How Does Bitcoin Work
- Problem :
- How to achieve Trustless public transactions; no need for “trusted” 3rd party (like banks, govt etc.) to validate transactions.
- Solution :
- Use a Distributed Ledger - The Blockchain
The Distributed Ledger
Problem to Solve: How to eliminate need for a trusted 3rd party
- To eliminate the need for a trusted 3rd party to host this Ledger – all participants maintain their own copy of this Ledger.
- Each and every transaction is broadcast to the world for participants to record into their own private Ledger.
Source: Financial
Markets Group, Federal Reserve Bank of Chicago
Problem to Solve: How to digitally sign and verify messages/transactions
- Use Cryptographic Signatures to digitally sign messages/files/transactions.
- Cryptographic Signatures consist of Public
key/Private (or Secret) key pairs e.g. pk =
01000011…, sk= 11000100…
- Formally:
- Sign(Message.sk)=Signature
- Verify(Message.Signature.pk)= True or False
- Typically
Signature is 256 bits long, which means the universe of all signatures = 2256
virtually impossible break using brute force.
- Signing a transaction involves
- applying the participant’s secret key to the transaction contents: Sign(Message.sk)=Signature
- Verifying a transaction involves
- Verifying the Signature: Verify(Message.Signature.pk)= True or False
- Knowing the full history of transactions up to that point – to prevent the participants over-spending e.g. in Bitcoin
- Note: We can use the same infrastructure to encrypt the Message itself:
Problem to Solve: How to prevent participants copy-pasting transactions multiple times
- To prevent users copy-pasting transactions multiple times – each transaction also needs a unique ID => each transaction will require a completely new Signature
Problem to Solve: Arriving at consensus – which Ledger copy is to be trusted?
- How would participants be able to trust that everyone’s copy of the Ledger will record the transactions in exactly the same way and sequence?
- The Proof-of-Work protocol
- Bitcoin’s solution is to require a Proof-of-Work i.e. participants are to trust the Ledger instance that has the most computational work put into it (decentralized consensus)
- We
need a function to generate a number based on the content that
- requires effort to compute
- is infeasible to compute in the reverse direction
- is easy to verify once found
- Luckily Cryptographic Hash Functions have this characteristic e.g. SHA256, 256-bit hash function:
SHA256 (“TheQuickBrownFox”) => 011010101100……Hash FunctionMessage/File“Hash” or “Digest”
- Hash output looks random but is not – output is always the same for a given input
- For SHA256, changing the input even slightly will result in an output hash that is completely different and is entirely unpredictable
- A Cryptographic Hash Function like SHA256 will be infeasible to compute in the reverse direction i.e. cannot compute the Message/File from the Hash output. (interestingly, there is no mathematical proof that this assertion is correct – but so far no one has succeeded to
reverse engineer SHA256)
Problem to Solve: How to use Cryptographic hash functions to create Proof-of-Work
- Find a number n
where
- SHA256(List of transactions, n) = hash output (with constraint of e.g. first 30 bits are zeros)
- The only known way to find n is trial and error – this means that computational effort is needed to solve for n
- E.g.
for a hash output where first 30 bits are zeros, the probability for each guess
will be
- The idea is that
- Finding n should be hard – requires = 1,073,741,824 guesses
- Verifying n should be easy – apply SHA256 and check if there are 30 zeros
- Bitcoin organizes transactions in Blocks – each Block consists of list of transactions + Proof-of-Work – a Block is only valid if it has a Proof-of-Work
- To
ensure proper sequencing, each Block also contains the hash of the previous
Block as its header – hence organizing the Ledger as a chain of Blocks – a Blockchain.
- Block = Previous block hash + List of Transactions + Proof-of-Work
- Blockchain
- Block = Previous block hash + List of Transactions + Proof-of-Work
- Creating a new Block is also referred to as “Mining”
- Bitcoin nodes/miners compete to create new Blocks (i.e. find n) – the first one to compute and share it wins the Proof-of-Work contest.
- Successful Mining is rewarded with newly “minted” Bitcoins (as an incentive) – hence injecting new currency into the “economy”.
- For
Bitcoin, the difficulty of creating new blocks is set to an average of 10 minutes per block. Other
newer blockchains have shorter creation times for new blocks
Question: Why is the Bitcoin Blockchain creation difficulty set to an average of 10 minutes per block?
- In the original Bitcoin paper, the author Satoshi Nakamoto (no one knows who this actually is – or whether this represents a group of people), the 10 minute recommendation is a compromise to limit the data storage requirements for the entire blockchain:
A block header with no transactions would be about 80 bytes. If we suppose blocks are generated every 10 minutes, 80 bytes * 6 * 24 * 365 = 4.2MB per year. With computer systems typically selling with 2GB of RAM as of 2008, and Moore's Law predicting current growth of 1.2GB per year, storage should not be a problem even if the block headers must be kept in memory.
- In the Bitcoin Wiki, the reason given for the 10 minute average is to reduce computational
waste between the first (new block) confirmation time and the amount of
computational work wasted due to blockchain splits i.e. shorter times will result in more chain splits and more computation to resolve the splits:
10 minutes is the average time taken to find a block. It can be significantly more or less time than that depending on luck; 10 minutes is simply the average case.
Blocks are how the Bitcoin achieves consensus on who owns what. Once a block is found everyone agrees that you now own those coins, so you can spend them again. Until then it's possible that some network nodes believe otherwise, if somebody is attempting to defraud the system by reversing a transaction. The more confirmations a transaction has, the less risk there is of a reversal.
Ten minutes was specifically chosen by Satoshi as a tradeoff between first confirmation time and the amount of work wasted due to chain splits. After a block is mined, it takes time for other miners to find out about it, and until then they are actually competing against the new block instead of adding to it. If someone mines another new block based on the old block chain, the network can only accept one of the two, and all the work that went into the other block gets wasted. For example, if it takes miners 1 minute on average to learn about new blocks, and new blocks come every 10 minutes, then the overall network is wasting about 10% of its work. Lengthening the time between blocks reduces this waste.
Problem to Solve: How to prevent Fraudulent Blocks in the Blockchain
- A potential path for abuse is that someone may be able to “win” the Proof-of-Work contest and end up manufacturing a fraudulent sequence of blocks
- When this happens, participants will see 2 different solutions for the same Block – thus a branch is created in the Blockchain. Which branch should participants trust?
- The
Bitcoin solution is for participants to trust
the longer branch i.e. the one with has more work put into it:
- The logic being that it is almost impossible to out-work the entire Blockchain network – the only way to out-work the network (by consistently winning the Proof-of-Work contest) over a sufficiently long sequence of blocks would be to control >50% of the computing resources of the entire network. Even then there is no guarantee this could be sustained.
References & Acknowledgements
- “But how does bitcoin actually work?”, by 3Blue1Brown, Published on YouTube 7 Jul 2017
- “Blockchain and Financial Market Innovation”, by Rebecca Lewis , John W. McPartland , Rajeev Ranjan, Economic Perspectives, Vol. 41, No. 7, 2017
- "Bitcoin: A Peer-to-Peer Electronic Cash System", by Satoshi Nakamoto, 2008
- Bitcoin Wiki
