“First they ignore you, then they laugh at you, then they fight you, then you win” . — Mahatma Gandhi.
Bitcoin Network's ultimate goal is to preserve data and to allow new data to be included in an uncensorable way, i.e. to secure the immutability of balances and the freedom of transaction.
A Bitcoin implementation is code that anyone can run on their computer to turn it into a Bitcoin node.
The reference implementation is called Bitcoin Core, it is open-source code which last version can be downloaded from https://bitcoincore.org/en/download/
Interconnected Bitcoin nodes constitute the Bitcoin network:
The function of a node is to independently verify the validity of transactions, rejecting those that do not follow the Bitcoin rules.
A Bitcoin transaction consists of a message that orders to change the ownership of a set of monetary units, digitally signed by the own balance's owner.
Basic digital signatures are created from a Private Key and its corresponding Public Key.
A Private Key consists of a random number between 0 and 2^256 (roughly the number of atoms in the known universe), so its entropy is 256 bits.
The Public Key is derived from the Private Key through a one-way function, which means that is not possible to obtain a Private Key from a Public Key.
A Private Key can be used to encrypt data that only its Public Key is able to decrypt, and vice versa.
The digital signature of a message then consists of that same message encrypted by the Private Key, along with a text that includes the original (not encrypted) message and the Public Key.
The mathematical proof that the owner of the Private Key has authorized the message can be verified by decrypting that message with the Public Key and checking that the resulting message and the original message coincide.
Bitcoin Addresses are Public Keys that have been encoded in a more human readable and typo-proof way.
The creation and storage of Private Keys with their corresponding Public Keys and Addresses are simple processes that programs like the so-called Wallets may assist to.
Each node keeps some transaction requests as an own list that is called mempool, and stores a copy of the distributed ledger called Blockchain that contains the confirmed transactions.
Each node obtains the state of the current balances, also called UTXO set, from its own copy of the Blockchain.
Transaction requests can published from any node; nevertheless, no node is able to mathematically prove which transaction was solicited first. That situation is especially problematic when there are conflicting requests, because it should be their chronological order what determines their validity; so different monetary systems would coexist if the set of balances differ between nodes.
Example of propagation:
The transaction represented as ..... is ordered, so it will be propagated like a gossip between nodes:
(The figures above are arranged chronologically from left to right).
If a new transaction request (represented as .) is published by another node, some nodes will receive the application . before .....:
The last image represents a stage in which some nodes have only received ..... while others nodes have received both petitions, but some of them received ..... first and others . instead.
Example of conflicting transactions:
Enrique's entire balance is 1₿. Nevertheless, Enrique signs the message -.- that requests the transfer of 1₿ to Eva and he also signs the message ... that requests the transfer of 1₿ to Amy.
Those who received message -.- first will recognize Amy as the true owner of 1₿, while the rest will recognize message ... and Eva as the legitimate owner of 1₿. Henry caused a double-spend.
A double-spend attack could be perpetrated from the same node or from different nodes:
Bitcoin's key innovation is the mechanism called Proof of Work or Nakamoto Consensus, which enables to rotate the power of chronologically ordering transactions. There is no authority, nodes earn that power in a probabilistic way according to their computational strength.
Alternative systems to Proof of Work rely on resources within their own system, which makes them insecure. They are verified through data that may be easily falsified and they are subject to attacks in which a single entity secretly controls the majority of nodes; so they need an authority that spends human resources and leads to bureaucracy and privileges.
The Nakamoto Consensus works analogously to a continuous decentralized lottery in which "tickets" are acquired using an impossible to falsify resource: energy. The winning ticket grants the power to execute transaction requests.
The newly executed transactions are included in a block of data that is independently verified, copied and propagated by each node.
Once a transaction request is included in a block (yellow box in the above image), it is considered executed. Nevertheless, if 2 different non-linked blocks are created almost simultaneously, it is possible that some of the nodes recognize one of the blocks as valid while the rest of the nodes recognize the other block:
The images above show 2 competing blocks that coexist.
Each new block has to be linked to a previous block.
Following the previous images, let's suppose that a new block is linked to the pink block:
Nodes follow the chain with more cumulative work, which is almost always the longest chain, i.e the chain with more blocks. The chance for a block to be discarded drops the deeper it is the block inside the chain, hence each subsequent block increased the probability of immutability and is called confirmation.
If the transactions included in the discarded blocks are are not included in the new blocks, they return to the list of transaction requests.
The creator of each block gets a reward in the form of transaction fees plus a subsidy through a transaction that is included by himself and it is called coinbase transaction.
Each transaction request specifies the fee the to be paid in order to incentivize the priority of its execution.
The subsidy is made up of new bitcoin units whose issuance is halved every 10,000 blocks (approximately 4 years), resulting in a decreasing monetary inflation rate that tends to create a maximum of 21 million bitcoins.
The integrity of the information contained in the record of blocks is easily verifiable thanks to the use of cryptographic hash functions.
Those are one-way functions that enable to transform any digital data input into fixed-size data called a hash.
Hashes are completely different from each other, even if the input data is only slightly different.
There are different kinds of hash functions, but the most commonly used in Bitcoin is SHA256, which produces a 256 bits hash. For example, the transaction ID is simply the double SHA256 hash of the transaction data and the the block ID is just the double SHA256 hash of the data contained in the block header.
Data contained in the the block header:
1. # Hash of Previous block ID
2. # Combined hash of all transactions' hashes, i.e. the Root of a Merkle Tree.
3. Ν # Nonce + target hash
4. Τ Timestamp
Each block is made up of its header and the transactions with their respective hashes:
1. Hash of Previous block ID:
It chains the blocks.
Each new block creates a hash of the entire transaction history, so altering the info contained in a block would make invalid that block and all subsequent blocks.
Like a mosquito in amber, the deeper a block is in the chain, the more irremovable it will be.
2. Root of a Merkle Tree:
It provides an easy way to verify the integrity of transactions.
3. Nonce and hash target:
In order to mine a block, it is necessary to be the first to find a number called nonce that combined with the rest of block header data, results in a hash called Block ID that is lower than a certain threshold called hash target.
If the goal is to obtain a hash that starts by 000 from data that contains the word "bitcoin", it could be done by trying with bitcoin-1, bitcoin-2, .... until a successful nonce is found:
Try it here!
The nonce for this example would be 1918.
The block ID proves work in an easily verifiable way. Miners obtain probabilities to propose the execution of transactions through energy spending, but transactions are executed in a decentralized way, by nodes.
Its function is to ensure that blocks are produced at an average rate of 10', which ensures that the time of blocks propagation is comparatively short, reducing the number of orphan blocks and centralization incentives for miners. A small stream of data keeps low the cost of running a node and facilitates the replication of information.
It is the approximate time at which each block was mined according to its respective miner.
Every 2016 blocks the network calculates the difference in time between the first and the last timestamps, so that the hash target can be adjusted to changes in total mining power.
At most, the hash target can be multiplied or divided by 4 to limit the effect of certain double spend attacks.
Timestamps are not exact, in fact, they do not necessarily increase from block to block.
In order to be accepted by nodes, any timestamp must be later in time that the median of the previous 11 timestamps and it has to be less than two hours in the future according to each node own official time.
Thanks to that mechanism, for the first time in history, a monetary good's inflation is predictable.
Bitcoin technology's great achievement is to automatically enforce property rights in a monetary system.