Casinos, Macau

Imagine an alternative digital currency based on cryptographic principles, designed and launched by persons unknown, running as an uncontrolled and uncontrollable peer-to-peer network. The network has no central authority, and no single point of failure. It is, simply, made up of a self-regulated network of computers connected to each other, speaking the Bitcoin protocol between one another, and nothing more.

It sounds pretty far-fetched, but in fact you could use it right now to buy real goods and services. It is also growing at a surprisingly rapid pace, and spoken of by many as a possible alternative to official currencies such as the euro and the dollar. That's quite a feat for what's essentially no more than a few documents describing the protocol, and a bunch of C++ code implementing it, uploaded to Github.

All of this is backed by no more than the fact that it works and the name Satoshi Nakamoto, a pseudonym for nobody knows who or what. It's a beautiful illustration of how money really is a social construct, and not a physical thing at all.

The promise of Bitcoin

The original motivation for Bitcoin was the ability to cheaply and freely make electronic payments. Freely here means unrestricted by government control and financial middlemen, while cheaply means much more cheaply than, say, a credit card payment or a wire transfer. Part of the motivation is that using a middleman like Paypal runs the risk of having Paypal freeze your account. Banks in some cases also restrict who can and cannot receive funds.

Proponents often also promote Bitcoin for being inflation-free by design, and anonymous. Many have also become interested in Bitcoin because the value of the currency has increased enormously over the last few years, and so they see purchasing Bitcoin as a promising investment.

But does Bitcoin really live up to all of these promises? Well, in a sense it does, because it really is working right now, and you really can use it to buy actual physical goods and services. But is it here to stay? To meaningfully answer these questions we have to look more closely at how it works.

The protocol

Bitcoin signature chain (from Satoshi's original paper)

A Bitcoin is really a chain of digital signatures. The idea is that if I have a Bitcoin, and I want to give it to you, I use my private key to sign a transaction onto the end of the Bitcoin. Basically, I take the previous transaction, and your public key, and sign those two together with my private key. Because of how public key cryptography works, only I can do that, but anyone can easily verify that I did it, and see which public key has received the coin.

In principle, nobody except you and I know who owns the public key which has received the coin, but that doesn't matter. That public key has a corresponding private key, which only you know. So once you have received the coin, only you have the computational ability to spend it by appending another transaction to the end of the chain.

However, there is a difficulty here, because the coin is a digital object, not a physical one. Nothing can stop me from forking the chain by spending the same coin twice. And no cryptographic checks done on the forked chain will show any problems. The obvious solution is to make sure everyone knows about it as soon as I've spent the coin, and this is what Bitcoin does.

Basically, Bitcoin is a big peer-to-peer network. If you download Satoshi's client and start it up, it will first bootstrap itself into the network. It will find other clients speaking the Bitcoin protocol, and connect to those. When someone spends a coin, they send a message (called tx) to all the clients (peers) they have direct connections to, and these will pass it on to others, until all nodes in the network have the message.

So if I spend the same coin twice, everyone will know, but that's not enough. We need a way to tell which of the two spendings is the accepted one, and which is rejected. That is, there needs to be some kind of ledger, or official record of transactions, that says which transactions have been accepted. That's not trivial to achieve in a decentralized system, but Bitcoin solves it through the concept of the "block chain".

The block chain (from Satoshi's original paper)

Bitcoin clients listen for incoming transactions, and when they've seen a sufficient number of new transactions, they collect them together in a block. The transactions are then hashed together with the hash of the previous block, a timestamp, and a nonce. (We'll return to what the nonce is.) The whole block is then output to the entire P2P network, and becomes part of the official record of transactions.

So if I want to sell a banana to you, you send a tx message announcing the transfer of the Bitcoin. I then wait for that transaction to be included in a new block, and once it is, I give the banana to you. Except, hang on, if anyone can announce blocks, how can there be a single, authoritative block chain?

This is where the nonce comes in. The hash value that's used to verify the block is a result of unpredictable cryptographic processes, so while there's only one correct hash value for a given set of inputs, that value is effectively random. Bitcoin, however, requires that it begin with a certain number of zero bits. To achieve this, clients have to increment the nonce value (which has no meaning and is used only for this) until the hash comes out with the right number of zero bits. Obviously, this can take considerable computing resources, and that's the whole idea.

Right now, if you tried this on a standard laptop, you'd have to spend about a year to find the right nonce value. The reason is that each new block contains a few new bitcoins, which are owned by whoever creates the block. This is why the search for new blocks is known as "mining": it actually creates new money, given as a reward for spending the computational resources necessary to create a new block. That reward has been sufficient for people to have special hardware created for the purpose, which is why you'd need a year to create a new block on your laptop.

But why make it so hard? Because that makes it difficult for people with malicious intent to put falsities into the block chain. Participants with no evil intent will only base their new blocks on correct blocks, and so if you forge a block it will be discarded and never appear in the most widely accepted chain. The Bitcoin rule is that you should always tack the next block onto the block that has the longest chain behind it. In consequence, in order to get fake blocks accepted an attacker needs more computing power than that of all the virtuous users put together.

Given that the Bitcoin protocol automatically adjusts the difficulty of creating a new block to keep the block creation time at 10 minutes (basically, by adjusting how many zeros there must be in the hash), you can see that considerable computing power has already been collected. NSA or Google could probably amass enough power to subvert the chain, but it's deeply unlikely that they're interested.

In fact, Bitcoin mining has become sufficiently challenging that there are real economic costs involved in it. It's been argued that this is similar to the way the use of gold in older currencies prevented fraud, simply because amassing enough gold to mint coins required so much resources as to make it not worth the effort.

Infrastructure

Thus far we've only discussed the protocol itself, but there is a bit of infrastructure around it. The simplest piece of that is the Bitcoin client Satoshi developed. You can download this today and run it on your computer. It will join the P2P network, download the entire block chain, and participate in Bitcoin like all other nodes. If you want, it can also participate in mining. If you get hold of some bitcoins it can also do transactions for you.

However, if you really want bitcoin currency you'll have to go via what's known as a gateway, where you can pay "real" currency for bitcoins. It's entirely possible to not run a Bitcoin client, and simply open an account at an exchange, in practice using the exchange as a bank. The best-known of these is Mt. Gox, but there are many more. There are also a number of e-wallet services, which allow you to manage your bitcoin and make payments. These can be either desktop software (like Satoshi's Bitcoin client), or web solutions, which are then very similar to exchanges.

Casinos in Macau, again

But does it work?

This is pretty much the entire workings of the currency. It's a remarkably elegant design, which accomplishes a number of technical feats using only two concepts: bitcoins and blocks. What's even more impressive is that the same simple design also provides the economic incentives necessary to get people to actually spend resources on maintaining the Bitcoin network. So it's not by accident that out of the many different e-currency proposals that have been floated, this is the biggest one that's actually in operation today.

So in a very real sense, clearly Bitcoin does work, because you can buy things with it right now. The real question, though, is what the future holds for Bitcoin. Is it going to take over and replace today's official currencies? Is it going to establish itself as a permanent alternative currency? Or will it simply fizzle out and disappear?

That's a pretty complicated question, which will have to wait for the next blog post.