zeros. Once the CPU's computational power yields a result that satisfies the proof-of-work, the block can no longer be modified unless all previous work is redone. As new blocks are continuously added, modifying the current block means redoing the work for all subsequent blocks.

Proof-of-Work (PoL) also solves the problem of determining who represents the majority in making decisions. If the so-called "majority" is determined by a "one IP address, one vote" system, then anyone who can control a large number of IP addresses could be considered part of the "majority." PoL, in essence, is "one CPU, one vote." The so-called "majority decision" is represented by the longest chain, because it's the chain with the most work invested. If the majority of CPU power is controlled by honest nodes, then the honest chain grows the fastest, far outpacing other competing chains. To change an already generated block, an attacker would have to re-complete the proof-of-work for that block and all subsequent blocks, and then catch up with and surpass the work done by the honest nodes. The following section explains why the probability of a delayed attacker catching up decreases exponentially with the number of blocks.

To cope with the continuous increase in overall hardware computing power and the potential changes in the number of participating nodes over time, the proof-of-work difficulty is determined by a moving average based on the average number of blocks generated per hour. If blocks are generated too quickly, the difficulty will increase.

5. Network

The steps to run a network are as follows:

  1. All new transactions are broadcast to all nodes;
  2. Each node packages new transactions into a block;
  3. Each node begins by finding a challenging proof-of-work for this block;
  4. When a block finds its proof of work, it must broadcast this block to all nodes;
  5. Many other nodes will accept a block if and only if all of the following conditions are met: all transactions in the block are valid and have not been double-spended;
  6. The way numerous nodes indicate to the network that they accept a block is to use the hash of the accepted block as the hash of the previous block when creating the next block.

Nodes consistently recognize the longest chain as correct and continuously add new data to it. If two nodes simultaneously broadcast two different versions of the "next block," some nodes will receive one first, while others will receive the other. In this case, nodes will continue working on the block they received first, but will also save the other branch in case the latter becomes the longest chain. When the next proof-of-work is found, and one of the branches becomes the longer chain, this temporary divergence is resolved, and the nodes working on the other branch will switch to the longer chain.

New transactions don't necessarily need to be broadcast to all nodes. Once they reach enough nodes, they will soon be packaged into a block. Block broadcasting also allows some messages to be dropped. If a node doesn't receive a block, it will realize it missed the previous block when it receives the next block, and will therefore issue a request to resubmit the missing block.

6. Incentive

As agreed, the first transaction of each block is a special transaction that generates a new coin, owned by the block's creator. This rewards nodes that support the network and provides a way to issue coins into circulation—in this system, there's no centralized authority issuing those coins. This steady increase in the number of new coins entering circulation is analogous to gold miners continuously consuming their resources to add gold to the system. In our system, the resources consumed are CPU time and the electricity they use.

Rewards can also come from transaction fees. If the output value of a transaction is less than its input value, the difference is the transaction fee; this fee is used to reward nodes for including the transaction in the block. Once a predetermined number of coins are in circulation, the rewards will be entirely distributed through transaction fees, and there will be absolutely no inflation.

The reward mechanism may also incentivize nodes to remain honest. If a greedy attacker manages to acquire more CPU power than all honest nodes combined, he must choose: use that power to cheat others by stealing back the money he's spent, or use it to generate new coins? He should be able to see that following the rules is more advantageous; the current rules allow him to acquire more coins than all the others combined, which is clearly more profitable than secretly destroying the system and losing his wealth.

7. Reclaiming Disk Space

If a coin's most recent transaction occurred a sufficient number of blocks ago, then all previous transactions involving that coin can be discarded—this is to save disk space. To achieve this without corrupting the block's hash, the transaction hashes are incorporated into a Merkle tree [7, 2, 5], with only the root of the tree included in the block's hash. By pruning the branches, older blocks can be compressed. The internal hashes do not need to be preserved.

A block header without any transactions is approximately 80 bytes. Assuming a block is generated every ten minutes, 80 bytes multiplied by 6, 24, and 365 equals 4.2 MB per year. As of 2008, most computers on the market had 2GB of RAM, and according to Moore's Law, this would increase by 1.2 GB per year, so even if block headers had to be stored in memory, it wouldn't be a problem.

8. Simplified Payment Verification

Payment confirmation is possible even without running a full network node. A user only needs a copy of the block header from the longest chain with proof-of-work—which they can verify by checking online nodes to confirm it comes from the longest chain—and then obtains the branch node of the Merkle tree, connecting to the transaction at the time the block was timestamped. The user cannot check the transaction themselves, but by connecting to somewhere on the chain, they can see that a network node has accepted the transaction, and subsequent blocks further confirm that the network has accepted it.

As long as honest nodes retain control of the network, verification remains reliable. However, verification becomes less reliable if the network is controlled by an attacker. Although network nodes can verify transaction records themselves, simplified verification methods can be fooled by forged transaction records if an attacker maintains control of the network. One countermeasure is for client software to receive alerts from network nodes. When a network node discovers an invalid block, it issues an alert, displays a notification on the user's software, instructs the user to download the complete block, and warns the user to confirm transaction consistency. Merchants with high-frequency transactions should still prefer to run their own full nodes to ensure greater independent security and faster transaction confirmation.

9. Combining and Splitting Value

While processing coins one by one is possible, keeping a separate record for each penny is cumbersome. To allow for the division and merging of value, transaction records contain multiple inputs and outputs. Typically, there is either a single input from a relatively large previous transaction, or a combination of many inputs from smaller amounts; meanwhile, there are at most two outputs: one is the payment (to the recipient), and if necessary, the other is the change (to the sender).

It's worth noting that "fan-out" isn't the issue here—"fan-out" refers to a transaction that depends on several transactions, which in turn depend on even more transactions. There's never any need to extract a complete, independent historical copy of any single transaction.

10. Privacy

Traditional banking models achieve a degree of privacy by restricting access to information about transacting parties and trusted third parties. This approach is rejected due to the need to make all transaction records public. However, maintaining privacy can be achieved by cutting off the flow of information elsewhere—public-key anonymity. The public can see that someone transferred a certain amount to someone else, but no information points to a specific individual. This level of information disclosure is somewhat like stock market transactions, where only the time and the amounts of each transaction are published, but no one knows who the transacting parties are.

11. Calculations

Imagine an attacker attempting to generate an alternative chain that is faster than the honest chain. Even if he succeeds, it won't leave the current system in an ambiguous situation; he cannot create value out of thin air, nor can he acquire money that never belonged to him. Network nodes will not accept an invalid transaction as a payment, and honest nodes will never accept a block containing such a payment. At most, the attacker can only modify his own transactions, attempting to retrieve money he has already spent.

The competition between the honest chain and the attacker can be described using a binomial random walk. A successful event is when a new block is added to the honest chain, increasing its advantage by 1; while a failed event is when a new block is added to the attacker's chain, decreasing the honest chain's advantage by 1.

The probability that an attacker can catch up from a disadvantaged position is similar to the gambler's bankruptcy problem. Suppose a gambler with unlimited chips starts from a deficit and is allowed to gamble an unlimited number of times with the goal of making up the existing deficit. We can calculate the probability that he can eventually make up the deficit, which is the probability that the attacker can catch up with the honesty chain[8], as follows:

Since we have already assumed that the number of blocks an attacker needs to catch up with is increasing, their probability of success decreases exponentially. When the odds are against them, if the attacker doesn't manage to make a lucky forward move at the beginning, their chances of winning will be wiped out as they fall further behind.

Now consider how long a recipient of a new transaction needs to wait to be fully certain that the sender cannot alter the transaction. Let's assume the sender is an attacker attempting to mislead the recipient into believing they have paid the due, then transfer the money back to themselves. In this scenario, the recipient would naturally receive a warning, but the sender would prefer that by then the damage is done.

The recipient generates a new public-private key pair and then informs the sender of the public key shortly before signing. This prevents a scenario where the sender prepares a block on a chain in advance through continuous computation and, with enough luck, gets ahead of the time until the transaction is executed. Once the funds have been sent, the dishonest sender secretly begins working on another parachain, attempting to insert a reverse version of the transaction.

The recipient waits until the transaction is packaged into a block, and then another block is subsequently added. He doesn't know the attacker's progress, but can assume the average time for an honest block to be generated in each block generation process; the attacker's potential progress follows a Poisson distribution with an expected value of:

To calculate the probability that the attacker can still catch up, we multiply the Passon density of each attacker's existing progress by the probability that he can catch up from that point:

To avoid rearranging the data after summing the infinite series of the density distribution…

Convert to C language program...

From the partial results, we can see that the probability decreases exponentially as Z increases:

If P is less than 0.1%...

12. Conclusion

We propose an electronic transaction system that does not rely on trust. Starting with a simple coin framework using digital signatures, while providing robust ownership control, it cannot prevent double-spending. To address this, we propose a peer-to-peer network using a proof-of-work mechanism to record a public transaction history. As long as honest nodes control the majority of CPU power, attackers cannot successfully tamper with the system solely from a computational power perspective. The robustness of this network lies in its unstructured simplicity. Nodes can work simultaneously instantaneously with minimal coordination. They don't even need to be identified, as message paths do not depend on a specific destination; messages only need to be propagated with best-effort intent. Nodes are free to join and leave, and upon rejoining, they simply accept the proof-of-work chain as proof of everything that happened while they were offline. They vote with their CPU power, continuously adding new valid blocks to the chain and rejecting invalid ones, indicating their acceptance of valid transactions. Any necessary rules and rewards can be enforced through this consensus mechanism.

Disclaimer: The articles reposted on this site are sourced from public platforms and are provided for informational purposes only. They do not necessarily reflect the views of MEXC. All rights remain with the original authors. If you believe any content infringes on third-party rights, please contact service@support.mexc.com for removal. MEXC makes no guarantees regarding the accuracy, completeness, or timeliness of the content and is not responsible for any actions taken based on the information provided. The content does not constitute financial, legal, or other professional advice, nor should it be considered a recommendation or endorsement by MEXC.
Share Insights

You May Also Like

Nvidia AI Ignites Revolutionary Partnerships in South Korea’s Tech Future

Nvidia AI Ignites Revolutionary Partnerships in South Korea’s Tech Future

BitcoinWorld Nvidia AI Ignites Revolutionary Partnerships in South Korea’s Tech Future The digital economy, fueled by rapid technological advancements, continues to reshape global industries, with artificial intelligence (AI) at its core. For those immersed in the cryptocurrency world, understanding the foundational shifts in AI development is crucial, as these innovations often precede breakthroughs in decentralized AI, blockchain scalability, and even the valuation of tech-heavy assets. A recent seismic event in the AI landscape, featuring Nvidia and South Korea’s tech giants, signals a monumental leap forward, promising to redefine not just industrial processes but potentially the very infrastructure upon which future digital economies, including crypto, will operate. Nvidia AI: Powering South Korea’s Ambitious Vision In a move that underscores South Korea’s commitment to becoming a global AI powerhouse, Nvidia CEO Jensen Huang recently embarked on his first visit to the nation in fifteen years. This visit was not merely ceremonial; it was a strategic unveiling of new plans designed to deepen collaboration with key Korean tech companies, including Hyundai Motor, Samsung, SK Group, and Naver. The timing, coinciding with the APEC Summit 2025, highlighted a significant expansion of the partnership between Nvidia and the South Korean government. This alliance aims to significantly boost the country’s AI infrastructure and enhance its physical AI capabilities. This announcement followed closely on the heels of new technology deals signed between the U.S. and both Japan and South Korea. These agreements aim to strengthen strategic ties and foster collaboration on critical emerging technologies. The focus areas include AI, semiconductors, quantum computing, biotechnology, and 6G, demonstrating a coordinated effort to advance technological leadership across allied nations. South Korea’s government officially confirmed its intention to acquire over 260,000 of Nvidia’s latest GPUs to meet the escalating demands of its AI sector. A substantial portion, approximately 50,000 GPUs, will be allocated to public initiatives. These include the development of indigenous AI foundation models and the establishment of a national AI data center, laying the groundwork for sovereign AI capabilities. The remaining 200,000+ GPUs are earmarked for major corporations such as Samsung, SK Group, Hyundai Motor Group, and Naver. This distribution is set to accelerate AI-based manufacturing innovation and the development of industry-specific AI models across various sectors. How Will Samsung AI Reshape Manufacturing and Connectivity? Samsung, a long-standing partner of Nvidia for over 25 years, announced ambitious plans to construct an AI Megafactory. This pioneering facility, developed in collaboration with Nvidia, aims to embed AI into every phase of Samsung’s manufacturing processes, spanning semiconductors, mobile devices, and robotics. The Megafactory will leverage more than 50,000 Nvidia GPUs and the Omniverse platform, creating an intelligent network capable of real-time analysis, prediction, and optimization of production workflows. This initiative is a testament to the transformative power of AI in modern industrial operations. Beyond manufacturing, the collaboration extends to next-generation memory technology. Nvidia and Samsung are jointly developing HBM4, the cutting-edge memory designed to power future AI applications, ensuring that the hardware infrastructure can keep pace with AI’s accelerating demands. Furthermore, Nvidia is partnering with Samsung and three major Korean telecom operators—SK Telecom, KT, and LG Uplus—along with ETRI (Electronics and Telecommunications Research Institute) to co-develop AI-RAN. This innovative technology combines mobile base stations with AI to significantly boost performance and reduce battery consumption. Under a new agreement, these partners will jointly develop next-generation AI-RAN and establish a global testbed, positioning South Korea at the forefront of 6G technology. Driving Future Mobility: The Role of Hyundai AI Meanwhile, Hyundai Motor Group and Nvidia are forging a powerful alliance to build advanced AI infrastructure and propel technologies in physical AI. This partnership is strategically focused on three core areas: autonomous mobility, smart factories, and robotics. Their collaboration extends to high-performance GPU supply and investment, ensuring that Hyundai has the computational muscle required for its ambitious projects. According to Nvidia, the companies will deploy 50,000 NVIDIA Blackwell GPUs. These powerful processors will be critical for integrated AI model training, validation, and deployment across Hyundai‘s initiatives. Furthermore, the partnership includes plans to establish AI research centers within South Korea, with the explicit goal of strengthening the country’s physical AI industry. Jensen Huang emphasized the profound impact of AI, stating, “AI is revolutionizing every facet of every industry, and in transportation alone — from vehicle design and manufacturing to robotics and autonomous driving — Nvidia’s AI and computing platforms are transforming how the world moves.” He added, “Together with Hyundai Motor Group — Korea’s industrial powerhouse and one of the world’s top mobility solutions providers — we’re building intelligent cars and factories that will shape the future of the multitrillion-dollar mobility industry.” Building Robust Korean AI Infrastructure with SK and Naver SK Group, the parent company of SK Hynix, is joining forces with Nvidia to establish Asia’s first enterprise-led manufacturing AI cloud. This groundbreaking initiative will leverage Nvidia’s advanced simulation and digital twin platforms, providing unprecedented access to the government, public institutions, and domestic startups. This move is designed to democratize access to powerful AI tools, fostering innovation and accelerating the adoption of AI across South Korea’s industrial landscape. Naver Cloud, the cloud computing division of the Korean search engine Naver, is also deepening its collaboration with NVIDIA. Their focus is on developing a next-generation “Physical AI” platform, designed to seamlessly bridge the gap between the physical and digital worlds. Naver Cloud plans to deploy this cutting-edge AI infrastructure across vital industries, including semiconductors, shipbuilding, energy, and biotechnology. The overarching goal is to accelerate the integration of AI solutions specifically optimized for real-world industrial environments. Hae-jin Lee, founder of Naver, articulated this vision, stating, “Just as the automotive industry is transitioning to SDVs, the era of ‘Physical AI,’ where AI operates directly within real industrial sites and systems, is unfolding.” The Strategic Importance of High-Performance AI GPUs The sheer number of AI GPUs being secured by South Korea—over 260,000 in total—underscores their critical role in the current technological arms race. GPUs are the workhorses of modern AI, providing the parallel processing power necessary to train complex neural networks and run sophisticated AI models. This massive influx of computational power will not only fuel the ambitious projects of Samsung, Hyundai, SK Group, and Naver but also establish South Korea as a leading hub for AI research and development. The strategic allocation of these GPUs, both for public initiatives and private enterprise, ensures a comprehensive national effort to harness AI’s potential. This aggressive investment in AI GPUs positions South Korea to drive innovation across diverse sectors, from advanced manufacturing and autonomous systems to telecommunications and cloud services. The partnerships highlight a broader trend: the seamless fusion of AI and hardware across industries. These collaborations demonstrate how global tech leaders are joining forces to engineer the next generation of intelligent systems, creating an ecosystem where AI can thrive and deliver tangible benefits. FAQs on Nvidia’s South Korea AI Expansion Who is Jensen Huang?Jensen Huang is the co-founder, president, and CEO of Nvidia, a leading technology company known for its graphics processing units (GPUs) and AI computing platforms. Which South Korean companies are partnering with Nvidia?Key partners include Hyundai Motor, Samsung, SK Group (including SK Telecom), and Naver (Naver Cloud). What is the significance of Nvidia’s visit to South Korea?It marks a major expansion of Nvidia‘s AI collaborations in South Korea, involving significant GPU commitments and joint development projects for advanced AI infrastructure and applications. What is the AI Megafactory being built by Samsung and Nvidia?It’s a facility designed to integrate AI into every stage of Samsung’s manufacturing processes for semiconductors, mobile devices, and robotics, using over 50,000 Nvidia GPUs and the Omniverse platform. What is AI-RAN?AI-RAN (Artificial Intelligence-Radio Access Network) combines mobile base stations with AI to improve network performance and reduce power consumption, crucial for 6G development. How many GPUs will South Korea secure from Nvidia?Over 260,000 of Nvidia’s latest GPUs, with 50,000 for public initiatives and over 200,000 for companies. What is “Physical AI”?Physical AI refers to AI systems that operate directly within real-world industrial sites and physical systems, connecting the physical and digital worlds for enhanced automation and optimization. Naver Cloud is collaborating with Nvidia on this. Conclusion: A New Era for South Korea AI The extensive collaborations between Nvidia and South Korea’s technology giants—from Samsung‘s AI network initiatives and Hyundai‘s software-defined vehicles to SK Group‘s industrial AI applications and Naver‘s cloud and AI services—mark a pivotal moment. These partnerships exemplify the profound fusion of AI and hardware across diverse industries, signaling a new era of intelligent systems. This strategic alignment not only solidifies South Korea’s position as a global leader in AI innovation but also demonstrates how major tech players are proactively shaping the future of technology. For the crypto community, these advancements in core AI infrastructure and applications lay the groundwork for more sophisticated decentralized AI solutions and could significantly impact the broader digital landscape, making these developments critical to watch. To learn more about the latest AI market trends, explore our article on key developments shaping AI features. This post Nvidia AI Ignites Revolutionary Partnerships in South Korea’s Tech Future first appeared on BitcoinWorld.
Sleepless AI
AI$0.07119+2.83%
FUTURECOIN
FUTURE$0.1184-0.53%
Core DAO
CORE$0.2016-3.26%
Share
Coinstats2025/10/31 21:40
Tether's net profit exceeded $10 billion in the first three quarters, and the circulating supply of USDT reached $174 billion.

Tether's net profit exceeded $10 billion in the first three quarters, and the circulating supply of USDT reached $174 billion.

PANews reported on October 31 that, according to Tether's official website, Tether International released its Q3 2025 audit report: net profit exceeded $10 billion for the year, USD₮ increased by $17 billion this quarter, and the circulating supply reached $174 billion; the company's holdings of US Treasury bonds were approximately $135 billion, ranking 17th globally. As of September 30, reserve assets were $1,812.231 billion, liabilities were $1,744.454 billion, and excess reserves were $6.778 billion; holdings of gold were $12.9 billion and Bitcoin were $9.9 billion (approximately 13% of reserves). Tether completed a settlement in the Celsius lawsuit using its own funds and applied for a private alternative investment fund license in El Salvador.
LayerNet
NET$0.00000282-19.19%
FUND
FUND$0.01375--%
ELYSIA
EL$0.003014-0.88%
Share
PANews2025/10/31 22:35
Project 0 Guide: How to Earn Enhanced Yield from the Solana-based Protocol

Project 0 Guide: How to Earn Enhanced Yield from the Solana-based Protocol

The decentralized finance (DeFi) ecosystem on Solana is heating up. There are over $11 billion worth of assets locked across various protocols, presenting numerous opportunities for investors.  In this guide, we examine Project 0, a DeFi protocol that identifies itself as a “prime broker.” First, we aim to explain in simple terms what the project does, and then we examine the various strategies you can deploy on the platform. The goal is to amplify your DeFi yield while reducing risk. Note, however, that just like every other form of investing, it is best to manage risk effectively and put in only what you can afford to lose. What is Project 0? Project 0 is a DeFi protocol built on the Solana network. If you are familiar with Aave, Compound, or Kamino (on Solana), you already have a basic understanding of how Project 0 works. However, the platform is much more than a place where you can deposit cryptocurrency to earn interest or use it as collateral to borrow. It offers many more capabilities, which we will learn about later in this article. Project 0 labels itself a “prime broker.” In the traditional world, a prime broker offers a straightforward interface for experienced investors and traders to capitalize on market opportunities. They can buy, sell, use leverage, and manage risks all from a single platform.  To get started with Project 0, set up a Solana wallet such as Phantom or Jupiter. Fund it with some SOL and head over to the Project 0 website. You can then deposit SOL on the platform to earn yield. Alternatively, you can assess all the assets supported on the platform, convert some SOL to your preferred asset, and then come back to deposit them on Project 0.  Strategies to Use On Project 0 Earning Yield The simplest thing to do on Project 0 is deposit assets to earn yield. At the time of writing, the platform supports a wide range of Solana-based assets, including Blue Chips, Stablecoins, Bitcoin, Governance Tokens, and Memecoins.  For each asset, you will find the annual percentage yield (APY), weight (the percentage of your deposit you can borrow), and the total deposits in the pool. To begin, connect your Solana wallet, select an asset, and click the SUPPLY button on the lending venue of your choice. Complete the deposit, and your crypto will automatically begin accruing yield. You can view the total amount of your deposits directly from the Portfolio tab. Borrow Against Your Assets Most of the support assets on Project 0 have collateral value. This means that you can borrow against them. For instance, if you deposit $100 worth of SOL on the platform, you can borrow USDC or any other stablecoin. Go to the Unified Borrow tab after depositing your asset, and pick the asset you want to borrow. Borrowing against your assets is a basic form of crypto lending that comes in handy if you hold some crypto and need a cash flow to meet everyday needs, without wanting to sell your coins because you believe the price will increase further. This strategy can also be used to improve your leverage on an asset, as we’d discuss in the next step. Going Leverage Long  Building on the last step, going long involves using the stablecoin (or any asset) that you have borrowed to purchase additional cryptocurrency. In this case, you assume that the price of the cryptocurrency, for example, SOL, will keep going up within your expected timeframe.  Hence, you can take the following steps (amounts used in the examples are simply for the purpose of examples; you can use any amount you can afford): Deposit $1,000 worth of SOL, and then borrow $500 worth of $CASH (Phantom-backed stablecoin).  Use the $CASH to buy $50 worth of SOL on Jupiter or any other Solana-based DEX. Add the purchased amount back to your SOL deposit on Project 0. Doing so increases your borrowing capacity, and you can borrow an additional amount and repeat the step (adding leverage)  until you have as much SOL as your position can safely accommodate. Of course, several factors must also be taken into account. Remember that you will pay interest on the borrowed $CASH. Hence, you must be confident that Solana (SOL) will rise enough to cover your interest rate and earn you a good profit. Also, keep an eye on your Account Health while borrowing.  Do not borrow so much that your portfolio comes under risk when the price of SOL drops slightly. The higher your account health figure, the safer your position; therefore, aim to maintain a healthy position by using leverage sensibly. Going Leverage Short Going short involves depositing a stablecoin or any other supported asset as collateral on Project 0. Stablecoins are preferred since they lower your chances of liquidation. Let’s take, for example, that you’ve made a deposit of $500 worth of USDC, and you think the price of BTC will go down.  Here are the steps to take. Borrow $300 worth of WBTC or any other wrapped Bitcoin version supported by Project 0. Assuming a Bitcoin price of $100,000, $300 worth of WBTC would be equivalent to 0.003 WBTC. Next, you go to Jupiter or any DEX of your choice and sell the borrowed WBTC  for USDC. You can then add the USDC back to your Project 0 USDC deposit to boost your yield while waiting for your prediction to play out.  Note that the borrowed bitcoin loan is denominated in bitcoin. So, let’s assume your prediction comes true, and BTC drops to $90,000; you can then buy back 0.003 WBTC on the open market for $270. Use the WBTC to repay your loan on Project 0 and pocket the extra $30 profit (minus trading fees). Note that you can repeat step 2 above to increase your leverage, i.e., depositing USDC to borrow additional BTC for market sell, with the hope that the price will decrease.  However, suppose the price of BTC goes against your prediction. In that case, you will need to buy BTC at a higher price to repay your loan, or risk being liquidated when the value of your borrowed amount equals the deposited USDC collateral. Hence, practice good risk management and always maintain good Account Health. Looping Stablecoins  You can amplify your stablecoin or SOL yield by using the Loop feature on Project. The idea behind looping is that you can borrow more coins than you initially deposited on the platform and then earn interest on the borrowed amount as well.  For example, if you deposit $100 worth of USDC, you can open a loop investment that uses a 2x leverage on another stablecoin, such as $CASH. What happens is that Project 0 would lend you $200 worth of CASH and use it to buy more USDC for you. For the sake of simplification, that would be an additional $200 USDC deposited in the protocol.  The result is that you now have $300 worth of USDC deposits earning interest, even though you originally had $100. You earn more interest this way, and can exit the loop at any time by withdrawing USDC from Project 0, swapping back to CASH via Jupiter, and then repaying your loan.  If you allow this strategy to run for some time, you would earn more interest than you initially would have if you simply deposited $100. Note that the interest rate being paid on the asset you are borrowing for the looped position should be less than what is being earned on your deposit. If at any time the interest rate you are paying exceeds the earned amount, it is best to close the loop and explore another opportunity. Looping SOL If you understand the concept of looping stablecoins, then applying the same concept to SOL is similar. Project 0 supports a wide range of liquid-staked SOL, including LST, MSOL, BSOL, and JitoSOL.  You can choose to deposit MSOL and then use it as collateral to loop SOL with a 2x leverage, for example. What happens is that Project 0 converts the borrowed SOL to MSOL and adds it to your deposited position. So, you earn more than you would have if you simply deposited MSOL or even SOL. Meanwhile, since MSOL has a higher APY than the amount paid on the borrowed SOL, your yield then becomes the difference between the interest paid and what you earn on the MSOL deposit. At the time of writing, MSOL offers a 9.7% yield while SOL borrowing costs 6.80%. The same applies to most of the SOL LSTs on the platform, making it a low-hanging fruit for investors.  Cross-Platform Lending Cross-platform lending would be the primary feature that distinguishes Project 0 from other lending venues on Solana and other networks. This feature (currently available to a select group of power users) enables you to deposit assets into various Solana-based protocols from a single interface.  For example, you can have deposits in Kamino, Jupiter Lend, and Drift Protocol, and manage them all from a single interface.  At the same time, you can use your combined deposits as collateral to borrow funds, as opposed to going on each platform to manage your positions individually. Such an approach gives investors access to more liquidity and unlocks easier management, just as using a “prime broker.”  Please note that to maximize the cross-lending feature, you must make the deposit directly on Project 0. If you deposit the asset directly on Jupiter Lend or any other platform, it will not be counted toward your portfolio balance on Project 0. Conclusion Project 0 brings a unique offering to the fast-growing world of DeFi. While the platform is in its early years, the promise of delivering tools and functionalities that were previously only available to sophisticated users is noteworthy. There are currently a range of strategies for users to explore, with many more to come in the near future. Still, only time will reveal whether the product finds market fit and provides the expected experience to Solana investors. The post Project 0 Guide: How to Earn Enhanced Yield from the Solana-based Protocol appeared first on CoinTab News.
FINANCE
FINANCE$0.0004861+15.62%
DeFi
DEFI$0.000886-1.66%
Wink
LIKE$0.005621-0.08%
Share
Coinstats2025/10/31 21:36

Trending News

More

Nvidia AI Ignites Revolutionary Partnerships in South Korea’s Tech Future

Tether's net profit exceeded $10 billion in the first three quarters, and the circulating supply of USDT reached $174 billion.

Project 0 Guide: How to Earn Enhanced Yield from the Solana-based Protocol

Adam Wainwright Takes The Mound Again Honor Darryl Kile

Solana Set to Mirror Bitcoin’s Success, Says Bitwise CIO in Bold New Prediction

Quick Reads

More

Chill House (CHILLHOUSE) Latest Price: Fresh Market Updates

Chill House (CHILLHOUSE) Real-Time Price and Market Analysis

Chill House (CHILLHOUSE) Price History: Key Milestones & Trends

Chill House (CHILLHOUSE) ATH Price History: Record Highs & Insights

Chill House (CHILLHOUSE) Price in USD: Latest Market Data

Crypto Prices

mc_price_img_alt

Ethereum

ETH

$3,856.49
$3,856.49$3,856.49

-0.11%

mc_price_img_alt

Bitcoin

BTC

$109,919.48
$109,919.48$109,919.48

-0.27%

mc_price_img_alt

Solana

SOL

$186.77
$186.77$186.77

-0.73%

mc_price_img_alt

XRP

XRP

$2.5185
$2.5185$2.5185

-0.21%

mc_price_img_alt

Binance Coin

BNB

$1,081.91
$1,081.91$1,081.91

-0.22%