If you come from a non-tech background and you are reading the bitcoin whitepaper for the first time, I think you would agree with me that it is all mumbo jumbo filled with technical jargon. Just a minute later, you would probably be 80% lost and confused on page 2.
I have been through that and I understand the struggles.
Hence, this article is written to explain in simple terms what bitcoin is and how it works. Since I am a non-tech person, it might not be entirely accurate and complete. But I will try my best to explain it based on my own understanding. The format of this article will follow that of the original whitepaper. To make the best use of your reading experience, it is best to read the original whitepaper first before making reference to this guide. The link can be found here.
In the introduction, Satoshi Nakomoto describes how electronic payments across borders between different parties are facilitated through the use of financial intermediaries. This is nothing new to us as we are all familiar with the traditional banking system, remittance markets, PayPal, etc. The point is: If we want to send electronic money from one person to another, it has to be done through financial intermediaries.
The current traditional model is based on trust. Trust in the banking system and trust in the financial institutions. All is fine, but there are some weaknesses in such a trust model.
Firstly, irreversible transactions are not possible. Or another way to look at it, transactions are actually reversible. This is because these financial intermediaries are being held responsible to mediate disputes and resolve any errors. Imagine the following scenarios:
- Providing goods and services, but buyer reversed payment
- Sending money to the wrong account
- Payment from a suspicious account
- Processing orders fail to go through
Because financial transactions are actually reversible, this imposes various transactional and operation costs through mediation. As a result, making micro-payments is impractical. Usually, credit card companies would impose some sort of minimum fees so as to cover the various transaction costs from issuing bank, payment processor companies and etc. Furthermore, imagine resolving any disputes for micro-transactions, your profits will turn into losses due to all the transaction costs.
Secondly, because payments are actually reversible. The service provider runs the risk of providing an irreversible service but not getting paid in return. This can happen when the buyer, who has already consumed the benefits of the services, decided to do something and reverse the payment to himself.
Thirdly, because there is a possibility that payment does not go through, perhaps due to insufficient KYC/AML checks on customers, the service provider would tend to hassle for more information than required, thus infringing data privacy concerns.
All of these issues with regards to a trusted third party disincentives electronic transactions to a certain extent. The proposed solution by Satoshi Nakomoto is a peer-to-peer system that is based on cryptographic proof rather than the trust of a centralised third party. In this system, transactions are irreversible. This can be done through making any attempts of reversing transactions computationally impractical. By doing so, we can help prevent sellers from fraud since payments can’t be reversed now. In the scenario that buyers made a payment and sellers didn’t fulfil their obligations, an escrow can be implemented to protect them.
This is the part that gets me confused the most. It delves into the technicals of how bitcoin transactions work. It started off by defining an electronic coin (bitcoin) as a chain of digital signatures.
This chain of digital signatures is basically a ledger database that is filled with all the transactions of people sending bitcoins to one another. That is basically what bitcoin is. There is no concept of physicality, unlike gold bars or fiat currencies.
You can’t hold it neither can you see it.
When I say I have some bitcoins, I don’t actually have anything to show you. It is just a string of codes on the ledger that the whole world can prove and verify that I am the rightful owner of those bitcoins.
This ledger database is distributed across bitcoin nodes or computers all around the world. Every time when Alice sends Bob 5 BTC, the ledger gets broadcasted across all the nodes and all the ledgers are updated simultaneously. When Bob sends Charlie 3 BTC, it gets updated again.
That’s why Satoshi describes an electronic coin as a chain of digital signatures. Because it is basically just signing of transactions on the ledger sending bitcoins from one party to another and another and another and another.
This is a brief overview of how bitcoin transactions work. Bitcoin is made of inputs and outputs. When people send bitcoins to me (It is output to them and input for me). When I send bitcoins to others (It is input to me and output for them). If I want to send 10 BTC to you, here are the following things that will happen.
- I need your public address (sort of like your bank account number)
- I need the transaction message (how many BTC to send and to which address?)
- To prove that I initiated the transaction, I will sign it with my private key
- A digital signature will be generated
- The digital signature can be validated and verified just by showing my public key
- I am able to prove that I own the bitcoins without having to reveal my private keys
But there is a problem known as double-spending. How do we ensure that the same 10 BTC is not being spent twice? Without my permission, someone can just copy-paste the digital signature which I signed using my private key and broadcast it to the bitcoin nodes.
The solution to solve the double-spending problem is through a timestamp and hashing.
The cryptographic SHA256 Hash is like a unique signature of gibberish letters and numbers for a text or data file. Any minute changes such as a capital letter or a comma would completely change the output code. You can try out how hashing works here. The timestamp is the date and time at any particular time.
So how do timestamp and hashing solve double-spending? Imagine I send 2 BTC to Alice and the same 2 BTC to my own bitcoin address. By right only the first transaction should be counted. Any attempt to spend the same BTC afterwards should be rendered invalid.
When both transactions are being broadcasted to the bitcoin network, it would first stay under the pool of unconfirmed transactions waiting for the miners to come and verify it. When miners verified the BTC transaction to Alice, the block, along with all other transactions, would be time-stamped and hashed. This hash output would be publicly broadcasted and when a block hash is generated, it means that whatever transactions inside the block can’t happen twice.
This hash output would be publicly broadcasted and the very same hash output would be included in the next block. This is where the concept of blockchain is introduced. It means that if I want to hash block 1, it would include the pool of transactions inside block 1 AND the previous hash output.
The output hash code of my current block includes the previous hash as an input. Every block is linked to the previous block in chronological order. As more blocks are timestamped, hashed and linked up, the network becomes more resistant to any kind of malicious attacks.
This is because to tamper the data inside one block, the entire output hash code will change and every single block that comes after it would be all messed up. Since every block includes the previous hash, it means that if my previous hash has changed, everything afterwards would be affected as the hash output would be entirely different.
Remember how we talked about hashing works? Any changes to the input would completely change the hash output.
Proof of Work
Proof of work is a computational work that attempts to find a magic nonce number such that the entire output hash meets the required number of zeros. This is the essence of what bitcoin mining is. Every miner around the world competes to be the first one to find that magic nonce number. For example:
The miner has to start with nonce 1, SHA256 hash and see if the output hash matches the required number of zeros in front. If it doesn’t, the computer would try nonce 2, nonce 3 and so on. It is like a brute-force search to find what the number is such that when I hash it, the output returns the required number of zeros in front. The number of zeros required in front of the hash output represents the level of difficulty. If more zeros are needed, it means that it is more difficult.
As hardware speed increases and more parties are interested in becoming a bitcoin node, the bitcoin code would automatically adjust its difficulty such that not too many blocks are being generated per hour.
If too many blocks are being generated, it means that it takes a shorter time to find that magic nonce number. When that happens, the protocol would require more zeros in front to make the puzzle harder. Vice versa, if too little blocks are being generated, it means the puzzle is too hard and the number of leading zeros would decrease to make it easier.
On average, it should take about 10 minutes for a block to be mined. The difficulty level (number of zeros in front) would be automatically adjusted after every 2016 blocks (which is approximately 14 days). If one block takes 10 minutes, then 2016 blocks mean 20,160 minutes or 14 days.
There should only be one single blockchain on the bitcoin network and the honest chain would be the longest chain. This is because it is exponentially impossible and impractical for a malicious attacker to modify the chain and yet build the longest chain.
To illustrate, imagine there are two chains now:
The attacker attempts to edit the block data say by double-spending some bitcoins. He spent 10 BTC to buy a new BMW. The transaction is being broadcasted to the bitcoin network and is being verified by miners, the block is time-stamped, chained and so on.
However, on his own private chain (shaded red) he decides not to include and confirm the transactions. Hence the 10 BTC is NOT being spent in the malicious chain. So double spending occurs when he receives the BMW but yet did not spend the 10 BTC in his own private chain.
The solution to this is making the bitcoin protocol such that the longest chain is the most truthful and honest chain. If he wants his own private chain to be the truth, he must mine the blocks much faster than the combined mining power from all over the world. It is like fighting 1 against 100,000. What are the chances of winning?
Therefore, this makes it impossible for him to double spend the coins UNLESS he has gained a 51% control over the miners. This is the reason why a bitcoin transaction takes 6 block confirmations for it to be confirmed and verified. The rationale is that an attacker would never win the mining race as it becomes exponentially harder for every new block.
In this section, it kind of gives a summary of the entire process of how a bitcoin transaction works. A lot of things that are discussed in the earlier sections would be useful in helping one to connect the dots and form a clearer picture of the steps to run a bitcoin network.
Whenever we send some bitcoins from one person to another, it is called a transaction. There are multiple transactions taking place every second around the world. All these transactions would be broadcast to the nodes and pooled together into a block. These are called unconfirmed transactions. So each block contains multiple transactions.
Once all the transactions have already filled up the size limit of the block, miners would start to find the magic nonce number (Proof-of-Work) such that the hash of the block produces the required number of zeros in front. The first miner that successfully found that number has demonstrated that sufficient proof of work has been executed.
It then broadcasts it to all other nodes. Now that everyone knows what the answer is, all the nodes would update their ledger accordingly so that it represents the latest chain of records. The hash of the current block would be used as part of the inputs for the next block. So the hash of the next block would contain the previous hash and all the other transactions in that block.
The longest chain of blocks represents the most truthful chain. It is possible that two chains can occur simultaneously. For example, one miner in the east and another miner in the west found the magic nonce number together and proceed to broadcast it. That is fine as the next block would reset the competition. Eventually one would become longer than the other. The chain that is shorter would then be replaced by the longest chain.
In this section, Satoshi compares the process of bitcoin mining to gold. In the past, you have to purchase mining equipment, drills and hire labour to dig and mine gold underneath. That is the cost. The reward, if you struck a gold vein, would, of course, be the gold that you mined.
Similarly, the process of bitcoin mining is the CPU power and electricity cost consumed. Recall that mining CPU uses a brute-force method to find that magic nonce number? This takes up huge processing power and it uses up a lot of electricity. All these come with a cost.
There has to be a reward for the cost involved to mine bitcoins. The reward to gold miners would be gold itself. The rewards for bitcoin mining would be bitcoins and transaction fees. There are only going to be 21 million bitcoins in circulation. The cap limit prevents inflation and it allows bitcoin to maintain its store of value.
The miner who successfully found that magic nonce number would be rewarded with bitcoins. The number of bitcoins would be halved every four years. Initially it was 50, then 25, then 12.5. As of 2020, bitcoin would go through another halving and mining rewards would be subsequently reduced from 12.5 to 6.25.
All the bitcoins would be gradually released into circulation every time a victorious miner finds the magic nonce number. This is because there is no central authority to distribute the money. Using bitcoins as a reward would incentivise miners to run, govern and strengthen the bitcoin network.
Furthermore, the incentives from earning bitcoins would encourage an attacker to play the game honestly. This is because it would cost a ton of computational power and billions of investments into CPU mining machines to build a private chain that is the longest. In addition, the successful execution of the latter would cause the price of bitcoin to plummet significantly.
Therefore, the attacker would be better off using that amount of invested CPU power to mine and earn bitcoins rather than to orchestrate a double-spending attack. This is because the higher his CPU power is, the higher his chances of finding that magic nonce number and earning the bitcoin rewards.
Reclaiming Disk Space
Because there are multiple transactions in a block, it would take up a lot of space and limit the number of data a block can hold. The solution for this is known as Merkel Tree. So instead of storing multiple transactions in a block, we can just store one single root hash that contains a trail of all the previous transaction records.
The essence of how this works is just hashes of hashes. You can see that Tx0 and Tx1 are hashed into Hash01. Tx2 and Tx3 are hashed into Hash23. Both Hash01 and Hash23 is combined and hashed to form the root hash. In this way, spent transactions are like branches of the trees that are being stubbed off.
Simplified Payment Verification (SPV)
Simplified Payment Verification or SPV nodes are lightweight clients that don’t require the user to download an entire history of bitcoin transactions from genesis. There are millions of transactions that have occurred in the ledger and it would take a very long time if we were to download everything.
The solution is just to keep a copy of the block headers of the longest chain. This block header is the hash output of any particular block. It is an 80-byte long string which contains the bitcoin version number, the Merkle tree root, previous block hash, difficulty target and the magic nonce number. These are things which have been discussed earlier in this article. This block header is like a unique identifier for any particular block on the blockchain.
The term simplified payment verification means that a particular transaction can be verified without the need to know all other transactions that occurred in the block.
Suppose we want to know whether transaction K is valid. The hash of transaction K is HK (shaded green) as seen in the diagram on the bottom row.
If we keep hashing HK with all other hashes (shaded blue) and it eventually leads to the root hash (HABCDEFGHIJKLMNOP) under the Merkle tree, then we can be certain that transaction K is indeed included and verified inside this block. So if the transaction hash points to the Merkle root hash and the main block is included inside the blockchain, then the transaction can be said to be verified and confirmed.
Combining and Splitting Value
This is another important part of how a bitcoin transaction works. Basically, it is saying that it would be troublesome to make multiple transactions. Let’s say the price of a property is 10 BTC. It would be troublesome to send multiple separate transactions.
Imagine it takes three transactions to make a payment. The first transaction of 4 BTC, second transaction of 5 BTC and third transaction of 1 BTC. This would be broadcasting three separate transactions and miners have to take time to compute and solve the magic nonce number.
The solution to this is to allow multiple inputs and one or a maximum of two outputs. So in the above case, there would be three inputs (4 BTC, 5 BTC and 1 BTC) and one output 10 BTC to the property seller.
But what if I have odd numbers like 3 BTC, 9 BTC and 5 BTC? This is where two outputs come in. One to the seller and another output as change back to yourself. So the inputs would be 9 BTC and 3 BTC. The outputs would be 10 BTC to the property seller and 2 BTC back to your own bitcoin address.
Hence in bitcoin, there can be multiple inputs but only one or a maximum of two outputs for change back to yourself. Whenever you want to send bitcoins to someone else, it would gather all the outputs of bitcoin that others have sent to you. Remember when others send you bitcoin, it is output to them and input to you. When you send bitcoin to others, that outputs become inputs and my outputs to the other person become his or her inputs.
The traditional banking model protects user privacy by limiting information to the counterparty. However, we know that is not always the case in modern times. There have been frequent news of large multinational corporations getting hacked and customer data being leaked out.
Even though bitcoin transactions are public to anyone. A certain degree of privacy is still maintained at the individual level since it is all just gibberish codes and numbers. For example, let’s take the latest transactions that occurred on the bitcoin network on 4th Sep.
There is a transaction of 53 bitcoins or US$563,625 that just happened at 7.39 PM. What do we know of this person? The only information that is available to us is his bitcoin public address. The identity is unknown and this person’s privacy is maintained even though all bitcoin transactions are publicly available.
However, there is still a possibility of linking the same public address to a particular person. Satoshi advises one to use different key pairs for every different transaction. Imagine this bitcoin address: 38vjCt6KppEHhQcU6cY8fzxEWYJZwQwpwR is my account.
I use this bitcoin address to send multiple transactions to party Alice, Bob, Charlie and so on. If the government launches a KYC check and reveal the identity of the person behind 38vjCt6KppEHhQcU6cY8fzxEWYJZwQwpwR, then all the other transactions I have made can be traced back to me.
This is the statistical math whizz part that I don’t understand. If you ask me what the equations and formulas mean, I have zero clues on it. However, there are just two main points in this section.
The first is that what an attacker can do is limited. He can’t create new bitcoins out of thin air nor can he make bitcoin payments from someone to himself. This is beyond the bitcoin protocol standards. The only thing he can do is edit his own transaction by excluding it in a block to reverse the payment. This is called the double-spending problem.
The second is that it is impossible for an attacker to win the race of mining bitcoin faster than the collective honest nodes. The chances of winning become exponentially small as the number of confirmed blocks increased and chained up one after another.
To give a context of the odds for solving the magic nonce number in the bitcoin network, let’s take the total hash rate for bitcoin.
The total hash rate is about 88,000 TH/s on Sep 19. Remember that every block is hashed after the magic nonce number is found? The hash rate is a measure of the general processing hashing power to find the magic nonce number. Hash rate is the number of calculations that a given hardware or network can perform.
Let’s say we purchased 100 of these ASIC bitcoin mining machines for $30,000. My mini bitcoin mining farm would generate a hash power of 140 TH/s. If we take the total bitcoin hash rate divided by my mini bitcoin mining farm (88,000 / 140) it would be about 630.
This means that the chances of me finding the magic nonce number for a block are 1/630 or 0.001. 630 blocks have to come after me before I can successfully mine my first block. Let’s say I am an attacker and I want to build a chain that is longer than the honest chain, I have to link up 6 block confirmations faster than them. So my probability would be 0.001 to the power of 6. It is statistically, mathematically and astronomically impossible.
In conclusion, bitcoin is a proposed solution of digital money without the need for trusting a third party or central authority. It is based on cryptographic proof, mining, distributed network of honest nodes and a common ledger that gets simultaneously updated for every confirmed block.
We started with the concept of digital signatures. A digital signature is generated when I sign using my private key to proof that I own the bitcoins and I initiated the transaction to send bitcoins to another person. This provides ownership as to who own the bitcoins at any one point in time. However, there is a problem of double-spending. If I sign the transaction and send bitcoins to buy a property, but yet I decided to exclude the transaction in my private blockchain.
The solution to prevent such an occurrence is through time-stamping, hashing the blocks and including the previous hash of a block as an input. This makes it practically impossible for an attacker to conduct such an attack as he has to win the mining race against all the honest nodes.
The bitcoin network is not run by anyone. There is no service support and no political party behind bitcoin. Anyone can join and leave at any point in time. The longest chain would be taken as the singularity of truth for the entire history of transactions that have taken place.
That marks the end of the bitcoin whitepaper. It is with hopes that this annotated version helps you to better understand what bitcoin is and how bitcoin transactions work.
Editor’s Notes: Well that was a huge chunk! Materially speaking, understanding this whitepaper should provide you with some ability to move forward on how to invest and reap the benefits of bitcoin.
If you remain unsure, Christopher Long runs an introductory class, free of charge. If you want a guide, or even to just speak to an expert within the bitcoin/alternative asset investing world, you can start from here. I strongly advise you to take the chance and pick his brain.