What does it mean to have a bitcoin?
We will start with you keeping track of payments with your friends using a communal ledger, and then you start to trust your friends and the world around you less and less, and if you’re clever enough to bring in a few ideas from cryptography to help circumvent the need for trust, what you end up with is what’s called a cryptocurrency. Bitcoin is just the first implemented example of a cryptocurrency, and now there are thousands more on exchanges with traditional currencies. The difference is that the backbone underlying this is not a bank that verifies transactions, instead it’s a clever system of decentralized trust-less verification based on some of the math born in cryptography.
Ledger and digital signatures:
If you and your friends exchange money pretty frequently, paying your share of the dinner bill and such, it can be inconvenient to exchange cash all the time. So you might keep a communal ledger that records all the payments you intend to make at some point in the future. This ledger is going to be something public and accessible to everyone, like a website where anyone can go and add new lines.
| Ledger | Amount |
|---|---|
| Alice → Bob | $20 |
| You → Alice | $10 |
| Bob → Charlie | $40 |
| Charlie → You | $30 |
| And let’s say at the end of every month, you get together and look at the list of transactions, and settle up. If you spent more than you received, you put that money in the pot, and if you received more than you spent, you that money out. So the protocol for being part of this very simple system might look like this. |
Protocol:
- Anyone can add lines to the Ledger.
- Settle up with real money every month.
How are we supposed to trust that all of these transactions are what the sender meant them to be? Like handwritten signatures, the idea here is that Alice should be able to add something next to a transaction that provides that she’s approved of it, and it should be infeasible for anyone else to forge that signature.
Couldn’t you just copy the signature? wtf is even a digital signature?
Everyone generates a pair of what’s called a public key- private key, each of which looks like some string of bits. As the name suggests, this secret key is something you want to keep to yourself. A digital signature changes for different messages. It looks like some string of 1s and 0s, commonly something like 256 bits, and altering the message even slightly completely changes what the signature on that message should look like. Speaking more formally, producing a signature involves a function that depends both on the message itself and on your private key. The private key ensures that only you can produce that signature, and the fact that it depends on the message means that no one can just copy one of your signatures and forge it on another message. Hand in hand with this is a second function used to verify that a signature is valid, and this is where the public key comes into play. All it does it output true or false to indicate if this was a signature produced by the private key associated with the public key you’re using for verification. Think about how many signatures there are with a length of 256 bits. This is a stupidly large number. There is a slight loophole. Even though Bob cannot forge a Alice’s signature on a new message, he could just copy that same line as many times as he wants. That message-signature combinations remains valid. To get around this, we make it so that when you sign a transaction, the message has to include some sort of unique ID associated with that transaction.
But even still, if were to really do this, you would be relying on an honor system of sorts. Namely, you’re trusting that everyone will actually follow through and settle up in cash at the end of each of month. So maybe you have the clever idea that you actually never have to settle up in cash as long as you have some way to prevent people from spending too much more than they take in. Maybe you start by having everyone pay $100 into the pot. You could live your whole life just sending and receiving money on this Ledger without every having to convert to real dollars.
Hence,
How money gets into ledger at the beginning?
But before that, there is actually an even more significant difference between our current system of ledger dollars and how cryptocurrencies work. So far the ledger is in some public place, like a website where anyone can add new lines. But that would require trusting a central location, namely, who hosts the website, who controls the rules of adding new lines.
To remove that bit of trust, we’ll have everybody keep their own copy of the ledger. Then when you want to make a transaction, like Alice pays Bob $100, you broadcast that out into the world for people to hear and to record on their own private ledgers. But unless you do something more, this system is absurdly bad. How could you get everyone to agree on what the right ledger is.
Can you come up with a protocol for how to accept or reject transactions, and in what order, so that you can feel confident that anyone else in the world who’s following the same protocol has a personal ledger that looks the same as yours?
At high level, the solution Bitcoin offers is whichever ledger has the most computational word put into it. The general idea that we will build to is that if you use computational work as a basis for what to trust, you can make it so that fraudulent transactions and conflicting ledgers require an infeasible amount of computation to bring about.
The way this works is to first organize a given ledger into blocks, where each block consists of a list of transactions together with a proof of work, which is a special number such that the hash of the whole block starts with a bunch of zero. A block is considered valid only if it has a proof of work. Also, to make sure there’s a standard order to these blocks, we’ll make it so that a block has to contain the hash of the previous block at its header. That way, if you were to go back and change any one of the blocks, or to swap the order of two blocks, it would change the block that comes after it, which changes the block’s hash, which changes the one that comes after it, and so on. That would require redoing all of the work, finding a new special number for each of these blocks. Because blocks are chained together like this, it’s common to call this a Blockchain.
As part of our updated protocol, we’ll now allow anyone in the world to be a block creator. What that means is that they’re going to listen for transactions being broadcast, collect them into some block, and then do a whole bunch of work to find a special number that makes the hash of that block start with bunch of zeros. Once they find it, they broadcast out the block they found. To reward a block creator for all this word, when she puts together a block, we’ll allow her to include a very special transaction at the top of it, in which she gets, say, some dollars out of thin air. This is called the block award, and it’s an exception to our usual rules about whether or not to accept transactions. It doesn’t come from anyone, so it doesn’t have to be signed. It also means that the total number of Ledger dollars in our economy increases with each new block.
From the miners’ perspective, each bloc is like a miniature lottery, where everyone is guessing numbers as fast as they can, until one lucky individual finds a special number that makes the hash of the block start with many zeros, and they get the reward.
For anyone else who just wants to use this system to make payments, instead of listening for transactions, they all start listening just for blocks being broadcast by miners, and updating their won personal copies of the blockchain.
Now the key addition to our protocol is that if you hear two distinct blockchains with conflicting transaction histories, you defer to the longest one, the one with the most work put into it. If there’s a tie, just wait until you hear an additional block that makes one of them longer. So even though there’s no central authority, and everyone is maintaining their own copy of the blockchain, if everyone agrees to give preference to whichever blockchain has the most work put into it, we have a way to arrive at decentralized consensus.
Maybe Alice is trying to fool Bob with a fraudulent block, namely she tries to send him one that includes her paying him 100 Ledger dollars, but without broadcasting that block to the rest of the network, that way everyone else still thinks she has those 100 Ledger dollars. To do this she would have to find a valid proof of work before all the other miners, each working on their won block. And that could definitely happen, maybe Alice just happens to win this miniature lottery before anyone else. But Bob is still going to be hearing the broadcasts made by other miners, so to keep him believing this fraudulent block, Alice would have to do all the work herself to keep adding blocks on this special fork in Bob’s blockchain that’s different from what he’s hearing from the rest of the miners. Remember, as per the protocol, Bob always trusts the longest chain he knows about. Alice might be able to keep this up for a few blocks if just by chance she finds blocks more quickly than the rest of the miners on the network all combined. But unless she has close o 50% of the computing resources among all of the miners, the probability becomes overwhelming that the blockchain that all the other miners are working on grows faster than the single fraudulent blockchain Alice is feeding to Bob. So after enough time, Bob will just reject what he’s hearing from Alice in favor of the longer chain that everyone else is working on. Notice, that means you shouldn’t necessarily trust a new block you hear immediately. Instead, you should wait for several new blocks to be added on top of it. If you still haven’t heard of any longer blockchains, you can trust that this block is part of the same chain that everyone else is using.
Well, the way the actual Bitcoin protocol works is to periodically change that number of zeros so that it should take 10 minutes to find a new block. So as there are more and more miners added to the network, the challenge gets harder and harder in such a way that this miniature lottery only has about one winner every 10 minutes.
Every 210,000 blocks, which is about every 4 years, the reward gets cut in half (started with 50). And because the reward decreases geometrically over time, it means there will never be more than 21 million Bitcoin in existence. This does not mean miners will stop earning money. In addition to the block reward, miners can also pick transaction fees. Each bitcoin is limited to about 2,400 transactions.
What is a hash function?
The inputs for one of these functions can be any kind of message or file, the output is a string of bits with some kind of fixed lengths like 256 bits. This output is called the hash or digest of the message, and the intent is that it looks random. The idea is that if you slightly change the input, maybe editing just one of the characters, the resulting hash changes completely.