Dollars and other traditional currencies were conceived in a time of cash. The model that extends these currencies to the digital world of electronic payments is a fragile one that relies too heavily on third party financial institutions; Bitcoin was invented to provide an improved alternative.
In the world of cash, once $1 enters circulation, no third party needs to mediate its passage between hands. I can take my dollar to the corner-store, select my candy, and pass my dollar to the vendor in return for the candy. That transaction occurs between the vendor and myself, without any third party involved. The vendor does not need to know anything about me, I don’t need to know anything about her, and no one else needs to know that I ever bought a candy bar.
What if I buy my candy from a small business online? I enter my credit card information and a third party institution acting as the middleman, processes the payment.
A transaction as nominal as a $1 candy bar is unlikely to occur between a small business and I because the transaction costs imposed by the third party would be too high. Partly for good reason: Third party financial institutions must mediate transaction disputes and commit a large amount of resources to avoid fraud. Inevitably, transaction disputes must sometimes result in a reversed payment, and the costs of fraud must sometimes be absorbed.
The original Bitcoin paper published by Satoshi Nakamoto addresses the need for a secure electronic payment system that relies on cryptographic proof and a distributed network, instead of trusted third parties to process payments.
With Bitcoin, transactions are transparent while void of sensitive information. They are irreversible, fraud-safe, and instead of requiring a third party, they are processed by a distributed network that relies on mathematics rather than trusting financial institutions. Any financial institution has a discrete number of servers or locations by which it operates; these are discrete points of failure. The Bitcoin network can only fail if the majority of the computing power run by the nodes that operate it is corrupted. Such an effort to commit fraud or reverse a transaction would require overwhelming computing resources. A malicious group of attackers would likely have higher returns playing by the rules of the network and committing their computing power towards mining.
To paint a (simplified) picture of this distributed network that maintains Bitcoin, consider the following:
Wendy --- Alex --- Eli ---- Jasmine ---
Alex runs a Bitcoin network node. Her direct peer nodes on the network include Wendy to the west and Eli to the east. Wendy and Eli may have many direct peers as well. Even though Alex isn’t directly connected to Jasmine, she still hears from Jasmine, because when Jasmine catches word that a block, B, has been completed,
-- Alex --- Eli --- Jasmine <--B --
she tells her direct peers such as Eli,
-- Alex ---Eli <--B-- Jasmine ---
and Eli tells his direct peers, which include Alex.
--- Alex <--B-- Eli --- Jasmine –--
Alex doesn’t need to know whom the message originally came from, or the identities of Eli or Jasmine. Upon receiving the message about the completed block, she verifies that each transaction in block B is valid and that the miner that completed block B successfully completed the associated math problem (for background, see part 2). If the block is valid, she appends it to her copy of the block chain, broadcasts the block to her direct peers, excluding Eli, and begins work to complete the next block.
If Alex wanted to instead ignore or reject the valid block, B, to continue working on her current block and win the mining reward, her attempt to diverge would be futile. By the time she found a solution to her current block and broadcasted it to Wendy and Eli, it would be too late. Her peers on the network would have already heard about and accepted block B through their other peers, and updated their block chains to include that block as a record of the past. Alex’s block would be rejected because it would contain transactions that were already included in a completed block of the block chain.
A distributed network system, such as the Bitcoin network, is one where the data is shared across multiple nodes. In effect, individual nodes are incentivized by the rest of the network to be honest workers. If a node neglects to accept a new block or message, it will have old data and prevent itself from mining blocks that will be accepted by the other cooperating nodes. The distributed nature of the network is also what allows transactions to be transparent.
Suppose Wendy wants to make a transaction, TX, from an address she owns, WWWW, to the address JJJJ, which happens to be owned by Jasmine.
Wendy –-TX--> Alex ------ Eli ----- Jasmine
Wendy broadcasts the transaction message to her peers, including Alex, who broadcasts it to her peers, and eventually the message reaches Jasmine as well, perhaps via Eli.
Wendy ------- Alex ------- Eli –-TX--> Jasmine
Neither Wendy nor Jasmine should consider this circulation of the message as confirmation of the transaction. However, once they see that a block that includes the transaction has been completed and accepted by the network, they can view the transaction, TX, from WWWW to JJJJ as a permanent record of the block chain.
..older blocks ................ more recently completed blocks ................. current block
- - - -- |tx, tx, ..,tx|------|tx,tx,.., tx |----| tx,tx,.., tx |----|tx,TX,..,tx|-----|tx |
As subsequent blocks are completed, and the transaction is buried deeper within the block chain, the permanence of the transaction becomes more secure.
..older blocks ................ more recently completed blocks ................. current block
- - - -- |tx, tx, ..,tx|------|tx,tx,.., tx |----| tx,TX,.., tx |----|tx,tx,..,tx|-----|tx |
Each transaction, tx, that is included within a block, becomes directly tied to completing that block’s associated math problem. I previously described this math problem as:
find x such that h(x) <= y
where h is a known hash function. The output of a hash function, such as h(x), is called a hash value. y is a target hash value determined by the network and adjusted to keep the rate of block generation to about 1 block per every 10 minutes (the smaller the value of the target, y, the more difficult the problem).
For readers interested in more technical details, let me elaborate.
Each block has a header that contains metadata to describe the block. Notable items in this block header include:
Time - A current timestamp.
hashPrevBlock – the hash value resulting from hashing the header of the previously completed block.
hashMerkleRoot – a hash value representing all of the transactions included within the block (the root of the Merkle tree).
Nonce – A value that is incremented in order to find a winning solution to the math problem.
Time helps ensure the chronological ordering of blocks in the block chain. hashPrevBlock does this as well, in addition to preventing fraud and reversed transactions. It serves as a link between blocks; by virtue of the hashPrevBlock, each block references its predecessor. A transaction within a complete block cannot be altered because such a change would alter the block’s header (by altering the hashMerkleRoot), which would change the value of hashing that blocks header, and therefore invalidate the hashPrevBlock of the subsequent block in the block chain, as well as all the blocks that followed.
A slightly less simplified version of the Bitcoin math problem can be represented as:
find Nonce such that h(Time, hashPrevBlock, hashMerkleRoot, Nonce) <= y
The Nonce is the value that is adjusted to solve the problem because the other inputs to the function are determined by the state of the network. Now you can think of a miner’s effort to complete a block as follows: Collect transaction messages in the block, compute the hashMerkleRoot, update the Time, compute h where Nonce=0. If the resulting hash value is less than the target y, the miner broadcasts the solution! Otherwise, the miner increments the Nonce, checks the new hash, and continues to increment the Nonce and compute the new hash iteratively in the hope of solving the problem. Every so often the miner updates the current block it is working on to include the transaction messages it has most recently received from the network, recomputes the hashMerkleRoot, update the Time, and starts iteratively computing hash functions all over again.
In theory, each miner has an equal chance of coming across the winning solution and claiming the rewarded bitcoins. A careful reader should be suspicious of this claim.
With the simplicity that I have presented the math problem, it would seem that the miner with the most powerful computing resources, that can iteratively compute hash functions most quickly, always wins. However, this is not quite the case because each miner is working on a slightly different problem; each miner is working on a slightly different block.
When a block is completed, the first recorded transaction in that completed block is one allocating the mining reward to an address owned by the miner that completed the block. This means that each miner inserts its own address in the first transaction of the block it is working on. Differing transaction logs result in differing hashMerkleRoot values. The result is that each miner is iteratively computing the hash function with slightly different input values. This effective randomization levels the playing field.
Bitcoin is only the first widely adopted cryptocurrency that provides an alternative to a centralized currency system. Concerns with Bitcoin have been raised, such as the lengthy 10-minute delay between block generations, or its cryptographic security. A trend of successive currencies, like Litecoin, are implemented in a similar fashion, but address these concerns. Time will tell whether these new currencies are in a bubble, or the future of the economy.