Bitcoin technology
First they ignore you, then they laugh at you, then they fight you, then you win. — Mahatma Gandhi.
Bitcoin Network's ultimate goal is to preserve data and to allow new data to be included in an uncensorable way, i.e. to secure the immutability of balances and the freedom of transaction.
The network:
A Bitcoin implementation is code that anyone can run on their computer to turn it into a Bitcoin node.
The reference implementation is called Bitcoin Core, it is open-source code which last version can be downloaded from https://bitcoincore.org/en/download/
Interconnected Bitcoin nodes constitute the Bitcoin network:
The function of a node is to independently verify the validity of transactions, rejecting those that do not follow the Bitcoin rules.
Transactions:
A Bitcoin transaction consists of a digitally signed message that orders the transfer of some monetary units.
Basic digital signatures are created from a Private Key and its corresponding Public Key.
A Private Key consists of a random number between 0 and 2^256 (roughly the number of atoms in the known universe), so its entropy is 256 bits.
The Public Key is derived from the Private Key through a one-way function, which means that is not possible to obtain a Private Key from a Public Key.
A Private Key can be used to encrypt data that only its Public Key is able to decrypt, and vice versa.
The digital signature of a message then consists of that same message encrypted by the Private Key, along with a text that includes the original (not encrypted) message and the Public Key.
The mathematical proof that the owner of the Private Key has authorized the message can be verified by decrypting that message with the Public Key and checking that the resulting message and the original message coincide.
Bitcoin Addresses are Public Keys that have been encoded in a more human readable and typo-proof way.
The creation and storage of Private Keys with their corresponding Public Keys and Addresses are simple processes that programs like the so-called Wallets may assist to.
Each node keeps some transaction requests as an own list that is called mempool, and stores a copy of the distributed ledger called Blockchain that contains the confirmed transactions.
Each node obtains the state of the current balances, also called UTXO set, from its own copy of the Blockchain.
Transaction requests can published from any node; nevertheless, no node is able to mathematically prove which transaction was solicited first. That situation is especially problematic when there are conflicting requests, because it should be their chronological order what determines their validity; so different monetary systems would coexist if the set of balances differ between nodes.
Example of propagation:
The transaction represented as ..... is ordered, so it will be propagated like a gossip between nodes:
(The figures above are arranged chronologically from left to right).
If a new transaction request (represented as .) is published by another node, some nodes will receive the application . before .....:
The last image represents a stage in which some nodes have only received ..... while others nodes have received both petitions, but some of them received ..... first and others . instead.
Example of conflicting transactions:
Enrique's entire balance is 1₿. Nevertheless, Enrique signs the message -.- that requests the transfer of 1₿ to Eva and he also signs the message ... that requests the transfer of 1₿ to Amy.
Those who received message -.- first will recognize Amy as the true owner of 1₿, while the rest will recognize message ... and Eva as the legitimate owner of 1₿. Henry caused a double-spend.
A double-spend attack could be perpetrated from the same node or from different nodes:
Bitcoin's key innovation is the mechanism called Proof of Work or Nakamoto Consensus, which enables to rotate the power of chronologically ordering valid transactions. There is no authority, nodes earn that power in a probabilistic way according to their computational strength.
Alternative systems to Proof of Work rely on resources within their own system, which makes them insecure. They are verified through data that may be cheaply falsified and they are subject to attacks in which a single entity secretly controls the majority of nodes; so they need an authority that spends human resources and leads to bureaucracy and privileges.
Consensus mechanisms that don’t involve work, instead involve governance.
The Nakamoto Consensus works analogously to a continuous decentralized lottery in which "tickets" are acquired using an impossible to falsify resource: energy. The winning ticket grants the power to execute transaction requests.
The newly executed transactions are included in a block of data that is independently verified, copied and propagated by each node.
Example:
Once a transaction request is included in a block (yellow box in the above image), it is considered executed. Nevertheless, if 2 different non-linked blocks are created almost simultaneously, it is possible that some of the nodes recognize one of the blocks as valid while the rest of the nodes recognize the other block:
The images above show 2 competing blocks that coexist.
Each new block has to be linked to a previous block.
Following the previous images, let's suppose that a new block is linked to the pink block:
Nodes follow the chain with more cumulative work, which is almost always the longest chain, i.e the chain with more blocks. The chance for a block to be discarded drops the deeper it is the block inside the chain, hence each subsequent block increased the probability of immutability and is called confirmation.
If the transactions included in the discarded blocks are are not included in the new blocks, they return to the list of transaction requests.
The creator of each block gets a reward in the form of transaction fees plus a subsidy through a transaction that is included by himself and it is called coinbase transaction.
Each transaction request specifies the fee the to be paid in order to incentivize the priority of its execution.
The subsidy is made up of new bitcoin units whose issuance is halved every 10,000 blocks (approximately 4 years), resulting in a decreasing monetary inflation rate that tends to create a maximum of 21 million bitcoins.
The integrity of the information contained in the record of blocks is easily verifiable thanks to the use of cryptographic hash functions.
Those are one-way functions that enable to transform any digital data input into fixed-size data called a hash.
Hashes are completely different from each other, even if the input data is only slightly different.
There are different kinds of hash functions, but the most commonly used in Bitcoin is SHA256, which produces a 256 bits hash. For example, the transaction ID is simply the double SHA256 hash of the transaction data and the the block ID is just the double SHA256 hash of the data contained in the block header.
Data contained in the the block header:
1. # Hash of Previous block ID
2. # Combined hash of all transactions' hashes, i.e. the Root of a Merkle Tree
3. Ν # Nonce + target hash
4. Τ Timestamp
Each block is made up of its header and the transactions with their respective hashes:
1. Hash of Previous block ID:
It chains the blocks.
Each new block creates a hash of the entire transaction history, so altering the info contained in a block would make invalid that block and all subsequent blocks.
Like a mosquito in amber, the deeper a block is in the chain, the more irremovable it will be.
2. Root of a Merkle Tree:
It provides an easy way to verify the integrity of transactions.
3. Nonce and hash target:
Nonce:
In order to mine a block it is necessary to be the first to find a number called nonce that combined with the rest of block header data, results in a hash called Block ID that is lower than a certain threshold called hash target.
For example:
If the goal is to obtain a hash that starts by 000 from data that contains the word "bitcoin", it could be done by trying with bitcoin-1, bitcoin-2, .... until a successful nonce is found:
The nonce for this example would be 1918.
The block ID proves work in an easily verifiable way. Miners obtain probabilities to propose the execution of transactions through energy spending, but transactions are executed in a decentralized way, by nodes.
Hash target:
Its function is to ensure that blocks are produced at an average rate of 10', which ensures that that block propagation and block validation take a comparatively short time, which reduces the amount of orphan blocks and mining centralization incentives since large miners are not hugely advantaged by being able to build on top of their own block. A small stream of data keeps low the cost of running a node and facilitates the replication of information.
4. Timestamp:
It is the approximate time at which each block was mined according to its respective miner.
Every 2016 blocks the network calculates the difference in time between the first and the last timestamps, so that the hash target can be adjusted to changes in total mining power.
At most, the hash target can be multiplied or divided by 4 to limit the effect of certain double spend attacks.
Timestamps are not exact, in fact, they do not necessarily increase from block to block.
In order to be accepted by nodes, any timestamp must be later in time that the median of the previous 11 timestamps and it has to be less than two hours in the future according to each node own official time.
Thanks to that mechanism, for the first time in history, a monetary good's inflation is predictable.
The process of mining:
Bitcoin technology uses electricity to avoid consuming human resources. It frees human time.
Bitcoin miners waste energy in the same way that firefighters waste water when extinguishing a fire.
When we can secure a financial network by computer science rather than by accountants, regulators, investigators, police, and lawyers, we go from a system that is manual, local, and of inconsistent security to one that is automated, global, and much more secure. — Nick Szabo.
Bitcoin mining gravitates towards sources of power that unlock stranded energy that otherwise would go to waste since Bitcoin miners offer a a highly flexible interruptible load that is able to locate anywhere. In the long run, as the increasing of competition for Bitcoin mining decreases its profitability, only the use of surplus energy will be economically viable.
The minimization of financial governance:
Bitcoin technology enables to decentralize the control over a monetary system, i.e. to minimize financial governance. Bitcoin is rules without rulers; asking “who controls Bitcoin?” is like asking “who controls English?”.
Cypherpunks repulse governance, so the lack of it has always been a goal in Bitcoin.
“Yes: stand back a little bit, you are taking away the sunlight from me”. — the philosopher Diogenes' reply to Alexander the Great's offer of granting him any wish.
In Bitcoin, consensus emerges when different computers simultaneously run the same protocol. By maximizing the role of the consensus protocol, social consensus is ruthlessly minimized.
The lack of governance is a feature for the immutability of its security and the credibility of its monetary policy.
The core design of Bitcoin is immutable, only those technological innovations that improve security are justified to be gradually included in its code. Advancing slowly is a dogma.
The nature of Bitcoin is such that once version 0.1 was released, the core design was set in stone for the rest of its lifetime. — Satoshi Nakamoto.
We must handle Bitcoin software with the respect we handle nuclear reactor software. — Hugo Nguyen.
This stuff is difficult. This stuff is subtle. If you are frustrated by how slow Bitcoin moves, let me tell you, Bitcoin moves too fast. Cryptography is hard and scary, and we need to make sure we move slowly. — Andrew Poelstra.
Bitcoin security updates are:
1. Researched. While deployment of new features in Bitcoin is incredibly slow (for good reason), the pace of research is overwhelming. — Andrew Poelstra.
2. Proposed for peer review, brain-storming, deploying on sidechains/test-nets and iteration.
3. If they generate interest and there is an overwhelming consensus of the network participants and the most active contributors to the software unanimously accept them, then the proposals are implemented and tested.
3. Deployed as open source code, so that users can verify them.
4. Enforced by nodes. Each node operator has to manually install updates if he embraces them.
The more procedural risk and mental cost, the fewer reasons exist to upgrade.
The costs and risks of hard forks are bigger than those of soft forks, which in turn are greater than those updates that do not require forks.
The term fork means a change in the consensus rules:
-A soft fork tightens the consensus rules. Some blocks considered valid by nodes running the old version will be considered invalid by those running the new version. It does not require simultaneous upgrade of the entire network.
-A hard fork relaxes the consensus rules. Blocks considered invalid by nodes running the old version, may be considered valid. It requires every node to upgrade, so it should only be executed as a last solution against an extreme security problem in the blockchain.
In the case of a fatal and general failure in Bitcoin's technology, the more influential developers have hopefully some principles in common and, in such a catastrophic scenario, they would probably contribute to deploy code that migrates the simple Bitcoin rules into a new technology. That is "the nuclear option". In such circumstances, Bitcoin as a concept would probably prevail over its technology.
If SHA-256 became completely broken, I think we could come to some agreement about what the honest block chain was before the trouble started, lock that in and continue from there with a new hash function. — Satoshi Nakamoto.
Bitcoin technology's great achievement is to automatically enforce property rights in a monetary system.