A Technical Explanation of Bitcoin for Everyone

The technologies behind Bitcoin, blockchain, and related concepts are so complicated that learning about them usually means choosing between technical detail or big-picture understanding. You don't have to make that choice. Maybe you’ve heard about how blockchain is going to disrupt your industry. Maybe you're interested in buying bitcoin but don't want to invest in something you don't understand. Maybe you’re just curious how it works. Whatever your reasons are, everyone can understand Bitcoin and blockchain technologies on a technical level. I’m Billy Bitcoin, and I’m here for you. A lot of interest in Bitcoin starts with the why, but the why is controversial. We’re going to stick with what these technologies are and how they work. Bitcoin is a clever combination of several concepts, so it helps to break things up into sections. Cryptographic Hash Functions Digital Cash Mining Private Key / Public Key Cryptography The Bitcoin Protocol Blockchain Beyond Bitcoin Now let's dive in!

Cryptographic Hash Functions

Cryptography is a way of keeping a piece of information secure by turning it into an unreadable text that can’t be deciphered without the right tools. Cryptography plays two different, critical roles in Bitcoin (hence the name “cryptocurrency”). The first one is cryptographic hash functions. A hash function is a set of rules that turns a piece of information of any size into a piece of data of uniform size, known as the “hash.”

One simple example is the International Standard Book Number system (ISBN), the identifying numbers on the back of every book. It turns a piece of information — a specific edition of a particular book — into a standardized string of 13 numbers. In the “hash function” of the ISBN, the first edition of Harry Potter and the Sorcerer’s Stone becomes: 978-0439708180.

Scrabble is another example of a hash function. Using a straightforward set of rules — adding together the numbers on the letter tiles — the "Scrabble hash function" assigns a number to every conceivable word. Now imagine that I pour out a bag of Scrabble pieces on the table and mix them up in front of you. First, I pick a word — let’s say “CACTUS” — and I ask you how many points it’s worth. You’d quickly find the tiles that spell CACTUS and add them up: 10 points.

Next, I tell you that I’m thinking of a specific word, which is worth 10 points. What is it? Now you’re stumped. The reason is that Scrabble is an elementary kind of cryptographic hash function. A cryptographic hash function is a hash function with a few special properties: Property One: It is easy to calculate the particular hash for any given data, and that same data will always result in the same hash. The Scrabble set meets this property because you can easily figure out that CACTUS is worth 10 points and no matter how you add it up, it will always be worth 10 points.

Property Two: It is impossible to take the hash and figure out what the original data was. Our Scrabble set meets this property, too: it’s easy to figure out that CACTUS is worth 10 points, but if I told you I’m thinking of a specific word that’s worth 10 points, you likely couldn’t come up with CACTUS out of thin air.

Property Three: It is very, very unlikely that any two different pieces of data will have the same hash. Scrabble doesn’t quite have this property, because there are words other than CACTUS that are also worth 10 points. But we can imagine a more advanced version of Scrabble that does. Picture a Scrabble board that’s entirely covered with those special-value squares: double letter score, triple word score, etc. Except on this board, there are all kinds of such special squares covering the entire board, each of which has a simple but unique effect on whatever letter is placed there: “multiply word by 3.5 points”, “multiply letter by 1.2”, “add 12.1 to word.” And so forth.

On such a board, it would very hard to find any two words that have the same score when placed on a different set of squares. Most computer hash functions are not board games but algorithms: a set of rules, that tells a computer how to convert a piece of data into a string of characters. There are many kinds of these algorithms, but the one we’re interested in is called SHA-256 — Secure Hashing Algorithm 256.

SHA-256 instructs a computer to use a convoluted series of simple steps, which can turn any piece of information of any size into a string of 256 1s and 0s.

By the way: it's important to remember that in computer language, all data is represented in “binary”, as a series of 1s and 0s.

Created by the National Security Agency in 2001, SHA-256 has all of the same three properties we just learned about, but to a very complex degree — Scrabble on steroids. Hit the play button to see how SHA-256 is calculated.

Here’s how a computer running the SHA-256 algorithm would hash my name, “Billy”:

110010000011011010010101110011111001110000101100100101101100110110011110001111001110100101001101011001010110100111101110011101011111001010100101000001011100100011001101100010101100111000110110101001000100111101010101000101001011110100111101010100001001010

It takes a computer an instant to turn “Billy” into this string of 256 1s and 0s and "Billy" will always produce that same string (that’s Property 1). But it’s impossible for that same computer to take this string of 256 1s and 0s and come up with “Billy” (Property 2). And because of the way SHA-256 is designed (like our imagined “super-complex Scrabble board”), it’s also practically impossible that another piece of data would hash to the same string of 1s and 0s as “Billy” (Property 3).

SHA-256 can work with any piece of information: the word “Billy,” a picture of a cactus, the video file of GameOfThrones.mp4. Again, that’s because in computer language, all information is written as 1s and 0s.

For the sake of readability, when people refer to these long strings of 1s and 0s, they use something called the hexadecimal system, which converts every series of four 1s and 0s into a single letter or number. The above string for “Billy” of 256 1s and 0s, written using this hexadecimal system, looks like this: 85eea4a0285dcb11cceb68f39df10d1aa132567dec49b980345142f09f4cb05e SHA-256 also has a fourth property:

Property Four: Even small changes to the input data result in dramatic changes to the output hash. Here’s how SHA-256 would hash my name (in hexadecimal), letter by letter. Notice that as each letter is added, the hashes that result look nothing like each other.

SHA-256 is so useful because 256 digits of 1s and 0s gives a ridiculously huge number of possible hashes — 2256 possibilities, or 1.16x1077. That’s 5 billion times bigger than the number of atoms in our galaxy, and many, many orders of magnitude more than the number of grains of sand (~7.5x1018) or gallons of water (~3.26x1020) on Earth. We’re talking about an infinite number of pieces of information that can be put through SHA-256 and assigned a virtually infinite number of hashes. That’s what makes it like Scrabble on steroids — if you’re starting with the hash output, you’d have to go through a virtually infinite number of guesses to find a matching input. Okay, but what does this have to do with Bitcoin?

Digital Cash and The Bitcoin Network

Good question. Bitcoin uses cryptographic hash functions to create a new kind of “digital cash.” To understand how, we’ll need to take a brief detour. What’s digital cash? Digital cash is an electronic medium of exchange with many of the same properties as ordinary paper cash — easy to transfer without a third party, hard to counterfeit, and anonymous. Credit and debit cards, as well as services like PayPal and Venmo, seem to be a kind of digital cash, but behind those services are third parties: banks, credit card companies, and other financial institutions. At the end of the day the “electronic” money in your checking account is represented by dollars (somewhere) and managed by one or more of those institutions that we must put our trust in. Paper cash, on the other hand, is anonymous and readily transferable from person to person. It requires no third-party to get involved in the transactions, its value is well-known and agreed-upon by everyone. But there’s one big problem with digital cash. With paper cash, I can only spend each dollar once. If I take it out of my wallet and give it to you, it’s your dollar. I can’t spend it anymore, and you can do what you want with it. The serial number is a unique identifier of that single bill, and these days, it’s nearly impossible to create a counterfeit bill that looks the same. But digital cash should be quite easy to counterfeit. Since a “digital bill” would be made up of a series of 1s and 0s (like everything on a computer), I could just duplicate that series of 1s and 0s and counterfeit my money. If everyone could just make copies of whatever digital “bills" were in their digital “wallets”, the currency would quickly become useless. The only way to solve this problem seems to be with some kind of ledger: a record book that keeps track of how much digital cash everyone has, and records every transaction. But if this record book is maintained by some trusted third party, then we’re back to square one. A decentralized way to keep track of transactions is the hard part of creating a digital cash. Bitcoin is a kind of digital cash that uses cryptographic hash functions, instead of a third party, to keep track of transactions. It’s important to know that Bitcoin, with a capital “B,” refers to the technology as a whole; think of the US financial system. With a lowercase “b,” bitcoin refers to units of the digital cash system; think of the US dollar bill. In Bitcoin (with a capital B), transactions of bitcoin (with a lowercase b) are hashed through SHA-256. We already learned how any piece of information can be hashed through SHA-256, and a transaction is nothing more than a piece of information represented by a series of 1s and 0s. These hash outputs are kept track of collectively by a peer-to-peer network, which is a decentralized web of computers that communicate with each other over the Internet without a central administrator. This kind of record-keeping is called a distributed ledger, and any member of the network who wants a copy of the ledger can have one. You can download the ledger today to your computer if you’d like, and it is permissionless, meaning anybody can join the network by downloading an app or computer software that gives you access to it, much like a web browser gives you access to the world wide web. The ledger is maintained collectively, not by any one member. Unlike a centralized ledger, where only a trusted third party can add transactions to the ledger, a distributed ledger allows anyone to add transactions to the ledger if they follow a set of rules known as the Bitcoin protocol. Next, we'll follow a bitcoin transaction and see how it gets added to the Bitcoin ledger according to the Protocol.

Mining — How bitcoin transactions are validated and added to the ledger

If I want to send one bitcoin to my friend, Daniel, I send out a message to the distributed network of Bitcoin users: “Billy sends one bitcoin to Daniel."

This transaction sits in a group with other pending transactions, known as the memory pool, or mempool. The mempool is a group of transactions that are recognized by all users, but not yet validated. Think of this as if your waiter has taken your order at a restaurant, but the cook has not yet prepared it.

Any user can try to validate several of these transactions from the mempool by grouping them together in “blocks.” Users who validate transactions are known as "miners". According to the protocol rules, in order to validate a block of pending transactions, the miner checks her copy of the ledger — which includes all previous bitcoin transactions — to ensure that I actually have enough bitcoin to send to Daniel. She does the same with any other pending transactions she groups into the block (here, she also checks for Linda and Mike).

In order to be added to the ledger, this block of transactions will ultimately be hashed through SHA-256. That means that the 1s and 0s making up the ‘data’ of these three transaction are hashed through the SHA-256 hash function, producing a unique 256-digit number (or 64 Digits in hexidecimal).

There’s something else also included in the input, along with transaction block: the hash of the previous block.

By including the hash of the previous block in each new block, it creates a chain of blocks — or a blockchain — with each block including the entire history of all previous transactions.

This is possible because SHA-256 has a nearly infinite set of possible hashes and so each new set of transactions and the hash of the previous block can have its own hash. Because the hash of every block is computed using the hash of the block before it, every block is related to its preceding block and all of the blocks before it, including their transactions. A small change to any block (such as adding a fraudulent transaction) would completely change the hash of every subsequent block, and miners would notice the hashes no longer correspond and immediately reject that “fake” block with the fraudulent transaction from the network. This is essential as transactions can only be added to the blockchain in new blocks, but you can never go back and modify, add, or remove transactions in old blocks. As a result, in order to ensure that the blockchain is valid, miners need not examine every prior block, but only the hash of the most recent block (prior to the block they are currently validating). This is important because once a transaction is added to the blockchain, it is considered part of the network by the miners and is publicly visible to anybody on the network.

But how do we decide who gets to add these transaction blocks to the ledger?

According to Bitcoin protocol, only blocks whose hashes start with a certain number of 0s can actually be added to the ledger. Why? The idea is to create a competition among miners to determine who adds the next block of transactions. Remember, SHA-256 hash outputs are unpredictable. Changing a single character of the input data will dramatically change the output hash. That means that in order to make the hash output of a transaction block start with a certain number of 0s, miners have to add an arbitrary number to the block, known as a nonce, and see what the resulting hash is. Since every SHA-256 output is unpredictable a miner finding a block with a certain number of 0s is a brute force task, arbitrarily testing different nonces as fast as possible. A piece of data tells you nothing about what it’s SHA-256 hash output will be — you just have to guess.

In this example, the miner took the block of new transactions, plus the hash of the previous block, and added the nonce 4202 to that data. (This guessing of nonces is often called “hashing.”) Then, she hashed all of that data together through SHA-256, and came up with the resulting hash.

In this hypothetical, let’s say that a block’s hash must start with sixteen 0s (in hexidecimal, every one 0 is equal to four 0s in binary) to be considered valid. We only care about the number of leading 0s; the remaining sequence of 1s and 0s doesn’t matter. Because the hash did not start with sixteen 0s (four in hex), she has to try again.

A miner may go through trillions of these attempts until they get the ‘winning’ nonce — one that leads to a hash starting with sixteen 0s (four in hexidecimal) and thus one whose block is added to the ledger and whose transactions are considered valid.

Guessing nonces to find the right hash is like a game in which you and your friend Sarah are racing to flip quarters. The first person who flips four Heads in a row, wins. There’s a 50% chance of flipping Heads and a 50% chance of flipping Tails.

Flipping one Head is “easy.” In fact, it is expected that it happens one out of every two times, so if you and Sarah both flip a coin at the same time it is expected one of you would land Heads. Flipping two Heads in a row is twice as difficult: the probability is 25%. That’s because there are four possibilities with two flips. One out of four is two heads in a row — hence, 25%. The probability of flipping consecutive heads decreases by half with every additional Heads you require.

You and Sarah racing to flip Heads is not much different than two computers competing to mine bitcoin. We know that a hash of a block is a series of 256 1s and 0s. Think of it as a series of quarters, with 1s represented by Tails and 0s represented by Heads. If miners had to find a hash that started with one 0 (one Head), they would do it, on average, 50% of the time: half of all hashes start with 0, and the other half of all hashes start with 1. If we double the number of 0s we’re looking for to start a hash to two 0s in a row (two Heads), then the miners would find such a hash 25% of the time — because one fourth of all hashes start with two 0s. Just like with the coin flipping game, the more consecutive 0s you require, the more guesses it will take.

As of April 2018, Bitcoin requires that transaction blocks can only be added to the ledger when the hash of the block starts with 73 0s. This means that on average, miners would have to go through about 1.9 x 1022 hashes before finding a winning hash. That’s 19 sextillion hashes, or a probability of 0.00000000000000000001%. This doesn't mean that every miner goes through 19 sextillion hashes in ten minutes. In practice, all of the miners combined go through this many hashes on average, and only one miner wins! At any one time, there are many miners trying to validate the next block, which includes my transaction. The point of this is to make adding transaction blocks to the ledger computationally difficult, meaning that no computer can guarantee that they’ll solve for the next block. Remember that SHA-256 outputs are unpredictable, meaning that the hunt for a nonce that validates the block is nothing more than a lot of random guesses, and the “winner” is randomly chosen. The more computing power they have, the more quickly they can make guesses for the right nonce. Lets' go back to the coin flip game. If Sarah can flip coins twice as fast as you, she is likely to win the game 66.66% of the time, while you’ll only win 33.33% of the time. Sarah's likelihood of flipping four Heads first is directly proportional to the rate at which she flips coins relative to you, but there is still no guarantee that she will do this first. Similarly, the chances of any one miner hitting upon the right nonce is proportional to how much computing power they are using compared to other miners. But none of them can know when they will hit upon the right answer (or if they will at all). This is crucial. If a miner could guarantee that they will validate a specific block, they could validate fraudulent transactions in which they are spending bitcoin that they don’t have. This is the essence of the distributed ledger at the heart of Bitcoin. Instead of having a single entity (like a bank) validate and keep track of our transactions, we can have a huge number of people competing to validate each consecutive transaction. The validation process — the solving of the cryptographic hash function for a block — takes enough time and computing power such that no one entity can make sure they’ll get to validate the next transactions. This process is called a proof-of-work validation system, in reference to the “work” or computing power that is required to find a nonce that produces a winning hash. If mining is hard to do, why would anyone bother? For every block of bitcoin transactions validated, the Bitcoin protocol allows the miner to add an additional, special transaction into the block being validated: a transaction giving herself bitcoin. This is known as the coinbase transaction. These rewards for mining are the only way bitcoin is created. The Bitcoin protocol established a finite number of bitcoin that will ever be created: 21 million. Scarcity is a fundamental property of currencies; think of how there’s a limited supply of US dollars in circulation. The miner can only collect the reward if their blocks ends up being accepted by the other miners. Just like any other transaction, the coinbase transaction will only be accepted when it is agreed upon by everybody, which will only happen if all of the other transactions in the block are valid and if a winning hash is found. Miners will continue to mine as long as the reward they receive is greater than the costs, like electricity and hardware, that it takes to mine.

The more miners that are trying to validate blocks and get their rewards, the more competition there is. The more competition, the more ‘random’ the validation process. Finally, the more ‘random’ the validation process, the more secure it is. Randomness is at the heart of what makes a trustless distributed ledger possible. Bitcoin is a circular ecosystem, with each part feeding into the next. People can securely exchange bitcoin with each other only because the validating process is widely distributed; which is only possible because there are lots of miners doing the validating; which works only because they receive bitcoin rewards for doing it — which only has value to them because people are able to exchange bitcoin with each other in the first place! This beautifully simple balancing of interests, competition, and incentives is possibly the most ingenious concept behind Bitcoin. Just like the Federal Reserve has policies for when to inject new money into the US economy, the Bitcoin protocol has certain rules about how bitcoin are added to the ecosystem and how difficult it is for miners to earn them. The bitcoin reward for successfully mining a block halves every 210,000 blocks, or about every four years, and in 2009 the reward started at 50 bitcoin. In 2012 it became 25; and in 2016 it became 12.5. This means that by 2140 all bitcoin will have been distributed. The miner also collects transaction fees on top of the mining rewards, which you pay to incentivize a miner to include your transaction into a block; when all bitcoin are ultimately distributed through mining rewards, these transaction fees will ensure that miners are still incentivized to validate blocks. Fees are unrelated to the the amount of bitcoin in your transaction, but based on transaction file size and market supply and demand. Difficulty is a commonly used term to define how “hard” it is to mine (defined by the number of leading 0s in a hash). The Bitcoin difficulty is adjusted every 2,016 blocks to ensure that one block is found every ten minutes, an arbitrary length of time that adds new bitcoin to the ecosystem at a predictable rate. It also minimizes the risk of two miners validating two different blocks at the same time. Let’s go back to the coin flipping game one last time. Let’s say it takes ten minutes for either you or Sarah to flip four Heads in a row. Next, you and Sarah add two more friends to the game to make it more competitive. Assuming your new friends flip coins at the same rate as you and Sarah do, the four of you are now likely to flip four Heads in a row twice as fast (five minutes) because you have effectively doubled your coin-flipping rate. To keep the difficulty of the game at ten minutes, you could change the game rules to require flipping 5 Heads in a row to win. In Bitcoin, as more miners join the network (more computing power), the more quickly a block is likely to be found. That means difficulty must increase (more leading 0s) in the next adjustment to ensure that a block is still found every ten minutes. On the other hand, if miners leave the network, the difficulty should decrease in the next adjustment to ensure that blocks are found every ten minutes. The first Bitcoin blocks ever mined, where there were many fewer miners, required only 32 leading 0s — orders of magnitude easier to find than 73 leading 0s. That was a lot to take in. Let’s review the pieces of the puzzle so far:

bitcoins are like digital tokens that can be easily sent electronically from person to person. Those transactions are grouped into blocks, and are verified by members of a large network who compete to find the solution to a cryptographic hash function of the data contained in each block. The competition makes sure that no one person or group of people can verify fraudulent transactions into the record book. Those verifiers, which are known as miners, receive a prize of bitcoin for their efforts every time they successfully solve a hash and add a block of transactions to the ledger. These bitcoin provide the incentive for the competition that keeps the ledger honest. Each verified block of transactions also contains the information contained in all prior transactions, so that a chain of blocks is created — or a blockchain of verified and unchangeable transactions.

Private Key / Public Key Cryptography

There’s one more major piece of the puzzle that cryptography helps solve, and it relates to a separate problem in digital cash systems: authenticity. When I broadcast a transaction saying that I’m sending one bitcoin to my friend Daniel, how do I know it’s really him? And how does he know it’s me? Anybody can join the Bitcoin network, there are no personal requirements or any sort of application. All you need is a connection to the internet. Every user in the network has a string of characters that acts as a kind of public “email address” for bitcoin transactions, known as your Bitcoin address. If you want to send someone bitcoin, you have to know their Bitcoin address. Just like e-mail addresses, any person can create as many Bitcoin addresses as they like. Here’s what one of mine looks like: 3GJEgbnMPpdRo3ebKEYhGzaMXb8aehQxp2

A Bitcoin address is derived from something called a public key, which is itself derived from a private key.

A private key is an arbitrary string of 256 1s and 0s that should be kept secret — it’s a kind of password to the ‘email address’ of the Bitcoin address. A private key can be any string of 256 1s and 0s, and choosing a private key is nothing more than picking a number between 1 and 2256 or writing out 256 1s and 0s. (If you write out a string of 256 1s and 0s by hand right now, it is very likely that no person or computer has ever written that same number before.) A public key is another number which is derived from the private key using a complex irreversible multiplication, known as elliptic curve multiplication. The point of this math is to create a special kind of relationship between the public key and the private key. For one, this relationship is one way: even if you know the public key, you can’t get the associated private key:

The relationship has another interesting property that makes bitcoin transactions possible. If I use a special algorithm, involving multiplication and hashing, known as Elliptic Curve Digital Signature Algorithm (ECDSA) to combine a bitcoin transaction with my private key, I’ll come up with another number known as a signature.

It turns out that anyone who has my public key and the public transaction can look at that signature and tell whether it was indeed my private key which created it — without ever knowing my private key. This is important because this allows signatures to be used to authenticate transactions. To understand the math behind how this is possible, read here. Let’s see this in action. When I send one bitcoin to Daniel, I’m actually sending a package of three things:

My signature, which is an algorithmic output of my transaction and my private key My transaction, on its own, since you can't determine the transaction from the signature My public key, to validate the identity of the sender

Where do I send it? To Daniel’s Bitcoin address, which is derived from his public key. A Bitcoin address gives everyone on the network a pseudonymous identity. Remember, all transactions are visible by everyone on the network. We don’t know Daniel as “Daniel” — we just know his Bitcoin address, and if Daniel tells me what his address is, then I’ll know that that address is Daniel’s. When I send bitcoin to Daniel’s bitcoin address the network of miners has no idea that it is Daniel, nor do they care. With my transaction message and public key, anyone can determine that my signature was indeed made with my private key. That means that even without knowing my private key, anyone can know that I’m the one who sent the transaction. In practice, this validation is easily computed by miners. When a miner picks up my package from the mempool, she does a check that the components match.

If someone malicious tried to send a different transaction — say, one that gave two of my bitcoin to Daniel — with the same signature and public key, the whole thing would come out as invalid because my signature included the transaction of me paying only one bitcoin to Daniel:

Likewise, if I tried to pay Daniel with someone else’s bitcoin by using their public key, the whole thing would also be invalid because the signature involves my private key, and thus would not match someone else's public key. If you change one of the components of the signature, the signature changes — and the signature is what authorizes the transaction.

This is why it’s critical that you keep your private key private! In the first case, anyone who had my private key could create a signature combining my private key with a fraudulent transaction, paying extra bitcoin from my account, and the output would be seen as valid. In the second case, if I had Ben’s private key, I could create a signature combining his private key with a fraudulent transaction paying Daniel from his bitcoin. So, what is the best way to keep my private key private?

Wallets

There are a few ways of remembering private keys and keeping them private. In its most simple form, a wallet is a method of storing a private key. Some wallets are online, protecting a private key by password, and others are pieces of hardware, which would require a password and possession of the physical device to access the private key. You could even just write your private key down on a piece of paper and never share it with anyone. Just be careful because if you lose or forget your private key there is no way to ever generate it again from the public key (remember it is a one way relationship) and you will never be able to gain access to the associated bitcoin again. They will be lost forever. Typically, wallets also generate your private keys, public keys, and bitcoin addresses as well and allow you to interface with the Bitcoin network, so that you can send and receive bitcoin and view your bitcoin balance without ever having to write any code. Like any kind of storage, there are trade-offs between security and accessibility. Online wallets that allow you to easily send and receive bitcoin, can be less secure; they can be accessed from anywhere, but the websites that host them might be vulnerable to outages, hacking, or someone gaining access to your password. You may have heard of various exchanges being hacked and bitcoin stolen. It is important to know that the Bitcoin protocol worked exactly as it should. The hackers actually gained access to numerous private keys by hacking into the online wallet software, and could thus generate any valid signature and transactions sending bitcoin to their own addresses. What failed was the cybersecurity of the hosting sites, not anything about the Bitcoin network. You might think of these online wallets like the physical wallet you carry on your person, in which you usually wouldn’t carry a ton of cash. A hardware wallet is a physical storage device. These can be less user-friendly for everyday access, but more secure, because it would be impossible for anyone who doesn’t have the physical hardware to gain access to the stored private key(s). That’s more like a safe where you might keep the real valuables. There are resources online to figure out which wallet might be right for you. It’s important to remember that bitcoin are not ‘stored’ in wallets in any way. Bitcoin are simply represented on the blockchain as transactions from one address to another address, and wallets are a way of showing your balance from the transactions to and from your address and of securing your private key, which gives you access to this blockchain.

The Bitcoin Protocol

You now understand how a bitcoin transaction goes from start to finish, but you may be wondering: who decides all of these rules in the Bitcoin protocol we have been discussing? And is it possible to make changes to the Bitcoin protocol? The code for the Bitcoin protocol was initially written by the pseudonymous Satoshi Nakamoto and a small group of developers and is known as Bitcoin Core. But nobody owns the technology behind Bitcoin Core in the same way nobody owns the technology behind the internet. As you know, the network is distributed and thus, owned by everybody. There are numerous developers who work to improve Bitcoin Core software, but they cannot freely force changes to the protocol as network participants are free to use whatever software version that they choose. However, one person can not just change their software to give themselves an advantage because the new software would be incompatible with everybody else on the old software. Sometimes a large group of miners or users may agree to update or change the software to enhance security or add additional features. Software changes can be suggested by anybody and these proposals are known as Bitcoin Improvement Proposals (BIPs). Making improvements to the Bitcoin protocol is possible in two ways, Soft Forks and Hard Forks. A Soft Fork is a change to the Bitcoin protocol that could result in previously valid blocks and transactions being made invalid, but valid blocks under the new rules would also be valid under the old rules. You can think of a Soft Fork as a tightening of the rules. Imagine a Soft Fork as a workplace dress code:

Before the “dress code” Soft Fork, men were required to wear a collared shirt. After the “dress code” Soft Fork, men are required to wear a collared shirt and a tie. Wearing a tie was always a valid clothing option under the old dress code, so it follows the old rules, but under the new dress code it is a requirement. Wearing a tie follows the old and new rules whereas not wearing a tie only follows the old rules.

One example of this is to allow Bitcoin to have more transactions per block. According to Bitcoin Core, Bitcoin miners can add approximately 2,500 transactions per block, every 10 minutes. This limit is as a result of the 1 Megabyte per block file size. This turns out be quite limited and equates to approximately 4 transactions per second, whereas Visa can process over 2,000 transactions per second. As a result, BIP141: SegWit or Segregated Witness was proposed. SegWit separates transactions from the digital signature (also known as the witness). Under this new structure, digital signatures no longer count towards the 1 megabyte block size limit, allowing for more transactions per block and thus faster transaction speeds. SegWit Blocks were always valid under the original Bitcoin rules, but after BIP141 was adopted by a majority of miners, SegWit blocks became a requirement to add valid blocks to the chain. What about a Hard Fork? Let’s look at the same issue of the Bitcoin 1 megabyte blocksize limit as above but solved in a different way. BIP91 suggests an 8 megabyte block size, which would allow for tens of thousands more transactions per block. If BIP91 were approved, future blocks would become 8 megabytes and old 1 megabyte blocks would no longer be valid. However, the 8 megabyte blocks would not have been valid under the old rules because blocks were required to be 1 megabyte — creating an incompatibility between the two chains. When a change like BIP91 is implemented, a Hard Fork occurs. Blocks on the old chain are incompatible with the new chain and visa versa. Assuming miners support both the old and the new, you will be left with two blockchains and two cryptocurrencies. BIP91 was implemented on August 1st, 2017 and Bitcoin Cash was created. Bitcoin Cash followed all of the rules of the Bitcoin protocol at the time of the Fork, except that it had the new larger 8 megabyte block size, creating a new currency. For every one bitcoin you had at the time of the fork, you would receive one “bitcoin cash.” At the time of the Fork, Bitcoin Cash had the same history as Bitcoin, but after the split, the two chains forged their own path.

Putting it all Together

Now that we understand all of the pieces of the puzzle, let’s take a giant step back and follow a bitcoin transaction once again — me sending 1 bitcoin to Daniel — from beginning to end.

I send the message “Billy sends 1 bitcoin to Daniel” to the network, which includes my public key, the transaction, and my signature (itself a hashed combination of the transaction and my private key).

My transaction sits in the mempool with other pending transactions, waiting to be added to the ledger by a miner.

Miners group some of these transactions into a block , verifying that the signatures are valid.

Miners hash the blocks of grouped transactions repeatedly, along with the hash of the previous block and an arbitrary nonce. They change the nonce randomly with each attempt until their block hashes to a winning output: one that starts with a specified number of 0s.

The first miner to hash a winning output gets her block, which includes an additional special transaction that gives her a bitcoin reward, added to the ledger.

The block is added to the blockchain, a ledger of all previous groups of transactions validated in the same way. Because every block includes the hash of the previous block, the latest block contains proof of every transaction ever and changes to prior blocks would be rejected.

Blockchain Beyond Bitcoin

All of the above describes the first blockchain as it was implemented for Bitcoin in 2009 by Satoshi Nakamoto with the support of other developers. Since then, there has been significant interest in understanding how the underlying technology might be useful beyond Bitcoin. Bitcoin was the first distributed ledger system that did not require a centralized server or organization to support it. Other cryptocurrencies have emerged with some or all of the same features, as well as new ones: examples include, Monero and Zcash, which seek to add privacy by obscuring transaction and sender data, and Litecoin, which enables faster transactions by reducing the block time to 2.5 minutes. Proof-of-Work, Bitcoin’s consensus mechanism, is very effective in creating a random and decentralized mining process, but it is also very energy intensive. The hashing process requires electricity, and with the total hashrate of the Bitcoin network at about 23 million trillion hashes per second, it has been estimated that each bitcoin transaction requires approximately 886 kilowatt-hours of electricity — enough to power almost 30 American households for a day. Since this energy use serves no function other than to support Bitcoin transactions, some alternatives to Proof-of-Work have been suggested. One idea is to use Proof-of-Useful-Work, that is to use the brute force of mining to solve a problem or advance science, like finding large prime numbers or solving brute force problems that advance cryptography. Another more practical solution is Proof-of-Stake (PoS), under which the next validator of a block is determined both via random selection and wealth. The validator must put up a “stake” of their currency, and honesty is maintained because if the validator includes a fraudulent transaction and the network rejects the block, the validator's stake will be lost. Bitcoin gave us the model for building a platform and infrastructure to transact digital currencies over the internet without a trusted intermediary, but perhaps the greatest innovation since then has been Ethereum, developed in 2015. In short, Ethereum is itself a decentralized platform for building other decentralized applications. In addition to the exchange and store of its native currency ether, Ethereum also allows for the creation of smart contracts, or computer programs that can automatically execute the terms of a contract between two parties without a third party. These smart contracts are what allow for the development of decentralized applications. We're still figuring out what makes sense to decentralize and what doesn't, but some candidates include decentralized prediction markets, computer storage sharing, transportation networks, asset exchanges, digital media rights, and lending. Additionally, using smart contracts, other cryptocurrencies can be issued on top of Ethereum, known as tokens. These are often used to fund an application project, to provide a utility, or to incentivize developers and users to utilize the application. In some models, application users will use tokens to pay for services and developers will receive tokens for building it out. If the application is useful and demand for it increases, so too should the value of the associated tokens, providing the incentive for further development. This allows for anyone, anywhere, at anytime to contribute to applications, and gives them incentives to do so, without the control of a single entity. This process of distributing tokens is known as an ICO (Initial Coin Offering), and has made raising capital for projects easier and more accessible. But ICOs have also led to pump-and-dump schemes and mismanagement of funds. This, along with uncertainty over how to classify tokens legally, has caught the attention of regulators and raised questions about the legality of ICOs. You can read about every ICO and its purpose here, and take a look at smart contract competitors to Ethereum here. (And stay tuned for a future post with more on Ethereum and smart contracts.) Up to this point we have largely discussed open or public blockchains that anybody can join. Enterprises are also interested in utilizing blockchain solutions, initially building their own private chains through initiatives like the Ethereum Enterprise Alliance. Early blockchain concepts are already being used to record transactions between banks and shorten settlement times, to track perishable goods across the supply chain from farm to store to consumer to ensure quality and freshness, and to minimize risk, fraud, and theft of valuable physical goods. Across every industry, leaders are brainstorming, prototyping, and building blockchain solutions to ensure integrity and validity of data between parties.

That's It.

Congratulations! You’ve now come away with a better understanding of the technologies behind Bitcoin and blockchain, and are well positioned for future discussions and advancement of blockchain technology. Questions, comments, just want to chat? I’d love to hear from you! billy@billybitco.in