Video - How Bitcoin Works Under the Hood
This video explains how Bitcoin works in technical manner. It also elaborates the importance of Blockchain technology in the process of fund transfer and generating digital currency. The video also shows how the distribution of rewards being disseminated like an act of lottery.
TRANSCRIPT
The goal of this video is to explain how Bitcoin works under the hood. To give a clear idea of what it really means to own cent or mind Bitcoins. First a brief high- level overview of what Bitcoin is. At its core because it is just a digital file that list accounts and money like a ledger. A copy of this file is maintained on every computer in the Bitcoin network. These numbers don't represent anything in the physical world. They only have value because people are willing to trade real goods and services for a higher number next to their account and believe others will do the same. The numbers only have value because we believe they have value just like any other via currency.
To send money, you broadcast to the network that the amount on your account should go down and the amount on our receivers account up. Nodes or computers in the Bitcoin network apply that transaction to their copy of the ledger and then pass on the transaction to other nodes. This with some math based security is really all there is. A system that lets a group of computers maintain a ledger. Well this may sound similar to the way a bank maintains a ledger. The fact that the ledger is maintained by a group rather than a single entity introduces a number of important differences. For one, unlike a bank where you only know about your own transactions in Bitcoins everyone knows about everyone else's transactions.
Also, well, you can trust your bank or you can only sue it if something goes wrong. In Bitcoin, you're dealing with anonymous strangers so you shouldn't trust anyone. The Bitcoin system is amazingly designed so that no trust is needed. Special mathematical functions protect every aspect of the system. The rest of this video will explain in detail how the coin allows such a group of strangers to manage each other's financial transactions.
At a basic level for Alice to send money to Bob. She simply broadcast a message with the accounts in the amount. Send five Bitcoins from Alice to Bob. Every node that receives it will update their copy of the ledger and then pass along the transaction message. But how can nodes be sure that the request is authentic? That only the rightful owner has sent the message. Bitcoin rules require a kind of password to unlock and spend funds. And this password is what's called a digital signature. Like a real handwritten signature, it proves the authenticity of a message but it does so through a mathematical algorithm that prevents copying or forgery in the digital realm.
Unlike a simple static password. a completely different digital signature is required for every transaction. Keep in mind that in Bitcoin you're dealing with complete strangers. So, you never want to reveal a password that could be copied and reused by someone else. A digital signature works by utilizing two different but connected keys. A private key to create a signature and a public key that others can use to check it. You can think of the private key as the true password and the signature as an intermediary that proves you have the password without requiring you to reveal it. Public keys are actually the send-to addresses in Bitcoin. So, when you send someone money you're really sending it to their public key.
To spend money, you must prove that you are the true owner of a public key address where money was sent. And you do that by generating a digital signature from a transaction message and your private key. Other nodes in the network can use that signature in a different function to verify that it corresponds with your public key. Through the math behind the digital signature they are able to verify that the sender owned a private key without actually seeing the private key.
Importantly, because the signature depends on the message it will be different for every transaction and therefore can't be reused by someone for a different transaction. This dependence on the message also means that no one can modify the message while passing it along the network. As any changes to the message would invalidate the signature. The math behind this is fairly complex and while I won't try to explain it fully now here are some topics you can google to get started. Elliptic curve tittle signature algorithm and mathematical trapdoor. More at the end of the video.
So far, we know that digital signatures are used to ensure a transaction as authorized but I've oversimplified how nodes in the network keep track of account balances. In fact, no records of account balances are kept at all. If you don't keep track of how much money any given person has. How do you know if they have enough to send to someone else? Instead of balances ownership of funds is verified through links to previous transactions. Here's how this works. To send five Bitcoins to Bob, Alice must reference other transactions where she received five or more Bitcoins. These reference transactions are called inputs. Other nodes verifying this transaction will check those inputs to make sure Alice was in fact the recipient. And also, that the inputs add up to five or more Bitcoins.
Let's look at a real transaction to see this in practice. This transaction references six inputs for a total of 139.6 Bitcoins. In the output section, notice that there are two lines. The first one of these is actually going back to the sender as change for the transaction. A simple fine rule state's that each input must be used up completely in a transaction. So, if you're trying to send an amount that doesn't exactly match one of your inputs. You need to send any remaining amount back to yourself. Through these reference input linkages, ownership of Bitcoins is passed along in a kind of chain where the validity of each transaction is dependent on previous transactions.
But how can you trust those previous transactions? You can't. And you should check their inputs too. In fact, when you first install Bitcoin Wallet Software it downloads every transaction ever made and checks each one's validity all the way back to the very first transaction. Remember you're dealing with complete strangers. So, it's important to verify every transaction for yourself. This process can take over twenty-four hours but it only needs to be done once. Once a transaction has been used once. It is considered spent and cannot be used again. Otherwise someone could double spend an input by referencing it in multiple transactions. When verifying a transaction in addition to the other checks nodes also make sure the inputs haven't already been spent.
To be explicit, for each input nodes check every other transaction ever made to make sure that input hasn't already been used before. Well this may seem time consuming as there are now over 20 million transactions. It's made fast with an index of unspent transactions. So, instead of a ledger of balances Bitcoin nodes keep track of a giant list of transactions. Owning Bitcoins means that there are transactions on this list that point to your name and have been spent or in other words used as inputs and other transactions. One interesting consequence of this ownership structure is that figuring out your own balance requires iterating through every transaction ever made and adding up all your unspent inputs.
Another interesting node about transactions is that the system can support more complex ones than simply sending funds to one person. You may have noticed a cryptic looking line of text in the output shown previously. It turns out that outputs are more like puzzles to be solved rather than simple to addresses. Rather than emailing, sending money in Bitcoin is more like putting money in a public locker and attaching a math puzzle that must be solved to open it. The puzzles define using a special scripting language. And while it's typically designed so that only a single owner of a public key can solve it. More complex conditions are possible. For instance, two out of three signatures could be required for an escrow based transaction.
Another example is the very first Bitcoin transaction ever made which was a puzzle that anyone could solve. Well most Bitcoin software hides the scripting layer for you. You're free to write your own software and claim conditions. Although this can be risky. Over twenty-six hundred Bitcoins were lost in one batch of transactions due to a malformed address. This highlights an important part of Bitcoin. As there is no bank or credit card company you can appeal to any user error mistakes can result in permanent loss at Bitcoins. And not just from your own account but from the Bitcoin economy overall. If you lose your private key, any funds associated with the corresponding public key will be gone forever. Because people will likely lose private keys due to the hard drive crashes in insufficient backups. This means the Bitcoins currency will eventually be a deflationary one.
Before explaining the final piece that secures Bitcoin mining. I want to highlight a few points about anonymity in Bitcoin. If you access Bitcoin through a tour network that hides your IP address. You can use Bitcoin without ever revealing anything more than your public key. And to avoid someone linking your transactions together remember they're all publicly stored on every computer. You can generate a new public key for every incoming transaction. It is possible however to inadvertently link public keys together. In the transaction shown earlier, six input transactions were used as sources and despite the fact that all those inputs were sent to different addresses they all became linked in that transaction. The sender proved that he owned all of those addresses by supplying the digital signature to unlock each one.
Researchers have in fact used these links to study Bitcoin user behavior. You might think that generating a public key receiving address could potentially create a link to your true identity. But even this step is anonymous and amazingly can be done with no connection to the network. You simply click a button in your wallet software and it randomly generates a new private in public key. Because there are so many different possible addresses. There's no reason to even check if someone else already has that key. Compare this to sending out for an e-mail address where almost everything you might try has been taken. In fact, if you did get someone else's key you would have access to all their money. This is the total number of possible Bitcoin addresses. These large numbers protect the Bitcoin system in several ways. So, it's useful to try to appreciate just how big they are. Some estimates for the number of grains of sand in the entire world are around seven and a half million trillion. Now imagine that every grain of sand represented an entire other earth of additional grains in there still much smaller than the possible number of Bitcoin addresses.
Let's recap Bitcoin security so far. By verifying the digital signature, we know that only the true owner could have created the transaction message. And to make sure the sender actually has money to spend. We also check each referenced input making sure it is unspent. But there is still one large security hole in the system that can make this unspent check unreliable. And this has to do with the order of transactions.
Considering that transactions are passed node by node through the network. There is no guarantee that the order in which you receive them represents the order in which they were created. And you shouldn't trust a timestamp because someone could easily lie about the time a transaction was created. Therefore, you have no way to tell whether one transaction came before another and this opens up the potential for fraud. A malicious user Alice, could send a transaction giving money to Bob. Wait for Bob to ship a product and then send another transaction referencing that same input back to herself. Because of differences in propagation times, some nodes on the network would receive the second double spending transaction before the one to Bob. And when Bob's transaction arrived they would consider it invalid because it's trying to reuse an input.
So, Bob would be out both his ship product and his money. Overall there would be disagreement across the network about whether Bob or Alice had the money because there is no way to prove which transaction came first. In light of this, there needs to be a way for the entire network to agree about the order of transactions which is very much a daunting challenge in a decentralized system. Bitcoins solution is a clever way to both determine and safeguard the ordering through a kind of mathematical race.
The Bitcoin system orders transactions by placing them in groups called blocks. And linking those blocks together in something called the Block Chain. Note that this is different from the transaction chain we discussed earlier. The block chain is used to order transactions whereas the transaction chain keeps track of how ownership changes. Each block has a reference to the previous block. And this is what place is one block after another in time. You can traverse the references backwards all the way to the very first group of transactions ever made. Transactions in the same block are considered to have happened at the same time. And transactions not yet in a block are called Unconfirmed or Unordered.
Any node can collect a set of unconfirmed transactions into a block and broadcast it to the rest of the network as a suggestion for what the next block in the chain should be. Because multiple people could create blocks at the same time. There could be several options to choose from. So, how does the network decide what should be next. We can't rely on the order that blocks arrive because as explained with transactions above. They may arrive in different orders at different points in the network. Part of Bitcoin solution is that each a valid block must contain the answer to a very special mathematical problem. Computers run the entire text of a block plus an additional random guess through something called a cryptographic Hash until the output is below a certain value. A hash function creates a short digest from any arbitrary length of text.
In our case, the result is a 32-byte number. Here are some examples of the specific hash function Bitcoin uses. SHA 256, now how much the output changes in result of a single extra period at the end of the third example. The output is completely unpredictable. So, the only way to find a particular output value is to make random guesses. It's very much like guessing the combination to a lock. You might get lucky on your first guess but on average it takes many guesses. In fact, in Bitcoin, it would take a typical computer several years of guessing to solve a block with every computer in the entire network all guessing numbers. It takes about ten minutes on average for someone to find a solution. The first person to solve a math problem broadcast their block and gets to have their group of transactions accepted as the next in the chain. The randomness in the math problem effectively spreads out when people find a solution making it unlikely that two people will solve it at the same time. Occasionally however more than one block will be solved at the same time leading to several possible branches.
In this case you simply build on top of the first one you received. Others may have received the blocks in a different order and will be building on the block they first received. The tie gets broken when someone solves the next block. The general rule is that you always immediately switch to the longest branch available. The math makes it rare for blocks to be solved at the same time. And even more rare for this to happen multiple times in a row. The end result is that, the block chain quickly stabilizes. Meaning that everyone is in agreement about the order of blocks a few back from the end of the chain. The fact that there is some ambiguity in the end of the chain has some important implications for transaction security. For instance, if your transaction finds itself in one of the shorter branches. It will lose its place in line within the block chain. Typically, this just means it will go back to the pool of unconfirmed transactions and be included in a later block. Unfortunately, this potential for transactions to lose their place opens the door to the very double spend attack that was our original motivation for an ordering system.
Let's look at how a double spend attack would work in the system described so far. A fraudster Alice, sends money to Bob. Bob then waits for the transaction to get confirmed into the block chain and then ships a product. Now because nodes always switched to a longer branch. If Alice can generate a longer branch that replaces the transaction to Bob with one to someone else his money will effectively get a raised. Bob's transaction will initially get tossed back into the unconfirmed pool. But since Alice has replaced it with another transaction that uses that same input. Nodes will not consider Bob's transaction invalid because it's referencing an already spent input.
So, how does the ordering system prevent Alice from defrauding Bob? You might think that Alice could precompute a chain of blocks to spring on the network at just the right time. But the math puzzles in each block actually prevent this. We need to look a little deeper into the cryptographic hash explained earlier to fully understand why. As mentioned previously, solving a block involves trying to get the cryptographic hash of the block to be below a certain value and you do that by trying different random numbers at the end of the block. Once solved, hash output is like a fingerprint that uniquely identifies that block. If even a single character in the block is changed. The blocks hash would be completely different.
Just like we saw before when an additional period was added. The hash output or fingerprint is actually what's used as the previous block reference. One result of this is that there is no way to switch out a block in the middle of the chain. Because the hash value for the new block would be different and the next blocks reference would no longer point to it. And certainly, but even more importantly, a block cannot be solved before the previous block is solved. The previous block reference is part of the text that goes through the hash function. So, any changes to it would require resolving.
Getting back to Alice, this is why she can't pre-computer a branch. She can only start solving blocks once the block she wants to build on is solved and its hash value is known. She is therefore in a race with the rest of the network until Bob ships a product which is when she wants to present a longer branch. One last question is whether Alice might be able to outpace everyone if she had an extremely fast computer or perhaps a room full of computers. But even with thousands of computers she would be unlikely to win the race to solve a block. Because she isn't racing any one computer but rather the entire network. You can think of it like a lottery. She can operate thousands of computers work equivalently buy thousands of lottery tickets. But even then, it's much more likely that someone else would win.
She would need control of half the total computing power in the entire network to have a 50% chance of solving a block before someone else. And much more to have a high probability of winning several blocks in a row faster. So, transactions in the block chain are protected by a mathematical race. One that pitch in attacker against the entire rest of the network. A consequence of blocks building on top of each other is that transactions further back in the chain are more secure. An attacker would have to outpace the network for a longer amount of time to carry out a double spend attack replacing a block further back in the chain. So, the system is only vulnerable to a double spend attack near the end of the chain. Which is why it's recommended to wait several blocks before considering receive money final.
One last comment on the block chain before explaining the final pieces of the Bitcoin system. Amazingly, nothing describes so far requires any trust. When you receive information from strangers in the Bitcoin network you can check for yourself that block solutions are correct. And because the math problems are so hard you know that there is no way any attacker could have generated them on their own. The solutions are proof that the computing power of the entire network was brought to bear. Now that we've discussed how money is transferred through digital signatures and transaction chains. And how the order of those transactions is protected in the block chain. Let's go over the final piece where Bitcoins come from? To send money, you must reference a previous transaction where you are the recipient. But how do coins get into the ownership chain in the first place? As a way to slowly and randomly generate and distribute coins, a reward is given to whoever solves a block. This is why solving blocks is called mining. Although it's real purpose is to verify transactions in safeguard the block chain. Every four years, the block reward is cut in half. So, eventually no more coins will be released. About 21 million in total will be created. Bear in mind that, you can send down to one-one hundred millionth of a Bitcoin.
So, the total number available will likely not limit the currencies usability. Once the block reward sees what incentive will miners have to process transactions. In addition to the block reward miners also get any transaction fees that can optionally be included with transactions. Right now miners will include transactions with no fees into blocks because their main incentive is the block reward. But in the future transactions will likely be processed in order of the fees attached. And once without fees will likely be ignored. So, sending money in Bitcoin will probably not be free but will hopefully still be cheaper than current credit card fees. As mentioned before on average it would take several years for a typical computer to solve a block. So, an individual's chance of ever solving one before the rest of the network which typically takes ten minutes is very low.
To receive a steadier stream of income many people join groups called mining pools that collectively work to solve blocks and distribute rewards based on work contributed. These acts somewhat like lottery pools among coworkers except that some of these pools are quite large and comprise more than 20% of all the computers in the network. The fact that some of these pools are so large has some important implications about security. As mentioned before, it's very unlikely for an attacker to solve several blocks in a row faster than the rest of the network. But it is possible and the probability increases as the attackers processing power gains in proportion to the rest of the network.
In fact, one of these money pools BTC Guild has solved six blocks in a row by itself. And has voluntarily limited its members to ward off distrust in the entire Bitcoin network. Even a substantial computing power. The further back in the block chain a transaction gets. The harder it would be for an attacker to change it. The current recommendation is to wait for a transaction to make it into at least one block or get one confirmation before considering it final. And for larger transactions wait for at least six blocks. In light of BTC Guild's ability to solve six blocks in a row. You might want to wait even longer. By design, each block takes about ten minutes to solve. So, waiting for six blocks would take about an hour. Compared to the several seconds a credit card transaction takes waiting this long for a confirmation may seem burdensome. But keep in mind that credit card customers can claim a stolen card months later to have charges reversed from merchants called charge backs.
So, Bitcoin is actually much faster for merchant's perspective. The particular choice of ten minutes was somewhat arbitrary. But extremely short times could lead to instability and longer ones would delay confirmations. As more computers during the network and specialized hardware is designed specifically for mining. The block solution time would get very small. To compensate, every two weeks. All the Bitcoins software recalibrates the difficulty of the math problem to target ten minutes. For comparison, a similar digital currency called litecoin has been able to operate with a two-and-a-half-minute block time.
In summary, Bitcoin is a mathematically protected digital currency that is maintained by a network of peers. Digital signatures authorized individual transactions. Ownership is passed via transaction chains and the ordering of those transactions is protected in the block chain. By requiring difficult math problems to be solved with each block. Would be attackers or pitted against the entire rest of the network in a computational race they are unlikely to win. Bitcoin promises many interesting ideas such as insulation from government meddling in annuity and potentially lower transaction fees. It also has many challenges as it is currently very difficult to exchange Bitcoins for other currencies. And it has been cited as a haven for illegal activity in tax evasion so governments may try to ban it. Also, the mathematical race that protects the block chain uses a substantial amount of electricity. If you'd like to view a written version of this video. You can find one on my personal blog, imponderablethings.com. The blog also has some additional explanations of the math behind the digital signatures and cryptographic hashes that underlie the system.