Skip to content

The Trust Problem

There is an obvious solution to double-spending. It’s what every bank, PayPal, and credit-card network uses. Understanding why it’s not good enough is what motivates everything Satoshi built.

Appoint a single trusted party to maintain the ledger. When I pay Alice:

  1. The keeper checks I actually have the coins.
  2. It subtracts from my balance and adds to hers.
  3. If I try to spend the same coins again, it simply rejects the second transaction.

Double-spend solved. Cleanly. This works so well that essentially all of traditional digital money runs this way.

Look at what you had to buy that solution with — complete trust in a third party. That party now has powers you may not want anyone to have:

Power they holdWhat it means for you
CensorThey can freeze your account or block a payment — deplatforming, sanctions, mistakes.
InflateThey (or whoever controls them) can create more units, diluting what you hold.
FailIf they go bankrupt or their database is lost, your money can vanish.
Be coerced or hackedGovernments can compel them; attackers can breach them. You inherit their weaknesses.

This isn’t hypothetical — each power has a real history (well-known illustrations; the point is the capability, which exists whether or not it’s abused on any given day):

  • Censor: payment processors blockaded WikiLeaks donations (2010); accounts tied to the 2022 Canadian trucker protests were frozen.
  • Inflate: Weimar Germany, Zimbabwe, and Venezuela each wiped out savings through hyperinflation — the issuer simply printed more.
  • Fail: DigiCash went bankrupt and its money died with it (see the predecessors); the Mt. Gox collapse vaporized customer funds.
  • Coerced / hacked: the 2013 Cyprus “bail-in” haircut ordinary depositors’ balances by decree.

”Just use several keepers” doesn’t escape it

Section titled “”Just use several keepers” doesn’t escape it”

The natural patch — spread the ledger across many keepers, or a federation, so no single one can cheat — only moves the problem. Now the keepers must agree on one history while some may lie or fail, over an unreliable network. That is exactly the Byzantine agreement problem of the next page, and in an open network it reopens the door to Sybil fakery too. Partial decentralization doesn’t dodge the hard part — it is the hard part.

So we can now write the problem Bitcoin actually set out to solve, precisely:

Prevent double-spending — i.e., maintain one agreed-upon ledger — among strangers who do not trust each other and with no central authority.

That phrase “no central authority” is the entire difficulty. Remove the trusted keeper and you must somehow get a crowd of mutually-distrustful, anonymous computers to agree on one history. That turns out to be one of the hardest problems in computer science — which is exactly what the next page is about.

  1. Describe how a central ledger keeper prevents double-spends.
  2. List the four powers a trusted central keeper inevitably holds over your money.
  3. Why is “single point of failure” also “single point of control”?
  4. Write the full problem statement Bitcoin solves — including the clause that makes it hard.
  5. Distinguish custodial/counterparty trust from issuer/monetary trust, and give a real example of each power being exercised.
  6. Why does spreading the ledger across a federation of keepers not escape the core problem?
Show answers
  1. It keeps the single authoritative ledger. When you pay, it checks you actually own the coins, debits you and credits the payee, and rejects any later attempt to spend those same coins — so a double-spend can never be recorded.
  2. Censor (freeze your account or block a payment), Inflate (create more units, diluting what you hold), Fail (go bankrupt or lose the database, taking your money with it), and Be coerced or hacked (governments can compel them; attackers can breach them).
  3. The single ledger everyone depends on is also the single lever that controls everyone’s money — whoever holds it can freeze, seize, or inflate at will. The very thing that makes it convenient (one place holds the truth) is what makes it dangerous.
  4. “Prevent double-spending — i.e., maintain one agreed-upon ledger — among strangers who do not trust each other and with no central authority.” That last clause is what makes it hard.
  5. Custodial / counterparty trust is trusting whoever holds your balance not to freeze, lose, or steal it (a bank, an exchange). Issuer / monetary trust is trusting whoever controls the supply not to debase the unit (a central bank). Real exercises of each power: censorship — the 2010 WikiLeaks payment blockade; inflation — Weimar/Zimbabwe/Venezuela hyperinflation; failure — the Mt. Gox collapse; coercion — the 2013 Cyprus deposit “bail-in.”
  6. It only moves the problem: the keepers must now agree on one history while some may lie or fail, over an unreliable network — that is the Byzantine agreement problem, and in an open network it also reopens Sybil attacks. Partial decentralization doesn’t dodge the hard part — it is the hard part.