By Liu Jiaolian (刘教链)

Bitcoin History Tales — Complete Implementation Specification

Based on Liu Jiaolian (刘教链), God Rolls Dice: Bitcoin History Tales (上帝掷骰子：比特币史话) (2022)

Overview
Core Thesis — Order from Consensual Randomness
Bitcoin's Technical Architecture
Key Historical Events and Lessons
The Monetary Theory of Bitcoin
Game Theory and Incentive Design
Security Model and Attack Analysis
Investment Framework Derived from the Book
Entry Rules — When to Accumulate Bitcoin
Exit Rules — When to Reduce Exposure
Position Sizing and Allocation
Risk Management
Behavioral and Discipline Rules
Common Mistakes
Complete Bitcoin Lifecycle Example
Implementation Pseudocode
Key Quotes

1. Overview

God Rolls Dice: Bitcoin History Tales is a 20-chapter, 100-tale encyclopedic history of Bitcoin written by Chinese blockchain educator Liu Jiaolian. Published in 2022, the book covers approximately 290,000 Chinese characters and is structured as a series of interconnected historical narratives that trace Bitcoin's invention back through centuries of cryptography, mathematics, economics, computing, and monetary history.

Unlike most Bitcoin books that focus on either the technical or the investment angle, this book argues that Bitcoin can only be truly understood by placing it within the full context of its intellectual precursors: the cypherpunk movement, elliptic curve cryptography, the Byzantine Generals Problem, Austrian economics, game theory, the history of the Federal Reserve, and thermodynamic dissipative structures.

Core thesis: Bitcoin's essence is "order emerged from consensual randomness" — a system where cryptography (mathematics), hash power (physics), and consensus (game theory) combine to create an irreversible arrow of time, a new form of money, and a self-governing system that channels selfish behavior toward collective good.

Target audience: Blockchain practitioners, investors, researchers, educators, and anyone seeking to understand Bitcoin from first principles rather than surface-level narratives.

Structure: 20 chapters, each containing 3-7 "tales" (话), progressing from Bitcoin's genesis (Ch. 1-2) through its core technologies (Ch. 3-8), monetary theory (Ch. 9-10), mining arms race (Ch. 11), game theory (Ch. 12-13), smart contracts (Ch. 14), forks (Ch. 15), scalability (Ch. 16), data compression (Ch. 17), randomness and wallets (Ch. 18), privacy (Ch. 19), and the open-source era (Ch. 20).

2. Core Thesis — Order from Consensual Randomness

The book's subtitle "God Rolls Dice" captures its central philosophical claim: Bitcoin's security and value emerge from randomness that achieves consensus.

2.1 The Three Pillars

Cryptography (Mathematics) — Elliptic curve digital signatures (ECDSA using secp256k1), SHA-256 hash functions, and double-hash structures provide the mathematical foundation
Hash Power (Physics) — Proof-of-Work converts electricity into irreversible time, creating Bitcoin's internal clock and arrow of time
Consensus (Game Theory) — The longest-chain rule, mining incentives, and Nash equilibrium dynamics ensure all participants converge on a single shared history

2.2 Bitcoin as a Dissipative Structure

Drawing on Nobel laureate Ilya Prigogine's theory of dissipative structures, the author argues that Bitcoin's Proof-of-Work chain is an open system that continuously converts external energy (electricity) into internal order (the blockchain's irreversible history). This creates a third kind of time — not the reversible time of Newtonian mechanics, nor the statistical time of thermodynamics, but an internally-generated, consensus-driven time unique to Bitcoin.

2.3 Satoshi's Reinvention of Time

The book's most original technical insight: Satoshi Nakamoto's greatest invention was not digital money per se, but the creation of endogenous time in cyberspace. Before Bitcoin, all digital timestamps were external and manipulable. Bitcoin's Proof-of-Work chain creates an internal, unforgeable timeline — what Satoshi originally called a "timechain" rather than a "blockchain."

3. Bitcoin's Technical Architecture

3.1 Elliptic Curve Cryptography (Ch. 3)

Bitcoin uses ECDSA with the secp256k1 curve (a = 0, b = 7), not the NSA-influenced P-256 (NIST) curve
Satoshi chose secp256k1 before it was widely recommended, avoiding a potential NSA backdoor exposed by Snowden in 2013
256-bit ECC provides security equivalent to 3072-bit RSA, with smaller key sizes and faster computation

3.2 Hash Functions (Ch. 5)

Three critical properties of cryptographic hash functions that Bitcoin exploits:

Collision-free — Practically impossible to find two inputs with the same hash
Hiding — Cannot reverse-engineer the input from the output
Puzzle-friendly — The only way to find a target hash is brute-force search

Bitcoin uses SHA-256 everywhere, chosen because MD5 and SHA-1 were already broken by Chinese cryptographer Wang Xiaoyun's team in 2004-2005.

3.3 Double-Hash Design (Ch. 5)

Bitcoin uses double-hashing (e.g., SHA-256 applied twice, or SHA-256 + RIPEMD-160 for addresses) to defend against length-extension attacks — a vulnerability in single-layer Merkle-Damgard hash constructions.

3.4 The UTXO Model (Ch. 4)

A Bitcoin "coin" is defined as "a chain of digital signatures"
The UTXO (Unspent Transaction Output) model represents electronic coins
There are no "accounts" or "balances" — only unspent outputs locked by scripts
The smallest unit is 1 satoshi = 0.00000001 BTC (1/100 millionth)

3.5 Timestamp Server and Proof-of-Work (Ch. 6)

Each block header contains the hash of the previous block, creating a hash pointer chain
Block time records both internal time (block height) and external time (UNIX timestamp)
The only unforgeable element is the computational work needed to produce the PoW
Time-warp attacks are mitigated by using median of 11 blocks for time validation

3.6 Bitcoin Script (Ch. 14)

Bitcoin uses a stack-based, Turing-incomplete scripting language in Reverse Polish Notation
Deliberately NOT Turing-complete to avoid the Halting Problem — preventing infinite loops that could crash the decentralized network
Transactions are split into locking scripts (scriptPubKey) and unlocking scripts (scriptSig)
Supports multisig (m-of-n), escrow, and time-locked transactions

3.7 Address Evolution

Early: Pay-to-PubKey (P2PK) — payment directly to public key
Standard: Pay-to-PubKeyHash (P2PKH) — payment to hash of public key (starts with "1")
Advanced: Pay-to-ScriptHash (P2SH) — payment to hash of redeem script (starts with "3")
P2SH activated via soft fork in April 2012 (BIP-13)

4. Key Historical Events and Lessons

4.1 Timeline of Critical Events

Date	Event	Lesson
2008-10-31	Satoshi publishes Bitcoin whitepaper on cypherpunk mailing list	Great innovations often emerge from niche communities
2009-01-03	Genesis block mined, embedding The Times headline about bank bailouts	Bitcoin born as response to financial system failure
2009-01-12	First Bitcoin transaction: Satoshi to Hal Finney (Block 170)	Early adoption by those who understand the technology
2010-12-12	Satoshi's last public post (v0.3.19 release)	Creator's disappearance strengthened decentralization
2010-08-15	Integer overflow bug: 922 billion BTC created at block 74638	Fixed within 5 hours with v0.3.10; shows importance of vigilant community
2011-06-09	El Salvador adopts Bitcoin as legal tender	Nation-state adoption validates the technology
2017-08-01	Bitcoin Cash (BCH) hard fork at block 478559	Block size wars demonstrate governance challenges
2017-08-24	SegWit activation	Soft forks can achieve upgrades without splitting the chain

4.2 The Cypherpunk Movement (Ch. 2)

1991: Phil Zimmermann creates PGP, classified as "munitions" by US government
1993: Eric Hughes publishes "A Cypherpunk's Manifesto"
1995: Zimmermann publishes PGP source code as a book, protected by First Amendment
Key lesson: Source code is protected speech; cryptography is a human right

4.3 Precursors to Bitcoin (Ch. 8)

Wei Dai's B-money (1998): Proposed using computational work to mint money, digital signatures for transfers, public ledger — but lacked precise implementation details
Nick Szabo's Bit Gold (2005): Proposed chaining proof-of-work together, using PoW as distributed timestamping — but relied on open market pricing rather than fixed issuance schedule
Adam Back's Hashcash (1997): Invented the proof-of-work concept for anti-spam; Bitcoin's PoW is mathematically identical to Hashcash
Satoshi combined and improved all three, adding the key insight of using PoW for consensus rather than just minting

4.4 Satoshi's Birthday and the Federal Reserve (Ch. 10)

Satoshi's registered birthday: April 5, 1975
April 5, 1933: Roosevelt's Executive Order 6102 confiscated Americans' gold
1975: Gold ownership re-legalized in the US (Public Law 93-373)
These dates encode a message: Bitcoin is a weapon against state confiscation of wealth

4.5 The Fork Wars (Ch. 15)

Three types of forks:

Turing bifurcation: Random, temporary forks resolved by longest-chain rule
Soft fork: Backward-compatible; old nodes accept new blocks (e.g., SegWit)
Hard fork: Not backward-compatible; creates permanent chain split (e.g., BCH)

Key lesson: Bitcoin's core design is immutable once deployed ("version 0.1 core design will remain unchanged throughout its lifecycle" — Satoshi). Hard forks that change consensus rules face the "Grim Trigger" of game theory — once betrayal begins, it never stops.

5. The Monetary Theory of Bitcoin

5.1 Austrian Economics Foundation (Ch. 8)

The book grounds Bitcoin's value theory in Austrian economics:

Carl Menger (1892): Money emerges from the most "saleable" commodity in free market exchange
Ludwig von Mises (1949): The Regression Theorem — money's value traces back to its commodity value before it became money
Friedrich Hayek (1978): Currency scarcity creates value; people accept scarce things without intrinsic value as money if they believe in continued scarcity

5.2 Bitcoin as "Better Gold" (Ch. 9, Tale 38)

Nine properties compared:

Property	Bitcoin	Gold
1. Total supply	Fixed at 21M	Mined annually, total unknown
2. Durability	Eternal (digital)	Coins wear and degrade
3. Divisibility	To 0.00000001 (8 decimal places)	Limited by physical size
4. Security	Low cost (private key)	High cost (physical storage)
5. Counterfeit resistance	Impossible (blockchain verification)	Possible (requires specialized equipment)
6. Anonymity	Pseudonymous	Fully anonymous
7. Liquidity	Instant global transfer	Physical, slow, expensive
8. Growth potential	Early stage, massive upside	Mature, limited upside
9. Saleableness	Growing consensus	Deep but established

5.3 The Commodity-to-Money-to-Capital Evolution

The book traces Bitcoin's evolution through three phases:

Production → Commodity: Mining converts electricity/time into Bitcoin (a commodity with exchange value)
Commodity → Money: As Bitcoin is exchanged for other goods, it acquires monetary properties
Money → Capital: Mining as continuous investment creates self-reproducing value — Bitcoin becomes capital

5.4 Stock-to-Flow Model

After the May 2020 halving, Bitcoin's SF ratio reached ~~56, comparable to gold (~~62)
By ~2024 (next halving), Bitcoin's SF will exceed 110, surpassing gold as the "hardest" asset
The halving schedule: 50 BTC → 25 → 12.5 → 6.25 → 3.125... every ~~210,000 blocks (~~4 years)

5.5 Why Fiat Money Fails

The book traces the history of fiat currency failure:

1933: FDR confiscates gold, devalues dollar 40% overnight
1944: Bretton Woods establishes dollar-gold peg
1971: Nixon ends gold convertibility ("Nixon Shock")
Result: Dollar has lost 97% of purchasing power vs. gold since 1900
Central banks use Keynesian money-printing (QE) as their last resort in every crisis
Bitcoin was born in the 2008 crisis specifically as an alternative to this system

6. Game Theory and Incentive Design

6.1 The Byzantine Generals Problem (Ch. 7)

Proposed by Leslie Lamport (1982): How do distributed nodes reach consensus when some may be malicious?
Traditional solutions (Paxos, PBFT) require known node counts and pre-established trust
Satoshi's breakthrough: PoW proof-of-work chain solves Byzantine consensus WITHOUT knowing node counts, WITHOUT pre-established trust, and WITHOUT synchronous communication
Satoshi never cited Lamport's work in the whitepaper — he solved the problem from the cryptography domain, not distributed systems

6.2 Prisoner's Dilemma and Nash Equilibrium (Ch. 12)

Bitcoin constructs a new Nash equilibrium where:

Miners competing selfishly for block rewards collectively maintain a secure public ledger
The cost of attacking exceeds the cost of honest mining
Social ostracism (not punishment by authority) enforces rules — invalid blocks are simply ignored
This achieves Pareto optimality: no one can be made better off without making someone worse off

6.3 The "Guiding Evil Toward Good" Design (Ch. 12, Tale 57)

Bitcoin's incentive structure channels selfish behavior toward public good:

Reward: Miners who find valid blocks earn BTC (coinbase reward + fees)
Punishment: Not through authority, but through social exclusion — invalid blocks are rejected by all nodes
Result: A "good" Nash equilibrium where fully competitive, self-interested actors cooperate

As Satoshi wrote: "The incentive may help encourage nodes to stay honest. If a greedy attacker is able to assemble more CPU power than all the honest nodes, he would have to choose between using it to defraud people by stealing back his payments, or using it to generate new coins. He ought to find it more profitable to play by the rules."

6.4 The Schelling Point

The longest chain is Bitcoin's Schelling Point — the natural focal point that all participants converge on without explicit coordination. Users assign value to the main chain because it feels natural and special, and bounded rationality leads people to choose the simplest path.

7. Security Model and Attack Analysis

7.1 The 51% Attack (Ch. 13)

An attacker needs >50% of total hash power to reliably execute a double-spend
Even with less than 50%, attacks are possible but probabilistically doomed (Gambler's Ruin)
The Poisson distribution governs the attacker's progress probability
Satoshi's calculations for safe confirmation counts (assuming 10% attacker hash power):
- 10% attack power → 6 confirmations needed
- 15% → 9 confirmations
- 25% → 16 confirmations
- 30% → 25 confirmations
- 45% → 341 confirmations

7.2 Why 6 Confirmations?

The "6 block confirmation" standard originated from Satoshi's whitepaper calculations assuming an attacker with ~10% hash power. As network hash power has grown enormously, even Coinbase has reduced to 3 confirmations for deposits.

7.3 Defense Through the "Left-Right Game" (Ch. 11)

Bitcoin's "shield" (SHA-256 difficulty) is forged by the same "sword" (mining hash power) that attacks it:

The global mining network attacks a reduced-difficulty version of SHA-256 every ~10 minutes
Each successful attack attempt creates a new shield (block) added to the chain
As of 2021, Bitcoin's annual energy consumption exceeded 100 TWh — comparable to small countries
This makes the system's defense proportional to the resources spent attacking it

7.4 Private Key Security

A private key is a 256-bit random number (one of 2^256 possibilities)
Even quantum computers (Shor's algorithm) cannot break SHA-256 hash functions — only ECDSA signatures
Satoshi preemptively designed Pay-to-PubKeyHash (hiding public keys behind hashes) to be quantum-resistant
Best practice: Use each Bitcoin address only once for maximum privacy and security

8. Investment Framework Derived from the Book

While primarily a history/technology book, the author embeds a clear investment philosophy:

8.1 Bitcoin as the Only True Cryptocurrency

All other "cryptocurrencies" are either centralized (controlled by foundations/companies), pre-mined, or lack true Proof-of-Work security
CBDC (Central Bank Digital Currency) is the antithesis of Bitcoin — centralized control using cryptocurrency technology
PoS (Proof-of-Stake) systems create unfair advantages for early holders and lack PoW's "memory-less" fairness

8.2 The Self-Fulfilling Prophecy

Satoshi wrote: "It might make sense just to get some in case it catches on. If enough people think the same way, that becomes a self-fulfilling prophecy."

8.3 Value Proposition Hierarchy

Store of Value: Fixed supply (21M cap) + halving schedule = increasing scarcity
Medium of Exchange: Global, permissionless, 24/7 settlement
Unit of Account: As adoption grows, Bitcoin-denominated pricing will emerge
Capital: Mining creates self-reproducing value in perpetual motion

9. Entry Rules — When to Accumulate Bitcoin

Based on the book's analysis of Bitcoin's monetary evolution and halving cycles:

Accumulate during bear markets / depression phases of the Kondratiev Wave — The book identifies 2019 as the start of the 5th Kondratiev depression phase; defensive assets (gold, Bitcoin) outperform
Buy after each halving event — Halvings reduce new supply by 50%, creating supply shock (2012, 2016, 2020, 2024...)
Dollar-cost average consistently — Satoshi's mining design rewards steady participation; apply the same principle to buying
Enter when Stock-to-Flow ratio increases — Each halving increases SF, making Bitcoin "harder" than before
Accumulate when mainstream sentiment is negative — "Many people automatically dismiss electronic currency as a lost cause because of all the companies that failed since the 1990s. I hope it's obvious it was only the centrally controlled nature of those systems that doomed them." (Satoshi)

10. Exit Rules — When to Reduce Exposure

The book implicitly argues against ever fully exiting Bitcoin, but recognizes market cycles:

Never sell 100% — Bitcoin is designed to appreciate over centuries as the "hardest" asset; lost coins make remaining coins more valuable
Reduce exposure during euphoria — When media coverage peaks and speculation dominates
Consider partial rebalancing — When Bitcoin's share of portfolio becomes excessively concentrated
Watch for PoW security degradation signals — If hash rate drops dramatically and doesn't recover, the security model may be weakening (this has never happened)
Monitor the halving cycle — Historically, peak prices occur 12-18 months after halvings; consider taking some profit in these windows

11. Position Sizing and Allocation

The book does not prescribe specific allocation percentages but implies:

Minimum meaningful allocation: Enough to be "self-fulfilling" — if Bitcoin succeeds, your position should be significant
Maximum allocation: Never more than you can afford to lose entirely (private key loss, regulatory risk)
Prefer self-custody: "Your Bitcoin, your private key, your bank" — do not rely on exchanges or custodians
HD wallet structure: Use hierarchical deterministic wallets to generate a new address for each transaction
Cold storage for long-term holdings: Hardware wallets or paper wallets for amounts you do not plan to transact with

12. Risk Management

12.1 Technical Risks

Quantum computing: Bitcoin addresses (P2PKH) are protected by hash functions, not ECDSA directly; quantum resistance can be added via soft fork if needed
SHA-256 break: Satoshi designed a migration path — if SHA-256 is broken, the honest chain can be locked and a new hash function adopted from that point
Software bugs: The 2010 integer overflow incident shows bugs can occur; keep software updated

12.2 Custody Risks

Private key = Bitcoin: Loss of private key means permanent loss of funds
Exchange risk: "Not your keys, not your coins" — exchanges can fail, be hacked, or freeze accounts
Multi-signature: Use 2-of-3 multisig for significant holdings (buyer + seller + arbitrator model from Satoshi)

12.3 Market Risks

Volatility: Bitcoin's price can decline 80%+ in bear markets; position size accordingly
Regulatory risk: Governments may ban or restrict Bitcoin transactions (though the decentralized network cannot be shut down)
Fork risk: Hard forks can temporarily split the network and create confusion; default to the longest PoW chain

13. Behavioral and Discipline Rules

Think in decades, not days — Bitcoin's halving cycle operates on 4-year intervals; the full issuance schedule spans until ~2140
Understand before investing — The book's central message is that deep understanding of Bitcoin's history, technology, and economics is a prerequisite for confident holding
Be your own bank — Learn to manage private keys; do not outsource custody to trusted third parties
Verify, don't trust — Run your own node if possible; Bitcoin is "trustless" by design (Satoshi: "We have proposed a system for electronic transactions without relying on trust")
Ignore noise, follow proof-of-work — The longest chain with the most accumulated work is always the "real" Bitcoin
HODL through FUD — Satoshi: "Lost coins only make everyone else's coins worth slightly more. Think of it as a donation to everyone."

14. Common Mistakes

Treating Bitcoin like other "crypto" — Bitcoin is uniquely decentralized; altcoins and tokens are fundamentally different
Leaving coins on exchanges — Violates the core principle of trustless ownership
Reusing addresses — Degrades privacy and slightly increases vulnerability
Trying to time the market — The halving cycle rewards patient accumulation, not trading
Ignoring the technology — Investing without understanding leads to panic selling during downturns
Trusting "trusted third parties" — Satoshi: "The root problem with conventional currency is all the trust that's required to make it work"
Falling for fork coins — BCH, BSV, and other forks lack the network effect and development support of Bitcoin
Confusing Bitcoin with blockchain — "Blockchain technology" without PoW is just a slow database; Bitcoin IS the innovation
Believing Bitcoin is "too expensive" — Bitcoin is divisible to 8 decimal places; you can buy satoshis, not whole coins
Thinking mining is wasteful — Mining converts energy into time-stamped security; the "waste" IS the security mechanism

15. Complete Bitcoin Lifecycle Example

Scenario: First-time Bitcoin Acquisition and Self-Custody

Step 1: Generate Private Key

Use a secure random number generator to create a 256-bit random number
This is your private key (e.g., a string of 256 random 1s and 0s)
Encode using Base58Check for human readability (starts with "5")

Step 2: Derive Public Key and Address

Private key → ECDSA (secp256k1) → Public key
Public key → SHA-256 → RIPEMD-160 → Base58Check → Bitcoin address (starts with "1")
The double-hash (SHA-256 + RIPEMD-160) provides quantum resistance

Step 3: Receive Bitcoin

Share your address with the sender (never share the private key!)
Sender constructs a transaction: their UTXO → your address
Transaction is broadcast to the network

Step 4: Transaction Confirmation

A miner includes your transaction in a block
The miner solves the PoW puzzle (finding a nonce such that SHA-256(block_header) < difficulty_target)
Block is broadcast; other nodes verify and extend the chain
After 6 confirmations (~60 minutes), the transaction is practically irreversible

Step 5: Spending Bitcoin

Construct a new transaction referencing your UTXO
Sign with your private key (ECDSA signature)
The locking script (scriptPubKey) verifies: your signature + your public key → hashes to the address
New UTXO is created for the recipient; change UTXO returns to your new address

Step 6: Security Confirmation

Each additional block adds another layer of PoW protection
After 6 blocks: attacker with 10% hash power has < 0.1% chance of reversing
The transaction is now part of Bitcoin's permanent, immutable history

16. Implementation Pseudocode

16.1 Proof-of-Work Mining Algorithm

function mine_block(transactions, prev_block_hash, difficulty_target):
    block_header = {
        version: CURRENT_VERSION,
        prev_hash: prev_block_hash,
        merkle_root: compute_merkle_root(transactions),
        timestamp: current_unix_time(),
        difficulty: difficulty_target,
        nonce: 0
    }
    
    // Coinbase transaction: reward miner
    coinbase_tx = create_coinbase(
        reward = current_block_reward(),  // 50 → 25 → 12.5 → 6.25 → ...
        fees = sum(tx.fee for tx in transactions),
        miner_address = MY_ADDRESS
    )
    transactions.insert(0, coinbase_tx)
    
    // Proof-of-Work: find nonce such that hash < target
    while true:
        hash = SHA256(SHA256(serialize(block_header)))
        if hash < difficulty_target:
            broadcast(block_header, transactions)
            return block_header
        block_header.nonce += 1
        
        // Update timestamp periodically
        if nonce % 1000000 == 0:
            block_header.timestamp = current_unix_time()

16.2 Transaction Verification

function verify_transaction(tx):
    // 1. Check all inputs reference valid UTXOs
    for input in tx.inputs:
        utxo = lookup_utxo(input.prev_tx_hash, input.output_index)
        if utxo is None:
            return REJECT("Input references non-existent UTXO")
    
    // 2. Verify digital signatures
    for i, input in enumerate(tx.inputs):
        utxo = lookup_utxo(input.prev_tx_hash, input.output_index)
        locking_script = utxo.scriptPubKey
        unlocking_script = input.scriptSig
        
        // Concatenate and execute scripts (stack-based, Reverse Polish)
        if not execute_script(unlocking_script + locking_script):
            return REJECT("Script verification failed")
    
    // 3. Check no double-spending
    total_input = sum(utxo.value for utxo in tx.inputs)
    total_output = sum(output.value for output in tx.outputs)
    if total_output > total_input:
        return REJECT("Outputs exceed inputs")
    
    // 4. Fee = input - output (must be >= 0)
    fee = total_input - total_output
    return ACCEPT(fee)

16.3 Longest Chain Selection

function select_best_chain(chains):
    // Bitcoin follows the chain with most accumulated work
    // NOT simply the longest chain by block count
    best_chain = None
    max_work = 0
    
    for chain in chains:
        total_work = sum(
            2^256 / (block.difficulty_target + 1)
            for block in chain
        )
        if total_work > max_work:
            max_work = total_work
            best_chain = chain
    
    return best_chain

16.4 Double-Spend Attack Probability (from Whitepaper)

function attack_success_probability(q, z):
    // q = attacker's fraction of total hash power
    // z = number of confirmations (blocks behind)
    // Returns probability attacker can catch up
    
    p = 1.0 - q  // honest nodes' hash power fraction
    lambda = z * (q / p)  // Poisson expected value
    
    sum = 1.0
    for k in range(0, z + 1):
        poisson = exp(-lambda) * (lambda ** k) / factorial(k)
        gambler_ruin = 1.0 if k <= z else (q / p) ** (z - k)
        sum -= poisson * (1 - gambler_ruin)
    
    return max(0, sum)

// Example outputs:
// q=0.10, z=6  → P ≈ 0.0002 (safe)
// q=0.30, z=6  → P ≈ 0.1773 (not safe, need ~25 confirmations)
// q=0.45, z=6  → P ≈ 0.8245 (not safe, need ~341 confirmations)

16.5 Bitcoin Accumulation Strategy (DCA with Halving Awareness)

function bitcoin_investment_strategy():
    HALVING_INTERVAL = 210000  // blocks
    BLOCK_TIME = 10  // minutes average
    
    state = {
        total_btc: 0,
        total_fiat_invested: 0,
        next_halving: get_next_halving_block(),
        current_sf_ratio: get_stock_to_flow()
    }
    
    // Monthly routine
    function monthly_review():
        blocks_to_halving = state.next_halving - current_block_height()
        months_to_halving = blocks_to_halving * BLOCK_TIME / (60 * 24 * 30)
        
        // Increase allocation as halving approaches (supply shock incoming)
        if months_to_halving < 12:
            allocation_multiplier = 1.5
        elif months_to_halving < 6:
            allocation_multiplier = 2.0
        else:
            allocation_multiplier = 1.0
        
        // Base DCA amount adjusted by cycle position
        buy_amount = BASE_MONTHLY_AMOUNT * allocation_multiplier
        
        // Execute purchase
        buy_bitcoin(buy_amount)
        state.total_btc += buy_amount / current_price()
        state.total_fiat_invested += buy_amount
        
        // Self-custody: withdraw to cold storage
        if exchange_balance() > THRESHOLD:
            withdraw_to_cold_storage(exchange_balance())
        
        // Log and review
        log(f"BTC: {state.total_btc}, "
            f"Avg cost: {state.total_fiat_invested / state.total_btc}, "
            f"Months to halving: {months_to_halving}")

17. Key Quotes

Satoshi Nakamoto Quotes (from forum posts and emails cited in the book)

"比特币是1998年戴维密码朋克提出的B-money提案和尼克·萨博的'比特金'提案的实现。" "Bitcoin is an implementation of Wei Dai's B-money proposal from 1998 and Nick Szabo's Bitgold proposal." — Satoshi, 2010-07-20

"传统货币的根本问题在于使其运转所需要的所有信任。必须信任央行不会让货币贬值，但是法币的历史却充斥着对这一信任的破坏。" "The root problem with conventional currency is all the trust that's required to make it work. The central bank must be trusted not to debase the currency, but the history of fiat currencies is full of breaches of that trust." — Satoshi, 2009-02-11

"拥有一些比特币是明智的，万一它流行起来了呢？如果有足够多的人这么想，那么它就会成为一个自我实现的预言。" "It might make sense just to get some in case it catches on. If enough people think the same way, that becomes a self-fulfilling prophecy." — Satoshi, 2009-01-16

"丢失的币只会使其他人的币价值更高，可以将其视为对所有人的捐赠。" "Lost coins only make everyone else's coins worth slightly more. Think of it as a donation to everyone." — Satoshi, 2010-06-21

"CPU的工作量证明投票必须具有最终的发言权。让每个人都相信最长链（累积算力最大的链）是有效链，这是建立全球共识的唯一方法。" "CPU power proof-of-work vote must have the final say. The only way to build global consensus is for everyone to believe the longest chain (greatest accumulated proof-of-work) is the valid chain." — Satoshi, 2008-11-08

"工作量证明链就是拜占庭将军问题的解。工作量证明链是所有的同步性问题、分布式数据库问题及全局视图问题的解决方法。" "The proof-of-work chain is the solution to the Byzantine Generals Problem. The proof-of-work chain is the solution to all synchronization problems, distributed database problems, and global view problems." — Satoshi, 2008-11-13

"工作量证明具有一个漂亮的特性，就是它可以通过不受信任的中间人进行中转。我们不必担心一条链来自被托管了的通信。是谁告诉你一条最长链并不重要，工作量证明可以为自己代言。" "Proof-of-work has a beautiful property: it can be relayed through untrusted intermediaries. We don't need to worry about a chain coming from compromised communications. It doesn't matter who tells you about the longest chain — proof-of-work speaks for itself." — Satoshi, 2010-08-07

Author's Key Insights

"比特币这一划时代发明的终极本质——由可共识的随机性而涌现的秩序。" "The ultimate essence of this epoch-making invention called Bitcoin — order emerged from consensual randomness." — Liu Jiaolian, Foreword

"知史明智，数往知来。也许只有把比特币发明之前的有关的技术、经济、社会、文化的发展史和思想史的脉络进行较为系统的梳理和了解，才能够有助于我们更加准确地认识比特币诞生的历史基础。" "Know history to gain wisdom; study the past to understand the future. Perhaps only by systematically understanding the history of technology, economics, society, culture, and ideas that preceded Bitcoin's invention can we accurately recognize the historical foundation of Bitcoin's birth." — Liu Jiaolian, Preface

"在比特世界里，算力即真理。坚持用真理说服人，让潜在的攻击者知难而退，不战而屈人之兵。" "In the Bitcoin world, hash power is truth. Persisting in using truth to persuade, making potential attackers retreat before they fight — winning without fighting." — Liu Jiaolian, Chapter 13

"比特币系统所雇佣的这个掷骰子的上帝，就是密码学（数学）、算力（物理）和共识（博弈论）的结合体。上帝掷骰子，比特币向前进。" "The god that Bitcoin's system employs to roll its dice is the combination of cryptography (mathematics), hash power (physics), and consensus (game theory). God rolls the dice, and Bitcoin marches forward." — Liu Jiaolian, Foreword