the goal of this video is to explain how
the Bitcoin works under the hood to give a clearer idea of what it really
means to own, send, or mine bitcoins first a brief high-level overview of
what Bitcoin is at its core Bitcoin is just a digital file
that list accounts and money like a ledger a copy of this file is maintained on
every computer in the Bitcoin network these numbers don't represent anything
in the physical world, they only have value because people are willing to
trade real goods and services for a higher number next to their account
and believe others will do the same the numbers only have value because we
believe they have value just like any other fiat currency to send money you broadcast to the
network that the amount on your account should go down in the amount on a
receiver's account up nodes or computers in the Bitcoin network
apply that transaction to their copy of the ledger and then pass on the transaction to
other nodes this with some math basic security is
really all there is a system that lets a group of computers
maintain a ledger While this may sound similar to the way a
bank maintains a ledger the fact that the ledger is maintained by a
Group rather than a single entity introduces a number of important
differences for one, unlike a bank where you only
know about your own transactions In Bitcoin everyone knows about everyone else's
transactions.
Also while you can trust your bank or you can at least sue it if
something goes wrong in Bitcoin you're dealing with anonymous
strangers so you shouldn't trust anyone. The Bitcoin system is amazingly designed
so that no trust is needed special mathematical functions protect
every aspect to the system the rest to this video will explain in
detail how the Bitcoin allows such a group of strangers to manage each others'
financial transactions At a basic level, for Alice to send money
to Bob she simply broadcast a message with the
accounts and the amount sent 5 Bitcoins from Alice to Bob. Every node that receives
it will update their copy of the ledger and then pass along the transaction
message. But how can nodes be sure that the request is authentic that only the rightful owner has sent a
message. Bitcoin rules require a kind of password unlock unspent funds and this password is what's called a
digital signature. Like a real handwritten signature it proves the authenticity of a message
but it does so through a mathematical algorithm that prevents copying or
forgery in the digital realm unlike a simple static password a
completely different digital signature is required for every transaction keep in mind that in Bitcoin, you're dealing
with complete strangers so you never want to reveal a password
that could be copied and reused by someone else A digital signature works by utilizing
two different but connected keys, a private key to create a signature and a
public key that others can use to check it you can think of the private key as the
true password and the signature as an intermediary that proves you have the
password without requiring you to reveal it Public keys are actually the send to address
in Bitcoin, so when you send someone money you're
really sending it to their public key to spend money you must prove that
you're the true owner of a public key address where money was sent and you do that by generating a digital
signature from a transaction message and your private key other nodes in the network can use that
signature in a different function to verify that it corresponds with your
public key through the math behind the digital
signature they're able to verify that the sender owned a private key without actually seeing
the private key importantly because the signature
depends on the message it will be different for every transaction and therefore can't be reused by someone
for a different transaction this dependence on the message also
means that no one can modify the message while passing it along the network as any changes to the message would
invalidate the signature the math behind this is fairly complex
and well I won't try to explain it fully now here are some topics you can google to get
started.
Elliptic Curve digital signature algorithm and
mathematical trapdoor More at the end of the video so far we know that digital signatures
are used to ensure a transaction is authorized but I've oversimplified how nodes in
the network keep track of account balances in fact no records of account balances are
kept at all if you don't keep track of how much
money any given person has how do you know if they have enough to
send to someone else? Instead of balances ownership the funds is verified through
links to previous transactions here's how this works.
To send five
Bitcoins to Bob Alice must reference other transactions
where she received five or more Bitcoins. these reference transactions are called
Inputs. Other nodes verifying this transaction will check those inputs to
make sure Alice was in fact a recipient and also that the inputs at up to five or
more Bitcoins. Let's look at a real transaction to see
this in practice this transaction references 6 inputs for
a total of 139.6 Bitcoins In the output section notice that there
are two lines the first one of these is actually going
back to the sender as change for the transaction a simple fine rule states that each
input must be used up completely in a transaction so if you're trying to send an amount
that doesn't exactly match one of your inputs you need to send any remaining amount
back to yourself.
Through these reference input linkages ownership of Bitcoins is passed along
in a kind of chain with the validity of each transaction is dependent on
previous transactions but how can you trust this previous
transactions? You can't and you should check their inputs, too. in fact when you first install Bitcoin wallet software, it downloads every transaction ever made and checks each one's validity all the
way back to the very first transaction remember you're dealing with complete
strangers so it's important to verify every transaction for yourself this process can take over 24 hours but
it only needs to be done once once the transaction has been used once
it is considered spent and cannot be used again.
Otherwise
someone could double spend an input by referencing that in multiple
transactions When verifying a transaction, in addition
to the other checks nodes also make sure the inputs
haven't already been spent. To be explicit for each input notes check every other
transaction ever made to make sure that input hasn't already been used before.
While this may seem time-consuming as there are now over 20 million
transactions, it's made fast with an index of unspent transactions So instead of a ledger of balances Bitcoin nodes keep track of a giant list of transactions.
Owning bitcoins means that there are transactions in this list that
point to your name and haven't been spent, or in other words,
used as inputs in other transactions One interesting consequence of this
ownership structure is that figuring out your own balance requires iterating through every transaction ever
made and adding up all your unspent inputs. Another interesting note about
transactions is that the system can support more complex ones then simply
sending funds to one person.
You may have noticed a cryptic looking
line of text in the output shown previously it turns out that outputs are more like
puzzles to be solved rather than simple to addresses. Rather than emailing, sending money in
Bitcoin is more like putting money in a public locker and attaching a math puzzle that must be
solved to open it. The puzzle is defined using a special scripting language and while it's typically designed so that
only a single owner other public key can solve it, more complex conditions are possible. For
instance, two out of three signatures could be required for an escrow based
transaction. Another example is the very first Bitcoin transaction ever made which was a puzzle that anyone could
solve. While most Bitcoin software hides the
scripting layer for you, you're free to write your own software and
conditions, although this can be risky Over 2600 Bitcoins were lost in one batch
of transactions due to a malformed address.
This highlights an important part of Bitcoin, as there's no bank or credit card company you can appeal to any user error mistakes can result in
permanent loss of Bitcoins. And not just from your own account but
from the Bitcoin economy overall. if you lose your private key any funds
associated with the corresponding public key will be gone forever. Because people will likely lose private
keys due to hard drive crashes and insufficient backups this means the Bitcoin currency will
eventually be a deflationary one. Before explaining the final piece that
secures Bitcoin, mining, I want to highlight a few points about
anonymity in Bitcoin.
If you access Bitcoin through a TOR network
that hides your IP address you can use Bitcoin without ever
revealing anything more than your public key And to avoid someone linking your
transactions together, remember they're all publicly stored on every computer, you can generate a new public key for
every incoming transaction. It is possible however to inadvertently
link public keys together. In the transaction shown earlier, 6 input
transactions were used as sources, and despite the fact that all those
inputs were sent to different addresses they all became linked in that
transaction the sender proved that he owned all those
addresses by supplying the digital signature to unlock each one.
Researchers have in fact use these links
to study Bitcoin user behavior. You might think that generating a public
key receiving address could potentially create a link to your true identity, but even this step is anonymous, and
amazingly, can be done with no connection to the network. You simply click a button in your wallet
software and it randomly generates a new private andn public key. Because there are so many
different possible addresses, there's no reason to even check if
someone else already has that key, Compare this to signing up for an email
address, where almost everything you might try has been taken In fact, if you did get someone else's
key, you would have access to all their money. This is the total number of possible
Bitcoin addresses. These large numbers protect the Bitcoin system in several
ways, so it's useful to try to appreciate just
how big they are. Some estimates for the number of grains of sand in the entire
world are around seven and a half million trillion now imagine that every grain of sand
represented an entire other earth of additional grains you're still
much smaller than the possible number of Bitcoin addresses.
Let's recap the coin security so far. By
verifying the digital signature we know that only the true owner could
have created the transaction message, And to make sure the sender actually has
money to spend, we also check each reference transaction, making sure it is unspent. But there's
still one large security hole in the system that can make this unspent check unreliable, and this has to
do with the order of transactions. Considering that
transactions are passed node by node through the network there's no guarantee that the order in
which you receive them represents the order in which they were created And you shouldn't trust a timestamp because
someone could easily lie about the time a transaction was created.
Therefore you have no way to tell
whether one transaction came before another, and this opens up the potential for fraud.
A malicious user, Alice, could send a transaction giving
money to Bob wait for Bob to ship a product, and then send another transaction
referencing that same input back to herself. Because of differences in propagation
times, some nodes on the network would receive the second double spending transaction before the
one to Bob, and when bob's transaction arrived they would consider invalid because it's
trying to reuse an input.
So by would be out both the shipped product
and his money. Overall there would be disagreement across the network about
whether Bob or Alice had the money because there's no way to prove which
transaction came first. In light of this there needs to be a way for the entire
network to agree about the order of transactions which is very much a daunting challenge
in a decentralized system Bitcoin's solution is a clever way to both
determine and safeguard the ordering through a kind of mathematical race The Bitcoin system orders transactions by
placing them in groups called blocks and linking those blocks together in
something called the Block Chain Note that this is different from the
transaction chain we discussed earlier.
The block chain is used to order
transactions, whereas the transaction chain keeps track of how ownership
changes. Each block has a reference to the
previous block and this is what places one block after another in time. You can traverse the references
backwards all the way to the very first group of transactions ever made. Transactions in the same block are
considered to have happened at the same time, and transactions not yet in a block are
called unconfirmed or unordered. Any node can collect a set up
unconfirmed transactions into a block and broadcast it to the rest to the network
as a suggestion for what the next block in a chain should be. Because multiple people could create
blocks at the same time there could be several options to choose
from, so how does the network decide which should be next? We can't rely on the order that blocks arrive
because, as explained with transactions above, they may arrive in different orders at
different points in the network.
Part of the Bitcoin solution is that each
block must contain the answer to a very special mathematical problem. Computers run the entire text of a block
plus an additional random guess through something called a cryptographic hash until the output is below a certain
value. A hash function creates a short digest from any arbitrary length of text. In our case the result is a 32 byte
number. Here are some examples of the specific cash function Bitcoin uses, SHA256. Note how much the output changes
in result of a single extra period at the end of the third
example. The output is completely unpredictable. so the only way to find a particular
output value is to make random guesses. It's very much like guessing the
combination to a lock. You may get lucky on your first guess
but on average it takes many guesses. In fact in Bitcoin, it would take a
typical computer several years of guessing to solve a block. With every computer in the entire
network or guessing numbers it takes about 10 minutes on average for someone
to find a solution. The first person to solve a math problem
broadcasts their block and gets to have their group of
transactions accepted as the next in the chain.
The randomness in the math problem
effectively spreads out when people find a solution, making it unlikely that two people will
solve it at the same time. Occasionally, however, more than one block
will be solved at the same time, leading to several possible branches. In
this case you simply build on top of the first one you received. Others may have received the blocks in a
different order and will be building on the block they first received. The tie gets broken when someone solves
the next block. The general rule is that you always immediately switch to the
longest branch available. The math makes it rare for box to be
solved at the same time, and even more rare for this to happen multiple times
in a row. The end result is that the block chain
quickly stabilizes, meaning that everyone is in agreement about
the order of blocks a few back from the end of the chain.
The fact that there's some ambiguity
in the end of the chain has some important implications for transaction security. For instance, if your transaction finds
itself in one of the shorter branches, it will lose its place in line within the
block chain. Typically, this just means it will go back to the pool of unconfirmed
transactions and be included in a later block. Unfortunately this potential for
transactions to lose their place opens the door to the very double spend
attack that was our original motivation for an ordering system. Let's look at how a double spend attack
would work in the system described so far. A fraudster, Alice, sends money to Bob. Bob
then waits for the transaction to get confirmed into the block chain, and then ships a product. Now because nodes always switch to a
longer branch if Alice can generate a longer branch that replaces the
transaction to Bob with one to someone else, his money will effectively get erased.
Bob's transaction will initially get tossed back into the unconfirmed pool, but since Alice has replaced it with
another transaction that uses its same input, notes will now consider Bob's
transaction invalid because it's referencing an already spent input.
So how does the ordering system prevent
Alice from defrauding Bob? You might think that Alice could pre-compute a chain of blocks to spring on the network at just the right time, but the math puzzles in each block
actually prevent this. We need to look a little deeper into the cryptographic
hash explained earlier to fully understand why. As mentioned previously, solving a block
involves trying to get the cryptographic hash of the block to be below a certain value,
and you do that by trying different random numbers at the end of the block.
Once solved, the hash output is like a
fingerprint that uniquely identifies that block. If even a single character in the block
is changed, the block's hash would be completely
different, just like we saw before when an additional period was added. The hash output, or finger print, is
actually what's used as the previous block reference. One result of this is that there's no
way to switch out a block in the middle of the chain because the hash value for the new block
would be different and the next box reference would no longer point to it. And subtly, but even more importantly,
a block cannot be solved before the previous block is solved. The previous block reference is part of
the text that goes through the hash function, so any changes to it would require
resolving.
Getting back to Alice, this is why she can't pre-compute a
branch, she can only start solving blocks once the block she wants to build on is
solved, and its hash value is known. She is
therefore in a race with the rest of the network until bob ships the product,
which is when she wants to present a longer branch.
One last question is whether Alice might
be able to outpace everyone if she had an extremely fast computer, or perhaps a roomful of computers. But
even with thousands of computers she would be unlikely to win the race to
solve a block because she isn't racing any ONE computer, but rather the entire network. You can think of it like a lottery. She can operate thousands of computers,
or equivalently, buy thousands of lottery tickets, but even
then, it's much more likely that someone else would win. She would need control of half the total
computing power in the entire network to have a 50 percent chance of solving a
block before someone else, and much more to have a high probability
of winning several blocks in a row faster. So transactions in the block chain are
protected by a mathematical race, one that pits an attacker against the
entire rest to the network.
A consequence of blocks building on top of
each other is that transactions further back in the chain are more secure. An attacker would have to outpace the
network for a longer amount of time to carry out a double spend attack. replacing a block further back in the
chain. So the system is only vulnerable to a double spend attack near the end of
the chain, which is why it's recommended to wait
several blocks before considering received money final. One last comment on the block chain
before explaining the final pieces of the Bitcoin system. Amazingly, nothing described so far
requires any trust. When you receive information from
strangers in the Bitcoin network, you can check for yourself that block
solutions are correct. And because the math problems are so hard, you know that there's no way any
attacker could have generated them on their own. The solutions are proof that the
computing power of the entire network was brought to bear. Now that we've discussed how money is
transferred through digital signatures and transaction chains, and how the order of those transactions is
protected in the block chain, let's go over the final piece: where
Bitcoins come from.
To send money, you must reference a
previous transaction where you were the recipient. But how to coins get into
this ownership chain in the first place? As a
way to slowly and randomly generate and distribute coins, a reward is given to whoever solves
block. This is why solving blocks is called mining, although its real purpose is to verify
transactions and safeguard the block chain. Every four years the block reward is cut
in half so eventually no more coins will be released. About 21 million in total will be
created. Bear in mind that you can send down to 1 100 millionth of a Bitcoin, so the total number available will likely not
limit the currency's usability. once the block rewards cease, when incentive will
miners have to process transactions? In addition to the block rewards, miners
also get any transaction fees that can optionally be included with transactions.
Right now miners will include
transactions with no fees into blocks because their main incentive is the block reward, but in the future,
transactions will likely be processed in order of the fees attached, and ones without fees will likely be
ignored. Sending money in Bitcoin will probably not be free, but will hopefully still be cheaper than
current credit card fees. As mentioned before, on average it would
take several years for typical computer to solve a block, so an individual's chance of ever solving
one before the rest to the network which, typically takes 10 minutes, is very
low.
To receive a steadier stream of income, many people join groups called mining
pools that collectively work to solve blocks. and distribute rewards based on work
contributed. These act somewhat like lottery pools among coworkers, except that some of these pools are
quite large and comprise more than twenty percent above all the computers in the
network. The fact that some of these pools are so
large has some important implications about security. As mentioned before it's very unlikely
for an attacker to solve several blocks in a row faster than the rest fo the
network, but it is possible, and the probability
increases as the attacker's processing power gains in proportion to the rest to
the network.
In fact, one of these mining pools, BTC
guild, has solved six blocks in a row by itself, and has voluntarily limited its
members to ward of distrust in the entire Bitcoin network. Even a substantial computing power, the
further back in the block chain a transaction gets, the harder it would be
for an attacker to change it. The current
recommendation is to wait for transactions to make it into at least one block, or get one confirmation, before
considering it final. And for larger transactions, wait for at least six blocks. In light of BTC guild's ability to solve
six blocks in a row, you might want to wait even longer.
By
design, each block takes about 10 minutes to
solve, so waiting for six blocks would take about an hour. Compared to the several seconds a credit
card transaction takes, waiting this long for confirmations may seem burdensome, but keep in mind that credit card
customers can claim a stolen card months later to have charges reversed
from merchants (card chargebacks), so Bitcoin is actually much faster from
a merchant's perspective. The particular choice of 10 minutes was
somewhat arbitrary, but extremely short times could lead to instability, and longer ones would delay
confirmations. As more computers join the network, and specialized hardware is designed
specifically for mining, the block solution time would get very
small. To compensate, every two weeks all the Bitcoin software recalibrates
the difficulty of the math problem to target 10 minutes.
For comparison, a similar digital
currency called Litecoin has been able to operate with a two-and-a-half
minute block time. In summary, Bitcoin is a mathematically
protected digital currency that is maintained by a network of peers. Digital signatures authorize individual
transactions, ownership is passed via transaction
chains, and the ordering at those transactions is protected in the block
chain. By requiring difficult math problems to
be solved with each block, would-be attackers are pitted against
the entire rest to the network in a computational race they're unlikely to
win. Bitcoin promises many interesting ideas, such as insulation from government
meddling, anonymity, and potentially lower transaction fees. It
also has many challenges, as it is currently very difficult to
exchange Bitcoins for other currencies, and has been cited as a haven for
illegal activity and tax evasion, so governments might try to ban it. Also the
mathematical race that protects the block chain uses a substantial amount of
electricity. If you'd like to view a written version
of this video you can find one on my personal blog:
imponderablethings.com The blog also has some additional
explanations of the math behind the digital signatures and cryptographic
hashes that underlie the system.
