Many thousands of articles have been written purporting to explain Bitcoin transaction text, the online, peer-to-peer currency. Most of those articles give a hand-wavy account of the underlying cryptographic protocol, omitting many details.
Even those articles which delve deeper often gloss over crucial points. My aim in this post is to explain the major ideas behind the Bitcoin protocol in a clear, easily comprehensible way. Understanding the protocol in this detailed way is hard work. It is tempting instead to take Bitcoin as given, and to engage in speculation about how to get rich with Bitcoin, whether Bitcoin is a bubble, whether Bitcoin might one day mean the end of taxation, and so on.
That’s fun, but severely limits your understanding. Understanding the details of the Bitcoin protocol opens up otherwise inaccessible vistas. I’ll describe Bitcoin scripting and concepts such as smart contracts in future posts. This post concentrates on explaining the nuts-and-bolts of the Bitcoin protocol.
To understand the post, you need to be comfortable with public key cryptography, and with the closely related idea of digital signatures. It may seem surprising that Bitcoin’s basis is cryptography. Isn’t Bitcoin a currency, not a way of sending secret messages? In fact, the problems Bitcoin needs to solve are largely about securing transactions — making sure people can’t steal from one another, or impersonate one another, and so on. In the world of atoms we achieve security with devices such as locks, safes, signatures, and bank vaults. In the world of bits we achieve this kind of security with cryptography.
My strategy in the post is to build Bitcoin up in stages. I’ll begin by explaining a very simple digital currency, based on ideas that are almost obvious. We’ll call that currency Infocoin, to distinguish it from Bitcoin. Of course, our first version of Infocoin will have many deficiencies, and so we’ll go through several iterations of Infocoin, with each iteration introducing just one or two simple new ideas. After several such iterations, we’ll arrive at the full Bitcoin protocol. This strategy is slower than if I explained the entire Bitcoin protocol in one shot. But while you can understand the mechanics of Bitcoin through such a one-shot explanation, it would be difficult to understand why Bitcoin is designed the way it is.
The advantage of the slower iterative explanation is that it gives us a much sharper understanding of each element of Bitcoin. Finally, I should mention that I’m a relative newcomer to Bitcoin. So I’d certainly appreciate corrections of any misapprehensions on my part. First steps: a signed letter of intent So how can we design a digital currency? On the face of it, a digital currency sounds impossible. If Alice can use a string of bits as money, how can we prevent her from using the same bit string over and over, thus minting an infinite supply of money? Or, if we can somehow solve that problem, how can we prevent someone else forging such a string of bits, and using that to steal from Alice?
These are just two of the many problems that must be overcome in order to use information as money. Suppose Alice wants to give another person, Bob, an infocoin. She then digitally signs the message using a private cryptographic key, and announces the signed string of bits to the entire world. A similar useage is common, though not universal, in the Bitcoin world. This isn’t terribly impressive as a prototype digital currency!
But it does have some virtues. So the protocol establishes that Alice truly intends to give Bob one infocoin. To make this explicit: it’s just the message itself, i. Later protocols will be similar, in that all our forms of digital money will be just more and more elaborate messages . Using serial numbers to make coins uniquely identifiable A problem with the first version of Infocoin is that Alice could keep sending Bob the same signed message over and over. Does that mean Alice sent Bob ten different infocoins?
What we’d like is a way of making infocoins unique. They need a label or serial number. To make this scheme work we need a trusted source of serial numbers for the infocoins. One way to create such a source is to introduce a bank. The bank reduces her account balance by one infocoin, and assigns her a new, never-before used serial number, let’s say 1234567.
But Bob doesn’t just accept the infocoin. Making everyone collectively the bank This last solution looks pretty promising. However, it turns out that we can do something much more ambitious. We can eliminate the bank entirely from the protocol. This changes the nature of the currency considerably.
It means that there is no longer any single organization in charge of the currency. In particular, we’ll assume that everyone using Infocoin keeps a complete record of which infocoins belong to which person. You can think of this as a shared public ledger showing all Infocoin transactions. We’ll call this ledger the block chain, since that’s what the complete record will be called in Bitcoin, once we get to it.