Lots of people are curious about Bitcoin and cryptocurrency these days. This is particularly true among PC gamers. Not only is cryptocurrency making headlines, it’s also screwing up the graphics card market. Which naturally leads people to asking questions like, “What is this stuff?”

I am not remotely an expert and I’ve never had a reason to use Bitcoin, but I understand a little bit of the underlying technology and I think I can help explain it to people.

Essentially, a bunch of math nerds have invented a new form of money and the world is curious what’s going to happen next. We’ve never had “money” that worked like this before. It’s not tied to a specific paper currency. It’s not guaranteed by a bank. It’s not issued by a government. It’s not backed by precious metals. Instead the currency is governed by a few simple rules and guaranteed by math. This creates a lot of interesting questions regarding economics, trust, law, and existing financial regulations.

But we’re not here to have those debates. We’re here to try and understand what this system is and how it’s possible to have a secure currency with no centralized power. Do note that every level of simplification is bound to bruise the truth a little. What I’m going to give is a very rudimentary overview and many, many details have been left out. This will not make you an expert, but I hope I can at least help you understand a couple of basic questions like:

How does cryptocurrency work? What is this “block chain” thing people keep talking about?

Cryptocurrency is built using two key technologies: asymmetrical cryptography, and hash functions. Those terms might sound complex and scary, but anyone can grasp them. So before we explain cryptocurrency and the blockchain, let’s explain these two technologies.

Asymmetrical Cryptography

Asymmetrical cryptography requires two keys to work. But not these kinds of keys.

You’re probably familiar with symmetrical cryptography. You’ve probably even used it. If you’ve ever accessed a password-protected ZIP file then you’ve got the basic idea. A password is used to scramble a file, and you can only unscramble by using the password. This scrambling of data to make it unreadable is called “cryptography”. This stuff with passwords is “symmetrical” because you use the same password to encrypt (scramble) the data as you do to decrypt it.

An asymmetrical system is one where you actually have two passwords: A and B. If you use A to encrypt, you need B to decrypt. If you encrypt with B, then you’ll need A to decrypt.

Actually, A and B aren’t really “passwords” in the classic sense. They’re numbers. Typically, they’re numbers that might be a hundred digits long. I can barely follow the mathematics involved and I don’t feel safe trying to explain them, but if you’d like to know more then this 8-minute video gives a pretty good overview.

A and B are usually called a key pair. You find yourself two very large prime numbers at random and use them to make your key pair. One of them you share openly with anyone that might want to communicate with you, and the other is kept secret. These are called your public key and your private key. This allows us to do two things:

One, my friend can encrypt a message with my public key. Remember, if you encrypt with one key then you can only decrypt with the other. Since I’m the only person with access to my private key, my friend can feel confident that I’m the only person in the world that can open it. This gives us incredibly strong security.

But we can also do something else: I can encrypt a message with my private key and send it to you. If you can open it with my public key then you can feel 100% confident that the message came from me and not from someone pretending to be me. This gives us incredibly strong authentication.

(If you want to get really fancy then we can combine these techniques. If you want to send me a message you can encrypt it with my public key, and then encrypt it again with your private key. This means you can know for sure that I’m the only one who can open it, and when I do I can be sure you’re the one who sent it.)

Asymmetrical cryptography is used in a lot of different places, not just in internet funnymoney. Speaking of which, there’s one more technology we need to understand to make sense of this Bitcoin stuff:

Hash Functions

Information in, garbage out. I don't see what the big deal is. A lot of my programs end up doing this by accident.

Above we talked about cryptographic functions, which are designed to scramble some information so that it can be unscrambled later by someone with the right key. For contrast, a hash function is designed to scramble things without hope of recovery.

Let’s say I rolled a handful of dice and added up the rolls to get a total of 28. Based on that number, you can’t reverse the process to know what numbers I added up. No matter how carefully you study that 28, you’ll never be able to determine how many dice were rolled, how many faces they had, or what numbers I got. In a case this simple you could come up with lots of plausible theories, but you’d never be able to prove any of them. This adding up of values is a fundamentally one-way function and information is irrevocably lost in the process.

The above example wouldn’t be particularly useful in computer science, but a more complex hash can be used to make a system secure almost to the point of invincibility.

The hash we’re talking about in this case is a hash function called SHA256. It takes input and outputs 256 bits of complete noise. The input can be anything you like: A password, a list of numbers, or the text of an entire novel. Doesn’t matter. The input can be short or immense. What matters is that the process is entirely one-way and always outputs noise of the same length.

If you want to see it in action, you can try a web-based version of SHA256 here. Just type in some random input, hit the button, and look at the gibberish it spits out. For example, if you type “Shamus Young” into it, you’ll get the following:

e671c469c4e2c73c0499dfe74c4792fd3438d6ffe8371ea26dd70ea14bd54bf3

This is a hexadecimal representation of the result. You could also express it in binary, but then you’d wind up looking at a half-page of random 1’s and 0’s, which isn’t very interesting. The trick here is that you’ll always get this same result from the same input.

Now look at what you get if you enter “Zhamus Young”:

849a3f601e417a6bc2d2f5555778529b575831db1af8231574d1663e291a94c6

I made a very slight change to the input, and the entire result changed. Most importantly, there’s no way you could determine what input I used to get this result. You can look at that big string of gibberish all day and you won’t have any way to reverse the process and discover my secret input of “Zhamus Young”. You won’t even know if the input was a couple of short words or several paragraphs. If you saw that string of gibberish you wouldn’t have any way to figure out what the input was other than simply brute-force trying every possible combination of words, sentences, numbers, and paragraphs.

How secure is this? Well, this video explains that even if we had a network of supercomputers that spanned 4 billion galaxies, and even if we let them run for 500 billion years, we’d still only have a 1 in 4 billion chance at finding the input by brute force.

Okay, that’s enough about the technology. Let’s talk about…

How Cryptocurrency Works

Bonus fact: You can't lose bitcoins in your couch cushions.

There’s no central bank or government running this thing, so instead cryptobux like Bitcoin use a distributed system. Think of it like a ledger of transactions, like so:

1. Gordon pays $50 to Alyx.

2. Alyx pays $10 to Eli.

3. Isaac pays $10 to Eli.

4. Wallace pays $100 to Judith.

You can look at the history of transactions and see how much money each person has at any given time. As two people do a trade, the payer broadcasts their payment to the other people using the system. When the payee sees the transaction show up in the public ledger, they know they’ve been paid and they can give the payer the goods or services they paid for. (Or whatever they’re doing.)

So what’s to stop Wallace from broadcasting a bunch of bogus transactions saying that everyone else gives him all the money? Well, the payer must digitally sign each transaction. Remember earlier I said that asymmetrical cryptography allows us to verify identities.

Gordon can take the line, “1. Gordon pays $50 to Alyx.” and encrypt it with his private key. This encrypted message can then be the signature for the transaction. Anyone else can decrypt this signature using Gordon’s public key. When they do, they’ll see the contents of the signature “1. Gordon pays $50 to Alyx.” exactly matches the transaction, “1. Gordon pays $50 to Alyx.”, so this signature belongs to this transaction. And since they opened the signature using Gordon’s public key, they know he created this signature. So there’s no way for Wallace to create bogus transactions.

However, the other trick Wallace could pull is trying to tamper with the ledger by removing legitimate transactions. Maybe Wallace paid $50 to Gordon in exchange for Gordon’s lucky red crowbar. Now that Wallace has the crowbar, he wants to try to spoof the system by leaving his payment out of the ledger so he gets to keep his money.

This finally brings us to…

The Blockchain

The blockchain ledger doesn't use real names like in my examples, so the system is both (probably) secure and (theoretically) anonymous.

Ledger entries are grouped. These groups are called “blocks”. I guess you can think of a block like a single page of the ledger, but each block has a few thousand transactions and I’m not sure how far you want to stretch this metaphor.

Sure, Wallace is a participant in the system and maybe he wants to set up some tricky hack to propagate bogus blocks. Maybe he’s made a lot of poor purchasing decisions and now he’s looking to erase those transactions after the fact. Since the whole system is distributed, doesn’t that mean anyone can add new “pages” to the ledger? (That is, a new block to the chain.) Some people are saying Wallace spent a bunch of money. But Wallace, having erased his transactions after getting his goods, is offering a block that shows he spent nothing. How does the system tell a correct block from a bogus one? This is the internet. Anyone can be lying about anything at any time. Even if we added some sort of “voting” feature and let the crowd vote on what was legit and what isn’t, there would be nothing to stop Wallace from making hundreds of bogus sock puppet accounts that would all support his version of events. How can we possibly verify anything in this world of anonymous participation?

To do this, we use proof-of-work.

Proof of Work

I have no data on the exchange rate between Memebux and cheevos.

Some people on the system have taken it upon themselves to certify blocks as legit. I’ll tell you what these people are called in a couple of paragraphs, but for now just think of them as accountants. The important thing is that in order to certify a block of transactions as legit, you have to do some computational work. Someone looking to certify a block will listen for all the transactions being broadcast by the people using the system. They can take these entries, check the signatures, and bundle the transactions to make a block. Once they have all the data gathered up and checked, they run the whole thing through SHA256.

Let’s say we’ve got a couple thousand entries.

1. Gordon pays $50 to Alyx.

2. Alyx pays $10 to Eli.

3. Isaac pays $10 to Eli.

4. Wallace pays $100 to Judith.

- much later...

1999. Wallace pays $100 to Metro.

2000. Judith pays $45 to Eli.

As I said above, you can shove any old data into SHA256 and get a string of gibberish back. Let’s say the person certifying a particular block runs it through SHA256 and gets out a string like this:

50d858e0985ecc7f60418aaf0cc5ab587f42c2570a884095a9e8ccacd0f6545c

The thing is, for a block to be validated the SHA256 value for the block must have an unusual property. It must begin with a whole bunch of zeroes.

00000000000074225559f647571c15a4e4cbf13e9494e89cb556d71b5c7ec515

Note the start of the string. Since there’s no way to control or predict what the output of SHA256 will be, there’s no quick way to find something like this. The person trying to certify the block can just append a single random number to the end of the block and run it through SHA256 again. When that doesn’t work, they can try a different random number. The system is set up so that this is basically a lottery. Somewhere out there is a number that you can stick on the end of this ledger block that will cause the whole thing to yield a SHA256 hash that starts with a lot of zeroes. This number is called a “nonce”.

Once someone has a winning value, they finalize the block and broadcast it to everyone else. The other people trying to certify the block can check the work and see that the block is indeed valid. The signatures check out, the math checks out, and the nonce does indeed yield a SHA256 value with a bunch of zeroes. So this new block gets added to the chain, and the lottery for the next block begins.

Whoever wins this lottery – whoever finds the nonce – is allowed to add a special transaction to the start of the block, granting themselves a modestThese days, it’s not at all modest. Bitcoin is worth so much now that it really is like winning a lottery. finders fee.

Now I’ll tell you what these people doing block certification are called: They’re called Bitcoin Miners.

Yes, that’s what a “Bitcoin Miner” is. The name makes it sound like they’re somehow mining for virtual money with a pickaxe, but what they’re really doing is using their computing resources to help certify blocks, and getting paid for their trouble. The money incentive is there so lots of people will participate. Having lots of people playing the lottery makes things even harder for the…

Cheaters!

I mourn the loss of cheat codes in modern games. I do not mourn the loss of brick-shaped controllers. Ow.

So let’s get back to Wallace, who is trying to certify a bogus block where he didn’t pay anyone anything. First, he needs to find a nonce to certify his bogus ledger. He’s the only one working on this bogus block, so he has to find it all by himself. And he needs to find it fast. It won’t do him any good if his Bitcoin-mining setup certifies the block three days from now. By then the world will have moved on. The real block – the one with the transactions he’s trying to erase – will have long since been accepted.

But it could happen! Maybe Wallace gets lucky and somehow finds a nonce for his bogus block before the other thousands of Bitcoin miners find a nonce for the real one. The trick is that he’s not done. That magic lottery number? The nonce? That number gets put at the start of the next block in the chain. In this way, each block is connected to the one before, and the one that follows. Thus forming a chain of them. Hence, “Blockchain”. So basically Wallace is working as a Bitcoin miner, except he’s certifying his bogus block instead of the legit block everyone else is seeing.

However, since the blocks are in a chain, changing THIS block means it will also change the NEXT one, and the one after that, and after that, and so on. Wallace has to certify this bogus block, and then the next block in the chain will require him to win another SHA256 lottery, and so on. Even if he just wants to erase a single transaction, it will put him on the hook, forcing him to forge new blocks to the end of time. These latter blocks might be totally legitimate, but they’ll be descendants of his one bogus block and thus require different SHA256 solutions.

If you watched American sitcoms in the 80s then I’m sure you saw an episode where a character tells a single lie at the start. But then later someone calls them out on it and they have to tell another lie to support the first one, then a third lie to cover for the second, and so on. “Hilarity” ensues. This is the same deal. If you want to offer a fraudulent block to the system, then you need to maintain that fraud with a never-ending chain of blocks.

Note that people can't TELL these blocks are bogus just by looking at them. (Assuming the signatures are good and the math checks out, I mean.)

People using the system will see Miner #2,954 is offering one block, while Wallace is offering another one. How do they know which one of them is telling the truth? Who has the real block? From the perspective of the rest of the system, it looks like the blockchain has “forked” and there are two possible records for everyone’s transaction history. From the perspective of other people on the system, you can’t immediately know which fork to trust. Maybe Wallace is trying to erase transactions so he can keep his money, but maybe someone else is trying to add transactions that never took place to steal his moneyIgnoring the problem of how they could possibly forge his signature.. Who do we trust?

But unless Wallace has over half the computing power of all bitcoin miners, he’ll never be able to keep up. Everyone else on the system – thousands and thousands of bitcoin miners with tens of thousands of workhorse mining computers – will build on the legit blocks much faster than poor Wallace can certify blocks on his aberrant branch of the chain. The system is designed to trust whichever blockchain is the longest, and there’s no way Wallace can outpace everyone else on the system. Sooner or later (probably very soon) the system will leave his sad attempt at fraud behind. Everyone else on the system will agree that Wallace spent that money and that he doesn’t have it anymore.

Cryptocurrency is a complex technology. Much of this explanation is a watered-down version of the already simplified explanation given by 3Blue1Brown. If you’re looking for a bit more detail but you’re not ready to do a deep dive on the mathematical theory behind all of this, then his video is the next step up in sophistication.

So that’s what I can tell you about bitcoin. Next week we’ll talk about why it matters for PC gaming.