Bitcoin network

Main article: Bitcoin

The bitcoin network is a peer-to-peer payment network that operates on a cryptographic protocol. Users send bitcoins, the units of currency, by broadcasting digitally signed messages to the network using bitcoin wallet[1] software. Transactions are recorded into a distributed public database known as the block chain, with consensus achieved by a proof-of-work system called "mining". The block chain is distributed internationally using peer-to-peer filesharing technology similar to BitTorrent. The protocol was designed in 2008 and released in 2009 as open source software by "Satoshi Nakamoto", the pseudonym of the original developer or group of developers.

The network timestamps transactions by including them in blocks that form an ongoing chain called the block chain. Such blocks cannot be changed without redoing the work that was required to create each block since the modified block. The longest chain serves not only as proof of the sequence of events but also records that this sequence of events was verified by a majority of the bitcoin network's computing power. As long as a majority of computing power is controlled by nodes that are not cooperating to attack the network, they will generate the longest chain of records and outpace attackers.

The network itself requires minimal structure to share transactions. Messages are broadcast on a best effort basis, and nodes can leave and rejoin the network at will. Upon reconnection, a node will download and verify new blocks from other nodes to complete its local copy of the block chain.[2][3]

Transactions

A transaction is a section of data confirmed by a signature. It is sent to the bitcoin network and forms blocks. It typically contains references to preceding transactions and associates a certain number of bitcoins with one or several public keys (bitcoin addresses). It is not encrypted because there is nothing to encrypt in the bitcoin system. A block chain browser is where all transactions are combined in the form of a block chain. They can be found and verified. This is necessary to determine technical transaction parameters as well as verify the details of payments.[4]

A bitcoin is defined by a sequence of digitally signed transactions that began with its creation as a block reward. The owner of a bitcoin transfers it to the next owner by digitally signing it over to the next owner in a bitcoin transaction, much like endorsing a traditional bank check. A payee can verify each previous transaction to verify the chain of ownership. Unlike traditional check endorsement, bitcoin transactions are irreversible, which eliminates risk of chargeback fraud.[5]

A bitcoin is a currency object an entity which is traded, though nothing prevents trades in fractions of, or multiple bitcoins. Bitcoins are intended to be fungible, though each has its own distinct history.

A diagram of a Bitcoin transfer

Although it would be possible to handle bitcoins individually, it would be unwieldy to make a separate transaction for every satoshi in a transfer. Transactions are therefore allowed to contain multiple inputs and outputs,[6] and in that way bitcoins can be split and combined. Common transactions will have either a single input from a larger previous transaction or multiple inputs combining smaller amounts, and one or two outputs: one for the payment, and one returning the change, if any, back to the sender. Any difference between the total input and output amounts of a transaction is offered to miners as a transaction fee.[2]

Transaction confirmation

Transaction confirmation is needed to prevent double spending of the same money.

Usually when new bitcoins are earned, the owner isn't free to utilize them immediately. As soon as a transaction is started it is sent to the bitcoin network for processing and it has to be included in a block before becoming legitimate. The process of implementing a transaction in a newly found block is called a transaction confirmation. Inclusion in one block = one confirmation and when there are six or more of such confirmations the transaction is considered confirmed. This feature was introduced to protect the system from repeated spending of the same bitcoins (double-spending). Inclusion of transaction in the block happens along with the process of mining.

The classic bitcoin client will show the transaction as "unconfirmed" until there are six confirmations (six found blocks). Sites or services that accept bitcoin as payment for their products or services can set their own limits on how many blocks are needed to be found to confirm a transaction. The number six was chosen deliberately: it is based on a theory that there's low probability of wrongdoers being able to amass more than 10% of entire network's hash rate for purposes of transaction falsification and an insignificant risk (lower than 0.1%) is acceptable. For offenders who don't possess significant computing power, 6 confirmations are an insurmountable obstacle. In their turn people who possess more than 10% of power aren't going to find it hard to get 6 confirmations in a row. However to obtain such a power would require millions of dollars' worth of investments which lowers the risk of an attack. Bitcoins that are distributed by the network for finding a block can only be used after 100 confirmations e.g. 100 discovered blocks. The classic bitcoin client won't display the coins earned for solving a block until there are 120 confirmations.[7]

Hashes and signatures

Two consecutive SHA-256 hashes are used for transaction verification. RIPEMD-160 is used after a SHA-256 hash for bitcoin digital signatures or "addresses". A bitcoin address is the hash of an ECDSA public-key, computed as follows:

Key hash = Version concatenated with RIPEMD-160 (SHA-256 (public key))
Checksum = 1st 4 bytes of SHA-256 (SHA-256 (Key hash))
Bitcoin address = Base58Encode (Key hash concatenated with Checksum)

Bitcoin addresses

A bitcoin transaction log showing addresses

Bitcoin address is an identifier (account number), starting with 1 or 3 and containing 27-34 alphanumeric Latin characters (except 0, O, I, l). Address can be also represented as the QR-code, is anonymous and does not contain information about the owner. It can be obtained for free, using, for example, bitcoin software.[8]

The ability to transact bitcoins without the assistance of a central registry is facilitated in part by the availability of a virtually unlimited supply of unique addresses which can be generated and disposed of at will. The balance of funds at a particular bitcoin address can be ascertained by looking up the transactions to and from that address in the block chain. All valid transfers of bitcoins from an address are digitally signed using the private keys associated with it.[9]

Private key

A private key in the context of bitcoin is a secret number that allows bitcoins to be spent. Every bitcoin address has a matching private key, which is usually saved in the wallet file of the person who owns the balance but can be also stored using other means and methods. The private key is mathematically related to the bitcoin address, and is designed so that the bitcoin address can be calculated from the private key but, importantly, the reverse cannot be done.[10]

Bitcoin wallets

Bitcoin users manage their bitcoin addresses by using a digital wallet. Wallets let users send bitcoins, request payment, calculate the total balance of addresses in use, generate new addresses as needed. Many wallets include precautions to keep the private keys secret, for example by encrypting the wallet data with a password or by requiring two-factor authenticated logins.

Bitcoin wallets provide the following functionality:[11]

Bitcoin wallets have been implemented as stand-alone software applications, web applications, and even printed documents or memorized passphrases.

Software wallets

Software that directly connects to the peer-to-peer bitcoin network includes bitcoind and Bitcoin-Qt, the bitcoind GUI counterpart available for Linux, Windows, and Mac OS X. Other less resource intensive bitcoin wallets have been developed, including mobile apps for iOS and Android devices that display and scan QR codes to simplify transactions between buyers and sellers.[12] Theoretically, the services typically provided by an application on a general purpose computer could be built into a stand-alone hardware device, and several projects aim to bring such a device to market.[13][14]

Website wallets

Many bitcoin websites provide addresses associated with an online account to hold bitcoin funds on the user's behalf, similar in ways to bank accounts. Other sites function primarily as real-time markets, facilitating the sale and purchase of bitcoins with other currencies such as US dollars or euros.[15] Users of this kind of wallet are not obliged to download all blocks of the Bitcoin block chain, and can manage one wallet with any device, regardless of location. Some wallets offer additional services. Wallet privacy is provided by the website operator. This "online" option is often preferred for the first acquaintance with bitcoin system and short-term storage of small BTC amounts.[16]

Example of a Bitcoin paper wallet with private key hidden beneath tamper-evident seals

Paper wallets

Any valid bitcoin address keys may be printed on paper and used to store bitcoins offline. Compared with "hot wallets"—those that are connected to the Internet—these non-digital offline paper wallets are considered a "cold storage" mechanism better suited for safekeeping bitcoins. It is safe to use only if you have printed the paper yourself. Every such "cold storage" paper obtained from a second party as a present, gift, or payment should be immediately transferred to the safer wallet because the private key could have been copied and preserved by a grantor.

Various vendors offer banknotes, coins, cards, and other physical objects denominated in bitcoins.[17][18] Bitcoin balance is bound to the private key printed on the banknote or embedded within the coin. Some of these instruments employ a tamper-evident seal that hides the private key. It is generally an insecure "cold storage" because one can't be sure that the producer of a banknote or a coin had destroyed the private key after the end of a printing process and doesn't preserve it. Tamper-evident seal in this case doesn't provide the needed level of security because the private key could be copied before the seal was applied on a coin. Some vendors will allow the user to verify the balance of a physical coin on their website, but that requires trusting that the vendor did not store the private key, which would allow them to transfer the balance at a future date.

To ensure safety of bitcoin wallet, the following measures are recommended:[19]

Timestamps

The bitcoin specification starts with the concept of a distributed timestamp server. A timestamp server works by taking a SHA256 hash function of some data and widely publishing the hash, for instance, in a newspaper or Usenet post. The timestamp proves that the data must have existed at the time, in order to produce the hash. For bitcoin, each timestamp includes the previous timestamp hash as input for its own hash. This dependency of one hash on another is what forms a chain, with each additional timestamp providing evidence that each of the previous timestamp hashes existed.

Bitcoin mining

To form a distributed timestamp server as a peer-to-peer network, bitcoin uses a proof-of-work system similar to Adam Back's Hashcash and the internet rather than newspaper or Usenet posts.[3] The work in this system is what is often referred to as bitcoin mining.

The mining process involves scanning for a value that when hashed twice with SHA-256, begins with a number of zero bits. While the average work required increases exponentially with the number of leading zero bits required, a hash can always be verified by executing a single round of double SHA-256.

For the bitcoin timestamp network, a valid "proof-of-work" is found by incrementing a nonce until a value is found that gives the block's hash the required number of leading zero bits. Once the hashing has produced a valid result, the block cannot be changed without redoing the work. As later records or "blocks" are chained after it, the work to change the block would include redoing the work for each subsequent block.

The best chain (black) consists of the longest series of transaction records from the genesis block (green) to the current block or record. Orphaned records (purple) exist outside of the best chain.

Majority consensus in bitcoin is represented by the longest chain, which required the greatest amount of effort to produce it. If a majority of computing power is controlled by honest nodes, the honest chain will grow fastest and outpace any competing chains. To modify a past block, an attacker would have to redo the proof-of-work of that block and all blocks after it and then surpass the work of the honest nodes. The probability of a slower attacker catching up diminishes exponentially as subsequent blocks are added.[3]

To compensate for increasing hardware speed and varying interest in running nodes over time, the difficulty of finding a valid hash is adjusted roughly every two weeks. If blocks were generated too quickly, the difficulty increases and more hashes are required to find a block and to generate new bitcoins.[3]

Bitcoin mining is a competitive endeavor. An "arms race" has been observed through the various hashing technologies that have been used to mine bitcoins: basic CPUs, high-end GPUs (graphics processing units) common in many gaming computers, FPGAs (field-programmable gate arrays) and ASICs (application-specific integrated circuits) all have been used with the latter reducing profitability of each former technology. The newest addition, ASICs, are built into devices that are specialized for bitcoin mining.[20] As bitcoins become more difficult to mine, computer hardware manufacturing companies have seen an increase in sales of high-end products.[21]

Computing power is often bundled together or "pooled" into a central server to reduce variance in miner income. Individual mining rigs often have to wait relatively long periods of time to confirm a block of transactions and receive payment. When miners cooperate in a pool, all participating miners receive a number of the bitcoins every time a participating server solves a block. This payment is proportional to the amount of work an individual miner contributed to help find that block.[22]

Cloud mining is where the mining equipment is hosted in a remote data center. The mining power is sold to the user for a certain period of time in a contract or traded on an exchange. Cloud Mining providers generally use "pooled" mining to have more frequent payouts for customers. [23]

GPU-based mining rig 
Lancelot FPGA-based mining board 
Avalon ASIC-based mining machine 
ASICMINER ASIC-based USB mining device 
Several ASICMINER ASIC-based USB mining devices 
Butterfly Labs ASIC-based mining machine 

Process

A rough overview of the process to mine bitcoins is:[3]

  1. New transactions are broadcast to all nodes.
  2. Each miner node collects new transactions into a block.
  3. Each miner node works on finding a difficult proof-of-work for its block.
  4. When a node finds a proof-of-work, it broadcasts the block to all nodes.
  5. Nodes accept the block only if all transactions in it are valid and not already spent.
  6. Nodes express their acceptance of the block by working on creating the next block in the chain, using the hash of the accepted block as the previous hash.

Nodes are incentivized to work on extending the longest chain or risk their work being wasted. If two nodes broadcast different versions of the next block simultaneously, some nodes may receive one or the other first. In that case, they work on the first one they received, but save the other branch in case it becomes longer. The tie will be broken when the next proof-of-work is found and one branch becomes longer; the nodes that were working on the other branch will then switch to the longer one.

New transaction broadcasts do not necessarily need to reach all nodes. As long as they reach many nodes, however, transactions will get into a block before long. Block broadcasts are also tolerant of dropped messages. If a node does not receive a block, it will request it when it receives the next block and realizes it missed one.

Mined bitcoins

By convention, the first transaction in a block is a special transaction that produces new bitcoins owned by the creator of the block. This adds an incentive for nodes to support the network,[3] and provides a way to initially distribute coins into circulation, since there is no central authority to issue them.

The continual and steady addition of new coins is analogous to gold miners expending resources to add gold to circulation.[3] In this case, it is computing power and electricity that is expended.

The incentive can also be funded with transaction fees. If the output value of a transaction is less than its input value, the difference is a transaction fee that is added to the incentive value of the block containing the transaction.

Local system resources

Once the latest transaction of a coin is buried under enough blocks, fully spent transactions which preceded it can be discarded in order to save disk space. To facilitate this without breaking the block's hash, transactions are hashed in a Merkle tree, with only the root included in the block's hash. Old blocks can then be compacted by stubbing off branches of the tree. The interior hashes need not be stored.[2]

A block header with no transactions would be about 80 bytes. Supposing that blocks are generated every 10 minutes, 80 bytes × 6 × 24 × 365 = 4.2 MB per year. With computer systems typically selling with 6 GB of RAM as of 2013, and Moore's law predicting current growth of 1.2 GB per year, storage should not be a problem even if the block headers need to be kept in memory.[2]

While these calculations are accurate for archived transactions, the load on recent and 'active' blocks is significant. The bitcoin network is currently restricted to a rate of 7 transactions per second, an artificial limit in place to prevent the network from rapid unsustainable expansion. In comparison, the VISA network handles an average 2,000 transactions per second, with daily bursts of over 4,000 transactions and up to 10,000 during seasonal peaks. If the bitcoin network transaction cap was removed, and the network load was similar to that of VISA's (2000 TPS), each client would require a constant download and upload rate of upwards of 1 megabyte per second, and each 10 minute block would be over 500MB.

Payment verification

Upon receiving a new transaction a node must validate it: in particular, check if all transaction's inputs have not been spent yet. To carry out that check the node needs to access the blockchain. Any user, who don't want to trust his network neighbors, should keep a full local copy of the blockchain, because he can't know in advance, which inputs ought to be verified.

Diagram showing how Bitcoin transactions can be verified

But, as noticed in Nakamoto's whitepaper, it is possible to verify bitcoin payments without running a full network node (simplified payment verification, SPV). A user only needs to keep a copy of the block headers of the longest proof-of-work chain, which are available by querying network nodes until it's apparent that the longest chain has been obtained. Then, get the Merkle branch linking the transaction to the block it is timestamped in. One can not check the transaction for oneself, but by linking it to a place in the chain, one can see that a network node has accepted it, and blocks added after it further confirm the network has accepted it.[2]

As such, the verification is reliable as long as honest nodes control the network, but is more vulnerable if the network is overpowered by an attacker. While network nodes can verify transactions for themselves, the simplified method can be fooled by an attacker's fabricated transactions for as long as the attacker can continue to overpower the network. To protect against this, alerts from network nodes detecting an invalid block prompt the user's software to download the full block and verify alerted transactions to confirm their inconsistency. Businesses that receive frequent payments will probably still want to run their own nodes for more independent security and quicker verification.[2]

References

  1. Carter, Donald. "Bitcoins Wallet". Blogging. Buybitcoinspaypal.com. Retrieved 27 May 2014.
  2. 2.0 2.1 2.2 2.3 2.4 2.5 Nakamoto, Satoshi (24 May 2009). "Bitcoin: A Peer-to-Peer Electronic Cash System" (PDF). Retrieved 20 December 2012.
  3. 3.0 3.1 3.2 3.3 3.4 3.5 3.6 Barber, Simon; Boyen, Xavier; Shi, Elaine and Uzun, Ersin (2012). "Bitter to Better — how to make Bitcoin a better currency" (PDF). Financial Cryptography and Data Security (Springer Publishing).
  4. Bitcointransaction, Bitcoinwiki
  5. Dean, Andrew (14 August 2014). "Online Gambling Meets Bitcoin". Retrieved 21 August 2014.
  6. "Block Chain Overview". https://bitcoin.org/''. © Bitcoin Project 2009-2014 Released under the MIT license. 2009–2014. Retrieved 14 August 2014.
  7. Transaction confirmation, Bitcoinwiki
  8. Bitcoin address, Bitcoinwiki
  9. "Bitcoin Developer Guide". Bitcoin. Retrieved 21 August 2014.
  10. "Private key". Retrieved 24 February 2015.
  11. "Bitcoin wallet". Retrieved 24 February 2015.
  12. Grilled cheese meets Bitcoin: Why this food truck is embracing digital currency, GeekWire
  13. "Bitcoin Wallet Hardware - Butterfly Labs". Retrieved 24 February 2015.
  14. Trezor Bitcoin Hardware Wallet On Pace for October Deliveries, The Genesis Block
  15. Web wallets, weusecoins.com
  16. Bitcoin wallet, Bitcoinwiki.org
  17. Staff, Verge (13 December 2013). "Casascius, maker of shiny physical bitcoins, shut down by Treasury Department". The Verge. Retrieved 10 January 2014.
  18. Daniel Cawrey (@danielcawrey) (20 December 2013). "Canadian Man Builds World's First Wooden Bitcoin Wallet". Coindesk.com. Retrieved 10 January 2014.
  19. Security of Bitcoin wallet, bitcoinwiki.org
  20. Tindell, Ken (5 April 2013). "Geeks Love The Bitcoin Phenomenon Like They Loved The Internet In 1995". Business Insider.
  21. "Bitcoin boom benefiting TSMC: report". Taipei Times. 4 January 2014.
  22. Biggs, John (8 April 2013). "How To Mine Bitcoins". Techcrunch.
  23. "How Does Cloud Mining Bitcoin Work?". coindesk.

External links