← Back to First Principles
First Principles · Flagship Deep Dive

Bitcoin from First Principles

Most explanations of Bitcoin start with the answer and work backwards. This one starts with the problem and builds the answer, one principle at a time, so that by the end the design looks inevitable rather than arbitrary. Every interactive here is real: the miner actually hashes, the keys actually sign.

Research question

If you had to design money that no single party could inflate, freeze, or counterfeit, what would each piece have to do, and what would it cost you?

Ten principles, built in order. No score, nothing to complete. Read straight through or jump in.
  1. What makes money good
  2. The double-spend problem
  3. Who keeps the ledger
  4. Agreement among strangers
  5. Proof of work (live)
  6. The blockchain and immutability
  7. Digital signatures (live)
  8. Economic incentives
  9. Network effects
  10. Scarcity and sovereignty

Principle 0
What makes money good?

Before building digital money, decide what "good money" even means. Money is a tool with a job: hold value across time, move value across space, and divide cleanly for trade. Different monies do these jobs well or badly depending on a handful of properties. Compare four monies across those properties and see where each one breaks.

Principle 1
The double-spend problem

Physical cash has a useful property: handing you a coin means I no longer have it. Digital files are the opposite. A file copies perfectly, so a naive digital coin could be spent twice: send the same coin to Alice and to Bob at the same instant. For decades the only known fix was a trusted referee (a bank) keeping one ledger and deciding whose payment counts. That works, but it puts the referee in charge of your money. Everything that follows exists to remove that referee without reintroducing double-spending.

Principle 1 · double-spend ledger
Try to spend the same coin twice

Alice holds one coin (one unspent output). Pay it to Bob, then try to pay the same coin to Carol. A shared ledger that records the first spend lets every node reject the second, with no referee.

1 BTC
Alice's unspent output
-
Bob
-
Carol
Ledger ready. Alice's output is unspent.

Principle 2
Who keeps the ledger?

If a single party keeps the ledger, that party can censor, freeze, reverse, or quietly inflate. So the ledger has to be held by everyone at once: thousands of independent copies that each enforce the same rules. The hard part is not copying the ledger; it is getting thousands of strangers to agree on the same order of events when some of them may be dishonest.

The design pressureA shared ledger removes the single referee but creates a new problem: how do mutually distrustful strangers agree on one history without a vote that can be faked by spinning up millions of identities? That is the question Principle 3 and 4 answer together.

Principle 3
Agreement among strangers

You cannot settle disagreements by counting identities, because anyone can create unlimited fake identities for free (the "Sybil" problem). Bitcoin replaces "one identity, one vote" with "one unit of real-world work, one vote." To have a say in which history is valid, you must spend something that cannot be faked: energy. That is what proof of work is for.

Principle 4
Proof of work, for real

A miner repeatedly hashes the block plus a changing number (the nonce) until the result starts with enough zeros. Hashes are unpredictable, so the only way to find one is to try, over and over. Finding it proves work was done; checking it is instant. The widget below is not a simulation. It runs real SHA-256 in your browser and actually grinds nonces until it hits the target. Raise the difficulty by one and watch the work roughly multiply by sixteen.

Principle 4 · live proof-of-work
Mine a block

Real SHA-256 in your browser. Find a hash of "block data + nonce" that starts with the chosen number of zeros. This is exactly the puzzle a miner solves, in miniature.

Press Mine to start hashing.
0
Hashes tried
-
Winning nonce
-
Time
-
Hashes/sec

Change one character of the block data after mining and the winning hash no longer matches: you would have to mine again. That is Principle 5.

Principle 5
The blockchain and immutability

Each block includes the hash of the block before it, so blocks form a chain. Because a block's hash depends on its contents, editing any old transaction changes that block's hash, which breaks the next block's reference, which breaks the next, and so on. To rewrite history you would have to redo the proof of work for that block and every block after it, faster than the rest of the network is extending the honest chain. The deeper a transaction is buried, the more work an attacker must out-pace. Immutability is not a promise; it is a cost.

Principle 6
Digital signatures, for real

Mining decides the order of transactions. Signatures decide who is allowed to spend. You hold a private key and share a public key derived from it. A signature proves you authorised a specific message without revealing the private key, and anyone can verify it against your public key. Change the message by one character and the signature fails. The widget below uses your browser's real cryptography (WebCrypto) to generate a key pair, sign, verify, and show tampering being caught.

Principle 6 · live signatures
Sign and verify

Real elliptic-curve cryptography via the browser's WebCrypto API (curve P-256). Bitcoin itself uses a closely related curve, secp256k1; the principle is identical.

-
Public key (truncated)
-
Signature (truncated)
-
Verify result
Step 1: generate a key pair.

Principle 7
Economic incentives

Why would anyone spend real electricity to secure other people's money? Because the protocol pays them: each block grants the miner newly issued bitcoin (currently 3.125 BTC) plus transaction fees. Honest mining is profitable; attacking is expensive and tends to destroy the value of the very thing you would win. The first calculator estimates whether a given machine is profitable. The second estimates what it would cost to rent enough hashpower to attack the network for an hour.

Principle 8
Network effects

Money is more useful the more people accept it, so monetary networks tend to converge. That creates a real moat for an incumbent. But the popular claim that a network's value grows with the square of its users (Metcalfe's law) is a rough heuristic, not a law of nature, and it is easy to abuse as a price forecast. Treat network effects as a reason adoption is sticky, not as a valuation formula.

Principle 9
Scarcity and sovereignty

Put the pieces together. Signatures prove ownership. Proof of work orders history and makes rewriting it expensive. The chain links blocks so tampering cascades. Incentives pay honest participants and punish attackers. On top of that sits a fixed issuance schedule, which only means something because everything beneath it stops double-spending without a referee. The result is the property Bitcoin is named for: something digital that is also scarce, that you can hold with a phrase in your memory and move without anyone's permission. Whether that is worth its costs (volatility, irreversibility, energy use, an unresolved long-run fee question) is the honest debate the rest of this area takes up.

Where to go nextTest the supply side in Digital Scarcity (is a fixed cap a feature or a liability?), and the failure modes it resists in Why Money Fails. For Bitcoin's role in today's layered payment system, see the Foundational-Layer Thesis.

Steelman: the strongest case against this whole journey

Common misconceptions, checked

Source trail

Reflect