|This article needs additional citations for verification. (March 2014)|
The bitcoin network is a peer-to-peer payment network that operates on a cryptographic protocol. Users send bitcoins, the units of currency, by broadcasting digitally signed messages to the network using bitcoin wallet software. Transactions are recorded into a distributed public database known as the block chain, with consensus achieved by a proof-of-work system called "mining". The block chain is distributed internationally using peer-to-peer filesharing technology similar to BitTorrent. The protocol was designed in 2008 and released in 2009 as open source software by "Satoshi Nakamoto", the pseudonym of the original developer or group of developers.
The network timestamps transactions by including them in blocks that form an ongoing chain called the block chain. Such blocks cannot be changed without redoing the work that was required to create each block since the modified block. The longest chain serves not only as proof of the sequence of events but also records that this sequence of events was verified by a majority of the bitcoin network's computing power. As long as a majority of computing power is controlled by nodes that are not cooperating to attack the network, they will generate the longest chain of records and outpace attackers.
The network itself requires minimal structure to share transactions. Messages are broadcast on a best effort basis, and nodes can leave and rejoin the network at will. Upon reconnection, a node will download and verify new blocks from other nodes to complete its local copy of the block chain.
- 1 Transactions
- 2 Timestamps
- 3 Bitcoin mining
- 4 Local system resources
- 5 Payment verification
- 6 References
A transaction is a section of data confirmed by a signature. It is sent to the bitcoin network and forms blocks. It typically contains references to preceding transactions and associates a certain number of bitcoins with one or several public keys (bitcoin addresses). It is not encrypted because there is nothing to encrypt in the bitcoin system. A block chain browser is where all transactions are combined in the form of a block chain. They can be found and verified. This is necessary to determine technical transaction parameters as well as verify the details of payments.
A bitcoin is defined by a sequence of digitally signed transactions that began with its creation as a block reward. The owner of a bitcoin transfers it to the next owner by digitally signing it over to the next owner in a bitcoin transaction, much like endorsing a traditional bank check. A payee can verify each previous transaction to verify the chain of ownership. Unlike traditional check endorsement, bitcoin transactions are irreversible, which eliminates risk of chargeback fraud.
A bitcoin is a currency object — an entity which is traded, though nothing prevents trades in fractions of, or multiple bitcoins. Bitcoins are intended to be fungible, though each has its own distinct history.
Although it would be possible to handle bitcoins individually, it would be unwieldy to make a separate transaction for every satoshi in a transfer. Transactions are therefore allowed to contain multiple inputs and outputs, and in that way bitcoins can be split and combined. Common transactions will have either a single input from a larger previous transaction or multiple inputs combining smaller amounts, and one or two outputs: one for the payment, and one returning the change, if any, back to the sender. Any difference between the total input and output amounts of a transaction is offered to miners as a transaction fee.
Transaction confirmation is needed to prevent double spending of the same money.
After a transaction is broadcast to the bitcoin network, it may be included in a block that is published to the network. When that happens it is said that the transaction has been mined at a depth of 1 block. With each subsequent block that is found, the number of blocks deep is increased by one. To be secure against double spending, a transaction should not be considered as confirmed until it is a certain number of blocks deep. This feature was introduced to protect the system from repeated spending of the same bitcoins (double-spending). Inclusion of transaction in the block happens along with the process of mining.
The classic bitcoin client will show a transaction as "unconfirmed" until the transaction is 6 blocks deep. Sites or services that accept bitcoin as payment for their products or services can set their own limits on how many blocks are needed to be found to confirm a transaction. The number six was chosen deliberately: it is based on a theory that there's low probability of wrongdoers being able to amass more than 10% of the entire network's hash rate for purposes of transaction falsification and an insignificant risk (lower than 0.1%) is acceptable. For offenders who don't possess significant computing power, 6 confirmations are an insurmountable obstacle. In turn any party having more than 10% of the network's computing power will not find it difficult to achieve 6 confirmations in a row. However to obtain such a power would require millions of dollars' worth of investment, so the risk of an attack is deemed minimal. Bitcoins that are distributed by the network for finding a block can only be used after 100 confirmations e.g. 100 discovered blocks. The classic bitcoin client won't display the coins earned for solving a block until there are 120 confirmations.
Hashes and signatures
Two consecutive SHA-256 hashes are used for transaction verification. RIPEMD-160 is used after a SHA-256 hash for bitcoin digital signatures or "addresses". A bitcoin address is the hash of an ECDSA public-key, computed as follows:
Key hash = Version concatenated with RIPEMD-160 (SHA-256 (public key)) Checksum = 1st 4 bytes of SHA-256 (SHA-256 (Key hash)) Bitcoin address = Base58Encode (Key hash concatenated with Checksum)
A bitcoin address is an identifier (account number), starting with 1 or 3 and containing 27-34 alphanumeric Latin characters (except 0, O, I, l). An address can be also represented as a QR-code, is anonymous, and does not contain information about the owner. It can be obtained for free, using, for example, bitcoin software.
The ability to transact bitcoins without the assistance of a central registry is facilitated in part by the availability of a virtually unlimited supply of unique addresses which can be generated and disposed of at will. The balance of funds at a particular bitcoin address can be ascertained by looking up the transactions to and from that address in the block chain. All valid transfers of bitcoins from an address are digitally signed using the private keys associated with it.
A private key in the context of bitcoin is a secret number that allows bitcoins to be spent. Every bitcoin address has a matching private key, which is usually saved in the wallet file of the person who owns the balance but can be also stored using other means and methods. The private key is mathematically related to the bitcoin address, and is designed so that the bitcoin address can be calculated from the private key but, importantly, the private key cannot be derived from the bitcoin address.
Bitcoin users manage their bitcoin addresses by using a digital wallet. Wallets let users send bitcoins, request payment, calculate the total balance of addresses in use, generate new addresses as needed. Many wallets include precautions to keep the private keys secret, for example by encrypting the wallet data with a password or by requiring two-factor authenticated logins.
Bitcoin wallets provide the following functionality:
- Storage of bitcoin addresses and corresponding public/private keys on user's computer in a wallet.dat file
- Conducting transactions of obtaining and transferring bitcoins (BTC), also without connection to the Internet
- Provide information about the balance in BTC at all available addresses, prior transactions, spare keys
Bitcoin wallets have been implemented as stand-alone software applications, web applications, and even printed documents or memorized passphrases.
Software that directly connects to the peer-to-peer bitcoin network includes bitcoind and Bitcoin-Qt, the bitcoind GUI counterpart available for Linux, Windows, and Mac OS X. Other less resource intensive bitcoin wallets have been developed, including mobile apps for iOS and Android devices that display and scan QR codes to simplify transactions between buyers and sellers. Theoretically, the services typically provided by an application on a general purpose computer could be built into a stand-alone hardware device, and several projects aim to bring such a device to market.
Many bitcoin websites provide addresses associated with an online account to hold bitcoin funds on the user's behalf, similar in ways to bank accounts. Other sites function primarily as real-time markets, facilitating the sale and purchase of bitcoins with other currencies such as US dollars or euros. Users of this kind of wallet are not obliged to download all blocks of the bitcoin block chain, and can manage one wallet with any device, regardless of location. Some wallets offer additional services. Wallet privacy is provided by the website operator. This "online" option is often preferred for the first acquaintance with bitcoin system because of the ease of use, and for short-term storage of small BTC amounts, such as day-to-day spending. Website wallets are not recommended for storing large amounts of bitcoin because security cannot be absolutely guaranteed online.
Any valid bitcoin address keys may be printed on paper and used to store bitcoins offline. Compared with "hot wallets"—those that are connected to the Internet—these non-digital offline paper wallets are considered a "cold storage" mechanism better suited for safekeeping bitcoins. It is safe to use only if you have printed the paper yourself. Every such "cold storage" paper obtained from a second party as a present, gift, or payment should be immediately transferred to the safer wallet because the private key could have been copied and preserved by a grantor.
Various vendors offer banknotes, coins, cards, and other physical objects denominated in bitcoins. Bitcoin balance is bound to the private key printed on the banknote or embedded within the coin. Some of these instruments employ a tamper-evident seal that hides the private key. It is generally an insecure "cold storage" because one can't be sure that the producer of a banknote or a coin had destroyed the private key after the end of a printing process and doesn't preserve it. Tamper-evident seal in this case doesn't provide the needed level of security because the private key could be copied before the seal was applied on a coin. Some vendors will allow the user to verify the balance of a physical coin on their website, but that requires trusting that the vendor did not store the private key, which would allow them to transfer the balance at a future date.
To ensure safety of bitcoin wallet, the following measures are recommended:
- Wallet backup with printing or storing on flash drive in text editor without connection to Internet
- Encryption of the wallet with the installation of a strong password
- Prudence when choosing a quality service
The bitcoin specification starts with the concept of a timestamp server. To avoid the need for a trusted third party verifying and timestamping bitcoin transactions, bitcoin timestamping server is distributed. It is based on a proof-of-work scheme using the SHA256 hash function. New transactions are verified and collected to a new block and a significant work has to be performed to find the timestamp acceptable for the network (the setup is adjusted so that the whole network needs approximately 10 minutes to find the requisite timestamp). Using the hash function, all blocks are chained together. A potential attacker wanting to change the transaction history would not just need to replace the historical block of interest, but would also need to replace all the subsequent blocks to obtain a longer (in terms of work) chain and outperform all the remaining network nodes continually adding new transaction blocks to the honest chain.
To form a distributed timestamp server as a peer-to-peer network, bitcoin uses a proof-of-work system similar to Adam Back's Hashcash and the internet rather than newspaper or Usenet posts. The work in this system is what is often referred to as bitcoin mining.
The mining process involves scanning for a value that when hashed twice with SHA-256, begins with a number of zero bits. While the average work required increases exponentially with the number of leading zero bits required, a hash can always be verified by executing a single round of double SHA-256.
For the bitcoin timestamp network, a valid "proof-of-work" is found by incrementing a nonce until a value is found that gives the block's hash the required number of leading zero bits. Once the hashing has produced a valid result, the block cannot be changed without redoing the work. As later records or "blocks" are chained after it, the work to change the block would include redoing the work for each subsequent block.
Majority consensus in bitcoin is represented by the longest chain, which required the greatest amount of effort to produce it. If a majority of computing power is controlled by honest nodes, the honest chain will grow fastest and outpace any competing chains. To modify a past block, an attacker would have to redo the proof-of-work of that block and all blocks after it and then surpass the work of the honest nodes. The probability of a slower attacker catching up diminishes exponentially as subsequent blocks are added.
To compensate for increasing hardware speed and varying interest in running nodes over time, the difficulty of finding a valid hash is adjusted roughly every two weeks. If blocks were generated too quickly, the difficulty increases and more hashes are required to find a block and to generate new bitcoins.
Bitcoin mining is a competitive endeavor. An "arms race" has been observed through the various hashing technologies that have been used to mine bitcoins: basic CPUs, high-end GPUs (graphics processing units) common in many gaming computers, FPGAs (field-programmable gate arrays) and ASICs (application-specific integrated circuits) all have been used with the latter reducing profitability of each former technology. The newest addition, ASICs, are built into devices that are specialized for bitcoin mining. As bitcoins become more difficult to mine, computer hardware manufacturing companies have seen an increase in sales of high-end products.
Computing power is often bundled together or "pooled" into a central server to reduce variance in miner income. Individual mining rigs often have to wait relatively long periods of time to confirm a block of transactions and receive payment. When miners cooperate in a pool, all participating miners receive a number of the bitcoins every time a participating server solves a block. This payment is proportional to the amount of work an individual miner contributed to help find that block.
Cloud mining is where the mining equipment is hosted in a remote data center. The mining power is sold to the user for a certain period of time in a contract or traded on an exchange. Cloud Mining providers generally use "pooled" mining to have more frequent payouts for customers.
A rough overview of the process to mine bitcoins is:
- New transactions are broadcast to all nodes.
- Each miner node collects new transactions into a block.
- Each miner node works on finding a difficult proof-of-work for its block.
- When a node finds a proof-of-work, it broadcasts the block to all nodes.
- Nodes accept the block only if all transactions in it are valid and not already spent.
- Nodes express their acceptance of the block by working on creating the next block in the chain, using the hash of the accepted block as the previous hash.
Nodes are incentivized to work on extending the longest chain or risk their work being wasted. If two nodes broadcast different versions of the next block simultaneously, some nodes may receive one or the other first. In that case, they work on the first one they received, but save the other branch in case it becomes longer. The tie will be broken when the next proof-of-work is found and one branch becomes longer; the nodes that were working on the other branch will then switch to the longer one.
New transaction broadcasts do not necessarily need to reach all nodes. As long as they reach many nodes, however, transactions will get into a block before long. Block broadcasts are also tolerant of dropped messages. If a node does not receive a block, it will request it when it receives the next block and realizes it missed one.
By convention, the first transaction in a block is a special transaction that produces new bitcoins owned by the creator of the block. This adds an incentive for nodes to support the network, and provides a way to initially distribute coins into circulation, since there is no central authority to issue them.
The continual and steady addition of new coins is analogous to gold miners expending resources to add gold to circulation. In this case, it is computing power (CPU time) and electricity that is expended.
The incentive can also be funded with transaction fees. If the output value of a transaction is less than its input value, the difference is a transaction fee that is added to the incentive value of the block containing the transaction. Once a predetermined number of coins have entered circulation, the incentive can transition entirely to transaction fees and be completely inflation free.
Mining vs Attacking
The incentive may help encourage nodes to stay honest. If a greedy attacker is able to assemble more CPU power than all the honest nodes, he would have to choose between using it to defraud people by stealing back his payments, or using it to generate new coins. He ought to find it more profitable to play by the rules, such rules that favor him with more new coins than everyone else combined, than to undermine the system and the validity of his own wealth.
Local system resources
Once the latest transaction of a coin is buried under enough blocks, fully spent transactions which preceded it can be discarded in order to save disk space. To facilitate this without breaking the block's hash, transactions are hashed in a Merkle tree, with only the root included in the block's hash. Old blocks can then be compacted by stubbing off branches of the tree. The interior hashes need not be stored.
A block header with no transactions would be about 80 bytes. Supposing that blocks are generated every 10 minutes, 80 bytes × 6 × 24 × 365 = 4.2 MB per year. With computer systems typically selling with 6 GB of RAM as of 2013, and Moore's law predicting current growth of 1.2 GB per year, storage should not be a problem even if the block headers need to be kept in memory.
While these calculations are accurate for archived transactions, the load on recent and 'active' blocks is significant. The bitcoin network is currently restricted to a rate of 7 transactions per second, an artificial limit in place to prevent the network from rapid unsustainable expansion. In comparison, the VISA network handles an average 2,000 transactions per second, with daily bursts of over 4,000 transactions and up to 10,000 during seasonal peaks. If the bitcoin network transaction cap was removed, and the network load was similar to that of VISA's (2000 TPS), each client would require a constant download and upload rate of upwards of 1 megabyte per second, and each 10 minute block would be over 500MB.
Upon receiving a new transaction a node must validate it: in particular, verify that none of the transaction's inputs have been previously spent. To carry out that check the node needs to access the blockchain. Any user, who doesn't want to trust his network neighbors, should keep a full local copy of the blockchain, because he can't know in advance, which inputs ought to be verified.
But, as noted in Nakamoto's whitepaper, it is possible to verify bitcoin payments without running a full network node (simplified payment verification, SPV). A user only needs to keep a copy of the block headers of the longest proof-of-work chain, which are available by querying network nodes until it's apparent that the longest chain has been obtained. Then, get the Merkle branch linking the transaction to the block it is timestamped in. One can not check the transaction for oneself, but by linking it to a place in the chain, one can see that a network node has accepted it, and blocks added after it further confirm the network has accepted it.
As such, the verification is reliable as long as honest nodes control the network, but is vulnerable if the network is overpowered by an attacker. While network nodes can verify transactions for themselves, the simplified method can be fooled by an attacker's fabricated transactions for as long as the attacker can continue to overpower the network. To protect against this, alerts from network nodes detecting an invalid block prompt the user's software to download the full block and verify alerted transactions to confirm their inconsistency. Businesses that receive frequent payments will probably still want to run their own nodes for more independent security and quicker verification.
- Nakamoto, Satoshi (24 May 2009). "Bitcoin: A Peer-to-Peer Electronic Cash System" (PDF). Retrieved 20 December 2012.
- Barber, Simon; Boyen, Xavier; Shi, Elaine and Uzun, Ersin (2012). "Bitter to Better — how to make Bitcoin a better currency" (PDF). Financial Cryptography and Data Security (Springer Publishing). Cite error: Invalid
<ref>tag; name "UCPaper" defined multiple times with different content (see the help page).
- Bitcoin Wiki - Transaction
- Dean, Andrew (14 August 2014). "Online Gambling Meets Bitcoin". Retrieved 21 August 2014.
- "Block Chain Overview". https://bitcoin.org/. © Bitcoin Project 2009-2014 Released under the MIT license. 2009–2014. Retrieved 14 August 2014.
- Bitcoin Wiki - Confirmation
- Bitcoin Wiki - Address
- "Bitcoin Developer Guide". Bitcoin. Retrieved 21 August 2014.
- "Private key". Retrieved 17 November 2015.
- "Bitcoin wallet". Retrieved 17 November 2015.
- Grilled cheese meets Bitcoin: Why this food truck is embracing digital currency, GeekWire
- "Bitcoin Wallet Hardware - Butterfly Labs". Retrieved 24 February 2015.
- Trezor Bitcoin Hardware Wallet On Pace for October Deliveries, The Genesis Block
- Bitcoin Wiki - Wallet
- Staff, Verge (13 December 2013). "Casascius, maker of shiny physical bitcoins, shut down by Treasury Department". The Verge. Retrieved 10 January 2014.
- Daniel Cawrey (@danielcawrey) (20 December 2013). "Canadian Man Builds World's First Wooden Bitcoin Wallet". Coindesk.com. Retrieved 10 January 2014.
- Bitcoin Wiki - Securing your wallet
- Tindell, Ken (5 April 2013). "Geeks Love The Bitcoin Phenomenon Like They Loved The Internet In 1995". Business Insider.
- "Bitcoin boom benefiting TSMC: report". Taipei Times. 4 January 2014.
- Biggs, John (8 April 2013). "How To Mine Bitcoins". Techcrunch.
- "How Does Cloud Mining Bitcoin Work?". coindesk.