Bitcoin
What is Bitcoin?
- Decentralized currency without a central bank or single administrator
- Bitcoin itself is like a communal ledger that keeps track of transactions
- Each user keeps his own copy and updates it as it changes
- To start off, consider a physical ledger
| LEDGER |
|---|
| A pays B $10 |
| B pays C $10 |
| C pays A $10 |
- Transactions are listed in the ledger
- Anyone can add a line
- At the end of each month, move money accordingly
Issues:
- How can we know each transaction listed is genuine?
- How can we know that each person will follow through?
| LEDGER |
|---|
| A receives $10 |
| B receives $10 |
| C receives $10 |
| A pays B $10 -A |
| B pays C $10 -B |
| C pays A $10 -C |
| A pays C $10 -A |
| A̶ ̶p̶a̶y̶s̶ ̶B̶ ̶$̶1̶0̶ ̶-̶A̶ |
- Start each month with each member putting in $10 and writing that they receive $10
- Sign each transaction to verify
- Only allow transactions using money they have in the system
Cryptographic Signatures
- Let each person have a public key and a private (secret) key, each of which is a series of bits.
- Then add a signing function and verification function
- Sign(Message, sk) = Signature
- Verify(Message, Signature, pk) = True
- Ideally, there is no feasible way to obtain the message or secret key from the signature
- Creating a fake message is very difficult, but verifying is simple
| A | B | C | |
|---|---|---|---|
| Public Key | 01011001... | 01001101... | 00111011... |
| Secret Key | 11000100... | 11001110... | 10110001... |
| LEDGER |
|---|
| 0 A pays B 10 BTC -01011001... |
| 1 B pays C 10 BTC -00110011... |
| 2 C pays A 10 BTC -11000101... |
| 3 A pays C 10 BTC -10101000... |
- Each transaction has its own ID and is signed through the cryptographic signature
- At this point, there is no real need to convert back to physical money
- Real-world currency can be exchanged for adding and signing a transaction
- Bitcoin IS the ledger
Decentralization
- Everyone keeps his own copy of the ledger
- When someone adds a transaction, he broadcasts it and others record it on their own copies
- By itself this system leads to some major flaws
- Without a central authority, how can we guarantee everyone's copy is the same?
- Bitcoin solves this issue by trusting the version with the most computational work put in.
Hash Functions
- A hash function, such as SHA-256, takes in a message and outputs a "hash," which is designed to look random
- Always gives the same output for a given input
- Changing the input slightly alters the output drastically
SHA-256("Hello World") =
A591A6D40BF420404A011733CFB7B190D62C65BF0BCDA32B57B277D9AD9F146E
SHA-256("Hello World!") =
7F83B1657FF1FC53B92DC18148A1D65DFC2D4B1FA3D677284ADDD200126D9069
The Blockchain
- Separate the list of transactions into blocks
- Each block must end with a special number that makes the hash of the block fit some certain criteria
- For Bitcoin, the hash must start with some number of consecutive zeros
- This special number is the "proof of work" for the block, which verifies that it is genuine
- The probability of finding a number that gives a hash with n leading zeros is
- Each block also starts with the hash of the previous block, forming a chain
\frac{2^{256-n}}{2^{256}}=2^{-n}
| Prev Hash |
|---|
| Transactions |
| Proof of work |
| Prev Hash |
|---|
| Transactions |
| Proof of work |
| Prev Hash |
|---|
| Transactions |
| Proof of work |
This structure makes it so that the blocks cannot be rearranged or tampered with without recalculating multiple proofs of work, which would require an infeasible amount of computing power
Block Rewards
- Calculating proofs of work takes time and computational resources, so there should be a way to make it worth it to calculate them.
- Bitcoin does this by including a line at the top of each block that grants the block creator some amount of Bitcoin as a reward for the calculation.
- This introduces more currency into the system in return for work, which is why creating blocks is commonly referred to as "mining" Bitcoin.
- Each block then becomes a lottery, with the first person to complete a proof of work earning the reward
Faking a transaction?
- To make a fake transaction, one would first need to complete the block in which it is listed before anyone else does.
- Although this is unlikely, this step is possible.
- Afterward, however, since the system trusts the chain with the most valid blocks, the faker would need to keep making more blocks before anyone else does.
- This would require that the faker be in control of over 50% of the total computational resources of all block creators.
| fake |
| fake |
Bitcoin-specific Policies
Proof of Work
- Bitcoin sets its requirement for its proof of work to take on average 10 minutes to create a block
- The challenge gets harder as more miners are added
Block rewards
- Bitcoin block rewards halve every 210,000 blocks
- Rewards started at 50BTC, now at 12.5 BTC
- Total amount in circulation will never surpass 21 million
\text{Total Amount }=210000(50)+210000(25)+210000(12.5)+...\\
=210000\sum_{n=0}^\infty 50*2^{-n}\\
=210000(\frac{50}{.5}) = 21000000
Transaction Fees
- As block rewards decrease, more people start including transaction fees.
- Transaction fees are a voluntary donation to the block creator from people putting in transactions.
- Transaction fees incentivize block creators to include the transaction in the block, since each block is limited in size and can only contain 2400 transactions
History of Bitcoin
- Bitcoin paper authored in 2008 under pseudonym Satoshi Nakamoto
- Network created in 2009
- First commercial transaction in 2010, bought 2 Papa John's pizzas for 10,000 BTC
- First major users were black markets, such as Silk Road transacting 9.9 million Bitcoins in 30 months from 2011
Bitcoin Price (source: coindesk.com)
Splits
- Blockchain split temporarily in March 2013, with two independent blockchains operating for 6 hours
- 2017 saw hard forks Bitcoin Cash and Bitcoin Gold, with identical blockchains at the time of the split but different block size limits or proof-of-work algorithms
Centralization
- Bitcoin miners often join pools to minimize variance of payoffs
- In 2014, mining pool Ghash.io obtained 51% hashing power, threatening the safety of the network
- The pool voluntarily capped its hashing power to 39.99% to maintain decentralization
Any Questions?
Bitcoin
By ahfeng
