/s Without getting into a semantic argument here, can we agree that while the data in Wikipedia is centralised, the editing sources; or information nodes i.e. the contributors’ minds and computers; are very widely distributed indeed.

Digital Signatures

The third piece of the Bitcoin puzzle is the Digital Signature. These were proposed in the 70’s and have been implemented in software since the late 80’s — remember Lotus Notes? Then you must be old, because I don’t, but that proto-office suite allowed you to digitally sign messages to prove that it really was your boss asking you to come in on Saturday, and not Charlie from Accounting.

Today, digital signatures are part of the fabric of the internet. They’re behind every website with that little green lock in the address bar. They secure your internet banking and WhatsApp messages. They should be used to encrypt every email you send, but for some reason, that never really took off.

Digital signatures are essentially two pieces of data: a public piece, and a private piece. Both can be used to encrypt information (like an email), and only the other piece can be used to decrypt it.

To see how this works, let’s say Alice want to send a message to Bob: “Drop everything and do your TPS. Boss is on the warpath”. She can use Bob’s public key to encrypt the message, knowing that only Bob will be able to decrypt and read the message. She sends it off, feeling very smart and confident that she’s spared her friend a spittle bath from an irate middle manager.

Unfortunately, Charlie from Accounting intercepts Alice’s message and uses Bob’s public key (it’s public after all) to change the message to “Wohoo! TPS system has been scrapped” instead. This leads to an unfortunate series of events that starts with Bob posting convincing evidence that TPS reports can be used as toilet paper and ending with him packing his things in a box and permanently vacating his parking spot.

To prevent this “man-in-the-middle” attack and the subsequent frantic revisions of workplace video-sharing policy, Alice should have re-encrypted her message with her private key before sending it to Bob. Now Charlie is stymied because only Alice’s public key can decrypt the first layer of the message. She’s digitally signed the message, proving that it comes from her. Charlie no longer has a means of impersonating Alice, and the economy keeps humming along on the back of timeous TPS reporting.

This is a somewhat simplified description, because Bob still has a nagging suspicion that the public key that he has for Alice might just be saying it was generated by Alice. That Charlie is a sneaky guy and Bob pulled the public key off some website called alicespublickeysdefinitelynotcharlies.com.

Luckily, Bob’s mate Dave knows Alice and Bob. Dave is a stand-up guy. He independently checks and vouches for Alice’s public key by going to her house and asking her to show him the copy she has stored there. He can then go back to Bob and, for a small fee (he’s a stand-up guy, but he’s not running a charity!) confirms that the key that Bob has on his computer is the same as the one Alice showed him.

Dave is performing the same service that Symantec and friends carry out when you pay for the certificate that puts the green lock in your browser address bar when people visit your website.

Digital signatures are wonderful things, but they typically run into problems when used on their own. Symantec has gotten into trouble for issuing certificates when they shouldn’t have — imagine if Dave gets lazy and says he goes to check Alice’s keys, but hits the driving range instead.

Combining digital certificates with a public record helps maintain the trust of the certificate authority by keeping them accountable, as is the case with certificate transparency standard.

And if you introduce tamper-detection via a linked certificate chain, you get something along the lines of what keybase.io are trying to achieve: A web of trust for building and maintaining a secure digital identity on the web.

In Bitcoin, digital signatures are central in proving ownership of bitcoins. A Bitcoin address is little more than a public key, and if you know the private key corresponding to that bitcoin address, then you have the power to spend any bitcoin associated with that address.

Resistance to corruption

Even with all three of the properties we’ve discussed so far: a tamper-evident blockchain, digital certificates, and a public ledger, a nascent cryptocurrency employing these three features would still be vulnerable to attack.

As it stands, Charlie, our attacker wouldn’t be able to steal any funds, the digital signatures protecting the bitcoins prevent that, but there’s nothing stopping him from firing up a bunch of servers on AWS to act as public ledger maintainers (in cryptocurrency land they’re called nodes) and then spamming the network with blocks filled with spurious transactions. If he manages to control enough ledgers, he can even start to rewrite the blockchain history, since his own nodes will collude to validate the transactions Charlie selects.

To disincentivize this kind of behaviour we need to make it really difficult, expensive, or both to carry out this attack. The way Bitcoin does this is to employ a strategy called Proof of Work.

Proof of Work performs two important roles in Bitcoin. First, it requires any node on the Bitcoin network that wishes to add a new block to the blockchain to submit a magic number along with the block. The beauty of this number is such that there is no way that the node could come up with this number without spending a specified amount of money (on average) in computing power and electricity — an amount controlled and determined by the Bitcoin network itself!

To be more specific, if Charlie wanted to subvert the Bitcoin network, he would have to spend as much money deriving this magic number (otherwise known as mining) as the rest of the network combined, which as I’m sure you’ve heard is the cost of powering a small country these days.

We’ve disincentivized Charlie from attacking the network, but now honest miners are forced to spend large amounts of money in what is starting to sound like a purely altruistic endeavour. To balance this out and bring all the incentives back into line, mining nodes are rewarded with new Bitcoins (currently 12.5 BTC) each time they add a block to the chain.

Which bring us to the second function that Proof of Work performs. How do we decide which miner gets to add a new block to the block chain?

One approach would be to use a round robin schedule, where every node gets a chance in rotation. This might be feasible in a small, hermetically sealed block chain system where every node is known and is always online, but Bitcoin is the Wild West; a permissionless free-for-all, with nodes popping into and out of existence all the time. Any co-ordinated (a.k.a. centralised) scheme for deciding which node adds the next block is simply out of the question.

What we need is some sort of lottery. A random system, but where every node’s chance of winning the right to add the next block (and claim the new bitcoins as reward) is proportional to how much effort they’re spending in maintaining the integrity of the network. But how would nodes prove how much effort they’re expending? Hang on, we’ve got this built into Bitcoin already: it’s what Proof of Work does for us!

Every bitcoin miner is beavering away looking for the magic number that will give them the right to add a new block and earn the miner’s reward. It just so happens that that magic number has exactly the properties we’re looking for in a winning lottery number!

So that’s Proof of Work in Bitcoin.

There are other strategies for making it expensive to subvert the system. For example in Proof of Stake one places some (large) number of coins up as collateral which you stand to lose if you are ever found cheating the network¹.

To wrap up this section, we can point out that in the general sense, Proof of Work is not necessarily a energy-intensive process. In non-cryptocurrency contexts, the Proof of Work idea is used in things like Captcha, where a computer would have to expend a lot of power trying to impersonate a human by doing things that humans find quite easy (counting road signs in an image) but that computers find incredibly hard (for now).