Abstract— Apurely peer-to-peer version of electronic cash would allow online payments tobe sent directly from one party to another without going through a financialinstitution. Digital signatures provide part of the solution, but the mainbenefits are lost if a trusted third party is still required to prevent doublespending. We propose a solution to the double-spending problem using apeer-to-peer network. The network timestamps transactions by hashing them intoan ongoing chain of hash-based proof-of-work, forming a record that cannot bechanged without redoing the proof-of-work. The longest chain not only serves asproof of the sequence of events witnessed, but proof that it came from thelargest pool of CPU power. As long as a majority of CPU power is controlled bynodes that are not cooperating to attack the network, they will generate thelongest chain and outpace attackers. The network itself requires minimalstructure. Messages are broadcast on a best effort basis, and nodes can leaveand re-join the network at will, accepting the longest proof-of-work chain asproof of what happened while they were gone.