How does Bitcoin work?
Hot on the heels of the 2008 financial crisis, an academic paper was released detailing a scheme for a new online currency. This electronic cash would hinge on two principles: firstly, it would guarantee its users' anonymity - transactions were not to be traceable to a particular individual. Secondly, it would operate entirely independently from financial entities or regulators, such as banks. But how can a transaction between anonymous individuals, with no independent oversight, be trusted? Welcome to the intricately complex, but satisfyingly neat world of bitcoin...
Making a bitcoin transaction
On a basic level, a bitcoin is simply a unit of online currency - much like a virtual dollar, or pound. Because it does not conform to traditional banking systems, bitcoin is also known as a 'cryptocurrency'. Anyone can buy a bitcoin, and bitcoins can be freely sent and received between bitcoin users. The process of transferring bitcoins between users is called a 'transaction'. The computational processes underlying transactions can tell us a lot about the inner workings of the bitcoin network:
An easy way to start thinking about transactions is to examine what happens when a single bitcoin is transferred from one person (Owner 1) to another (Owner 2). Each bitcoin user has a ‘bitcoin wallet’ (think about this as a bank account), which has its own specific ‘private key’ (similar to a password to an online bank account). The private key can be used as proof that a transaction has come from a particular wallet, as the wallet identity and its private key are mathematically linked. The private key is linked to a public key (imagine that this is a bank account number) by a one-way function: the public key is calculated from the private key, but it is virtually impossible to work backwards and derive the private key from the public key. The public key can be shared - it is like giving somebody your account details.In order to transfer a bitcoin to Owner 2, Owner 1 labels the transaction (let us call this transaction 1) with Owner 2's public key, and broadcasts it to the bitcoin network - now it can be added to the blockchain. The transaction may be public, but the bitcoin (which is now called the ‘Unspent Transaction Output’) can only be spent by Owner 2, as they hold the private key from which the public key was derived.
When Owner 2 wants to spend the bitcoin by transferring it to Owner 3, they must initiate a new transaction - Transaction 2. During this process, the bitcoin will be relabelled as ‘Transaction Input’ of Transaction 2, and the ‘Spent Transaction Output’ of Transaction 1. In order to initiate a transaction, Owner 2 must provide two pieces of information: first, their public key, and second, a ‘signature’. This signature contains information about the previous transaction (Transaction 1) and a modified version of Owner 2’s private key which can securely be broadcast to the network. In this way, Owner 2 is essentially using the ‘password’ to their ‘bank account’ in order to access their bitcoin, and hence spend it further. Additionally however, through their signature, Owner 2 is giving information about how they acquired the bitcoin they are spending. Owner 2 ensures Owner 3 is the recipient of the bitcoin by labelling the transaction with Owner 3’s public key (as Owner 1 did with Owner 2’s public key in Transaction 1). The transaction can now be made public. Once Transaction 2 is public, it is possible to verify computationally that the public modified version of Owner 2's private key in the signature has indeed been derived from the private key used to create Owner 2's public key, which was used when the bitcoin was originally transferred from Owner 1 to Owner 2. If this is the case, Transaction 2 is valid, as Owner 2 is the confirmed owner of the bitcoin being tansferred. The bitcoin is now labelled the ‘Unspent Transaction Output’ of Transaction 2. At this point, Transaction 2 is eligible be added to the blockchain. Crucially, because Owner 2 has included information about the original transaction (Transaction 1) in their signature, transaction 2 will contain information about transaction 1. When Owner 3 repeats the process by transferring the bitcoin to Owner 4, the code for the transaction will contain information for transaction 2, which in turn contains information for transaction 1. This creates a traceable chain of transactions, all the way back to the creation of the bitcoin.
The Double-Spending Problem, Mining, and the Blockchain
Because of the way transactions are set up, we have a pretty good way of knowing that a bitcoin ‘exists’, through tracking its ‘ancestry’. We can also verify that the person who initiates a transaction is the rightful owner of the bitcoins to be spent. However, this does not stop the owner of the bitcoin from attempting to ‘double-spend’ it, in other words, use it in more than one transaction. How can this be prevented? Since all bitcoin transactions are made public, it is possible to check that only Unspent Transaction Outputs are used as Transaction Inputs. If a Spent Transaction Output is used, the transaction is invalid. In order for this to work, there has to be a reliable record of whether or not a bitcoin has been spent previously. This is where the block chain comes in.
As has already been mentioned, the moment a transaction occurs, it can be broadcast to the bitcoin network. When this happens, the transaction can be incorporated into a ‘log’ of every bitcoin transaction that has ever occured. This log is termed the blockchain. In order for a transaction to be included the blockchain, it must be proven that the public key and the signature correspond to each other (to prove bitcoin ownership), and that the Transaction Input is a previously Unspent Transaction Output (to exclude the possibility of a double-spend). The relationship between the signature and the public key can be verified using specialised software. To ensure that a bitcoin is indeed still Unspent, the blockchain can be scanned for any previous mentions of the current transaction input. If both of these conditions are met, the transaction can be added to the blockchain.
The above system requires work: Both the verification of the transaction and its addition to the blockchain rely on the work of members of the bitcoin network, known as miners. Miners run the software required for these processes to take place on powerful computers, or even groups of computers, known as nodes. As a reward for their efforts, miners are awarded 12.5 bitcoins for every group (“block”) of transactions they log. This award halves every four years or so, in order to ensure that bitcoins are entering circulation in a controlled fashion, up to a maximum of 21 million bitcoins (at present, there are some 11 million in circulation). Miners can also be awarded ‘fees’ (in bitcoin) for processing transactions.
So how does a transaction get added to the blockchain? It is easiest to think initially about a single starting ‘block' being created. The first step is for miners to group valid transactions into blocks - this is done more or less arbitrarily, and transactions which offer a higher processing fee are more likely to be included sooner. Once this is done, the miners create a ‘hash’ of the data in the block. A hash is a one-way function which turns data into a single chain of numbers and letters, of defined length, in a more or less random fashion - the hash cannot be predicted from the input data. However, changing the input data even in the slightest completely changes the hash, in an unpredictable way. The hash of the first block (Block A) forms the first link of the blockchain - lets call this Hash A. In order for a second block (Block B) of transactions to be included, a hash of this second block must be created (Hash B). The two hashes, and an additional random number called a nonce, are then combined into a new hash - Hash AB. When a subsequent Block C’s Hash C is added, it is hashes with Hash AB and a nonce to form Hash ABC, and so on. As with bitcoins themselves, every block contains information about the blocks that have preceded it. This makes the system secure: No transaction can be altered without altering the block that contains it, as well as every subsequent block. Although this is not impossible, the amount of effort this would require should act as a deterrent.
The proof-of-work principle and Gambler’s Ruin
Since anyone can add a block of transactions to the blockchain, what stops people from adding blocks of bogus transactions in order to claim the bitcoin reward? The answer to this is simple: adding a block is hard work. In order for a newly added block to be accepted, say Block B from the earlier example, Hash AB must fulfil certain criteria, which are set centrally. At present, the criterion is the number of zeroes at the start of the hash. This is where the nonce comes in: by modifying the nonce, miners can change Hash AB so that it begins with the required number of zeroes. However, there is no way of working out what the nonce needs to be to give the required hash - the solution can only be found by trial and error. The difficulty of the task (which corresponds to the number of zeroes at the start of the hash) is adjusted every so often, so that it takes on average approximately ten minutes to solve. This adjustment means that approximately the same amount of work will be required to add a block, despite computers becoming more and more powerful. The miner who figures out the solution first can add their block to the chain, and gains the 12.5 bitcoin reward. This process takes time and computing power, and is known as a 'proof-of-work' system. Such systems are designed to prevent denial of service attacks, in which a service is essentially 'spammed' with malicious requests, to the point that it can no longer deal with legitimate reqests. They also intend to deter hackers from adding or modifying blocks:
Theoretically, because of the amount of work that needs to be done to add a block, a single malicious attacker attempting to add a number of ‘dishonest’ blocks will be working much slower than everyone on the network who is operating honestly, and so will not be able to attack the network successfully - in order to achieve this, they would have to create their dishonest chain faster than the rest of the network expands its honest chain. The same occurs with modifying blocks: the chain following a modified block would have to be altered at a rate faster than tat at which the honest chain is growing. This can be modelled as a ‘Gambler’s Ruin’ problem: as the hacker falls increasingly far behind, they are decreasingly likely to take over the network.
Does bitcoin work?
Theoretically speaking, the bitcoin network is absolutely watertight: the system simply cannot be cheated. In real life however, the situation is a little more complicated: the network has been hacked a number of times, and millions of dollars worth of bitcoins have been successfully stolen in such attacks. Moreover, it must be said that bitcoin only has value by virtue of the fact that its users believe it to be valuable - this makes it a volatile investment, as has been seen recently with its almost overnight boom and crash. Finally, outside the bitcoin network, one’s bitcoins are still of little use: For the time being, it seems unlikely that anyone will be paying for the weekly groceries in cryptocurrency...