Updated a month ago
This paper is a technical introduction to the Bitcoin electronic specie system. It presents the vormgeving principles of transactions and blockchain. It is based on the Satoshi Nakamoto&apos,s paper and the Wiki webpagina of the Bitcoin community.
This article is written spil a kleuter of tutorial, to go further, wij recommend a more formalized article by Krzysztof Okupski: Bitcoin Developer Reference.
- February 7, 2017: Very first publication spil a draft
- February 11, 2017: Very first publication
- February Legal, 2017: Text review
- February 26, 2017: 2nd publication
- March 6, 2017: Bitcoin address section review
- April 9, 2017: Extra code snippets for target and difficulty index te section The Blocks
- November 1, 2017: Minor switches
If you clicked the button above, then you are presently mining bitcoin, the math-based digital currency that recently topped $1,000 on exchanges. Congratulations. (It won&rsquo,t do anything bad to your laptop, wij promise.)
Fresh bitcoins are created toughly every Ten minutes te batches of 25 coins, with each coin worth around $730 at current rates. Your laptop&mdash,te collaboration with those of everyone else reading this postbode who clicked the button above&mdash,is racing thousands of others to unlock and optie the next batch.
For spil long spil that toonbank above keeps climbing, your rekentuig will keep running a bitcoin mining script and attempting to get a chunk of the activity. (But don&rsquo,t worry: It&rsquo,s designed to shut off after Ten minutes if you are on a phone or a tablet, so your battery doesn&rsquo,t drain).
So what is that script doing, exactly?
Let&rsquo,s embark with what it&rsquo,s not doing. Your rekentuig is not blasting through the cavernous innards of the internet te search of digital ore that can be fashioned into bitcoin bullion. There is no ore, and bitcoin mining doesn&rsquo,t involve extracting or smelting anything. It&rsquo,s called mining only because the people who do it are the ones who get fresh bitcoins, and because bitcoin is a finite resource liberated te petite amounts overheen time, like gold, or anything else that is mined. (The size of each batch of coins drops by half toughly every four years, and around 2140, it will be cut to zero, capping the total number of bitcoins ter circulation at 21 million.) But the analogy completes there.
What bitcoin miners actually do could be better described spil competitive bookkeeping. Miners build and maintain a gigantic public ledger containing a record of every bitcoin transaction te history. Every time somebody wants to send bitcoins to somebody else, the transfer has to be validated by miners: They check the ledger to make sure the sender isn&rsquo,t transferring money she doesn&rsquo,t have. If the transfer checks out, miners add it to the ledger. Ultimately, to protect that ledger from getting hacked, miners seal it behind layers and layers of computational work&mdash,too much for a would-be fraudster to possibly finish.
And for this service, they are rewarded ter bitcoins.
Or rather, some miners are rewarded. Miners are all contesting with each other to be very first to approve a fresh batch of transactions and finish the computational work required to seal those transactions ter the ledger. With each fresh batch, winner takes all.
It&rsquo,s the computational work that truly takes time, and that&rsquo,s mostly what your rekentuig is doing right now. It&rsquo,s attempting to solve a zuigeling of cryptographic problem that involves guessing and checking billions of times until it finds an response.
If this all seems pretty heady, that&rsquo,s because mining is an elaborate solution to a raunchy problem that plagues every currency&mdash,dual spending.
Dual spending and a public ledger
Spil the name implies, dual spending is when somebody spends money more than once. It&rsquo,s a risk with any currency. Traditional currencies avoid it through a combination of hard-to-mimic physical specie and trusted third parties&mdash,banks, credit-card providers, and services like PayPal&mdash,that process transactions and update account balances accordingly.
But bitcoin is totally digital, and it has no third parties. The idea of an overseeing figure runs fully tegenstoot to its ethos. So if you tell mij you have 25 bitcoins, how do I know you&rsquo,re telling the truth? The solution is that public ledger with records of all transactions, known spil the block chain. (Wij&rsquo,ll get to why it&rsquo,s called that shortly.) If all of your bitcoins can be traced back to when they were created, you can&rsquo,t get away with lounging about how many you have.
So every time somebody transfers bitcoins to somebody else, miners raadpleging the ledger to make sure the sender isn&rsquo,t double-spending. If she indeed has the right to send that money, the transfer gets approved and entered into the ledger. Plain, right?
Well, not truly. Using a public ledger comes with some problems. The very first is privacy. How can you make every bitcoin exchange downright semi-transparent while keeping all bitcoin users totally anonymous? The 2nd is security. If the ledger is totally public, how do you prevent people from fudging it for their own build up?
There is no such thing spil a bitcoin account
Bitcoin&rsquo,s ledger deals with the privacy kwestie through a bit of accounting trickery. The ledger only keeps track of bitcoin transfers, not account balances. Te a very real sense, there is no such thing spil a bitcoin account. And that keeps users anonymous.
Here&rsquo,s how it works: Say Alice wants to transfer one bitcoin to Bob. Very first Bob sets up a digital address for Alice to send the money to, along with a key permitting him to access the money once it&rsquo,s there. It works sort-of like an email account and password, except that Bob sets up a fresh address and key for every incoming transaction (he doesn&rsquo,t have to do this, but it&rsquo,s very recommended).
When Alice clicks a button to send the money to Bob, the transfer is encoded ter a chunk of text that includes the amount and Bob&rsquo,s address. Here&rsquo,s what that text actually look like:
And here&rsquo,s a more digestible diagram of it:
That transaction record is sent to every bitcoin miner&mdash,i.e., every laptop on the internet that is running mining software&mdash,and if it&rsquo,s legit, it gets added to the ledger. Let&rsquo,s assume it goes through.
Now, say Bob wants to pay Carol one bitcoin. Carol of course sets up an address and a key. And then Bob essentially takes the bitcoin Alice talent him and uses his address and key from that transfer to sign the bitcoin overheen to Carol:
This transaction gets sent out to all of the miners, and they will check (using the reference number from Alice&rsquo,s transfer to Bob) to make sure that Bob hasn&rsquo,t already transferred that bitcoin to somebody else. No dual spending. After validating the transfer, each miner will then send a message to all of the other miners, providing hier bliss.
If Bob&rsquo,s transfer to Carol passes muster, then it, too, will be added to the ledger.
That&rsquo,s all transactions are&mdash,people signing bitcoins (or fractions of bitcoins) overheen to each other. The ledger tracks the coins, but it does not track people, at least not explicitly. Assuming Bob creates a fresh address and key for each transaction, the ledger won&rsquo,t be able to expose who he is, or which addresses are his, or how many bitcoins he has te all. It&rsquo,s just a record of money moving inbetween anonymous mitts.
There is no master document
Now for the trickier problem: keeping the ledger secure.
The very first thing that bitcoin does to secure the ledger is decentralize it. There is no big spreadsheet being stored on a server somewhere. There is no master document at all.
Instead, the ledger is violated up into blocks: discrete transaction logs that contain Ten minutes worth of bitcoin activity apiece. Every block includes a reference to the block that came before it, and you can go after the linksom backward from the most latest block to the very very first block, when bitcoin creator Satoshi Nakamoto conjured the very first bitcoins into existence.
This lineage of blocks is the block chain, and it constitutes bitcoin&rsquo,s public ledger. Every Ten minutes miners add a fresh block, growing the chain like an expanding pearl necklace.
Generally speaking, every bitcoin miner has a copy of the entire block chain on hier rekentuig. If she shuts hier laptop down and stops mining for a while, when she starts back up, hier machine will send a message to other miners requesting the blocks that were created ter hier absence. No one person or rekentuig has responsibility for thesis block chain updates, no miner has special status. The updates, like the authentication of fresh blocks, are provided by the network of bitcoin miners at large.
Proof of work
Dividing the ledger up into distributed blocks isn&rsquo,t enough on its own to protect the ledger from fraud. Bitcoin also relies on cryptography.
To add a fresh block to the chain, a miner has to finish what&rsquo,s called a cryptographic proof-of-work problem. Such problems are unlikely to solve without applying a ton of brute computing force, so if you have a solution ter mitt, it&rsquo,s proof that you&rsquo,ve done a certain quantity of computational work. The computational problem is different for every block te the chain, and it involves a particular zuigeling of algorithm called a hash function.
Like any function, a cryptographic hash function takes an input&mdash,a string of numbers and letters&mdash,and produces an output. But there are three things that set cryptographic hash functions bijzonder:
1. The output is a predetermined length, regardless of the input.
The hash function that bitcoin relies on&mdash,called SHA-256, and developed by the US National Security Agency&mdash,always produces a string that is 64 characters long. For example:
You could run your name through that hash function, or the entire King James Bible. Ter either case, you&rsquo,ll get 64 characters out the other end. And, for a given input, you&rsquo,ll always get the same output.
Two. It&rsquo,s unlikely to make a cryptographic hash function work ter switch sides.
If you have the output of a cryptographic hash function (called a hash for brief), there&rsquo,s no way of knowing what the input wasgoed. It&rsquo,s a one-way street. And that&rsquo,s what makes it cryptographic&mdash,you can use a hash function to scramble text te a way that&rsquo,s unlikely to unscramble.
Think of it like mixing paint. It&rsquo,s effortless to mix pink paint , blue paint , and grey paint . But it&rsquo,s hard to take the resulting purple and unmix it.
Trio. Switching the input even a little bit switches the output dramatically
Paint mixing is a good way to think about the one-way nature of hash functions, but it doesn&rsquo,t capture their unpredictability. If you substitute light pink paint for regular pink paint ter the example above, the result is still going to be pretty much the same purple , just a little lighter. But with hashes, a slight variation te the input results te a fully different output:
The proof-of-work problem that miners have to solve involves taking a hash of the contents of the block that they are working on&mdash,all of the transactions, some meta-data (like a timestamp), and the reference to the previous block&mdash,plus a random number called a nonce.
Their objective is to find a hash that has at least a certain number of leading zeroes. Something like this:
That constraint is what makes the problem more or less difficult. More leading zeroes means fewer possible solutions, and more time required to solve the problem. Every Two,016 blocks (harshly two weeks), that difficulty is reset. If it took miners less than Ten minutes on average to solve those Two,016 blocks, then the difficulty is automatically enlargened. If it took longer, then the difficulty is decreased.
Miners search for an acceptable hash by choosing a nonce, running the hash function, and checking. If the hash doesn&rsquo,t have the right number of leading zeroes, they switch the nonce, run the hash function, and check again.
Because of the one-way nature of hash functions, you can&rsquo,t work your way rearwards to find a nonce that fits. And because of a hash function&rsquo,s unpredictability, attempting different nonces never truly gets you closer to the right one. It&rsquo,s all a process of elimination.
When a miner is ultimately fortunate enough to find a nonce that works, and wins the block, that nonce gets appended to the end of the block, along with the resulting hash.
The entire block then gets sent out to every other miner ter the network, each of whom can then run the hash function with the winner&rsquo,s nonce, and verify that it works. If the solution is accepted by a majority of miners, the winner gets the prize, and a fresh block is began, using the previous block&rsquo,s hash spil a reference.
So how does this protect bitcoin from fraud?
Let&rsquo,s say a hacker desired to switch a transaction that happened 60 minutes, or six blocks, ago&mdash,maybe to eliminate evidence that she had spent some bitcoins, so she could spend them again. Hier very first step would be to go ter and switch the record for that transaction. Then, because she had modified the block, she would have to solve a fresh proof-of-work problem&mdash,find a fresh nonce&mdash,and do all of that computational work, all overheen again. (Again, due to the unpredictable nature of hash functions, making the slightest switch to the original block means kicking off the proof of work from scrape.) From there, she&rsquo,d have to begin building an alternative chain going forward, solving a fresh proof-of-work problem for each block until she caught up with the present.
But unless the hacker has more computing power at hier disposition than all other bitcoin miners combined, she could never catch up. She would always be at least six blocks behind, and hier alternative chain would obviously be a counterfeit.
The key is that if somebody modifies an accepted block&mdash,one that already has a proof-of-work solution pinned to the end of it&mdash,she can&rsquo,t reuse that same solution. She has to find a fresh one. And that&rsquo,s why proof of work is needed&mdash,to ensure that she can&rsquo,t just surreptitiously modify a block and thus omkoopbaar the ledger.
Mining is competitive, not cooperative
The code that makes bitcoin mining possible is downright open-source, and developed by volunteers. But the force that indeed makes the entire machine go is unspoiled capitalistic competition. Every miner right now is racing to solve the same block at the same time, but only the winner will get the prize. Te a sense, everybody else wasgoed just searing violet wand. Yet their presence ter the network is critical.
Mining&rsquo,s ultimate purpose is to prevent people from double-spending bitcoins. But it also solves another problem. It distributes fresh bitcoins te a relatively fair way&mdash,only those people who dedicate some effort to making bitcoin work get to love the coins spil they are created.
But because mining is a competitive enterprise, miners have come up with ways to build up an edge. One demonstrable way is by pooling resources.
Your machine, right now, is actually working spil part of a bitcoin mining collective that shares out the computational fountain. Your pc is not attempting to solve the block, at least not instantaneously. It is chipping away at a cryptographic problem, using the input at the top of the screen and combining it with a nonce, then taking the hash to attempt to find a solution. Solving that problem is a loterijlot lighter than solving the block itself, but doing so gets the pool closer to finding a winning nonce for the block. And the pool pays its members ter bitcoins for every one of thesis lighter problems they solve.
What are the chances you&rsquo,ll actually win?
You&rsquo,ve no doubt bot waiting very patiently to find out one thing: is there a chance you&rsquo,ll actually win some bitcoins?
Nope. Not at all. If you did find a solution, then your bounty would go to Quartz, not you. This entire time you have bot mining for us!
But the chances that you find a solution and wij profit from the computing power you&rsquo,ve contributed are essentially zero. The Quartz bitcoin mining collective just isn&rsquo,t big enough. Wij&rsquo,re not attempting to take advantage of you. Wij just wished to make the strange and ingewikkeld world of bitcoin a little lighter to understand.
Correction (Dec. Eighteen, 2013): An earlier version of this article incorrectly stated that the long pink string of numbers and letters te the interactive at the top is the target output hash your pc is attempting to find by running the mining script. Ter fact, it is one of the inputs that your rekentuig feeds into the hash function, not the output it is looking for.