Skip to content

Satoshi on Bitcoin's Design

Satoshi Nakamoto's design decisions for Bitcoin were deliberate, carefully considered, and explained in detail through the whitepaper, mailing list correspondence, and forum posts. Every element of Bitcoin's architecture -- from its peer-to-peer structure to its transaction model, scripting system, scalability considerations, and approach to privacy -- flows from a single design principle: eliminate the need for trusted third parties.

Peer-to-Peer Electronic Cash

The whitepaper's subtitle defines Bitcoin's purpose without ambiguity:

"A purely peer-to-peer version of electronic cash would allow online payments to be sent directly from one party to another without going through a financial institution."

-- Satoshi Nakamoto, Bitcoin whitepaper, October 31, 2008

This is not merely a technical preference but a philosophical stance. Every design decision flows from the goal of eliminating intermediaries. On the P2P Foundation forum, Satoshi described the resulting architecture:

"I've developed a new open source P2P e-cash system called Bitcoin. It's completely decentralized, with no central server or trusted parties, because everything is based on crypto proof instead of trust."

-- Satoshi Nakamoto, P2P Foundation, February 11, 2009

And on the P2P Research list, he described it as a database:

"It is a global distributed database, with additions to the database by consent of the majority, based on a set of rules they follow: Whenever someone finds proof-of-work to generate a block, they get some new coins. The proof-of-work difficulty is adjusted every two weeks to target an average of 6 blocks per hour. The coins given per block is cut in half every 4 years."

-- Satoshi Nakamoto, P2P Foundation, February 18, 2009

The Core Design Was Set in Stone

One of Satoshi's most striking statements about Bitcoin's design came in a June 2010 forum post about Bitcoin's scripting system:

"The nature of Bitcoin is such that once version 0.1 was released, the core design was set in stone for the rest of its lifetime. Because of that, I wanted to design it to support every possible transaction type I could think of."

-- Satoshi Nakamoto, BitcoinTalk, June 17, 2010

This reveals a key design philosophy: build for permanence, not iteration. Satoshi understood that a monetary system cannot be constantly redesigned. The rules must be fixed and predictable. He had spent years thinking through the implications before writing a single line of public code:

"Since 2007. At some point I became convinced there was a way to do this without any trust required at all and couldn't resist to keep thinking about it. Much more of the work was designing than coding. Fortunately, so far all the issues raised have been things I previously considered and planned for."

-- Satoshi Nakamoto, BitcoinTalk, June 18, 2010

The fact that Satoshi had worked on Bitcoin since 2007 -- a full year and a half before publishing the whitepaper -- explains the remarkable coherence of the design. He wrote the code first, then the paper:

"I believe I've worked through all those little details over the last year and a half while coding it, and there were a lot of them. The functional details are not covered in the paper, but the sourcecode is coming soon."

-- Satoshi Nakamoto, Cryptography Mailing List, November 17, 2008

Transaction Model

Bitcoin uses a UTXO (Unspent Transaction Output) model rather than account balances. Satoshi explained the rationale in the whitepaper:

"Although it would be possible to handle coins individually, it would be unwieldy to make a separate transaction for every cent in a transfer. To allow value to be split and combined, transactions contain multiple inputs and outputs. Normally there will be either a single input from a larger previous transaction or multiple inputs combining smaller amounts, and at most two outputs: one for the payment, and one returning the change, if any, back to the sender."

-- Satoshi Nakamoto, Bitcoin whitepaper, October 31, 2008

Each transaction is a chain of digital signatures. In a November 2008 email, Satoshi clarified: "A basic transaction is just what you see in the figure in section 2. A signature (of the buyer) satisfying the public key of the previous transaction, and a new public key (of the seller) that must be satisfied to spend it the next time."

He also explained the use of elliptic curve cryptography: "Right, it's ECC digital signatures. A new key pair is used for every transaction. It's not pseudonymous in the sense of nyms identifying people, but it is at least a little pseudonymous in that the next action on a coin can be identified as being from the owner of that coin."

The Scripting System

Rather than hard-coding specific transaction types, Satoshi created a generalized scripting language:

"The problem was, each thing required special support code and data fields whether it was used or not, and only covered one special case at a time. It would have been an explosion of special cases. The solution was script, which generalizes the problem so transacting parties can describe their transaction as a predicate that the node network evaluates. The nodes only need to understand the transaction to the extent of evaluating whether the sender's conditions are met."

-- Satoshi Nakamoto, BitcoinTalk, June 17, 2010

This scripting system was designed to accommodate future innovation:

"The design supports a tremendous variety of possible transaction types that I designed years ago. Escrow transactions, bonded contracts, third party arbitration, multi-party signature, etc. If Bitcoin catches on in a big way, these are things we'll want to explore in the future, but they all had to be designed at the beginning to make sure they would be possible later."

-- Satoshi Nakamoto, BitcoinTalk, June 17, 2010

The foresight here is remarkable. Satoshi built support for multi-signature transactions, escrow, and smart contracts years before anyone would use them, because he understood that the core protocol would be difficult to change once deployed.

Solving Double-Spending

The double-spending problem -- preventing the same digital coin from being spent twice -- was the central unsolved challenge in electronic cash. Previous systems required a central mint. Satoshi rejected this:

"The problem of course is the payee can't verify that one of the owners did not double-spend the coin. A common solution is to introduce a trusted central authority, or mint, that checks every transaction for double spending. The problem with this solution is that the fate of the entire money system depends on the company running the mint, with every transaction having to go through them, just like a bank."

-- Satoshi Nakamoto, Bitcoin whitepaper, October 31, 2008

Bitcoin solves this through public announcement and proof of work:

"Transactions must be publicly announced, and we need a system for participants to agree on a single history of the order in which they were received. The payee needs proof that at the time of each transaction, the majority of nodes agreed it was the first received."

-- Satoshi Nakamoto, Bitcoin whitepaper, October 31, 2008

In a detailed mailing list exchange, Satoshi explained the practical dynamics of how double-spend attempts are defeated:

"The race is to spread your transaction on the network first. Think 6 degrees of freedom -- it spreads exponentially. It would only take something like 2 minutes for a transaction to spread widely enough that a competitor starting late would have little chance of grabbing very many nodes before the first one is overtaking the whole network."

-- Satoshi Nakamoto, Cryptography Mailing List, November 15, 2008

He calculated the probabilities: "If the real transaction reaches 90% and the double-spent tx reaches 10%, the double-spender only gets a 10% chance of not paying, and 90% chance his money gets spent. For almost any type of goods, that's not going to be worth it for the scammer."

Transaction Confirmation and Irreversibility

Satoshi was clear that Bitcoin transactions gain finality over time, not instantly:

"Instantant non-repudiability is not a feature, but it's still much faster than existing systems. Paper cheques can bounce up to a week or two later. Credit card transactions can be contested up to 60 to 180 days later. Bitcoin transactions can be sufficiently irreversible in an hour or two."

-- Satoshi Nakamoto, Cryptography Mailing List, November 10, 2008

On how many confirmations provide adequate security, Satoshi pointed to the mathematical analysis in the whitepaper: "Section 11 calculates the worst case under attack. Typically, 5 or 10 blocks is enough for that. If you're selling something that doesn't merit a network-scale attack to steal it, in practice you could cut it closer."

Simplified Payment Verification

Satoshi anticipated that not every user would run a full node, and designed accordingly:

"It is possible to verify payments without running a full network node. A user only needs to keep a copy of the block headers of the longest proof-of-work chain, which he can get by querying network nodes until he's convinced he has the longest chain, and obtain the Merkle branch linking the transaction to the block it's timestamped in."

-- Satoshi Nakamoto, Bitcoin whitepaper, October 31, 2008

However, he recommended that "businesses that receive frequent payments will probably still want to run their own nodes for more independent security and quicker verification."

On BitcoinTalk, Satoshi elaborated on the SPV plan:

"Simplified Payment Verification is for lightweight client-only users who only do transactions and don't generate and don't participate in the node network. They wouldn't need to download blocks, just the hash chain, which is currently about 2MB and very quick to verify (less than a second to verify the whole chain). If the network becomes very large, like over 100,000 nodes, this is what we'll use to allow common users to do transactions without being full blown nodes."

-- Satoshi Nakamoto, BitcoinTalk, May 18, 2010

He added: "SPV is not implemented yet, and won't be implemented until far in the future, but all the current implementation is designed around supporting it."

Storage Efficiency

The whitepaper addressed long-term storage concerns with a calculation:

"A block header with no transactions would be about 80 bytes. If we suppose blocks are generated every 10 minutes, 80 bytes * 6 * 24 * 365 = 4.2MB per year. With computer systems typically selling with 2GB of RAM as of 2008, and Moore's Law predicting current growth of 1.2GB per year, storage should not be a problem even if the block headers must be kept in memory."

-- Satoshi Nakamoto, Bitcoin whitepaper, October 31, 2008

Old transactions could be pruned without breaking the chain:

"Once the latest transaction in a coin is buried under enough blocks, the spent transactions before it can be discarded to save disk space. To facilitate this without breaking the block's hash, transactions are hashed in a Merkle Tree, with only the root included in the block's hash."

-- Satoshi Nakamoto, Bitcoin whitepaper, October 31, 2008

Scalability

On the question of whether Bitcoin could scale, Satoshi expressed confidence. He calculated that even Visa-level transaction volumes were within reach:

"The bandwidth might not be as prohibitive as you think. A typical transaction would be about 400 bytes (ECC is nicely compact). Each transaction has to be broadcast twice, so lets say 1KB per transaction. Visa processed 37 billion transactions in FY2008, or an average of 100 million transactions per day. That many transactions would take 100GB of bandwidth, or the size of 12 DVD or 2 HD quality movies, or about $18 worth of bandwidth at current prices."

-- Satoshi Nakamoto, Cryptography Mailing List, November 2, 2008

The 10-minute block time was a deliberate choice balancing security against usability and network propagation:

"We want blocks to usually propagate in much less time than it takes to generate them, otherwise nodes would spend too much time working on obsolete blocks."

-- Satoshi Nakamoto, Cryptography Mailing List, November 14, 2008

The Broadcast Mechanism

Satoshi designed a specific mechanism for propagating transactions and blocks:

"Each node sends its neighbours an inventory list of hashes of the new blocks and transactions it has. The neighbours request the items they don't have yet. If the item never comes through after a timeout, they request it from another neighbour that had it. Since all or most of the neighbours should eventually have each item, even if the coms get fumbled up with one, they can get it from any of the others, trying one at a time."

-- Satoshi Nakamoto, Cryptography Mailing List, November 17, 2008

He noted that this approach "introduces a little latency, but it ultimately helps speed more by keeping extra data blocks off the transmit queues and conserving bandwidth."

Encryption Strength

Satoshi expressed confidence in Bitcoin's cryptographic foundations:

"SHA-256 is very strong. It's not like the incremental step from MD5 to SHA1. It can last several decades unless there's some massive breakthrough attack."

-- Satoshi Nakamoto, BitcoinTalk, June 14, 2010

Bitcoin Addresses

Satoshi explained the permanence and low cost of bitcoin addresses:

"When you generate a new bitcoin address, it only takes disk space on your own computer (like 500 bytes). It's like generating a new PGP private key, but less CPU intensive because it's ECC. The address space is effectively unlimited. It doesn't hurt anyone, so generate all you want."

-- Satoshi Nakamoto, BitcoinTalk, May 16, 2010

And their permanence: "Bitcoin addresses you generate are kept forever. A bitcoin address must be kept to show ownership of anything sent to it. If you were able to delete a bitcoin address and someone sent to it, the money would be lost."

He also foresaw the use of QR codes for payments: "That would be nice at point-of-sale. The cash register displays a QR-code encoding a bitcoin address and amount on a screen and you photo it with your mobile."

Micropayments

Bitcoin was designed to enable small payments that traditional banking makes impractical. Satoshi envisioned practical use cases:

"It can already be used for pay-to-send e-mail. The send dialog is resizeable and you can enter as long of a message as you like. It's sent directly when it connects."

-- Satoshi Nakamoto, Cryptography Mailing List, January 16, 2009

However, Satoshi was honest about limitations:

"Bitcoin isn't currently practical for very small micropayments. Not for things like pay per search or per page view without an aggregating mechanism, not things needing to pay less than 0.01. The dust spam limit is a first try at intentionally trying to prevent overly small micropayments like that. Bitcoin is practical for smaller transactions than are practical with existing payment methods. Small enough to include what you might call the top of the micropayment range. But it doesn't claim to be practical for arbitrarily small micropayments."

-- Satoshi Nakamoto, BitcoinTalk, August 4, 2010

Timestamping Beyond Currency

In a March 2009 email exchange with Hal Finney, Satoshi recognized Bitcoin's potential beyond payments:

"Indeed, Bitcoin is a distributed secure timestamp server for transactions. A few lines of code could create a transaction with an extra hash in it of anything that needs to be timestamped. I should add a command to timestamp a file that way."

-- Satoshi Nakamoto, Bitcoin List, March 4, 2009

This observation anticipated the later development of notarization, digital identity, and smart contract applications built on the Bitcoin blockchain.

The Difficulty of Explaining Bitcoin

In July 2010, Satoshi expressed a challenge that resonates to this day:

"Writing a description for this thing for general audiences is bloody hard. There's nothing to relate it to."

-- Satoshi Nakamoto, BitcoinTalk, July 5, 2010

Design Philosophy

Bitcoin's design reflects a consistent philosophy: simplicity over complexity, decentralization over efficiency, security through economic incentives rather than authority. Every major design choice -- the UTXO model, proof-of-work, the difficulty adjustment, the block reward halving, the 21 million coin cap, the scripting system -- serves the goal of creating money that no single entity can control.

Satoshi built the system to last, designing for the future while releasing the minimum viable product. He included features like SPV and the scripting system that would not be used for years, because he understood that the protocol's core rules must be right from the beginning. This combination of long-term vision and practical minimalism is what makes Bitcoin's design endure.

See Also