A Technical Explanation of Bitcoin for Everyone

Cryptographic Hash Functions

Cryptography is a way of keeping a piece of information secure by turning it into an unreadable text that can’t be deciphered without the right tools. Cryptography plays two different, critical roles in Bitcoin (hence the name “cryptocurrency”). The first one is cryptographic hash functions.

A hash function is a set of rules that turns a piece of information of any size into a piece of data of uniform size, known as the “hash.”

110010000011011010010101110011111001110000101100100101101100110110011110001111001110100101001101011001010110100111101110011101011111001010100101000001011100100011001101100010101100111000110110101001000100111101010101000101001011110100111101010100001001010

It takes a computer an instant to turn “Billy” into this string of 256 1s and 0s and "Billy" will always produce that same string (that’s Property 1). But it’s impossible for that same computer to take this string of 256 1s and 0s and come up with “Billy” (Property 2).

And because of the way SHA-256 is designed (like our imagined “super-complex Scrabble board”), it’s also practically impossible that another piece of data would hash to the same string of 1s and 0s as “Billy” (Property 3).

Digital Cash and The Bitcoin Network

Good question. Bitcoin uses cryptographic hash functions to create a new kind of “digital cash.” To understand how, we’ll need to take a brief detour.

What’s digital cash? Digital cash is an electronic medium of exchange with many of the same properties as ordinary paper cash — easy to transfer without a third party, hard to counterfeit, and anonymous.  Credit and debit cards, as well as services like PayPal and Venmo, seem to be a kind of digital cash, but behind those services are third parties: banks, credit card companies, and other financial institutions. At the end of the day the “electronic” money in your checking account is represented by dollars (somewhere) and managed by one or more of those institutions that we must put our trust in.

Paper cash, on the other hand, is anonymous and readily transferable from person to person. It requires no third-party to get involved in the transactions, its value is well-known and agreed-upon by everyone. But there’s one big problem with digital cash.

With paper cash, I can only spend each dollar once. If I take it out of my wallet and give it to you, it’s your dollar. I can’t spend it anymore, and you can do what you want with it. The serial number is a unique identifier of that single bill, and these days, it’s nearly impossible to create a counterfeit bill that looks the same.

But digital cash should be quite easy to counterfeit. Since a “digital bill” would be made up of a series of 1s and 0s (like everything on a computer), I could just duplicate that series of 1s and 0s and counterfeit my money. If everyone could just make copies of whatever digital “bills" were in their digital “wallets”, the currency would quickly become useless.

The only way to solve this problem seems to be with some kind of ledger: a record book that keeps track of how much digital cash everyone has, and records every transaction. But if this record book is maintained by some trusted third party, then we’re back to square one. A decentralized way to keep track of transactions is the hard part of creating a digital cash.

Bitcoin is a kind of digital cash that uses cryptographic hash functions, instead of a third party, to keep track of transactions.

It’s important to know that Bitcoin, with a capital “B,” refers to the technology as a whole; think of the US financial system. With a lowercase “b,” bitcoin refers to units of the digital cash system; think of the US dollar bill.

In Bitcoin (with a capital B), transactions of bitcoin (with a lowercase b) are hashed through SHA-256. We already learned how any piece of information can be hashed through SHA-256, and a transaction is nothing more than a piece of information represented by a series of 1s and 0s.

These hash outputs are kept track of collectively by a peer-to-peer network, which is a decentralized web of computers that communicate with each other over the Internet without a central administrator. This kind of record-keeping is called a distributed ledger, and any member of the network who wants a copy of the ledger can have one. You can download the ledger today to your computer if you’d like, and it is permissionless, meaning anybody can join the network by downloading an app or computer software that gives you access to it, much like a web browser gives you access to the world wide web.

The ledger is maintained collectively, not by any one member. Unlike a centralized ledger, where only a trusted third party can add transactions to the ledger, a distributed ledger allows anyone to add transactions to the ledger if they follow a set of rules known as the Bitcoin protocol. Next, we'll follow a bitcoin transaction and see how it gets added to the Bitcoin ledger according to the Protocol.

Mining — How bitcoin transactions are validated and added to the ledger

This transaction sits in a group with other pending transactions, known as the memory pool, or mempool. The mempool is a group of transactions that are recognized by all users, but not yet validated. Think of this as if your waiter has taken your order at a restaurant, but the cook has not yet prepared it.

Any user can try to validate several of these transactions from the mempool by grouping them together in “blocks.” Users who validate transactions are known as "miners". According to the protocol rules, in order to validate a block of pending transactions, the miner checks her copy of the ledger — which includes all previous bitcoin transactions — to ensure that I actually have enough bitcoin to send to Daniel. She does the same with any other pending transactions she groups into the block (here, she also checks for Linda and Mike).

In order to be added to the ledger, this block of transactions will ultimately be hashed through SHA-256. That means that the 1s and 0s making up the ‘data’ of these three transaction are hashed through the SHA-256 hash function, producing a unique 256-digit number (or 64 Digits in hexidecimal).

There’s something else also included in the input, along with transaction block:

the hash of the previous block.

By including the hash of the previous block in each new block, it creates a chain of blocks — or a blockchain — with each block including the entire history of all previous transactions.

This is possible because SHA-256 has a nearly infinite set of possible hashes and so each new set of transactions and the hash of the previous block can have its own hash. Because the hash of every block is computed using the hash of the block before it, every block is related to its preceding block and all of the blocks before it, including their transactions. A small change to any block (such as adding a fraudulent transaction) would completely change the hash of every subsequent block, and miners would notice the hashes no longer correspond and immediately reject that “fake” block with the fraudulent transaction from the network.

This is essential as transactions can only be added to the blockchain in new blocks, but you can never go back and modify, add, or remove transactions in old blocks. As a result, in order to ensure that the blockchain is valid, miners need not examine every prior block, but only the hash of the most recent block (prior to the block they are currently validating). This is important because once a transaction is added to the blockchain, it is considered part of the network by the miners and is publicly visible to anybody on the network.

But how do we decide who gets to add these transaction blocks to the ledger?

According to Bitcoin protocol, only blocks whose hashes start with a certain number of 0s can actually be added to the ledger. Why? The idea is to create a competition among miners to determine who adds the next block of transactions.

Remember, SHA-256 hash outputs are unpredictable. Changing a single character of the input data will dramatically change the output hash. That means that in order to make the hash output of a transaction block start with a certain number of 0s, miners have to add an arbitrary number to the block, known as a nonce, and see what the resulting hash is. Since every SHA-256 output is unpredictable a miner finding a block with a certain number of 0s is a brute force task, arbitrarily testing different nonces as fast as possible. A piece of data tells you nothing about what it’s SHA-256 hash output will be — you just have to guess.

In this hypothetical, let’s say that a block’s hash must start with sixteen 0s (in hexidecimal, every one 0 is equal to four 0s in binary) to be considered valid. We only care about the number of leading 0s; the remaining sequence of 1s and 0s doesn’t matter. Because the hash did not start with sixteen 0s (four in hex), she has to try again.

Guessing nonces to find the right hash is like a game in which you and your friend Sarah are racing to flip quarters. The first person who flips four Heads in a row, wins. There’s a 50% chance of flipping Heads and a 50% chance of flipping Tails.

You and Sarah racing to flip Heads is not much different than two computers competing to mine bitcoin.

We know that a hash of a block is a series of 256 1s and 0s. Think of it as a series of quarters, with 1s represented by Tails and 0s represented by Heads. If miners had to find a hash that started with one 0 (one Head), they would do it, on average, 50% of the time: half of all hashes start with 0, and the other half of all hashes start with 1. If we double the number of 0s we’re looking for to start a hash to two 0s in a row (two Heads), then the miners would find such a hash 25% of the time — because one fourth of all hashes start with two 0s. Just like with the coin flipping game, the more consecutive 0s you require, the more guesses it will take.

As of April 2018, Bitcoin requires that transaction blocks can only be added to the ledger when the hash of the block starts with 73 0s. This means that on average, miners would have to go through about 1.9 x 1022 hashes before finding a winning hash. That’s 19 sextillion hashes, or a probability of 0.00000000000000000001%.

This doesn't mean that every miner goes through 19 sextillion hashes in ten minutes. In practice, all of the miners combined go through this many hashes on average, and only one miner wins!

At any one time, there are many miners trying to validate the next block, which includes my transaction. The point of this is to make adding transaction blocks to the ledger computationally difficult, meaning that no computer can guarantee that they’ll solve for the next block.

Remember that SHA-256 outputs are unpredictable, meaning that the hunt for a nonce that validates the block is nothing more than a lot of random guesses, and the “winner” is randomly chosen. The more computing power they have, the more quickly they can make guesses for the right nonce.

Lets' go back to the coin flip game. If Sarah can flip coins twice as fast as you, she is likely to win the game 66.66% of the time, while you’ll only win 33.33% of the time. Sarah's likelihood of flipping four Heads first is directly proportional to the rate at which she flips coins relative to you, but there is still no guarantee that she will do this first.

Similarly, the chances of any one miner hitting upon the right nonce is proportional to how much computing power they are using compared to other miners. But none of them can know when they will hit upon the right answer (or if they will at all).

This is crucial. If a miner could guarantee that they will validate a specific block, they could validate fraudulent transactions in which they are spending bitcoin that they don’t have.

This is the essence of the distributed ledger at the heart of Bitcoin. Instead of having a single entity (like a bank) validate and keep track of our transactions, we can have a huge number of people competing to validate each consecutive transaction. The validation process — the solving of the cryptographic hash function for a block — takes enough time and computing power such that no one entity can make sure they’ll get to validate the next transactions. This process is called a proof-of-work validation system, in reference to the “work” or computing power that is required to find a nonce that produces a winning hash.

If mining is hard to do, why would anyone bother? For every block of bitcoin transactions validated, the Bitcoin protocol allows the miner to add an additional, special transaction into the block being validated: a transaction giving herself bitcoin. This is known as the coinbase transaction.

These rewards for mining are the only way bitcoin is created. The Bitcoin protocol established a finite number of bitcoin that will ever be created: 21 million. Scarcity is a fundamental property of currencies; think of how there’s a limited supply of US dollars in circulation.

The miner can only collect the reward if their blocks ends up being accepted by the other miners. Just like any other transaction, the coinbase transaction will only be accepted when it is agreed upon by everybody, which will only happen if all of the other transactions in the block are valid and if a winning hash is found. Miners will continue to mine as long as the reward they receive is greater than the costs, like electricity and hardware, that it takes to mine.

The more miners that are trying to validate blocks and get their rewards, the more competition there is. The more competition, the more ‘random’ the validation process. Finally, the more ‘random’ the validation process, the more secure it is. Randomness is at the heart of what makes a trustless distributed ledger possible.

Bitcoin is a circular ecosystem, with each part feeding into the next. People can securely exchange bitcoin with each other only because the validating process is widely distributed; which is only possible because there are lots of miners doing the validating; which works only because they receive bitcoin rewards for doing it — which only has value to them because people are able to exchange bitcoin with each other in the first place! This beautifully simple balancing of interests, competition, and incentives is possibly the most ingenious concept behind Bitcoin.

Just like the Federal Reserve has policies for when to inject new money into the US economy, the Bitcoin protocol has certain rules about how bitcoin are added to the ecosystem and how difficult it is for miners to earn them. The bitcoin reward for successfully mining a block halves every 210,000 blocks, or about every four years, and in 2009 the reward started at 50 bitcoin. In 2012 it became 25; and in 2016 it became 12.5. This means that by 2140 all bitcoin will have been distributed.

The miner also collects transaction fees on top of the mining rewards, which you pay to incentivize a miner to include your transaction into a block; when all bitcoin are ultimately distributed through mining rewards, these transaction fees will ensure that miners are still incentivized to validate blocks. Fees are unrelated to the the amount of bitcoin in your transaction, but based on transaction file size and market supply and demand.

Difficulty is a commonly used term to define how “hard” it is to mine (defined by the number of leading 0s in a hash). The Bitcoin difficulty is adjusted every 2,016 blocks to ensure that one block is found every ten minutes, an arbitrary length of time that adds new bitcoin to the ecosystem at a predictable rate. It also minimizes the risk of two miners validating two different blocks at the same time.

Let’s go back to the coin flipping game one last time. Let’s say it takes ten minutes for either you or Sarah to flip four Heads in a row. Next, you and Sarah add two more friends to the game to make it more competitive. Assuming your new friends flip coins at the same rate as you and Sarah do, the four of you are now likely to flip four Heads in a row twice as fast (five minutes) because you have effectively doubled your coin-flipping rate. To keep the difficulty of the game at ten minutes, you could change the game rules to require flipping 5 Heads in a row to win.

In Bitcoin, as more miners join the network (more computing power), the more quickly a block is likely to be found. That means difficulty must increase (more leading 0s) in the next adjustment to ensure that a block is still found every ten minutes. On the other hand, if miners leave the network, the difficulty should decrease in the next adjustment to ensure that blocks are found every ten minutes. The first Bitcoin blocks ever mined, where there were many fewer miners, required only 32 leading 0s — orders of magnitude easier to find than 73 leading 0s.

That was a lot to take in. Let’s review the pieces of the puzzle so far:

Private Key / Public Key Cryptography

A Bitcoin address is derived from something called a public key, which is itself derived from a private key.

A private key is an arbitrary string of 256 1s and 0s that should be kept secret — it’s a kind of password to the ‘email address’ of the Bitcoin address. A private key can be any string of 256 1s and 0s, and choosing a private key is nothing more than picking a number between 1 and 2256 or writing out 256 1s and 0s. (If you write out a string of 256 1s and 0s by hand right now, it is very likely that no person or computer has ever written that same number before.)

A public key is another number which is derived from the private key using a complex irreversible multiplication, known as elliptic curve multiplication. The point of this math is to create a special kind of relationship between the public key and the private key.

For one, this relationship is one way: even if you know the public key, you can’t get the associated private key:

The relationship has another interesting property that makes bitcoin transactions possible. If I use a special algorithm, involving multiplication and hashing, known as Elliptic Curve Digital Signature Algorithm (ECDSA) to combine a bitcoin transaction with my private key, I’ll come up with another number known as a signature.

It turns out that anyone who has my public key and the public transaction can look at that signature and tell whether it was indeed my private key which created it — without ever knowing my private key. This is important because this allows signatures to be used to authenticate transactions. To understand the math behind how this is possible, read here.

Let’s see this in action. When I send one bitcoin to Daniel, I’m actually sending a package of three things:

Where do I send it? To Daniel’s Bitcoin address, which is derived from his public key. A Bitcoin address gives everyone on the network a pseudonymous identity. Remember, all transactions are visible by everyone on the network. We don’t know Daniel as “Daniel” — we just know his Bitcoin address, and if Daniel tells me what his address is, then I’ll know that that address is Daniel’s. When I send bitcoin to Daniel’s bitcoin address the network of miners has no idea that it is Daniel, nor do they care.

With my transaction message and public key, anyone can determine that my signature was indeed made with my private key. That means that even without knowing my private key, anyone can know that I’m the one who sent the transaction.

In practice, this validation is easily computed by miners. When a miner picks up my package from the mempool, she does a check that the components match.

If someone malicious tried to send a different transaction — say, one that gave two of my bitcoin to Daniel — with the same signature and public key, the whole thing would come out as invalid because my signature included the transaction of me paying only one bitcoin to Daniel:

Likewise, if I tried to pay Daniel with someone else’s bitcoin by using their public key, the whole thing would also be invalid because the signature involves my private key, and thus would not match someone else's public key. If you change one of the components of the signature, the signature changes — and the signature is what authorizes the transaction.

This is why it’s critical that you keep your private key private! In the first case, anyone who had my private key could create a signature combining my private key with a fraudulent transaction, paying extra bitcoin from my account, and the output would be seen as valid. In the second case, if I had Ben’s private key, I could create a signature combining his private key with a fraudulent transaction paying Daniel from his bitcoin. So, what is the best way to keep my private key private?

Wallets

There are a few ways of remembering private keys and keeping them private. In its most simple form, a wallet is a method of storing a private key. Some wallets are online, protecting a private key by password, and others are pieces of hardware, which would require a password and possession of the physical device to access the private key.

You could even just write your private key down on a piece of paper and never share it with anyone. Just be careful because if you lose or forget your private key there is no way to ever generate it again from the public key (remember it is a one way relationship) and you will never be able to gain access to the associated bitcoin again. They will be lost forever.

Typically, wallets also generate your private keys, public keys, and bitcoin addresses as well and allow you to interface with the Bitcoin network, so that you can send and receive bitcoin and view your bitcoin balance without ever having to write any code.

Like any kind of storage, there are trade-offs between security and accessibility. Online wallets that allow you to easily send and receive bitcoin, can be less secure; they can be accessed from anywhere, but the websites that host them might be vulnerable to outages, hacking, or someone gaining access to your password.

You may have heard of various exchanges being hacked and bitcoin stolen. It is important to know that the Bitcoin protocol worked exactly as it should. The hackers actually gained access to numerous private keys by hacking into the online wallet software, and could thus generate any valid signature and transactions sending bitcoin to their own addresses. What failed was the cybersecurity of the hosting sites, not anything about the Bitcoin network.

You might think of these online wallets like the physical wallet you carry on your person, in which you usually wouldn’t carry a ton of cash. A hardware wallet is a physical storage device. These can be less user-friendly for everyday access, but more secure, because it would be impossible for anyone who doesn’t have the physical hardware to gain access to the stored private key(s). That’s more like a safe where you might keep the real valuables.

There are resources online to figure out which wallet might be right for you.

It’s important to remember that bitcoin are not ‘stored’ in wallets in any way. Bitcoin are simply represented on the blockchain as transactions from one address to another address, and wallets are a way of showing your balance from the transactions to and from your address and of securing your private key, which gives you access to this blockchain.

The Bitcoin Protocol

You now understand how a bitcoin transaction goes from start to finish, but you may be wondering: who decides all of these rules in the Bitcoin protocol we have been discussing? And is it possible to make changes to the Bitcoin protocol?

The code for the Bitcoin protocol was initially written by the pseudonymous Satoshi Nakamoto and a small group of developers and is known as Bitcoin Core. But nobody owns the technology behind Bitcoin Core in the same way nobody owns the technology behind the internet. As you know, the network is distributed and thus, owned by everybody. There are numerous developers who work to improve Bitcoin Core software, but they cannot freely force changes to the protocol as network participants are free to use whatever software version that they choose. However, one person can not just change their software to give themselves an advantage because the new software would be incompatible with everybody else on the old software.

Sometimes a large group of miners or users may agree to update or change the software to enhance security or add additional features. Software changes can be suggested by anybody and these proposals are known as Bitcoin Improvement Proposals (BIPs). Making improvements to the Bitcoin protocol is possible in two ways, Soft Forks and Hard Forks.

A Soft Fork is a change to the Bitcoin protocol that could result in previously valid blocks and transactions being made invalid, but valid blocks under the new rules would also be valid under the old rules. You can think of a Soft Fork as a tightening of the rules.

Imagine a Soft Fork as a workplace dress code:

One example of this is to allow Bitcoin to have more transactions per block. According to Bitcoin Core, Bitcoin miners can add approximately 2,500 transactions per block, every 10 minutes. This limit is as a result of the 1 Megabyte per block file size. This turns out be quite limited and equates to approximately 4 transactions per second, whereas Visa can process over 2,000 transactions per second. As a result, BIP141: SegWit or Segregated Witness was proposed. SegWit separates transactions from the digital signature (also known as the witness). Under this new structure, digital signatures no longer count towards the 1 megabyte block size limit, allowing for more transactions per block and thus faster transaction speeds.

SegWit Blocks were always valid under the original Bitcoin rules, but after BIP141 was adopted by a majority of miners, SegWit blocks became a requirement to add valid blocks to the chain.

What about a Hard Fork? Let’s look at the same issue of the Bitcoin 1 megabyte blocksize limit as above but solved in a different way. BIP91 suggests an 8 megabyte block size, which would allow for tens of thousands more transactions per block. If BIP91 were approved, future blocks would become 8 megabytes and old 1 megabyte blocks would no longer be valid. However, the 8 megabyte blocks would not have been valid under the old rules because blocks were required to be 1 megabyte — creating an incompatibility between the two chains. When a change like BIP91 is implemented, a Hard Fork occurs. Blocks on the old chain are incompatible with the new chain and visa versa. Assuming miners support both the old and the new, you will be left with two blockchains and two cryptocurrencies.

BIP91 was implemented on August 1st, 2017 and Bitcoin Cash was created. Bitcoin Cash followed all of the rules of the Bitcoin protocol at the time of the Fork, except that it had the new larger 8 megabyte block size, creating a new currency. For every one bitcoin you had at the time of the fork, you would receive one “bitcoin cash.” At the time of the Fork, Bitcoin Cash had the same history as Bitcoin, but after the split, the two chains forged their own path.

Putting it all Together

Now that we understand all of the pieces of the puzzle, let’s take a giant step back and follow a bitcoin transaction once again — me sending 1 bitcoin to Daniel — from beginning to end.

That's It.

Congratulations! You’ve now come away with a better understanding of the technologies behind Bitcoin and blockchain, and are well positioned for future discussions and advancement of blockchain technology.

Questions, comments, just want to chat? I’d love to hear from you! billy@billybitco.in