“First they ignore you, then they laugh at you, then they fight you, then you win” . — Mahatma Gandhi.
Bitcoin technology enables to automatically enforce property rights in a monetary system.
A monetary system is simply a set of balances which owners can transact voluntarily.
A balance is a specific amount of units of value, and transacting is to exchange balances.
Set of balances in previous monetary systems:
-In physical monetary systems like gold or 13th century Chinese paper fiat, balances are constituted by physical units, like coins or bills. Those units may be possessed by their owners.
-In centralized digital monetary systems like fiat, balances are just data possessed by a single entity.
Transactions in previous monetary systems:
-In physical monetary systems: transactions may be directly executed by individuals, locally.
-In centralized digital monetary systems: transactions are executed by a third party. If e.g. Henry (a client of Bank A) wants to send 3$ to Bob (a client of Bank B): Henry will apply to Bank A and Bank A will order the Central Bank to subtract 3$ from its reserves and to add them to those of Bank B. The Central Bank is the one that executes the transaction:
*This process is not repeated with each request, the Central Bank will only settle once a day the net result of the requested transaction.
The increase in balances due to the creation of new units is called monetary inflation.
-In physical monetary systems, monetary inflation is limited due to the difficulty of extracting new units from exclusive locations.
-In centralized digital monetary systems, the Central Bank increases the total number of monetary units in its database. The process is known as "printing money" or "money printer go brrr" because those units are exchangeable for paper money:
In reality the "printing" is done electronically.
Satoshi devised a digital monetary system that users could verify by themselves, in which they did not depend on a central entity to store or transact their balance; so he designed a network consisting of computers running the same program in which each of them would keep a copy of all the balances:
A Bitcoin implementation is code that anyone can run on their computer to turn it into a Bitcoin node.
That piece of code is open-source. The reference implementation is called Bitcoin Core, which last version can be downloaded from https://bitcoincore.org/en/download/
Interconnected Bitcoin nodes constitute the Bitcoin network.
The function of a node is to enforce the Bitcoin Protocol, that is, to independently verify the validity of transactions, rejecting those that do not follow the rules.
A bitcoin transaction is simply a message that orders the change of ownership of a bitcoin balance.
For the tx to be valid, the owner of the balance has to demonstrates accordance with the message by digitally signing it.
Basic digital signatures are created through a key pair Private Key + Public Key.
A Private Key consists of a random number between 0 and 2^256 (roughly the number of atoms in the known universe), so its entropy is 256 bits.
Public Keys are derived from Private Keys through a one-way function, which means it is not possible to obtain a Private Key from a Public Key.
A Private Key can be used to encrypt data that only its Public Key is able to decrypt, and vice versa.
So by keeping a Private Key in secret, its owner could publish a text that includes:
-that same message encrypted by its Private Key, i.e the digital signature
-the Public Key
The mathematical proof that the owner of the Private Key has authorized the Message (digital signature) can be verified by decrypting the message with the Public Key and checking that the resulting message and the original message coincide.
As Bitcoin balances are associated to public keys, only the holders of the respective private keys can order the tx. Bitcoin addresses are just public keys that have been encoded in a more human readable and typo-proof way.
The creation of private keys, and their corresponding public keys and addresses is a simple and free process that a program called a wallet may assist to.
Addresses are obtained from
s are used on those processes, which means it is not possible to obtain a Public Key from an Address, neither to derive a Private Key from a Public Key.
The Bitcoin Network's ultimate goal is to preserve data and to allow new data to be included in an uncensorable way, i.e. to secure the immutability of balances and the freedom of transaction.
Transactions not yet included in a block (transaction requests) are kept by each node in its own list called mempool.
The transactions already included in a block (confirmed transactions) are stored by each node in the form of a copy of the shared ledger called Blockchain.
Each node obtains the state of the current balances (UTXO set or chain state) from its own copy of the Blockchain.
The holders of balances can order transactions from any node they control.
If for example, a bitcoin holder orders a transaction (represented as .....), the order will be propagated like a gossip from node to node:
(The figures above are arranged chronologically from left to right).
If a new transaction request (represented as .) is published by another node, some nodes will receive application . before .....:
The last image represents a stage where some nodes have heard only about ..... while others nodes have heard about both petitions, but some heard about ..... first and others about . instead.
If each node executes the transactions following a "first received first executed" approach, there would be different monetary systems at least temporarily since the set of balances would differ between nodes.
It is not possible to mathematically proof which transaction was solicited first in a decentralized system.
That situation is especially problematic when there are conflicting requests (those that if one of them is executed, the other one is not valid anymore) because then chronological order of transaction requests would determine validity and therefore different monetary systems would coexist permanently, like in the next example:
Those who received message -.- first, will recognize Amy as the true owner of 1 bitcoin, while the rest will recognize message ... and Eva as the legitimate owner of 1 bitcoin. Henry caused a "double-spend".
A double-spend attack could be perpetrated from the same node or from different nodes:
The double-spend problem does not arise in physical monetary systems because units are tangible.
Centralized digital systems partially solve the problem by conferring the control over balances to a single entity:
Commercial bank A is trying to spend its balance twice, so the Central Bank must decide which of both requests will be executed:
To prevent a double-spend attack in a decentralized network, all nodes should execute the same transactions at the same chronological order.
In the Bitcoin network, each node prepares a proposition of chronological order for the last transaction requests until it acquires the power to execute it.
To prevent censorship, that power should not be granted by any authority and it should frequently rotate between anonymous nodes that do not require any permission to join.
The mechanism that enables it is Bitcoin's key innovation: Proof of Work or Nakamoto Consensus. It substitutes authority for computational strength; so power is not given, it is earned.
To rotate that power, the system is probabilistic, analogous to a constant decentralized lottery where "tickets" are acquired from an impossible to falsify resource: energy. Each "winning ticket" can be easily verified mathematically.
Alternative systems to Proof of Work (like e.g. Byzantine Consensus or Proof of Stake) rely only on resources within the system, which makes them insecure. They are subject to sybil attacks so they must use located institutions that identify nodes and grant permission, leading to privileges, bureaucracy, and human resources spending.
(Sybil attack: a single entity secretly controls the majority of nodes).
In Bitcoin, when one of the "tickets" is awarded, the winning node executes new transaction requests in its preferred chronological order and transmits that information to other nodes that will verify, copy, and continue propagating it.
Transaction applications included in a block (yellow box in the above image) are considered executed transactions.
If 2 non-linked blocks are created almost simultaneously, it is possible that not all nodes accept the same block as valid:
The images above show 2 competing blocks that coexist.
When a new block is created, it must necessarily be linked to a previous block. Let's suppose that the new block is linked to the pink block:
Nodes discard the chain of blocks they were following if they discover another chain with more cumulative Work, which almost always is the longest chain (the one with more blocks).
Discarded transactions that are not included in the new block, are returned to the list of transaction requests.
The chance of an already accepted block will be discarded drops with each subsequent block, hence it is called confirmation. Confirmations provide probabilistic immutability.
The creator of each block gets a reward in the form of transaction fees + a subsidy.
Each transaction request specifies the fee the to be paid to the block creators (miners) in order to incentivize the priority of its execution.
The first transaction in a block (coinbase transaction) is included by the miner himself to receive the reward.
The new bitcoin units that the network issues per block are the subsidy.
The monetary inflation rate is constantly decreasing tending to a maximum of 21 million bitcoins, since the subsidy is halved every 10,000 blocks (approximately 4 years).
For a deeper immersion about the info contained in a block, it is necessary to know about cryptographic hash functions:
Hashing makes easy verifiable the integrity of historic data.
Cryptographic hash functions transform any digital data (input) into a fixed size of data (hash).
Cryptographic hashes are for data what fingerprints are for people:
-A fingerprint does not disclose any information about the person. (One-way function).
-Similar people may have very different fingerprints. (Slightly different digital data result in completely different hashes).
-The same person will always produce the same fingerprint. (The same data will always result in the same hash).
-Let's assume fingerprints are always of the same size independently of the size of the person, for the sake of the analogy. (No matter the size of initial data, the hash will always have the same size).
Try it here!
There are different kinds of hash functions, the most commonly used in Bitcoin is SHA256, which produces a 256 bits hash. Examples:
-An Address is the encoded hash of a Public Key.
-The transaction ID is the double SHA256 hash of the data that it contains.
-The block ID is the double SHA256 hash of the block header data.
Data that constitute a block:
-Transactions and their respective hashes (Merkle tree):
-Header: # # Ν # Τ
The block header contains:
1. # Hash of Previous block ID
2. # Combined hash of all transactions' hashes (Root of a Merkle Tree)
3. Ν # Nonce + target hash
4. Τ Timestamp
1. Hash of Previous block ID:
This is what chains the blocks. If blocks are imagined like the pages of a ledger, each new page would contain a small photo of the previous page in which a photo of its previous page would appear and so on, so all pages would appear in the last photo of the book.
Each new block creates a hash of the entire payment history, so altering the info contained in a block would make that block and all subsequent blocks invalid.
Like a mosquito in amber, the deeper a block is in the chain the more irremovable (final) it will be.
2. Root of a Merkle Tree:
It provides an easy way to verify the integrity of transactions data.
3. Nonce and hash target:
The nonce is a number used only to change the Block ID.
In order to mine a block, it is necessary to be the first in finding a number (nonce) that combined with the rest of block header data, results in a hash (Block ID) lower than a certain threshold (hash target).
Imagine you are on the task of hashing data that contains the word bitcoin until obtaining a hash starting by 000. You could try with bitcoin-1, bitcoin-2, .... until you find a “nonce" that gives that result:
Try it here!
The nonce would be 1918 in this example ;)
The block ID Proofs Work that can be quickly validated by nodes.
Based on energy spent miners obtain probabilistically the power to propose the execution of transactions, but transactions are ultimately executed by nodes, in a decentralized way.
Analogously to the difference in work required to find a needle in a yard, and that necessary to verify that it is indeed a needle, there is a great asymmetry between the cost incurred when mining a block and that incurred in its verification. That makes costly for miners to misbehave.
It is previously established by the network with the goal of getting blocks produced at an average rate of 10', which reduces the incentives for miner centralization by making the data propagation time comparatively
short, and ensures that orphan blocks are extremely rare.
The small stream of data also helps information to be easily replicated, and eases the cost of running a node.
The miners' total calculation power changes with time, so hash target needs to adapt or blocks would be produced much faster/slower.
In order to achieve the adjustment:
-Each successful miner will include (stamp) the approximated block’s creation time (timestamp) in the header of the block.
-In order to deduce the average hash rate, every 2016 blocks (approximately two weeks), the network will calculate the difference in time between the first and the last stamps.
-The hash target will be automatically adjusted accordingly (retarget), by rising the mining difficulty if blocks are produced too fast or by lowering it, if blocks are being created slowly.
The target can’t change by more than a factor of 4 or by less than a factor of 1/4 to limit the effect of certain double-spend attacks.
The mechanism effectively work as a decentralized clock.
It is not exact. As an anecdote: not always increases from block to block.
In order to be accepted by each node:
-It must be later than the median of the previous 11 timestamps.
-It must be at most two hours in the future, according to each node own official time.
For the first time in history, a monetary good's inflation is predictable.
Decentralized network: nobody is in charge, nobody controls it.
Distributed network: data is redundant, replicated by multiple entities in multiple locations.
Consensus: agreement by multiple parties
Hashing provides integrity.
Encryption provides confidentiality.
Encoding is converting data into a particular form that can be reversed.