Everything you always wanted to know about Bitcoin, but were afraid to ask...
<post type=informational alt=reference>
A little while ago, amid all the Bitcoin hype of 2013, I opened a Coinbase account, and I bought one (1) bitcoin. In the meantime I have read a bunch about Bitcoin, and occasionally I've sent a few Satoshis* to a friend to get them interested (or because they were already). I thought I kinda sorta knew how it all worked; there was this blockchain that functioned like a giant ledger in the sky, distributed over thousands of computers... and I thought it was cool. But I was wrong; I didn't know jack, and it is way cooler than I thought.
Like a lot of things, you only know what you don't know when you try to explain it. A friend asked me some simple questions and I could not give simple answers. What is a bitcoin? What is a bitcoin wallet? What is a bitcoin address? How do the keys work? What's all this about mining bitcoins? Etc.
After digging around a little, I've learned a little. And here's what I've learned.
During the early 2000s an informal group of theorists explored ways to exchange value online, without using any central authority. In a typical value exchange system, there is a trusted intermediary which validates transactions. In the case of most currencies the intermediary is a government, but it could be any organization. The goal of these discussions was to develop a system which substituted computational difficulty for trust, enabling a completely decentralized implementation.
In October 2008 a groundbreaking paper was published by Satoshi Nakamoto, entitled Bitcoin: A Peer-to-Peer Electronic Cash System. This paper is simple, only nine pages, and cleanly explains the entire mechanism of Bitcoin. There is little math and I highly recommend it to interested readers. Quoting from the abstract:
The Bitcoin concept was analyzed and subjected to every kind of scrutiny. An open-source reference implementation was created called Bitcoin-Qt, today called Bitcoin Core, and ported to common platforms such as Windows, Mac OS X, and Linux. The network grew like wildfire, and the rest is history :)
I'm going to start with keys, because that seems like a good place to start. Keys are used for encrypting information, "locking it" so that it cannot be accessed without having the key. Bitcoin is based on public-key cryptography, which uses pairs of keys. You can use either key to encrypt information, "locking it", and then you use the other key to decrypt it, "unlocking it" and making it available. Anyone can generate a key-pair anytime, and you can have as many as you want. One key in each pair is the public key, and the other is the private key. You can freely share your public keys, but you generally keep your private keys ... private.
So how are keys useful? Suppose you want to send some information to Alice, and you want to keep anyone else from seeing it. You can encrypt the information with Alice's public key. Since only she has the private key, only she can decrypt it. Now suppose you want to send something to Alice, and you want her to know it came from you. You can encrypt the information with your private key. Since Alice (and everyone else) has your public key, she can decrypt it, thereby verifying that your private key was used to perform the encryption. This is often referred to as signing the information, since it is like adding your [unique] signature. When information is exchanged online both of these things are often done together. You might send information to Alice, encrypted with her public key and signed with your private key. She decrypts the message with her private key to access it, and with your public key to verify it came from you.
Okay, the next concept is hashing. This is the process of taking a big piece of information and making a unique small piece of information from it. (The result of hashing is sometimes called the digest.) There are various mathematical ways of doing this. For any given information, the digest can be easily computed and is always the same. It is difficult to work backwards, however; given a digest, you cannot easily figure out the original information. You have to try all the possible original values one by one, computing the hash values, until you find the right one. Most of the time this would take so long it is literally impossible.
Bitcoin uses a particular hash algorithm called SHA256, which has 256-bit digests. That means there are 2256 possible digest values; for comparison, there are approximately 281 atoms in the universe.
When value is exchanged in the Bitcoin system, there is a sender, a receiver, and an amount. To receive value, the receiver generates a key-pair. The public key is hashed and encoded as a 35-character string called a Bitcoin address. An example of an address is: 1HizFzbRj9nxa3ErX2fjTRsYRReRhkJ5Jr. (This is an address for me, if you would like to send Bitcoin to this address, please do :) Bitcoin addresses are sometimes displayed as QR codes, as shown at right. (That's my address, again.)
Bitcoin addresses are a destination for value. They are public, they are anonymous, and they are characteristic of one particular receiver. They can be permanent, but it is generally recommended that receivers create new addresses every time they receive value, to preserve their anonymity. Note that it is not possible to determine the public key from the address, since it is a digest. It is possible to verify that a given public key corresponds to the address, by re-hashing the key.
A transaction is a transfer of Bitcoin value from a sender to a receiver. A transaction is generated by the sender, and contains one or more inputs and one or more outputs, along with the Bitcoin address of the receiver. The inputs are references to outputs from previous transactions. The outputs are Bitcoin addresses to which the inputs' value are to be transferred.
I know this is a bit vague, bear with me, I'll explain more in a minute. The key concept is that each transaction simply builds on previous transactions. Alice sends you Bitcoin, and you receive an output. You send Bitcoin to Brian, and you pass the output you received from Alice to Brian as an input. Brian sends Bitcoin to Criss, and she receives the output you sent to Brian. And so on... there are just transactions, with inputs, outputs, and destination addresses.
You might be wondering, how are transactions validated? (Put another way, what prevents malicious or fraudulent transactions from being created?) When a sender creates a transaction, they sign it with the private key for each input. (The private key that is paired with the public key used to create the address at which the input was received.) The public key for the corresponding output is stored in the previous transaction, and is used to authenticate the signature. This validates that the sender is the current "owner" each of the inputs, and is authorized to transfer them.
Okay, here's where it gets a bit weird. What *is* a bitcoin? A bitcoin has no physical or digital existence. It is purely a chain of transaction records.
So, what is a bitcoin "worth"? Like anything, it is worth what others are willing to pay for it. The exchange rate between Dollars and Bitcoins has fluctuated wildly, but is currently around $230/BTC. (BTC is the abbreviation for one bitcoin, there are also mBTC = thousandths of a bitcoin , uBTC = millionths of a bitcoin, and Satoshi* = one hundred millionth of a bitcoin.)
So what does it mean to "own" a bitcoin? It means you have possession of a key-pair which corresponds to the address to which the bitcoin was last sent. Having the key-pair means you can send the bitcoin to someone else.
And the key question (n.p.i.), where do bitcoins come from? (Put another way, what is at the start of the transaction chain for a given bitcoin?) Stay tuned, I'll talk about mining in a minute. But first let's talk about the blockchain which makes all this possible.
The central innovation of Bitcoin is the concept of a blockchain which records every transaction, ever**. The entire blockchain is public, and every "full node" of the network has a complete copy. Because everyone can see every transaction, there is no need for trust. A dishonest node will be "out voted" by honest nodes. In addition the reward for being an honest node generally exceeds the possible benefit of being dishonest.
As the name implies the blockchain is a sequence of blocks. Each block contains a time-sequence of individual transactions. The size of blocks is variable, but currently limited to 1MB. A bitcoin node generates a new block every 10 minutes. (We'll talk about what "generates" means a little later.) An average transaction is about 400 bytes, which means the network as a whole is limited to about 40 transactions per second. Increasing the maximum size of blocks and therefore the maximum system transaction rate is under discussion.
As noted above, a transaction is a transfer of Bitcoin value. When a transaction occurs, the sender of value broadcasts the transaction to the network of nodes. Each node that receives it validates the transaction and stores it in a new block which it is assembling. When the block is full or if ten minutes have elapsed since the start of the block, it is added to the blockchain. Each block contains a hash of the previous block, ensuring the integrity of the chain.
Nodes in the bitcoin network are doing a lot of work - they have to receive transactions from senders and validate them, performing a lot of computationally expensive cryptographic math in the process. Why do the work? There is a reward for creating new blocks: a node which creates a new block gets new bitcoins! The first transaction in each block sends a reward to a bitcoin address owned by the node. This is the start of the transaction record for new bitcoins, and it is the way new bitcoins are created. The process of generating blocks and receiving new bitcoins as a reward is called mining.
Hmmm... I can hear you thinking... What would keep anyone from operating a node and mining new bitcoins? Well, nothing. And in fact, everyone who is running a "full node" on the system is doing exactly this. But...
With many nodes in the system, and multiple nodes receiving the same transactions, what's to prevent many, many duplicate blocks from being added? And what keeps the number of new bitcoins from exploding? There is a mechanism which makes creating new blocks harder. Inside each block is a nonce, a value which means nothing and can be arbitrarily chosen. A node creating a new block must chose a nonce which makes the digest created by hashing the block smaller than a threshold value. The node has to try each possible nonce in turn, perform the hash, and check the value. The nonce inside bitcoin blocks is 32 bits, which means there are 4 billion possibilities. There is no mathematical shortcut to this, there is a lot of computational work to create a new block and earn new bitcoins as a reward.
As the network gets larger and more nodes are trying to create blocks, the maximum hash threshold gets smaller, making the computational work harder. The target is to create a block every ten minutes. Every time 2016 blocks have been created, the nodes cooperatively agree on a new threshold. As more nodes join the network, blocks are generated more quickly and the threshold is lowered, making creating new blocks more computationally difficult. The competition is intense. Some organizations have built huge datacenters full of specialized computer hardware just to mine bitcoins.
When bitcoin was first launched, the reward for creating a new block was 50 bitcoins. Every time 210,000 blocks are created, the reward is halved. The current reward is 25BTC. It is projected that in mid 2017 the reward will be halved again, to 12.5BTC. After 21 million bitcoins have been generated - projected to occur in 2024 - that's it, there will be no more. The value of each bitcoin will probably appreciate over time, and if you believe that, you might feel owning bitcoins is an investment.
As described above, as nodes receive transactions and assemble them into blocks, they are paid for their effort with new bitcoins. But as mentioned, the difficulty of generating blocks keeps increasing, and the reward keeps decreasing, and will eventually be zero when all bitcoins have been mined. So another mechanism exists to reward nodes, transaction fees.
Bitcoin fees are the hidden ugly reality of what is otherwise a beautiful idea. This is where the rubber really hits the road, because if fees are too high the payment network won't be used. And weirdly for a payment system, the sender pays the fees, rather than the receiver. (Of course, the receiver could agree to accept a lower payment amount to cover the transaction fee, but that’s … complicated.) The fees are typically small, but typically nonzero.
The Bitcoin network has a few rules around fees.
As you can see, ugly. When the sender sends a transaction, it must precompute the fee, and then the transaction is sent with a proposed fee amount. Each miner node which receives the transaction can accept the transaction and send the fee to itself, or refuse the transaction. You can try sending a zero-fee transaction (ZFT) and see if someone accepts it, and currently it is likely that someone will, but they don’t have to. If you send a fee according to the rules above, then they must accept it. If you request a ZFT it can take longer to be confirmed in the blockchain because many miners may pass on accepting it.
As an experiment I've sent myself bitcoins requesting a ZFT, and they are typically confirmed within 15 minutes. So currently it can be done. However it is likely that over time ZFTs cannot be counted upon.
This brings me to the final subject of my '101" overview, Bitcoin wallets. A wallet is software which performs three functions:
When Satoshi Nakamoto first released the "reference implementation" in early 2009 (now called Bitcoin Core), it included a simple wallet, and that version is still around today with a few polishes. There are tens of others now, some for desktops (Windows and Mac OS and Linux), some for mobile platforms (IOS and Android), and many which are web-based (running on a server hosted by others, providing a web UI). You can use a Bitcoin wallet without knowing any of the details described above, and if you're interested I definitely encourage you to do so.
So where do you get Bitcoin? You can buy some using dollars or some other government-backed security, from a Bitcoin exchange, or you can exchange something of value with someone who sends you bitcoin in response. Or you can get some "free" at a Bitcoin faucet, which are websites that distribute tiny amounts of Bitcoin, generally in exchange for your contact info or attention. (Faucets were started as a way to seed the use of Bitcoin, but these days they aren't needed for that anymore and tend to be scam-ish, so be careful!)
And what do you do with Bitcoin once you have it? You can buy things with it, pay people for services, or even hold onto it as a somewhat speculative investment. Or you could send some to me, at the address above :)
* A Satoshi is the smallest unit of bitcoin which can be exchanged, one hundred millionth of a bitcoin.
[Update: please see Bitcoin 102: Smart Contracts]
Thanks for reading, your comments / corrections / amplifications are most welcome!