Ethereum Whitepaper

March 27, 2021

Paper Review

What is Ethereum?

The Ethereum whitepaper, written by Vitalik Buterin in 2013, introduced a revolutionary idea: what if blockchains could do more than just transfer money?

The Problem: Bitcoin proved that blockchain technology works for creating digital money without banks or governments. But Bitcoin's scripting language is intentionally limited - it can't easily support complex applications like automated contracts, voting systems, or decentralized organizations.

The Solution: Ethereum proposed a blockchain with a complete programming language built in. Think of it as a "world computer" where anyone can write programs (called smart contracts) that run exactly as programmed, without any possibility of censorship, downtime, or third-party interference.

In simpler terms: if Bitcoin is like a calculator that does one thing really well (digital money), Ethereum is like a smartphone that lets developers build any app they can imagine.

Key Concepts Explained

1. Turing-Complete Programming Language

What Ethereum intends to provide is a blockchain with a built-in fully fledged Turing-complete programming language that can be used to create "contracts" that can be used to encode arbitrary state transition functions, allowing users to create any of the systems described above, as well as many others that we have not yet imagined, simply by writing up the logic in a few lines of code.

What this means: "Turing-complete" is computer science jargon for "can compute anything that's computable." Unlike Bitcoin's limited scripting, Ethereum's programming language is powerful enough to build any application - from voting systems to decentralized organizations - with just a few lines of code.

2. Understanding Blockchain State

The "state" in Bitcoin is the collection of all coins (technically, "unspent transaction outputs" or UTXO) that have been mined and not yet spent, with each UTXO having a denomination and an owner.

What this means: Think of blockchain "state" as a snapshot of who owns what at any moment. In Bitcoin, this is simply a list of unspent coins and their owners. Ethereum extends this to track not just money, but also the state of running programs (smart contracts).

3. Proof of Work - The Security Mechanism

The purpose of this is to make block creation computationally "hard", thereby preventing sybil attackers from remaking the entire blockchain in their favor.

What this means: To add new blocks to the blockchain, computers must solve difficult math puzzles. This makes it expensive and time-consuming to attack the network.

The rule is that in a fork the longest blockchain is taken to be the truth... In order for the attacker to make his blockchain the longest, he would need to have more computational power than the rest of the network combined in order to catch up (hence, "51% attack").

An attacker would need more computing power than the rest of the network combined (a "51% attack") to rewrite history.

Note: Ethereum has since moved from Proof of Work to Proof of Stake with "The Merge" in 2022, but the whitepaper describes the original mechanism.

4. Merkle Trees and Light Clients

A protocol known as "simplified payment verification" (SPV) allows for another class of nodes to exist, called "light nodes", which download the block headers, verify the proof of work on the block headers, and then download only the "branches" associated with transactions that are relevant to them.

What this means: Not everyone needs to store the entire blockchain (which is hundreds of gigabytes). Merkle trees are a clever data structure that lets "light clients" verify transactions by downloading only tiny portions of the blockchain. This makes it possible to use blockchain on phones and low-powered devices.

Think of a Merkle tree like a directory structure on your computer - you don't need to read every file to verify a single file's authenticity; you just need to check a path from that file to the root directory.

5. Why Existing Solutions Weren't Enough

Thus, we see three approaches to building advanced applications on top of cryptocurrency: building a new blockchain, using scripting on top of Bitcoin, and building a meta-protocol on top of Bitcoin.

The problem with each approach:

New blockchain: Full freedom but requires building everything from scratch, including security and network effects
Bitcoin scripting: Easy to implement but very limited in functionality
Meta-protocols: Built on top of Bitcoin but can't inherit Bitcoin's security features properly. They rely on trusted servers, defeating the purpose of decentralization

Lack of state - a UTXO can either be spent or unspent; there is no opportunity for multi-stage contracts or scripts which keep any other internal state beyond that.

Bitcoin's UTXO model is binary - a coin is either spent or unspent. There's no way to track complex state like "this contract is in stage 2 of 5" or "this user has voted but not yet claimed their reward."

Ethereum's solution: A general-purpose blockchain designed from the ground up for applications, with proper state management and light client support.

6. Ethereum's Simplicity and Power

A bare-bones version of Namecoin can be written in two lines of code, and other protocols like currencies and reputation systems can be built in under twenty.

What this means: Ethereum makes complex protocols simple. What would require building an entire blockchain from scratch can be done in a few lines of code. This is the "iPhone app store moment" for blockchain - suddenly anyone can build applications.

7. Gas - Paying for Computation

The STARTGAS and GASPRICE fields are crucial for Ethereum's anti-denial of service model. In order to prevent accidental or hostile infinite loops or other computational wastage in code, each transaction is required to set a limit to how many computational steps of code execution it can use.

What this means: Running code costs "gas" (paid in ETH). This prevents malicious or buggy infinite loops from clogging the network. If you want to run a complex smart contract, you need to pay more gas. Think of it like paying for cloud computing resources - the more computation you need, the more you pay.

A programmer can even run an infinite loop script on top of Ethereum for as long as they are willing to keep paying the per-computational-step transaction fee.

You could theoretically run an infinite loop... if you have infinite money to pay for it!

8. Two Types of Accounts

"Ether" is the main internal crypto-fuel of Ethereum, and is used to pay transaction fees. In general, there are two types of accounts: externally owned accounts, controlled by private keys, and contract accounts, controlled by their contract code.

What this means:

Externally owned accounts (EOAs): Regular user accounts controlled by private keys (like your MetaMask wallet)
Contract accounts: Accounts controlled by code that execute automatically when triggered

An Ethereum account contains four fields: The nonce, a counter used to make sure each transaction can only be processed once; The account's current ether balance; The account's contract code, if present; The account's storage (empty by default)

Every Ethereum account (whether user or contract) stores:

A nonce (prevents replay attacks)
ETH balance
Code (only for smart contracts)
Storage (a database for contract state)

9. How Contracts Interact

Contracts have the ability to send "messages" to other contracts. Messages are virtual objects that are never serialized and exist only in the Ethereum execution environment.

What this means: Smart contracts can call other smart contracts, similar to how one program can call functions in another program. This composability is what makes DeFi (Decentralized Finance) possible - you can have one contract for lending, another for exchanges, and they can interact seamlessly.

10. Ethereum's Memory Model

The operations have access to three types of space in which to store data: The stack, a last-in-first-out container to which values can be pushed and popped; Memory, an infinitely expandable byte array; The contract's long-term storage, a key/value store. Unlike stack and memory, which reset after computation ends, storage persists for the long term.

What this means: Ethereum contracts have three types of memory:

Stack & Memory: Temporary storage that clears after execution (cheap)
Storage: Permanent on-chain storage that persists forever (expensive)

This is why gas costs matter - storing data permanently on-chain costs more than temporary computation.

11. Ethereum's Architecture vs Bitcoin

The main difference between Ethereum and Bitcoin with regard to the blockchain architecture is that, unlike Bitcoin (which only contains a copy of the transaction list), Ethereum blocks contain a copy of both the transaction list and the most recent state.

What this means: Bitcoin blocks are like bank transaction logs - they just record transfers. Ethereum blocks also store the complete state of all smart contracts, making it more like a distributed computer than just a ledger. This is more expensive in terms of storage, but enables complex applications.

12. Three Categories of Applications

The first category is financial applications... The second category is semi-financial applications... Finally, there are applications such as online voting and decentralized governance that are not financial at all.

Examples of what you can build:

Financial: Decentralized exchanges (like Uniswap), stablecoins (like DAI), prediction markets, lending protocols (like Aave)
Semi-financial: Bounty systems, insurance, supply chain tracking with payments
Non-financial: Decentralized identity, voting systems, domain names (like ENS - Ethereum Name Service)

13. Efficient State Storage

The reason is that the state is stored in the tree structure, and after every block only a small part of the tree needs to be changed. Thus, in general, between two adjacent blocks the vast majority of the tree should be the same, and therefore the data can be stored once and referenced twice using pointers.

What this means: While storing the entire state sounds expensive, Ethereum uses a Patricia tree (a modified Merkle tree) to make it efficient. Since most of the state doesn't change between blocks, the blockchain only stores the differences, not complete copies. This is similar to how Git version control stores differences between commits rather than complete file copies.

14. Stablecoins - Solving Volatility

Such a contract would have significant potential in crypto-commerce. One of the main problems cited about cryptocurrency is the fact that it's volatile; although many users and merchants may want the security and convenience of dealing with cryptographic assets, they may not wish to face that prospect of losing 23% of the value of their funds in a single day.

What this means: The whitepaper predicted the need for stablecoins - cryptocurrencies pegged to stable assets like the US dollar. This vision came true with projects like MakerDAO's DAI, USDC, and others. These solve the volatility problem while maintaining the benefits of blockchain.

15. Decentralized Autonomous Organizations (DAOs)

The simplest design is simply a piece of self-modifying code that changes if two thirds of members agree on a change.

What this means: A DAO is like a company run by code instead of managers. Token holders vote on decisions, and the smart contract automatically executes the results. No CEO needed. While the code is technically immutable, you can make it upgradeable by having it reference other contracts whose addresses can be changed through voting.

16. Decentralized File Storage

Although it may seem like one is trusting many random nodes not to decide to forget the file, one can reduce that risk down to near-zero by splitting the file into many pieces via secret sharing, and watching the contracts to see each piece is still in some node's possession. If a contract is still paying out money, that provides a cryptographic proof that someone out there is still storing the file.

What this means: The whitepaper describes a decentralized storage system (like what Filecoin and Arweave later built). Files are split into encrypted pieces and stored across many nodes. Smart contracts pay nodes to store the pieces. If a node can't produce its piece, it stops getting paid - economic incentives ensure data persistence.

17. Decentralized Oracles - The SchellingCoin Concept

SchellingCoin basically works as follows: N parties all put into the system the value of a given datum (eg. the ETH/USD price), the values are sorted, and everyone between the 25th and 75th percentile gets one token as a reward.

What this means: Smart contracts can't access external data (like stock prices or weather) directly. SchellingCoin proposes a clever solution: have many parties submit the same data, and reward those whose answers are close to the median. This incentivizes honest reporting. This concept influenced modern oracle solutions like Chainlink.

18. The GHOST Protocol - Faster and Fairer

GHOST solves the first issue of network security loss by including stale blocks in the calculation of which chain is the "longest"... a stale block receives 87.5% of its base reward, and the nephew that includes the stale block receives the remaining 12.5%.

What this means: In Bitcoin, when two miners find blocks simultaneously, one block becomes "orphaned" and its miner gets nothing. GHOST (Greedy Heaviest Observed Subtree) rewards these "uncle" blocks too, making the network more fair and secure. This allows Ethereum to have faster block times (originally 15 seconds vs Bitcoin's 10 minutes) without penalizing miners whose blocks arrive slightly late due to network delays.

19. Why Transaction Fees Matter

In reality every transaction that a miner includes will need to be processed by every node in the network, so the vast majority of the cost of transaction processing is borne by third parties and not the miner that is making the decision of whether or not to include it.

What this means: When a miner includes a transaction, thousands of other computers must also process it. This is a "tragedy of the commons" problem - the miner gets the fee, but everyone else pays the computational cost. Gas fees help align incentives so the network doesn't get overwhelmed with spam transactions. This insight becomes especially important as Ethereum scales.

20. Preventing Block Size Abuse

We simply institute a floating cap: no block can have more operations than BLK_LIMIT_FACTOR times the long-term exponential moving average.

What this means: Rather than a hard limit on block size (like Bitcoin's 1MB), Ethereum uses a dynamic gas limit that adjusts based on recent usage. This allows the network to naturally expand during high demand while preventing sudden spikes that could overwhelm nodes.

21. Defending Against Attacks

The contract author does not need to worry about protecting against such attacks, because if execution stops halfway through the changes they get reverted.

What this means: Smart contracts are atomic - they either complete fully or revert completely. If someone tries to attack your contract by running it out of gas mid-execution, all changes are rolled back. This prevents partial execution attacks and makes contracts safer to write. It's like a database transaction - either everything commits or nothing does.

However, the attacker will be required to submit a value for STARTGAS limiting the number of computational steps that execution can take, so the miner will know ahead of time that the computation will take an excessively large number of steps.

Attackers must specify upfront how much gas they're willing to pay. Miners can reject obviously expensive operations before wasting resources.

22. The "Logic Bomb" Problem

Miners could try to detect such logic bombs ahead of time by maintaining a value alongside each contract specifying the maximum number of computational steps that it can take, and calculating this for contracts calling other contracts recursively.

What this means: A malicious contract could hide its true computational cost by calling other contracts in complex ways. The whitepaper acknowledges this is hard to prevent without limiting contract capabilities. This is a fundamental tradeoff in Turing-complete systems - you can't always predict how long code will run before running it.

23. ETH Denominations

This should be taken as an expanded version of the concept of "dollars" and "cents" or "BTC" and "satoshi". In the near future, we expect "ether" to be used for ordinary transactions, "finney" for microtransactions and "szabo" and "wei" for technical discussions around fees.

What this means: Like dollars have cents, ETH has smaller units:

1 ETH = 1,000,000,000,000,000,000 wei (the smallest unit)
1 Gwei = 1,000,000,000 wei (commonly used for gas prices)

The whitepaper proposed units named after crypto pioneers (finney, szabo), though in practice "Gwei" became the standard for gas pricing.

24. The Future-Proof Social Contract

In the event that the Ethereum organization loses funding or for any other reason disappears, we leave open a "social contract": anyone has the right to create a future candidate version of Ethereum.

What this means: Ethereum isn't controlled by any single company or person. If the Ethereum Foundation disappeared tomorrow, the community could continue the project. This decentralization extends beyond just the technology to the governance structure itself. The blockchain is truly owned by its users.

25. ASIC Resistance

However, one notably interesting feature of this algorithm is that it allows anyone to "poison the well", by introducing a large number of contracts into the blockchain specifically designed to stymie certain ASICs.

What this means: The whitepaper describes how Ethereum's design makes it resistant to specialized mining hardware (ASICs). Anyone could deploy contracts that make ASIC optimization difficult, keeping mining accessible to regular computers. This democratizes network participation (though in practice, ASICs and mining pools still emerged before Ethereum moved to Proof of Stake).

The Impact and What Came After

The Ethereum whitepaper was remarkably prescient. Most of the applications it envisioned have come to life:

DeFi (Decentralized Finance): Protocols like Uniswap, Aave, and MakerDAO have created a parallel financial system with billions in value
NFTs: Non-fungible tokens for digital art, collectibles, and domain names (ENS)
DAOs: Organizations like MakerDAO and various investment DAOs govern themselves through smart contracts
Stablecoins: USDC, DAI, and others provide price stability
Identity and Governance: Projects exploring decentralized identity and voting systems

What's Changed Since 2013:

The whitepaper described Proof of Work, but Ethereum successfully transitioned to Proof of Stake in 2022 ("The Merge"), dramatically reducing energy consumption. The network continues to evolve with upgrades focused on scalability (sharding, Layer 2 solutions like Optimism and Arbitrum).

Why This Paper Matters:

The Ethereum whitepaper didn't just propose a new cryptocurrency - it imagined a new computing platform. It proved that blockchains could be general-purpose computers, not just payment networks. This vision spawned an entire industry of decentralized applications and influenced countless other blockchain projects.

Anant Jain