It has been over a decade now since an anonymous researcher Satoshi Nakamoto published his celebrated paper “Bitcoin: A Peer-to-Peer Electronic Cash System” in January of 2009. In all this time, despite all the hype surrounding Bitcoin in the news, the public at large remains largely ignorant of what Bitcoin really is. Whenever I speak to my friends and colleagues about Bitcoin or cryptocurrency in general, I sense a tremendous amount of confusion and ignorance enveloping the subject. “Who is in charge of Bitcoin? “, “I just don’t understand where these bitcoins come from”, “I can use my credit card or Venmo to send money, I don’t get what is the big deal about Bitcoin”, “How exactly can I use it?”, “Should I invest in Bitcoin?” – these are some of the questions that typically come up in a discussion.
The media almost exclusively focus on the price movements of Bitcoin, but rarely attempt to explain what it is, how it works or its significance. In part, it could be attributed to the shortage of expert resources on the subject, but the other issue is the intrinsic complexity of the subject itself. Bitcoin is conceptually coupled with many different disciplines – computer science, cryptography, the economics of money, game theory – just to name a few most salient ones. However, unlike holographic images, microwaves or jet engines – recent inventions that are also associated with complex math, physics and engineering – Bitcoin is a purely abstract construction and is not easily comprehended or approximated through our other senses. Hence, modern media format is hopelessly outmatched when it comes to a subject of this level of complexity. As a result, most media audiences either dismiss the subject as “too complicated” or become overzealous in their excitement about its “limitless potential” without having a good grasp of the topic.
As was mentioned earlier, Bitcoin’s complexity partly arises from the sheer number of disciplines that it builds on. But the other aspect of this complexity is due to its evolution into several various phenomena – some of them beyond anything envisioned by its creator(s) – and this is likely to continue into the future. Even now Bitcoin already has several intriguing facets – it is a currency (at least according to the US Treasury FinCEN), a commodity (according to CFTC), an asset (according to the IRS), a technological invention, a smart contract platform, a social phenomenon, and potentially a political game-changer.
In order to alleviate the dizzying effect of likely information overload from a deep dive into each of those aspects of Bitcoin, our plan is to look at each aspect of Bitcoin separately but systematically, finally integrating all the strands into a coherent conceptual framework that could be used to derive strategic action and planning.
The first part of this series deals with the functional aspects of Bitcoin as a technological invention – the foundation from which its other aspects emerge.
The Entrance to the Rabbit Hole – Cryptography
As with most technological breakthroughs the invention of Bitcoin built upon many incremental developments in several key fields, but none as important as cryptography. Cryptography is a branch of applied mathematics and computer science that primarily deals with data security and integrity. Since Bitcoin technology is fundamentally a native of the cryptography landscape, anyone wishing to understand how Bitcoin works even on a superficial level must have a minimal grasp of some basic cryptographic concepts.
Modern cryptography – the kind that is used to encrypt passwords and credit card numbers as they travel the internet from your browser to their destination – is based on the concept of keys. Your Facebook password or social security number which is originally typed in plain text is transformed into random-looking gobbledygook using a secret number, called a [secret] key and a particular algorithm for applying that key to a message. The algorithm itself, while important, is not what keeps the message secure (in fact, the algorithm is typically known to everyone). The privacy of the message is based entirely on the knowledge of the secret key – which you can think of as a really, really large random number between 1 and something on the order of 1×1070.1 Both the encryption of the original plain text and the decryption of the encrypted text back into plain text use the same secret key – hence the name of this particular protocol – symmetric encryption. Since the same key is used for both encrypt and decrypt operations, the process assumes that all the parties already have the secret key in their possession prior to being able to exchange secret messages. A question one might ask is how one is to exchange or distribute these secret keys to all the parties involved in the first place? It seems like a chicken and an egg type of problem. In fact, it is exactly the point where the first important technological innovation that paved the way for Bitcoin enters the stage.
The year was 1976 and it was a truly watershed moment when two American cryptographers – Whitfield Diffie and Martin Hellman announced their novel cryptographic design. Unlike the symmetric encryption which uses the same key, their revolutionary idea was to use two different keys – one for encryption (known as a public key) and one for decryption (a corresponding private key). This idea came to be known as asymmetric encryption. The relationship between a key pair – a public and a private key are such that is it is infeasible to figure out the private key from the public key while a public key is easily derived from a given private key. Because of this relationship, it is safe for anyone to publish their public keys – knowing that the corresponding private key cannot be derived from it.
The party that wanted to send you a message would use your public key to encrypt it, and vice versa – if you wanted to send something to them – you would use their public key to encrypt a message to them. Once you encrypt something with another person’s public key – no one, not even you, could decrypt it back – only the owner of the corresponding private key.
Asymmetric encryption solved the problem of exchanging keys – something that symmetric encryption had not been able to solve. However, as an added bonus it solved another incredible important problem – the problem of validating message authenticity. Here is the crux of the problem. Let us say user A (typically referred to by cryptographers as Alice) encrypts a message for user B (that’s Bob) with his public key and sends it to him. The message might say – “Hi Bob! Let’s launch those nukes. See you on the other side! Regards, Joe (commander-in-chief).” As you can see, Alice is sending a spurious message to Bob claiming to be Joe – all the while dutifully using Bob’s public key to encrypt it. If Joe had actually decided to send this same message to Bob – it would be identical because it would likewise use Bob’s public key to encrypt it. Is there a way for Bob to tell the difference between the two messages – a real one and a spurious one?
It turns out that asymmetric encryption allows us to use something called digital signatures to authenticate that messages came from a particular user. Similar to private and public keys, a digital signature is just a very large number – constructed using the message to be signed and the sender’s private key. Anyone in possession of the message and the digital signature can look up the alleged signer’s public key to verify whether or not the signature matches it.
This additional feature of being able to digitally sign messages is sometimes referred to as non-repudiation because once the sender (Alice) constructs her signature and broadcasts her signed message, she cannot post-factum deny having constructed the message (a point which becomes important when what you are sending is money).
Much if not all of the Internet traffic is encrypted using public-key cryptography as its basic protocol2. But what does this have to do with Bitcoin? As a matter of fact, Bitcoin also uses public and private keys – the only difference being that the type of message that Alice or Bob are typically signing is a transaction that transfers funds from one address (think – account number) to another.
Let’s take a look at our first approximation of how this works in practice. As a new Bitcoin user you would most likely download a so-called Bitcoin “wallet” (something like Electrum) – a particular software that will generate your public/private key pair as part of the new wallet setup. The private key is what keeps your money safe and it should be carefully safeguarded. The corresponding public key is used by the wallet to generate addresses – “account numbers” for others to use when sending you payments. Since these addresses are derived using your public key, only a person possessing the corresponding private key (you) can “spend” them – vis-à-vis being able to transfer funds contained in them to someone else.
Let us say you start freelancing and getting paid in Bitcoin. The money is getting sent to your wallet’s addresses – but how do you spend it? Actually, it is rather easy. Using your wallet, you would fill out the address of whoever you want to send money to and the amount to send (important!). Then your wallet would prompt you to sign the transaction. The signature for these three pieces of information – the address where the money is coming from, the address where the money is going to and the amount – are all signed using your private key. After that, the transaction is ready to be broadcast on the Bitcoin network so it can become a part of the blockchain. As the transaction is propagated on the Bitcoin network – anyone can verify the validity of the signature – meaning that the owner of an address “X” signed this transaction sending “Y” amount of bitcoin to a destination address “Z”. As we had mentioned in the section about signatures – they have a property of non-repudiation: after the transaction is sent, it cannot be denied post factum either by sender or receiver – the signature provides a secure proof-of-record or the blockchain provides a record of the transaction itself.
Since Bitcoin is built on the foundation of public-key cryptography – a cryptographic standard that has undergone much scrutiny and testing since 1976 3 – it possesses the same security guarantees as the foundation it is built upon. One of the reasons why the Bitcoin blockchain already secures billions of dollars’ worth of funds is due to the assurance that this money cannot be easily stolen – and this assertion itself rests on the properties of public-key cryptography.
At this point someone might be wondering – it seems that 1976 was quite a long time ago, and the computers became ubiquitous in the late 80s, the Internet – in the 90s. Why hasn’t someone tried to implement a Bitcoin-like system way before 2009? The answer is – they have, and that is precisely the subject of our next section.
Deeper into The Rabbit Hole – David Chaum and eCash
While most have heard of Satoshi Nakamoto by now, the name of David Chaum is much less recognized. And yet he is the man who in a very real sense pioneered the idea of a secure, private, digital bearer instrument he called “eCash”. eCash utilized various cryptographic algorithms to allow merchants, customers, and banks to verify transaction validity. David Chaum, an American computer scientist, cryptographer, and an entrepreneur, published his seminal paper “Untraceable electronic cash” in 1990. In 1995 he founded a company called DigiCash which essentially aimed at implementing the digital token cash system described in his research. eCash was innovative in that it allowed banks to issues signed tokens, allowed merchants to verify the validity of such tokens offline, and also provided for very strong privacy for the end-users of the system – using a clever algorithm called “blind signatures”.
The tokens were issued and signed using the same public key cryptography we had described earlier, except a user could generate hundreds of key pairs, go to a bank, exchange the tokens for account balances or cash, and get them signed by the bank’s private keys. Theses signed tokens could then be traded in the marketplace because the associated bank signatures ensured their validity and amounts. Since banks could easily publish their public keys, verifying bank signatures offline did not pose a big problem for merchants. There was only one sticky point – in this scheme, the users could both deposit their tokens back to the bank and they could easily duplicate them (since they are digital). This created a so-called “double-spend” problem. The problem was further exacerbated by the strong anonymity of the end-users – the banks could only punish them by blacklisting further tokens issues to the same key, but they could not easily track who the counterfeit tokens actually belonged to (thanks to the blind signatures).
If you know anything about how Bitcoin works, you will certainly notice another obvious difference between it and Chaum’s eCash. Yes, it’s the banks. Chaum’s scheme required a centralized clearinghouse – the banks – which could discourage double-spends by blacklisting certain tokens (which could never scale in a global context). The idea of a decentralized global currency was still waiting for its time to emerge on the scene.
Despite Chaum’s many innovations in the field of digital money, his concept proved unworkable at the time –both due to its timing as well as its technological limitations. DigiCash filed for bankruptcy in 1998 and was dissolved by 2002. Despite the failure of the business, the true value of David Chaum’s eCash was the pioneering of the idea itself – the possibility of having a digital bearer instrument (like cash) that could be private, verifiable and secure. Chaum’s innovation paved way for additional research in the field, eventually leading us to the breakthrough in 2009.
Peer-to-peer Networks – the “How” of Decentralization
One key piece that was missing in David Chaum’s conception of digital money was this concept of decentralized control. It was never thought possible that a currency could circulate without being double-spent or counterfeited in the absence of some centralized authority that could be the final arbiter of truth. Even during the circulation of gold coins which possessed many desirable traits as a type of money, there was still a central authority – the State which controlled the minting and issuance schedule ensured quality control and the fungibility of coins (each coin being identical in its monetary properties to all others), and meting out punishment on counterfeiters. All of these safeguards were inherited by the fiat currencies we use today. While this system possesses several advantages its main drawback is its centralized nature – thus a centralized, single point of failure. As we speak, the Federal Reserve is embarking on another “not QE” liquidity injection flooding the markets with additional sixty-five billion USD per month (since November 20, 2019).
As ordinary citizens, we have little say in these matters as we watch the currency being continually diluted in value. According to the US Bureau of Labor Statistics, $1 in 1913 is worth $26.25 in 2019 which is another way of saying that it lost an incredible 96.5% of its value since 1913. The point is that monetary policy control centralization can be a double-edged sword at best and a disaster at worst. Decentralizing control over money is one possible solution that Bitcoin offers. But how does it work?
Peer-to-peer torrent sharing (source: Wikipedia). Initially, someone uploads content (seeder), and then everyone else becomes both a distributor and a downloader of the content.
The first time the world has really been exposed to the power of P2P (peer-to-peer) technology was in the fateful year of Y2K through a company called Napster which allowed users to share music with each other. There was no central server (unlike Apple iTunes or Spotify) – it was just users running a particular kind of software on their desktop computers which allowed them to find other users, search their music, and share files with each other. Napster was eventually shut down by RIAA (Recording Industry Association of America) which filed a copyright infringement lawsuit against it, but the technology itself was not going to be defeated so easily. The algorithms developed by Napster were later reverse-engineered and adapted by open-source community projects, most notably Gnutella which in a few short years boasted a distributed network of over 3 million(!) nodes. Today the most widely known application of this technology is, of course, BitTorrent – officially illegal, yet wildly popular way to share digital assets of all types – music, video, games and proprietary software.
At the same time as Gnutella and other enthusiast-backed projects were underway, another hugely influential trend was emerging. Software development itself became peer-to-peer – a trend known today as the Open Source Movement – where the software came to be developed and freely shared by thousands of volunteers around the world. The corporate world initially dismissed it as a “fad”, but when it became clear that it was not going away, they promptly jumped on the bandwagon. Among other things, the Open Source Movement gave us enterprise-quality operating systems – Linux, which runs on millions of devices around the world especially since the advent of the Internet-of-Things (IoT).
The new paradigm of P2P software development and the P2P software itself eventually became the model of both how Bitcoin functions as a software and how it functions as a project – without a central leader, a backing organization or state sponsorship. How does the Bitcoin network function at a high level? It works as a self-organizing network of distributed nodes – computers communicating with each other (today not only via the Internet but also satellite and even short-wave radio!) 4 – relaying blockchain blocks and new transactions.
The P2P nature of the bitcoin network makes it remarkably resilient against attacks. It also serves to produce a high-availability virtual bank – one that has had a remarkable 99.98% uptime since its inception in 2009. You can see a live map of publicly visible bitcoin nodes here.
Blockchain – the Final Tool in the Toolkit
So far we have covered public-key cryptography and digital signatures, discussed the first implementation of private digital money by David Chaum and have talked about the importance of P2P (peer-to-peer) as a technology and a social phenomenon in self-organizing software projects. What is missing before we can build our Bitcoin blockchain? Ah, yes – we have not actually specified what a blockchain is and what it is needed for in the first place.
In order to understand the need for a blockchain, we need to think about how ordinary bank ledgers work. Let’s say you have a bank account with $100 in it. You send a $50 check to Macy’s – drawn against that account. A few days later you forget all about that check and go to an ATM to withdraw $70 from that same account. What is going to happen? One of these two transactions will be denied – depending on which one is debited from your account first. The ordering of transactions in time is implicit in all banking operations. It is a relatively simple problem to solve when you have a central location like a bank database that does the ordering. But what happens when there is no central point of ordering? That’s where the blockchain comes in – it orders transactions by blocks where each transaction is part of some block in the global ledger. The blocks are chained together in a very specific way – such that the ordering of blocks is completely unambiguous (we will discuss how that is achieved shortly). The very first block in Bitcoin blockchain is called the Genesis block – it is an exception to the rule in that it does not reference a previous block – by virtue of being the first one. Every single block since then has to reference a previous block that precedes it.
The key principle of Merkle Trees is that any change to the data at any level is reflected in ALL levels above it.
Let’s say we add another file to “Jepe” folder – Butter.jpeg. The new folder name will now be “Bujepe”, and the containing folder’s name will change from “Jeparosc” to “Buparosc”. OK, this seems to be working – why do we need some fancy “hash functions”?
There are actually two problems with our scheme – one is that we can change Jelly.jpeg and forget to change its name – through negligence or malicious intent. Secondly, we cannot use just the first two letters for folder names: think of what would happen if we added “Toast.jpeg” to “Jepe”? Its name would now change to “Jepeto”, but the first two letters remain “Je”, so the change would not get reflected in its parent folder – “Jeparosc” would still remain the same.
It seems we would need to concatenate all the names of all file contents together – a process that very quickly becomes unwieldy.
Hash functions solve both of those problems (see next insert) by reflecting any changes in the contents – on the binary level – and by shortening “names” without losing any of the functionality.
Going back to the analogy with the bank account, suppose you have 100 bitcoin locked in a given address (which is derived from your public key). Let’s say you simultaneously send out two transactions – spending 50 and 70 bitcoin from this address. Both of these transactions are signed by your private key, so they are valid in that regard. However, they cannot be both included in the same block because one of them will be invalid and the block will be rejected by the network. Which one is to be included? That is actually not determined until the new block that includes one of these two transactions is published – just like it is not obvious whether you will be able to get the money from the ATM or whether Macy’s will get their check cleared. For the sake of the argument let’s say that the transaction with 70 bitcoin is accepted in the next block and so the address balance is now 30 bitcoin. If you try to essentially overdraw that address (“double-spend” in cryptocurrency jargon) and send out the other transaction for 50 bitcoin it will simply get rejected as invalid because the previous block had established that the balance in that address is now 30 bitcoin.
Now that you hopefully see the need to have a blockchain (a “chain of blocks”), how does it actually work? Why can’t someone alter the original sequence of blocks by removing or reshuffling them or alter their contents after the fact – by either adding or removing certain transactions from the record? The two technological innovations that make a blockchain immutable and secure are Merkle trees and hash functions.
Merkle tree is another 70s invention that came to us courtesy of yet another American cryptographer and computer scientist – Ralph Merkle. What Ralph Merkle invented allows the blockchain to be verifiably immutable – meaning that no one can alter any block’s contents without everyone immediately noticing. In order to understand how Merkle trees work think for a moment about the folders on your desktop computer. If you have hundreds of folders – some buried deep within others, how can you tell if one of them has changed? One way is to look at every single folder and file for changes – but that is incredibly slow. There has to be a better way. What if, you made a policy – a naming convention that somehow connected names of folders with what they contained – files or other folders. Anytime something changes – you change its name and change the name of containing folders – all the way up to the “root folder” that contains everything else. Essentially, that is exactly how Merkle trees work with one detail – they use something called “hash functions” to derive folder names.
Hashing is another inhabitant of the cryptography landscape. It is a special type of function sometimes referred to as a “one-way function” because it implements some form of one-way transformation from arbitrary input to a fixed-length output in a way that is hard (i.e. computationally infeasible) to reverse. A hashing operation might look something like the example above.
It this particular case we used a type of hashing function called RIPEMD160 on the input “Hi, I am Bob!” Its output is a 160-bit value (20 bytes) typically encoded in hexadecimal (base 16) notation. The main point is that you cannot go back from “e28c6a038…” to “Hi, I am Bob!” – it is practically impossible to derive input by looking at the output. It is a one-way street.
Bitcoin actually uses many different types of hashing functions that, among other things, are used to maintain Merkle tree properties of the blockchain. RIPEMD160 hash is used to create Bitcoin addresses from a public key, while another hashing function – SHA256 – is used to hash entries to create a Merkle tree structure. All of these functions do essentially the same thing – they transform arbitrary length input to a fixed output in a way that makes it impossible to tell what value was used as the original input to produce it.
The process of deriving a public key from a private key – that also is a one-way function – as is the process of signing – producing a signature upon some data using a private key. If that process was not one way – someone could guess your private key by looking at signatures – and… steal your Bitcoin!
Luckily, all of the functions used in Bitcoin have so far withstood extensive peer review by other cryptographers and are considered very secure.
The key idea or property of Merkle trees is this – any change to the data that it contains – at any level is reflected at all the levels above all the way to the topmost level, the so-called Merkle root.
Where this idea became immediately useful was in versioning – specifically in versioning of software code. This ability to very quickly identify what has changed and what has stayed the same – that is the core capability of Merkle tree structures. An important difference is that instead of comparing file names, real Merkle trees compare the data itself – byte for byte. Thus, even the smallest change is noticed.
Another difference is that instead of using our simplistic scheme of using the first two letters of something, Merkle trees use something called hash functions to derive “folder” names.
So, what are these hash functions? While their inner working can be complicated, from a functional standpoint, it is quite easy to understand what they do – hash functions compress data of arbitrary size down to a fixed-length output (that’s the “hash”) in such a way that even the slightest change of the data would result in a completely new hash. Another key property of hash functions is that given a particular hash it is infeasible to come up with data that produced it (a class of functions that have this property is called “one-way functions”).
These features are obviously very useful in the construction of Merkle trees. Once you hash the contents of a file – any change to it would produce a radically different hash. Also, it is infeasible to “guess” what change would produce a particular hash.
In the context of Bitcoin a Merkle tree is made up of hashes of individual transactions – and then a hash of those hashes that produces a “Merkle root” – like a summary of all the contents. Any change to any of the transactions would result in a completely new Merkle root hash – something that is quite easy to track.
As it turns out if you link multiple Merkle roots into a chain-like structure by back-referencing preceding Merkle root in each one that follows it… you end up with a blockchain – a structure that allows data to be added but disallows previously added data to be modified. As aptly noted by a well-known Bitcoin core contributor Peter Todd, “a blockchain is… just a chain of blocks”. And that pretty much says it all. See the figure below for an illustration of what a blockchain might look like.
The big advantage of a structure like this is that a block containing transactions is practically immutable once a certain number of blocks have been chained on top of it – the Merkle tree structure guarantees this immutability. This is of course very important when you do not want to “undo” transactions or change a record of what happened such as a payment to a vendor or a donation or any other financial record.
Merkle tree data structure was the last technological advance that was crucial for the invention of Bitcoin because it paved the way for the conceptualization and implementation of a blockchain – a historically immutable global ledger of transactions. Now that we have covered this final piece of the puzzle, we are ready to proceed with the story of what Satoshi’s invention was all about.
All the pieces come together: Bitcoin
In January of 2009 just as the world was reeling in the wake of the financial crisis from an earlier year, an anonymous researcher with the alias of Satoshi Nakamoto published a paper with a somewhat bland title “Bitcoin: A Peer-to-Peer Electronic Cash System”. The paper built on all of the developments we had described earlier – public-key cryptography, the idea of a decentralized electronic cash, digital signatures, Merkle tree blockchain structure, peer-to-peer networking to broadcast blocks and transactions, and one more crucial innovation that was lacking – a way to reliably guarantee eventual consensus in a completely decentralized network in the absence of a centralized, final “arbiter of truth”. This last piece was critically absent in David Chaum’s conception and perhaps why hid idea failed – and by demonstrating its shortcomings paved the way for what is colloquially known as Nakamoto’s consensus.
What is the nature of the problem and how did Satoshi solve it? In computer science, the problem of achieving consensus in the absence of an “authority” is referred to as The Byzantine generals’ problem. Imagine that you are a general commanding an army. Together with your allies, you have besieged a city. Your allies – other generals with their own armies – have their own agendas, so you do not trust them, and at the same time, you wish to cooperate for the sake of common goals. One of these allied generals sends you a message – “Attack at dawn”. If you attack and he decides to pull out in the last minute you risk defeat and possibly death. If you do not attack and he does – you may lose face as a coward and a traitor. How do you come to a consensus of what is to be done? How do you proceed knowing that your allies could also be saboteurs? In the context of a distributed peer-to-peer network, the question is arriving at a consensus without having to trust other parties. Before Satoshi, several solutions have been offered, but they all broke down if the number of dishonest parties in the quorum rose above one to three ratio5. Satoshi’s innovation raised that barrier to ½, which may not sound like a big difference, but it proved pivotal – it made it feasible to have a robust financial system – in a decentralized and trustless fashion.
Satoshi’s solution was to introduce something called Proof-of-Work as a way to achieve consensus and prevent “Byzantine generals” from backing out once they committed to a course of action. The way it works is by ensuring that those participants in the network who are gaining some financial incentive by securing and building the blockchain (the so-called “miners”) are continuously putting up a certain stake in the game – specifically, they are required to have a proof of having performed a great deal of computation that translates into having expended a significant amount of energy in the form of electricity6. This prevents would-be attackers or simply dishonest actors from either spamming the network with bogus blocks or worse, from propagating blocks that contain “double-spend” transactions, which amounts to theft or inflation.
How Bitcoin Works
Throughout our journey thus far, we have hinted and alluded to various features of Bitcoin without really explaining how it works in its totality. The time has now come to put all the pieces of the puzzle together to get a holistic view of the system.
The Bitcoin system postulates a fixed supply of 21 million units called bitcoins. Each unit is divisible up to 8 decimal places with the smallest denomination being a 1×10-8 bitcoin known as a satoshi. These units come into existence as a reward to miners with every new “mined” block – a block being a Merkle tree structure containing transactions that are “new” and are vying for their place in a block. These pending transactions are passed around the network in a peer-to-peer fashion. A miner is a participant on the network who collects, verifies and assembles these transactions into blocks. In order to garner a reward for their role in the Bitcoin ecosystem, miners compete with each other to solve a particular math problem of a given difficulty7. The solution to this problem, which is the actual Proof-of-Work, is tied to the hashes of current transactions8 to be included in a block (remember Merkle tree?). Finding a solution to this problem is quite difficult, but verifying that the solution is correct is trivial. This asymmetry ensures that Proof-of-Work cannot be gamed by the miners – if a miner attempts to include an invalid transaction in a block, he loses his Bitcoin reward associated with that block, having used up costly energy resources for nothing. Every time some miner wins a race for a solution to the next block’s Proof-of-Work problem, he gets to include a reward for himself in that block – a so-called “coinbase transaction” with a specific amount of Bitcoin going to his own address. This is the only way how new money is created in the system. Needless to say, the amount of reward in each block is being watched very carefully by all the participants on the network. Any reward amount that is greater than what is valid at the time9 results in rejection of the block by the network, the resetting of the blockchain height to the previous valid block and the re-starting of the race to calculate the next Proof-of-Work solution.
Besides miners, there are other critically important participants on the Bitcoin network – the so-called ‘full nodes’ which store and propagate the existing blockchain data (from the beginning of Bitcoin in 2009) and who verify and propagate new transactions. Unlike mining, this latter process does not require a huge power footprint, thus most knowledgeable participants can act as full nodes with a basic laptop computer. Unlike miners, there is no direct financial incentive for full nodes to function – just like there is no financial incentive for people to share (“seed”) movies via torrents – and yet there are tens of thousands that do. The map of the global distribution of nodes that was shown earlier – that was the map of the currently visible full nodes in the Bitcoin network. Just like P2P file sharing, and just like the Open Source Movement, whose principle and modus operandi Bitcoin showcases better than perhaps any other project in history up to this point, Bitcoin boasts a very strong grassroots volunteer spirit – strong enough to sustain a network that secures billions of dollars.
How does one get Bitcoin if he is not a miner? One way is by providing services and asking for Bitcoin as payment. A more familiar way is by creating an account on a crypto exchange (such as Coinbase or Bitfinex) and exchanging national currency such as USD for Bitcoin. Once the exchange takes place, a user can withdraw the bitcoins purchased into his personal wallet.
A single person can have an unlimited number of wallets – these essentially being a pair of private/public keys and addresses that are generated from them. Since these wallets are just pairs of large numbers – they can be generated completely offline. Most wallets are encrypted with a password to protect unauthorized access. The private keys are typically derived from a “master key”10 which is encoded as a combination of either 12 or 24 English words which could be physically stored in a vault or some other secure location.
In order to start receiving bitcoins, all you need to do is share an address from your wallet where the funds are to be sent to with the payer– that information alone is enough to verify if a payment has been received – simply by querying the blockchain, which is, of course, a public ledger of all the transactions. Each wallet can generate millions of receiving addresses – thus each one could be used for different transactions, making tracking them a lot easier and more private.
Sending bitcoins is a reverse process – you simply request the address of the recipient, and then sign the transaction that authorizes movement of funds from an address that is associated with your key pair to the address of the recipient. Most Bitcoin wallets make this process quite intuitive. For instance, most mobile Bitcoin wallets let you scan a recipient’s address via a barcode which could be posted in a coffee shop window or on a website requesting donations.
As it takes on average about 10 minutes to solve a “block puzzle” for Proof-of-Work, a transaction is typically added to a block within that timeframe. Since blocks have a certain limit on space, not all pending transactions can be included in the next block. In order to prevent transaction spam and to create a market for high priority transactions, users are required to specify a fee that goes to the miner – typically in satoshi per byte (transactions that take up more space are thus more expensive).
And there you have it! Now you have a high-level but hopefully somewhat nuanced idea of how Bitcoin works.
While we have omitted some technical details this overview is an accurate high-level approximation of how Bitcoin functions. As you have probably gathered by now – Bitcoin is complicated. It takes several views from different perspectives to really start appreciating everything it has to offer. In this article, we have attempted to highlight some of the “invention-like” qualities of Bitcoin – the various technological strands that came together to allow us to have a decentralized, robust, Internet-friendly, secure digital currency. We have seen how Bitcoin combines some of the most innovative breakthroughs in computer science and cryptography, how it builds and improves on the early attempt to do “digital money” and how it solves the decentralized consensus problem. Finally, we finished up with a high-level overview of how Bitcoin functions.
- When you hear someone mention 256-bit encryption they are talking about the size of the keys uses – using binary format – 2256, which is approximately 1.15 x 1077
- The particular variant that is in use is called RSA – after the initials of its inventors – Ron Rivest, Adi Shamir, and Leonard Adleman.
- If we are being sticklers, Bitcoin protocol uses a slightly newer variant of public-key cryptography – elliptic curve cryptography (ECC), which was developed by Neil Koblitz and Victor Miller in 1985. However, all the key principles of how it works are exactly as described in this section and it has also undergone extensive academic peer review and scrutiny over the years. Its use can be considered an optimization of an already existing technology, as ECC allows much stronger cryptographic properties relative to the key size compared to RSA. Since saving space is a big deal in the context of a global ledger, ECC was clearly the right choice for Bitcoin.
- No Internet, No Problem: How to Send Bitcoin by Amateur Radio and The Cypherpunks Tapping Bitcoin via Ham Radio
- Leslie Lamport – another American computer scientist who specialized on distributed system protocols, formalized the notion of Byzantine Fault Tolerance algorithm in 1982 and furnished a proof that it required 3m+1 participants if the number of “dishonest” peers is at most m.
- Remember the “nonce” in the blockchain diagram? The problem that miners are trying to solve is finding a nonce whose hash, when combined with transaction hashes and previous block hash, has a certain number of leading zeroes. Because it is impossible to forecast what input will produce a given output, the only way to solve this problem is by “brute force” – by trying different combinations – and by spending enormous amounts of energy.
- Difficulty level is regularly adjusted every 2,016 blocks which works out to about a two week period. Based on the deviation from the target of “1 block on average every 10 minutes” difficulty is adjusted up or down. Thus, a drop in the number of miners on the network would eventually result in adjusting the difficulty down. Historically, difficulty has been exponentially rising since 2009.
- These “pending” transactions which are candidates for inclusion in the next block(s) are collectively referred to as the “mempool”.
- As time goes on, the reward amount keeps getting cut in half – guaranteeing the eventual hard limit of 21 million bitcoins. Currently, the reward amount is 12.5 bitcoin, and it is about to be cut sometime in the spring of 2020 (an event referred to as the “halvening”).
- A cryptocurrency standard for Hierarchical Deterministic Wallets (BIP-32) specifies a single master key which could be used to predictably derive “child” private keys for various cryptocurrencies (including Litecoin, Ethereum, etc.) and even different versions within a given cryptocurrency. This allows safeguarding of multiple crypto assets using a single “master key”. This is the principle behind how hardware wallets allow storage of multiple cryptocurrencies using a single combination of 12(24) words as the “seed” for the “master key”.