From Bitcoin Wiki
Revision as of 02:25, 14 February 2011 by Udibr (talk | contribs) (Putting it all together)
Jump to: navigation, search

Alice is far away from Bob and wants to buy his Alpaca socks. In return, she wants to send him a dollar. She can use something like paypal with its limitations or she can mail him a dollar bill. But a dollar bill is just an item with very low intrinsic value that is accepted by Alice and Bob to represent something significant in the real world like socks. Instead of mailing the bill itself, Alice could have emailed a number, like the serial number imprinted on her dollar bill, and save on stamps and time, we will call this number a bitcoin. The bitcoin is used as a unit of account to measure the value of the socks Bob gave to Alice. Once Bob receives the bitcoin he would like to know that there is a good chance that he will be able to use the bitcoin to buy other products of similar value in the immediate future (means of exchange) or in the long term future (asset) and he needs to know if there are any unwanted side effects to using it.

For the transaction to take place, Alice needs to have a bitcoin to start with and Bob needs to decide if he accepts the bitcoin in return for his socks. The value of a bitcoin is affected:

  • The bitcoin can’t be replicated (counterfeited) and used again by Alice or someone else eavesdropping to the transaction.
  • Alice can’t create more bitcoins out off thin air without limit
  • However, there should be some mechanism that introduces new bitcoins out of thin air into the system, otherwise there would not be enough bitcoins to make it popular by many people. But this mechanism should be agreed by all (fare) and it should be slow otherwise bitcoins cannot be used to store asset.
  • Bob needs to know that it will be relatively easy for him to find other people that will accept his bitcoin in the same way that he did, this is a circular problem that requires other people to go through the same decision process

Bob may consider the following side effects:

  • Bob needs to know that it will be hard to steal or confiscate his bitcoin once he received it.
  • Like regular cash, Bob will like to know that his privacy is kept, and other people that will receive the bitcoin in the future will not be able to personally track him.


By an eavesdropper

To guarantee that an eavesdropper, Eve, cannot replicate bitcoins we use a public key system to make digital signatures. In this system, each person, such as Alice and Bob, has a pair of public and private keys which he/she stores in a safe wallet. Only the user with his secret private key can sign a document, such as the transaction to give some of his bitcoins to somebody else, but any one can validate the signature using the user’s public key. The bitcoins, in Alice's hands, already contain a signature by whoever sent her the amount.

  • Bob sends his public key to Alice.
  • Alice adds Bob’s public key to the coin’s content.
  • Alice signs the transaction with her secret private key.

As a result, the new coin, that Eve may be intercepting, contains the public key of both Alice and Bob.

Later on, when Bob will transfer the same coins to Charley, he will do the same thing: receive from Charley his public key, add a new transaction to the coin's chain of transactions and sign it with his (Bob) private key. But only Bob can do this, because only Bob has the private key which is necessary for signing and which is the only private key to match Bob’s public key that is already in the chain.

Eve cannot change who the coins belong to by replacing Bob’s public key with her public key, because Alice signed the transfer to Bob using her private key, declaring that the coins now belong to Bob, and Alice's private key is kept secret from Eve. So if Charley accepts that the original coin was in the hands of Alice he will also accept the fact that this coin was later passed to Bob and now Bob is passing this same coin to him.

By the sender

How to guaranty that Alice does not replicate the coin and use it in more than one transaction:

  • Details about the transaction is sent to as many other people (to their computers) as possible
  • At least one of the computers sends back a block, which is just a large document that includes details of the transaction and other unrelated transactions. The block is sent to as many other people as possible.
  • Eventually the block reaches Bob that can validate that his transaction was recorded and no other transaction for the same coin was made in the past.
  • In theory, Alice can generate a spoofed block in which her past usage of the same coin does not appear and try to send this block to Bob as an evidence that the coin is OK. But the process of generating a block is designed to take a long time and she is not likely to generate it on time. Keep in mind that Bob is using a new public key for each transaction so Alice can’t prepare in advance. In addition, many other computers are working in parallel to generate an honest block and one of them is more likely to finish before her. In any case, eventually competing blocks will arrive to Bob that will indication that Alice’s coin was already in use.


In order to protect his privacy, Bob can generate a new public-private key pair for each transaction. So David receiving the coin from Charley will not be able to identify who is the second person in the list of transactions. The only thing David will know is the Address of Bob which is a shortened (hashed) version of his public key.

Creation of coins

As we saw, both Bob and Charley need to verify that the original coin that Alice started with is valid. Alice can’t just generate coins out of thin air because the appearance of a coin is also a transaction that needs to be accepted by others (in their blocks.) The only way she can cause a coin to appear in a block is to generate the block herself, and this is exactly how new coins are slowly introduced: every computer that manages to generate a block is allowed to put one transaction in it in which it receives one coin. Other computers receiving the block can validate that only one coin is created and they can then accept this new coin as valid. Generating blocks is a slow process that requires Alice to spend computer hardware, electricity bill and time and it can be compared to gold mining. It is also a constructive work because the created block is part of a chain of blocks that together keep a record of all transactions. The coin received by Alice is used as an incentive for the computation work she performed in addition Alice can shave a small fee from the transactions stored in the block and use it as an additional incentive.

Putting it all together

Instead of reading endless wikipages you can directly experience the system in action by visting Bitcoin Block Explorer. The site shows you the latest blocks in the block chain which are the latest recording of transactions taking place. Note how many blocks were generated in the last hour, should be around 6. Also notice the total amount transfered in the last hour (last time I checked it was about 15K.) This the volume of the bitcoin system and it gives you an indication of how active the system is.

Next, drill into one of these blocks. Start by noticing that the block's hash begins with a run of zeros, this is what made making it so difficult. The computer that generated this block had to run on many Nonce values (also listed on the block's page) until it found one that generated this run of zeros. Next notice the line titled Previous block, each block contains the hash of the block that came before it, this is what forms the chain of blocks. Now notice all the transactions the block contains.

Drill into any of the transactions and you will see how it is made from one or more amounts coming in and out. The fact that there can be more than one incoming and outgoing amounts, allow the system to join and break amounts in any possible way allowing for any fractional amount needed (usually cents.) Each incoming amount is a transaction from the past (which you can also drill to) coming from an address of someone and each outgoing amount is addressed to someone and will be part of a future transaction (which you can also drill too if it also had already taken place.)

Finally you can drill into any of the addresses and see what public information is available.