Bitcoin How it works

I learned about Bitcoin relatively recently, but he immediately bribed me with his idea of ​​p2p. The deeper I buried in their wiki , the more imbued with this idea. Its implementation is beautiful and elegant from a technical point of view.

Search Habr on Bitcoin gives two topics . But this is more news. It is noticeable from the comments that many people, especially those who are not familiar with Bitcoin directly, have many questions about the principles of its work. There are also many guesses, often incorrect ones. To somehow clarify the situation, it was decided to write this article.

Real money?

The first place in the list of the main misconceptions about Bitcoin is taken by the idea that Bitcoin is just another “piece of paper”, let it be electronic, which only represent “real” money, are such promissory notes. This is where most of the other misconceptions originate: since these are pieces of paper, they are worth nothing; they can be printed or destroyed as they like; they can be faked; they can be copied.

I repeat - all this is nothing more than delusions. The idea behind Bitcoin was based on the desire to create not just “pieces of paper” that represent real money, such as gold, but an analog of gold itself. Take those properties of gold, thanks to which it is an ideal money, and make e-currency based on them.
')

Mining difficulty

Gold can not be copied - it can only be mined. But this is a very costly process both in time and in terms of resources. Partly because of this, gold is valued so highly. To make it clearer, consider the example.

Suppose a person all day diligently mined gold and eventually produced 1 kg. For him, the value of gold mined is one day of hard work. After a hard day’s work, he decided to take a break and go to the cinema. By coincidence, the cashier gave away tickets in exchange for gold. Why? Because the cashier likes gold, but doesn't like working with a pickaxe all day. Therefore, he is ready to provide a service - to give away a ticket - in exchange for 1 kg of gold. In fact, he exchanges his service for one day of hard work.

Now imagine another situation. Invented a copier that works with gold. And any person can make 10 kg per minute from one 1 kg of gold. In this situation, the cashier will no longer exchange tickets for gold, since now he himself can easily print it as much as he wants. Gold will no longer have any value and can no longer be used as money.

In Bitcoin, the process of mining coins also requires resources and time. But in this case it is not human resources, but computer resources.

Conditionally limited resource

The longer gold is mined, the harder it becomes (more expensive in terms of resources) to mine it. This ensures that inflation is under control.

In Bitcoin, a similar behavior is achieved by introducing a function of the rate of total coins mined over time. This function is inversely proportional, that is, the speed decreases with time and tends to zero. If we take the integral of this function over time, we get an exponent. Something like this:

Here you can see that the total number of coins tends to 21,000,000. Details of the work of Bitcoin will be discussed further. In the meantime, you need to know two things: coins appear in the system in batches approximately every 10 minutes, the number of coins in one pack is 50, and it decreases by half every 4 years.

Materiality

This property is not so much gold as any non-electronic currency. One gold bar cannot be exchanged twice for a service or product. That is, at one point in time it can be either from the seller or from the buyer.

This behavior is natural for the material currency, but not for electronic. To achieve this behavior of virtual money, you need to make a lot of ingenuity. In Bitcoin, this behavior is provided by the transaction mechanism. All transactions are merged into chains. Each transaction takes coins from one or more existing transactions and indicates to whom they are intended. Therefore, you can always check the entire chain for validity.

The complexity of mining, limited resource, materiality - these properties, plus the use of cryptography for security, allow Bitcoin to be used as money. The core Bitcoin is based on them. This is not just an arrangement. All of them are incorporated in the system by design, and in another way it will not work. It is time to consider this very design.

Chain of blocks

Any electronic payment system must somewhere and somehow store transactions. In Bitcoin, all information is stored in a block chain. Blocks are transmitted in JSON format. Each block contains a title and a list of transactions. The header consists of several properties, among which is the hash of the previous block. Thus, the whole block chain stores all transactions for the entire Bitcoin operation.

In the current versions of Bitcoin, the block chain is downloaded entirely by each client, which makes the system completely decentralized. The data is not encrypted and anyone can manually trace all transactions. There is even a special site - Bitcoin Block Explorer , where you can easily see all the information about blocks and transactions.

At the time of writing, the number of blocks in the chain was 110,968, and, as I said earlier, this number increases by approximately every 10 minutes. This means that some of the participants were able to create a new block.

Incidentally, all participants are divided into two groups: those who are working on a new unit and who are not working. According to statistics, these groups correlate as 1 to 3. Why create blocks at all, and even every 10 minutes? Transactions are recorded in blocks. Each block contains all transactions that took place at the time of its creation, that is, in 10 minutes.

It works as follows. One of the clients creates a new transaction and sends it to other customers who are busy generating the block. They add this transaction to their block and continue generating. Sooner or later someone will be able to generate a block. Such a block is sealed (no more transactions are added to it) and sent over the network. Next, customers check the block and transactions inside it for validity. If there are no problems, then the transactions are considered approved. At this point, a fresh block has already reached every customer and has been added to the chain. After this, the process repeats - customers begin to generate another block and collect new transactions into it.

Block

Consider the contents of the block and the process of its generation in more detail. An example of a block can be found on the same Bitcoin Block Explorer . The block consists of a header and a list of transactions. The header consists of the following properties:

hash - SHA-256 hash of block header. Such a hash is fairly random, and its computation time is predictable. I want to note that only the header is hashed, without transactions. So the number of transactions will not greatly influence the hash calculation time.

ver - Block scheme version. At the moment, all units have one version - 1.

prev_block - The hash of the previous block in the chain. Due to this property, the chain cannot be faked by replacing one of the blocks in it, since the block hash always depends on the hash of the previous block in the chain. Changing one of the blocks will have to re-create all subsequent ones.

mrkl_root - Merkle root - list of transaction hashes. Hash block must necessarily depend on transactions so that they can not be faked. But it will take a long time to calculate it directly if the number of transactions is large. Therefore, the transactions themselves are hashed first, and then their hashes are used to calculate the hash of the entire block.

It may seem absurd - why double-calculate the hash of the same. But the fact is that the transaction hash is updated only when a new transaction is added to the block, and the block header hash is recalculated several thousand times per second. In addition, the closer the size of the header in a constant, the more accurately you can predict the time to calculate its hash.

time - uint32_t representing the block creation time. The maximum allowable year is 2106.

bits - One of the most important properties. It is the abbreviated form of the target hash value. A block is considered to be generated (valid) when its hash is less than this target value. The target value determines the difficulty of creating a block. The smaller it is, the less likely it is to find a suitable hash in one iteration. This property is updated every two weeks.

It happens as follows. The number of generated blocks for the last two weeks is calculated and compared with the standard (1 block every 10 minutes). If there are too many blocks, the complexity increases. If the blocks are too small - decreases. Thus, the system adapts to the increase in the number of users and, as a result, the total capacity of their computers.

nonce - A number that, starting from zero, is incremented after each iteration of the hash calculation. Actually, this is how the search goes until the hash is less than the target value. In order for each new hash to be different from the previous one, at least one of the block header properties must be different.

For example, the version never changes. The hash of the previous block is updated when someone gets ahead of us and generates a new block. Merkle root is updated when a transaction is added. Time - every few seconds. Bits (target value, complexity) - every two weeks. All this is too long. Not to wait until one of the properties is updated and nonce exists.

Consider a hypothetical situation. All nonce values ​​were checked and none of them fit. During this time, no other property has changed. A nonce overflow occurs and it starts from scratch again. It turns out that further hashes will be repeated. To avoid such situations, after overflowing nonce, the special property of one of the transactions changes. After that, Merkle root is updated and the block header hashes will no longer be repeated.

n_tx - The number of transactions in the list.

size - The block size in bytes.

Transactions

Transactions are contained in blocks in the form of a list. They, like blocks, are lined up in chains. Each transaction should indicate where it takes money (from which existing transaction), and where it is sent.

To indicate the addressee, its public key is used. In order for the addressee to use the money received, he must create a new transaction that will take money from the previous one and redirect it to a different address. To prove that a person uses his money for the transfer, and not someone else’s, he must leave his digital signature in his transaction. Then at any time you can make sure that all transactions in the system are valid.

In practice, all this is implemented using the following properties:

hash - Hash the entire transaction. It turns out that transactions are hashed twice. First time calculating the transaction hash. Second time during block hash calculation. In addition, each block refers to the hash of the previous block, and each transaction refers to the hash of the previous transaction (or transactions). If you change a transaction and by some miracle its hash does not break, then all other hashes will break and the modified block chain will be rejected by all clients.

ver - Transaction schema version. So far, it has never changed, so it is equal to 1 everywhere.

vin_sz - The number of previous transactions, from which money is transferred to new addresses. One or more.

vout_sz - The number of addresses to which money is transferred. One or more.

lock_time - While not in use and everywhere equal to 0. The idea is to create pending transactions so that they are not added to the current generated block, but, for example, to the following one. It is implied that this property indicates the number of blocks that the transaction should skip before adding. This makes it possible for some time to change the transaction and re-sign it.

size - Transaction size in bytes. Implied transaction size in JSON format.

in - Contains the list of inputs (sources) of the transaction. As inputs are used the outputs of previous transactions ( prev_out ). Each output has the following properties:

hash - The hash of the previous transaction.

n - Since a transaction can have several exits, you need to specify from which of them the money is taken. For this and there is this property. It contains the sequence number of the output of the previous transaction, starting with 0.

scriptSig - In this property, the sender must prove that he transfers exactly his money, and not strangers. To do this, it indicates the recipient's public key of the previous transaction, that is, its key, since it must be the recipient. In addition, he adds the ECDSA signature of the same transaction, which is made his private key. This proves that he manages his money, not strangers.

After the list of inputs of the transaction ( in ), the list of outputs ( out ), i.e. the addressees, is indicated. Each output has the following properties:

value - Contains the amount of money that will be transferred to the new address. They are taken from previous transactions. Therefore, this number should not exceed their sum. For example, we want to take 10 coins from one transaction and 20 from another and send 25 to a new address. To the remaining 5 coins are not lost, we send them to ourselves, as a change. Thus, in our transaction there will be two addressees, one of which is ourselves. Value is always indicated in nanomonet to avoid fractional numbers.

scriptPubKey - This property, together with scriptSig, compose a script in a modified Forth-like language . ScriptPubKey contains language statements and the hash of the transaction recipient's public key. The script checks the transaction for validity. The use of such a scenario provides rich possibilities for describing the conditions for receiving money by the addressee. For example, you can force the recipient to specify a password instead of ECDSA.

The total amount of money at the input of the transaction is always equal to the total amount at the output. Otherwise, the money either arose from the air or disappeared from circulation. But at the very beginning there was a graph according to which it is clear that the number of money is growing exponentially. So where do new money come from in the system?

To my taste, the issue of money is simple and elegant. In each block, the first transaction in the list is a special transaction. It always has one input, which has the coinbase property instead of the scriptSig property. This property can contain anything.

The output of the transaction is also always the same. It redirects 50 coins to the one who generated the block in which this transaction is located. This is a kind of reward for the time and resources spent on generating the block. By creating a new block in the chain, the client contributes to the work of Bitcoin.

Every four years, this reward is halved, so the total number of coins in circulation is stabilized. After that, even if the attacker creates a block using a modified version of the program and assigns 50 coins to himself, this block will not be added to the chain, since it will be rejected by other honest customers, which should be the majority.

The stability of the system is based on the number of users who have an official client running. While most of them, Bitcoin does not threaten anything.

Conclusion

Proof of work - the result of work which is difficult to achieve, but easy to verify. The operation of the Bitcoin network is based on this principle. You can check the hash (the result of the work) in a split second. And in order to pick it up, it takes a lot of work.

Here you can recall the analogy with gold, the extraction of which takes a lot of time and resources. But you can understand that gold is in front of you almost immediately. In this sense, Bitcoin also has its value. But do not understand this as the price in dollars or in the electricity bills that the computer used during the selection of the hash.

The dollar price is a bit different. It is not incorporated into Bitcoin and is determined solely by the market. After all, gold in itself also does not guarantee you a certain price in dollars. It is guaranteed only by a person who wants to exchange gold for dollars.

The initial value of gold was determined solely by those who mined it. For the mined gold, he asked so much that it was possible to compensate for the efforts to mine it. And after that the market starts to influence the price of gold.

Once Bitcoin has hit the market, its value is determined solely by the level of trust in the system. The more people trust, the more Bitcoin will buy, the more dollars they will invest in it, and, consequently, the more expensive Bitcoin will be.

Before people can trust Bitcoin, they have to find out if this system has a sufficient degree of security, and whether it can be used as money, that is, it has the properties of money, which I listed at the beginning. To know this for sure, you can only understand the principles of Bitcoin.

I hope that after this article the level of confidence in Bitcoin will at least increase a little.