Pratyush Mishra:

1) How does Bitcoin prevent double-spending? Describe the high-level
mechanism.

Bitcoin prevents double-spending by having the network of currently online
users validate a transcation. Suppose A tries to spend a coin with both B and
C. She first has to generate a serial number for her coin. Then she signs the
transactions and sends the respective messages to B and C. Now B and C check to
see if A's coin hasn't already been spent. They next broadcast this transaction
to the rest of the network. Miners on the network add this transaction to the
list of their pending transactions and then try to mine a block containing this
list of pending transactions as well as the public ledger. They then publish
this block to claim their reward. Once other network users verify that this
block is valid, the list of transactions becomes part of the public ledger, and
hence visible for anyone to see. Double spending is thus prevented, because
once one transaction (say from A -> B) is published in the public ledger, it is
uniquely specified by the serial number of the coin, and hence once C sees this
record, he knows that A was trying to scam him.

`Mining' is done by solving a computational puzzle, and hence to successfully
change history, Alice has to control over 50% of the computing power on the network,
which is unikely.

2) What is the purpose of the proof of work in Bitcoin?

Proof of work serves to establish a sense of equality and fairness in the
Bitcoin network, as well as to provide a consensus on the ordering of events in
the network. When validating transactions, the power of each validator is
proportional to the computing power available to them. Hence, if a malicious
user wants to double spend, then they need to validate both transactions, while
and thus need to be able to out-mine honest validators, which is only possible
if the malicious user control the majority of the computational power on the
network.

Once a block is published to the ledger, other miners adopt this new ledger, since
it is now the longest chain. For a malicious user to overcome this consensus, they
would once again have to control the majority of the computing power, and would need
to outmine miners who might already have appended new blocks onto the honest chain.
Hence, we see that it is extremely difficult for the malicious user to change
history, and therefore the entire network agrees on one ordering  of events.