Video - Bitcoin - The Security Of Transaction Block Chains
A detailed explanation of what makes bitcoin transaction block chains secure. The hash includes the "merkle root" in addition to the transaction. This is dependent on all previous blocks and, yes, this is what stops changing old blocks. If you try to put in fake blocks you can only add them at the end of the chain and you must have the longest chain for it to be accepted by the nodes so you have to create blocks faster than the rest of network combined.
TRANSCRIPT
What I would like to do is describe an imaginary or a fictitious Bitcoin transaction and then talk about how somebody might try to game or defraud the system and why there are some only mathematically hard to do but why there's actually an incentive, actually an economic incentive in the Bitcoin system for different people to behave honestly.
So let's suppose that there is someone out there named Dan and Dan wants to order a pizza, maybe a cheese pizza from Pete's Pizza Shop. And let's say the Pete's Pizza Shop accepts Bitcoins as payment and that it costs one Bitcoin for a pizza pie. And imagine that Dan received previously, let's say, he received five Bitcoins from his cousin Carol and maybe Carol and were going to leave it like C gave to Dan five Bitcoins which you can label as a B with the circle around it. And that he wants to use one of these five Bitcoins to buy a pizza from Pete. And so what Dan's Bitcoin client will do with is it will create a transaction record that includes information about how Dan got these Bitcoins. And in this case, it includes information about this transaction between Carol who we've marked by C and Dan for five Bitcoins. Then it specifies that Dan wants to give one of these Bitcoins to Pete we we'll label Pete by a P. And also that Dan is going to take the remaining four Bitcoins and that way we basically change to himself. And the way that Bitcoin is built is that you have to actually specify the change because you need to have a way, whatever goes into the Bitcoin system has to kind of come out at the other end and so you can't have a transaction with the numbers that won't add up and so whatever is remaining is either change or part of it can be used as a transaction fee and so on, but for this example to keep things simple I'll assume that there is no transaction fee in place. The transaction fee is just zero and we'll focus only on the situation in which everything is being accounted for in the transaction.
Now, this transaction record is going to be broadcast out to the entire Bitcoin world. And so in particular, Pete is going to receive a copy of this transaction but in addition to Pete receiving it so too will the other people on the Bitcoin system and if you recall there are the special nodes, the special entities or people in Bitcoin that are known as Bitcoin miners. And these Bitcoin miners are going to be responsible for making sure that everything checks out in the transaction from a global perspective. What they do is they look at the full record of transactions and this transaction record is public. It's known as the transaction block chain and I've kind of put a description of the transaction block chain right here.
And this transaction block chain contained the history of every single, the transactions ever occurred within the Bitcoin system from the beginning of time, the time of the first block which is known in Bitcoin as the genesis block, okay. And everybody can verify that the details of any transaction if they want to because that information is public and in particular what these Bitcoin miners will look at is they'll look at whether or not Dan previously received five Bitcoins from anybody else, and in this particular case it was his cousin Carol, whether or not Dan is trying to spend those Bitcoins previously and so on and so forth.
And these Bitcoin miners are all collectively trying to take all these recent transactions that haven't yet been recorded. That includes not only the transaction between Dan and Pete, but there may be other transactions floating out there that took place around the same time and the Bitcoin miners will basically look at all these different transactions at once and they're going to basically try to figure out how to form a transaction block out of these transactions and they want to add this transaction block to the end of the current transaction block chain.
Now, if you might recall from previous videos that for a Bitcoin miner to add a transaction block to a transaction block chain, they have to solve what's known as a proof of work puzzle. And the Bitcoin system is designed or maybe calibrated as a better word so that on average one miner will solve a puzzle in about 10 minutes. Now, I think it's actually worth stressing here that it could take a long time for any one individual miner to solve the puzzle and it could even take maybe a year or even two years. But because there are so many of these miners working at the same time, one of them is bound to get lucky and solve the puzzle quickly.
Now, each puzzle in the proof of work, each of these proof of work puzzles that is associated with a transaction block happens to have a difficulty score associated with it. And this difficulty basically represents how hard it was to solve that proof of work puzzle. And so imagine that there are some numbers and we'll call these numbers, let's say that, we'll call them D sub n for the most recent difficulty score, they'll be D sub n minus one. These are just numbers that somehow represent how hard it was to solve this proof of work and when you look at it overall chain what the Bitcoin system is interested in, is it's interested in how hard was it to construct that entire chain. And the reason it's important for someone to understand how hard the entire chain was constructed is because this overall score for this chain, this difficulty score for the chain is what's used by Peter by other people who are receiving Bitcoins to figure out whether or not they trust that transaction. The more work that went into the overall chain, the more trust they'll have in that transaction.
And the reason for that is that the way Bitcoin works is that if there was ever more than one transaction block chain out there, let's say, there was a bad user out there or maybe somebody didn't receive a particular message in time or whatever reason if there's somehow more than one transaction block chain out there. According to the Bitcoin protocol, everyone is just supposed to work off of the chain that had the most work put into it so we ignore chains that are, that have a lot less work and only consider the chain that had the most work put into it. And in the Bitcoin system, that particular chain is often referred to as the longest, the longest chain in the system. And this is actually kind of a confusing piece of terminology because by longest here we don't mean that this chain is long in any physical sense, we really just mean and I'm going to put three equal bars to kind of say what it means. By the longest chain we mean the chain that has the most work and the way that the work is defined is that you look at all these different difficulty scores and these are difficulty numbers and you add them up and that gives you a difficulty score for the entire chain and now we're going to be interested in the chain that had the most work put into it and we call that the longest chain.
Now, let's imagine that Dan is dishonest and that after he eats the pizza, let's say Pete's convinced and he gets his Bitcoin from Dan, he waits a bit, he sees that there is a long chain out there that contains the transaction, he sends the pizza over to Dan. Dan eats the pizza and then decide that he doesn't want to behave honestly and he wants to somehow cheat Pete or he wants to defraud the system. And the way that Dan is going to try to defraud the system is by attempting to create another transaction in which he assigns the five Bitcoins he got from Carol to somebody else. And it could be, we're going to, let's call this person Fred. And let's say Fred is basically, you know, Fred could be Dan's alter ego, it could be a friend of Dan's, it doesn't matter who Fred is because we know that Fred isn't the rightful owner of these Bitcoins but what Dan is going to try to do is he's going to try to take those five Bitcoins that he got from Carol and he's going to now try to take those five Bitcoins and assign them over to Fred.
And we know that this is something that we don't want to allow because that would mean that somehow Dan was able to spend these five Bitcoins twice over, he's effectively double spent those Bitcoins and obviously one of these transactions should be considered fraudulent and the other one should be allowed to go through. Now, it's important to keep in mind that if Dan just tried to spend the same coins again without trying to cover his tracks or anything of that nature that everybody out there would know that Dan is up to no good because they can see from the existing longest transaction block chain namely this existing chain from the beginning they can see that hey Dan already spent these coins before he shouldn't be allowed to spend these coins again.
And so what Dan has to do is actually on his own he has to create a different transaction block chain that contains just the second bogus transaction in it. And this would be the transaction to Fred and that would leave out the other transaction to Pete. And hope that everybody else will start to accept or believe this newer chain. And remember that since everyone in Bitcoin ultimately goes with the transaction block chain that contains the most work namely this longest chain that we talked about. Dan has a fighting chance, he has a hope potentially of being able to pull off this type of a fraudulent scheme and the real question now is how likely is it for Dan to succeed. So for Dan to be able to pull this off he has to start off with the transaction block chain that exists previously and he has to try to add to that transaction block chain a different transaction. So rather than having this previous transaction where he gave money to Pete, he's going to try to create a new transaction and added to the transaction block chain that contains this other fraudulent transaction between Dan and his friend Fred, okay. So this is going to be the bad transaction between Dan and Fred will be in this new block.
And in Bitcoin lingo, this idea is known as a fork in the chain. And all we mean by a fork is that somehow there is more than one version of history, somebody's tried to rewrite their tracks or to cover their tracks and to revise history the way we know it. And what that really means is there's now somehow more than one version of what happened out there. So in this example, one branch in this fork is legitimate and the other branch is bogus and the legitimate branch was the one in our minds were Dan paid his friend Peter, this vendor Pete for a pizza and the bogus one is this follow one transaction where Dan attempted to pay his friend Fred with those same exact Bitcoins. But now remember that any transaction block that's added to the transaction block chain has to contain within it a proof of work puzzle or solution rather to a proof of work puzzle, otherwise no one will accept the chain.
And so if Dan wants to cheat the system he has to secretly solve a new proof of work puzzle himself but the challenge for Dan is that he's starting off at a bit of a handicap because there's already this longer chain out there that people have started accepting and keep in mind that because this chain is out there other nodes may have started to build on top of this chain every ten minutes, somebody is adding to this chain, on average and so there's this longer transaction block chain out there and Dan wants to create his own fake chain and so he has to create a chain in order for that chain to be believable, it has to now be the longest chain out there and he has to basically do all these proofs of works to create a chain that is longer.
And to come up with this longer chain on his own Dan has to outrun the existing proof of work chain and that means he has to solve not just typically one proof of work puzzle but he may need to solve several proof of work puzzles to create another chain that he hopes will be longer than the chain that's out there. And if you can get the longest chain and he can get people to start using that chain instead and that's a chain that he might want people to use because it contains this fake transaction but it removes the previous transaction where he gave money to Pete. And to solve a proof of work, Dan has to basically take whatever computing power he has access to and he has to start working on solving the proof of work puzzle. And there were no known shortcuts for solving these puzzles, if you recall from any of the proof of work videos to succeed in a proof of work is kind of like winning a lottery.
There are ways to do it but it really depends on how much computing power you have. The more computing power you have access to, the more lottery tickets you have and if somebody has even more lottery ticket they do have a chance to win the lottery, but they are far less likely to succeed compared to somebody who has a lot of lottery tickets in hand. And even if you succeed once in winning the lottery with a small number of tickets the likelihood of repeating that feat over and over again several times in a row becomes much smaller, but that's exactly what Dan has to do. He has to basically win this lottery multiple times until he has a bigger chain.
And so the key metric here, the key things you have to look for is how much computing power Dan has versus how much computing power all the honest nodes in the system have together. And if it's the case that all the honest node, let's say we'll call as the honest computing power and when I say honest computing power, I mean, the total computing power for all of the nodes who are on this, all the Bitcoin mining nodes who were on this in the network. If that total computing power that they have access to is greater than the power that Dan has access to so Dan's computing power. Then the Bitcoin system will be safe because it'll be hard for Dan to be able to create this fraudulent transaction chain because he won't be able to outrun the honest people. The honest people will win the lottery more frequently and they'll create a longer chain and Dan's attempt is going to be very much an uphill battle.
Now, it's theoretically possible that Dan could have access to a lot of computing power maybe he's very wealthy or he has a lot of resources but he'll really need a lot to be able to do that more than everyone else who's legitimate combined. So that's one aspect of why the transaction block chain is secure because it's unlikely for any one individual to have access to just that much computing power. And here I should point out that there is also another aspect to the security of Bitcoin. If Dan has access to that kind of computing power to solve these proof of work puzzles then rather than trying to fight this uphill battle of forking the transaction block chain and creating fake transactions and so on Dan is probably much better off just using that computing power he has for legitimate Bitcoin mining himself. You might remember that Bitcoin miners who solve proof of work puzzles get both a reward for succeeding, they get some number of Bitcoins and they also get a transaction fee for all the transactions in the block that they validated.
So there's economic incentive for Dan to behave honestly and so maybe I should just recap in closing the video that the security of Bitcoin transactions comes from, first of all, this mathematical barrier that makes it hard for Dan to fork the transaction block chain in a dishonest way as well as an economic incentive for Dan to just act honestly and mine Bitcoins for himself.
So let's suppose that there is someone out there named Dan and Dan wants to order a pizza, maybe a cheese pizza from Pete's Pizza Shop. And let's say the Pete's Pizza Shop accepts Bitcoins as payment and that it costs one Bitcoin for a pizza pie. And imagine that Dan received previously, let's say, he received five Bitcoins from his cousin Carol and maybe Carol and were going to leave it like C gave to Dan five Bitcoins which you can label as a B with the circle around it. And that he wants to use one of these five Bitcoins to buy a pizza from Pete. And so what Dan's Bitcoin client will do with is it will create a transaction record that includes information about how Dan got these Bitcoins. And in this case, it includes information about this transaction between Carol who we've marked by C and Dan for five Bitcoins. Then it specifies that Dan wants to give one of these Bitcoins to Pete we we'll label Pete by a P. And also that Dan is going to take the remaining four Bitcoins and that way we basically change to himself. And the way that Bitcoin is built is that you have to actually specify the change because you need to have a way, whatever goes into the Bitcoin system has to kind of come out at the other end and so you can't have a transaction with the numbers that won't add up and so whatever is remaining is either change or part of it can be used as a transaction fee and so on, but for this example to keep things simple I'll assume that there is no transaction fee in place. The transaction fee is just zero and we'll focus only on the situation in which everything is being accounted for in the transaction.
Now, this transaction record is going to be broadcast out to the entire Bitcoin world. And so in particular, Pete is going to receive a copy of this transaction but in addition to Pete receiving it so too will the other people on the Bitcoin system and if you recall there are the special nodes, the special entities or people in Bitcoin that are known as Bitcoin miners. And these Bitcoin miners are going to be responsible for making sure that everything checks out in the transaction from a global perspective. What they do is they look at the full record of transactions and this transaction record is public. It's known as the transaction block chain and I've kind of put a description of the transaction block chain right here.
And this transaction block chain contained the history of every single, the transactions ever occurred within the Bitcoin system from the beginning of time, the time of the first block which is known in Bitcoin as the genesis block, okay. And everybody can verify that the details of any transaction if they want to because that information is public and in particular what these Bitcoin miners will look at is they'll look at whether or not Dan previously received five Bitcoins from anybody else, and in this particular case it was his cousin Carol, whether or not Dan is trying to spend those Bitcoins previously and so on and so forth.
And these Bitcoin miners are all collectively trying to take all these recent transactions that haven't yet been recorded. That includes not only the transaction between Dan and Pete, but there may be other transactions floating out there that took place around the same time and the Bitcoin miners will basically look at all these different transactions at once and they're going to basically try to figure out how to form a transaction block out of these transactions and they want to add this transaction block to the end of the current transaction block chain.
Now, if you might recall from previous videos that for a Bitcoin miner to add a transaction block to a transaction block chain, they have to solve what's known as a proof of work puzzle. And the Bitcoin system is designed or maybe calibrated as a better word so that on average one miner will solve a puzzle in about 10 minutes. Now, I think it's actually worth stressing here that it could take a long time for any one individual miner to solve the puzzle and it could even take maybe a year or even two years. But because there are so many of these miners working at the same time, one of them is bound to get lucky and solve the puzzle quickly.
Now, each puzzle in the proof of work, each of these proof of work puzzles that is associated with a transaction block happens to have a difficulty score associated with it. And this difficulty basically represents how hard it was to solve that proof of work puzzle. And so imagine that there are some numbers and we'll call these numbers, let's say that, we'll call them D sub n for the most recent difficulty score, they'll be D sub n minus one. These are just numbers that somehow represent how hard it was to solve this proof of work and when you look at it overall chain what the Bitcoin system is interested in, is it's interested in how hard was it to construct that entire chain. And the reason it's important for someone to understand how hard the entire chain was constructed is because this overall score for this chain, this difficulty score for the chain is what's used by Peter by other people who are receiving Bitcoins to figure out whether or not they trust that transaction. The more work that went into the overall chain, the more trust they'll have in that transaction.
And the reason for that is that the way Bitcoin works is that if there was ever more than one transaction block chain out there, let's say, there was a bad user out there or maybe somebody didn't receive a particular message in time or whatever reason if there's somehow more than one transaction block chain out there. According to the Bitcoin protocol, everyone is just supposed to work off of the chain that had the most work put into it so we ignore chains that are, that have a lot less work and only consider the chain that had the most work put into it. And in the Bitcoin system, that particular chain is often referred to as the longest, the longest chain in the system. And this is actually kind of a confusing piece of terminology because by longest here we don't mean that this chain is long in any physical sense, we really just mean and I'm going to put three equal bars to kind of say what it means. By the longest chain we mean the chain that has the most work and the way that the work is defined is that you look at all these different difficulty scores and these are difficulty numbers and you add them up and that gives you a difficulty score for the entire chain and now we're going to be interested in the chain that had the most work put into it and we call that the longest chain.
Now, let's imagine that Dan is dishonest and that after he eats the pizza, let's say Pete's convinced and he gets his Bitcoin from Dan, he waits a bit, he sees that there is a long chain out there that contains the transaction, he sends the pizza over to Dan. Dan eats the pizza and then decide that he doesn't want to behave honestly and he wants to somehow cheat Pete or he wants to defraud the system. And the way that Dan is going to try to defraud the system is by attempting to create another transaction in which he assigns the five Bitcoins he got from Carol to somebody else. And it could be, we're going to, let's call this person Fred. And let's say Fred is basically, you know, Fred could be Dan's alter ego, it could be a friend of Dan's, it doesn't matter who Fred is because we know that Fred isn't the rightful owner of these Bitcoins but what Dan is going to try to do is he's going to try to take those five Bitcoins that he got from Carol and he's going to now try to take those five Bitcoins and assign them over to Fred.
And we know that this is something that we don't want to allow because that would mean that somehow Dan was able to spend these five Bitcoins twice over, he's effectively double spent those Bitcoins and obviously one of these transactions should be considered fraudulent and the other one should be allowed to go through. Now, it's important to keep in mind that if Dan just tried to spend the same coins again without trying to cover his tracks or anything of that nature that everybody out there would know that Dan is up to no good because they can see from the existing longest transaction block chain namely this existing chain from the beginning they can see that hey Dan already spent these coins before he shouldn't be allowed to spend these coins again.
And so what Dan has to do is actually on his own he has to create a different transaction block chain that contains just the second bogus transaction in it. And this would be the transaction to Fred and that would leave out the other transaction to Pete. And hope that everybody else will start to accept or believe this newer chain. And remember that since everyone in Bitcoin ultimately goes with the transaction block chain that contains the most work namely this longest chain that we talked about. Dan has a fighting chance, he has a hope potentially of being able to pull off this type of a fraudulent scheme and the real question now is how likely is it for Dan to succeed. So for Dan to be able to pull this off he has to start off with the transaction block chain that exists previously and he has to try to add to that transaction block chain a different transaction. So rather than having this previous transaction where he gave money to Pete, he's going to try to create a new transaction and added to the transaction block chain that contains this other fraudulent transaction between Dan and his friend Fred, okay. So this is going to be the bad transaction between Dan and Fred will be in this new block.
And in Bitcoin lingo, this idea is known as a fork in the chain. And all we mean by a fork is that somehow there is more than one version of history, somebody's tried to rewrite their tracks or to cover their tracks and to revise history the way we know it. And what that really means is there's now somehow more than one version of what happened out there. So in this example, one branch in this fork is legitimate and the other branch is bogus and the legitimate branch was the one in our minds were Dan paid his friend Peter, this vendor Pete for a pizza and the bogus one is this follow one transaction where Dan attempted to pay his friend Fred with those same exact Bitcoins. But now remember that any transaction block that's added to the transaction block chain has to contain within it a proof of work puzzle or solution rather to a proof of work puzzle, otherwise no one will accept the chain.
And so if Dan wants to cheat the system he has to secretly solve a new proof of work puzzle himself but the challenge for Dan is that he's starting off at a bit of a handicap because there's already this longer chain out there that people have started accepting and keep in mind that because this chain is out there other nodes may have started to build on top of this chain every ten minutes, somebody is adding to this chain, on average and so there's this longer transaction block chain out there and Dan wants to create his own fake chain and so he has to create a chain in order for that chain to be believable, it has to now be the longest chain out there and he has to basically do all these proofs of works to create a chain that is longer.
And to come up with this longer chain on his own Dan has to outrun the existing proof of work chain and that means he has to solve not just typically one proof of work puzzle but he may need to solve several proof of work puzzles to create another chain that he hopes will be longer than the chain that's out there. And if you can get the longest chain and he can get people to start using that chain instead and that's a chain that he might want people to use because it contains this fake transaction but it removes the previous transaction where he gave money to Pete. And to solve a proof of work, Dan has to basically take whatever computing power he has access to and he has to start working on solving the proof of work puzzle. And there were no known shortcuts for solving these puzzles, if you recall from any of the proof of work videos to succeed in a proof of work is kind of like winning a lottery.
There are ways to do it but it really depends on how much computing power you have. The more computing power you have access to, the more lottery tickets you have and if somebody has even more lottery ticket they do have a chance to win the lottery, but they are far less likely to succeed compared to somebody who has a lot of lottery tickets in hand. And even if you succeed once in winning the lottery with a small number of tickets the likelihood of repeating that feat over and over again several times in a row becomes much smaller, but that's exactly what Dan has to do. He has to basically win this lottery multiple times until he has a bigger chain.
And so the key metric here, the key things you have to look for is how much computing power Dan has versus how much computing power all the honest nodes in the system have together. And if it's the case that all the honest node, let's say we'll call as the honest computing power and when I say honest computing power, I mean, the total computing power for all of the nodes who are on this, all the Bitcoin mining nodes who were on this in the network. If that total computing power that they have access to is greater than the power that Dan has access to so Dan's computing power. Then the Bitcoin system will be safe because it'll be hard for Dan to be able to create this fraudulent transaction chain because he won't be able to outrun the honest people. The honest people will win the lottery more frequently and they'll create a longer chain and Dan's attempt is going to be very much an uphill battle.
Now, it's theoretically possible that Dan could have access to a lot of computing power maybe he's very wealthy or he has a lot of resources but he'll really need a lot to be able to do that more than everyone else who's legitimate combined. So that's one aspect of why the transaction block chain is secure because it's unlikely for any one individual to have access to just that much computing power. And here I should point out that there is also another aspect to the security of Bitcoin. If Dan has access to that kind of computing power to solve these proof of work puzzles then rather than trying to fight this uphill battle of forking the transaction block chain and creating fake transactions and so on Dan is probably much better off just using that computing power he has for legitimate Bitcoin mining himself. You might remember that Bitcoin miners who solve proof of work puzzles get both a reward for succeeding, they get some number of Bitcoins and they also get a transaction fee for all the transactions in the block that they validated.
So there's economic incentive for Dan to behave honestly and so maybe I should just recap in closing the video that the security of Bitcoin transactions comes from, first of all, this mathematical barrier that makes it hard for Dan to fork the transaction block chain in a dishonest way as well as an economic incentive for Dan to just act honestly and mine Bitcoins for himself.
Written by Zulfikar Ramzan on May 10, 2013.