When trying to learn about Bitcoin myself, I found guides on the Internet (at least the first ones that came up on Google search) super unhelpful. Most didn’t even explain how Bitcoin actually worked – they were just long, drawn-out, and yet high-level explanations. So here’s my attempt at keeping it short, to the point, but still low-level (cause that’s just my style).

If you’re here, I’m guessing you basically know what Bitcoin is – it’s a digital currency for the modern age that’s seriously making waves right now. And I’m guessing you kind of know how it works.

But… do you? A few months ago, my understanding of the “miners” in the Bitcoin world were like gold miners; they scavenged the Internet for hidden treasures buried therein by some unknown God-like figure (maybe the presumed anonymous, yet still infamous, “Satoshi Nakamoto”??). But that’s a huge oversimplification, and not one that anyone with a decent math background should take for granted (because that, well, makes no sense).

Okay, let’s start with the basics of Bitcoin. It is:

1. Decentralized – that’s important. It means that there is no central governing authority on the status of Bitcoin (unlike most currency, which is governed by countries). It plays into the whole skeptical-of-government mentality, and helps give people peace of mind that no central authority has the power to “take down” bitcoin, or to turn “malicious”, as they say.
2. Anonymous – well, kind of. Bitcoin isn’t totally anonymous (thanks to the public ledger, which we’ll talk about in a bit). But since Bitcoin’s notion of an “identity” is not a person, but rather a public key and secret key pair, if you’re careful, there’s no way to match your identity to your public key (unless, of course, you make a lot of transactions with the same public key and the same public IP, but that’s not my point here).

Identities

At the heart of Bitcoin is the use of a Public Key, Secret Key pair for identities. How does this work? Anyone can generate as many of these key pairs as they’d like. You publish your public key to declare that that public key belongs to you. How do you verify your “identity”? You can digitally sign transactions that you make on your behalf by using your secret key to sign them. To verify that a given transaction came from you, I can use your public key to verify the validity of your signature. The structure of these public key, secret key pairs is such that you, and only you (because only you have your secret key) can sign messages that prove to be valid upon validity checks with your public key. We’ll see more about this later.

Problems with E-Cash: Double Spending

One of the main issues presented in the digital currency world is that of preventing double spending. In the “physical money” world, double spending is pretty much impossible. If you pay with physical cash, you can’t magically produce 2 copies of the same $10 bill and give it to 2 different people. And if you’re paying with a credit card or bank, well, the bank has a pretty strong incentive to make sure you can’t double-spend. But in the digital currency world, when our idea of “cash” is just strings of bits, double spending is a lot easier.

Bitcoin prevents against double spending with a public ledger, a public history of all transactions that have happened. This means that if Alice gives a bitcoin (let’s say this coin’s ID is \(c_A\)) to Bob, and then later gives that same coin to Charlie, Charlie can check the ledger before accepting her coin, and see that she’s already given the coin with ID \(c_A\) to Bob. This public ledger is also known as the “blockchain”.

Mechanics of the Public Ledger

Before we get into the nitty gritty of how this public ledger is maintained, let’s begin with an overview of the structure of the blockchain. Each block is a set of transactions (we group them together for efficiency). To ensure the integrity of the order of the blockchain, each block contains a hash of the block that came before it.

Brief: A Hash function is essentially a pseudo-random mapping from arbitrary-length strings of bits to set-length strings of bits (eg. SHA-256, which Bitcoin uses, maps any given bit string to a 256-bit string). The function needs to be deterministic, and it needs to have certain properties, such as being “collision-free,” which means you can’t figure out the input to a hash function by observing the output (except by brute force).

Each transaction has a set of inputs (the coins that will be spent) that reference the block in the blockchain from which they came. So if Alice gives 1 BTC to Bob, and then Bob wants to send 1 BTC to Charlie, he references the transaction where his 1 BTC originated in his transaction to Charlie. A transaction can have multiple inputs, but it must consume all of the BTC in the output of the transaction it references. Each transaction must also be digitally signed by the owners of all input coins. The transactions are linked together inside of a block with Merkle Trees (which we won’t get into here).

Here’s a quick picture of what the block chain looks like (obviously an over-simplification). The trees are the Merkle Trees—what they essentially do is allow you to collapse a lot of transactions into one block, and yet still be able to verify that a given transaction belonged to that tree, using some fancy hashing.

Distributed Consensus

But we still have a problem: who should be responsible for maintaining this public ledger, and making sure that all transactions added to it are valid? We don’t want a specific group of people to be in charge of it, because that gives them a huge incentive to turn malicious on us and steal our money (and remember, we’re the kind of skeptical Internet people who encrypt their personal emails “just in case”).

Bitcoin does away with the central governing authority, and, in almost utopian way, puts the power into the hands of the people. In other words, everyone is responsible for maintaining the public ledger, and ensuring its integrity. In the practical world of course, it’s those “miners” you’ve heard about (and yes, that means that when you put your money in Bitcoin, you are effectively entrusting your money with the Bitcoin miners, and praying that a majority of them will be honest).

So, who gets to add transactions and when? We need to solve two problems here:

1. We want everyone to have an equal chance of adding transactions to the blockchain, so that we can ensure that our decentralized system remains decentralized.
2. We want there to be some kind of “wait time” between transactions. This is a problem because the Internet is naturally asynchronous. We don’t want 100 people trying to add a transaction at the same time — that will create 100 forks in the blockchain all at once, and will make it a bit difficult for nodes in the network to figure out which branch is the valid one that they should keep adding on to.

Bitcoin cleverly solves both problems by using computing power as “the great equalizer”. In other words, we expect that computing power is not something that one person can totally monopolize, so making the only barrier to entry for this game of who-gets-to-add-the-next-block be computing power, basically, anyone can play. In some sense, the game boils down to this: I have a magic number, and I want you to guess it. You can send me as many guesses as you’d like as fast as you’d like, but at the end of the day, anyone with a computer can guess my number, and even the 10-year-old kid using his mom’s PC has a non-negative probability of being the first person to guess my number correctly. And if I tell you this number is anywhere between 1 and \(2^{200}\), I can be decently assured that there will be a non-negligible wait time between correct guesses of my “magic number”.

POW: Proof of Work

But of course, I promised you a low-level explanation of how Bitcoin works, so let’s get our hands a little dirty. To add a block to the blockchain, you need to find a number (called a “nonce”) such that the hash of the nonce + the previous hash + the transactions of the block is less than some target value, where the target value is often represented \(2^{256-D}\), where \(D\) is the “difficulty level”. In other words, find the nonce so that the output of the SHA-256 hash begins with \(D\) zeroes. Since SHA-256 is presumed to be secure, the only way to find such a nonce would be to use brute force—try all the numbers you can until you find one that works. \(D\) increases over time (as there become more miners, and thus the puzzles are solved faster) and is set so that the average time between successively added blocks is about 10 minutes.

There is, of course, still the possibility that multiple miners will find a nonce at the same time. In these cases, the blockchain will fork. So which chain is the valid chain? Bitcoin’s standard is simply to use the longest chain. For this reason, it’s standard practice to not accept a transaction from someone until several more blocks (around 6) have been added to the blockchain, to ensure that that transaction really did go through.

Incentives

And of course there’s the reason why miners spend all this time, effort, and computing power finding nonces and adding to the blockchain—they get incentivized to do it. But not by mining for Bitcoins like gold miners mine for gold. Instead, adding a block to the blockchain means that you get to include a “reward” transaction of a set number of bitcoins to any public key of your choice. This is called the “coinbase” transaction. Right now the reward is set to about 12.5 BTC, and it is halved every 210,000 blocks (or every 4 years, approximately). Note that there are a finite number of bitcoin in circulation, specifically 21 million bitcoins, so eventually there will be no rewards left.

Miners are also incentivized by “tips.” When you make a transaction, you would obviously want that transaction to be added to the blockchain, so to incentive miners to prioritize your transaction, you can add in a tip in your transaction that will go to whichever miner puts your transaction in the blockchain.

Some for thought — Persisting issues with Bitcoin

If a majority of miners find some way to collude and turn “evil”, they can take down the integrity of Bitcoin. Why? Well, Bitcoin is propped up with the expectation that a majority of nodes in the network are “honest”—which means we expect/hope that if someone adds a fraudulent transaction to the blockchain, most nodes will catch the fake transaction and discard it immediately, and it won’t persist in the blockchain. If that assumption is violated, we can make no guarantees about the blockchain’s integrity—because, let’s face it, most of us aren’t participating in the distributed consensus of the blockchain, even if we have money in bitcoin. Moreover, this concern isn’t actually all that unfounded. It takes a lot of computing power these days to find nonces, and miners are more and more pooling resources together in so-called “mining pools” to get a leg-up on the competition.

If we can somehow find a way to make factoring easy (whether that’s with quantum computers or some neat new trick no one’s found yet), the entire Bitcoin system will collapse, because the security of SHA-256 relies on the assumption that factoring is hard. If that turns out not to be true, people could manipulate old blocks in the blockchain, add in fraudulent transactions, etc… it won’t be good. Now, people have thought about ways to overhaul the Bitcoin system in case this happens, but it will still require a complete overhaul of a decentralized system—seems like it’ll be a less-than-seamless transition, at best.

References

1. Wikipedia
2. MIT 6.857 Lectures
3. Bitcoin Princeton Book