What is Bitcoin?

It is the first decentralized* cryptocurrency**

*Decentralized: Not controlled by a central organization (like a bank/government)
**Cryptocurrency: Currency (a store of value) that is secured by use of blockchain*** technology

Why was Bitcoin made?
The main thesis for why Bitcoin was made was to eliminate the need for a third party (like a financial institution) for online payments.

What problem(s) was it fixing?
The risk that a single institution (e.g. government or bank) could restrict access to money Enables financial inclusion (banking services, credit etc.) underbanked individuals globally.

How does it work?

To get started, you need a secret (private) key and public key

secret_key = generate_secret_key()
public_key = generate_public_key(secret_key)

Your secret key is a random integer that only you know. Anyone who knows it can control all of the funds you own in the Bitcoin blockchain 1

At the heart of bitcoin is a transaction.

A transaction is the basic operation in the Bitcoin system. A Bitcoin transaction moves bitcoins between one or more inputs and outputs.

  • Each input is a transaction and address supplying bitcoins
    • Each input must be entirely spent in a transaction. For example: if an address received 100 bitcoins in a transaction and you just want to spend 1 bitcoin, the transaction must spend all 100. The solution is to use a second output for change, which returns the 99 leftover bitcoins back to you 2
  • Each output is an address receiving bitcoin, along with the amount of bitcoins going to that address

Digital signatures are there to prove that both parties agree to the transaction. Analogous to a drawer’s signature on a cheque.

signature = sign(message, secret key) // 256 bits

The private key ensures that only you can produce that signature and the message suggests that no one can just copy your signature and then forge it on another message.

To verify that a signature is valid, another function is used hand in hand with the sign function:

verify(message, signature, public key) -> bool // (True or False)

The main idea is that is should be infeasible to find a valid signature if you don’t know the secret key.

An extra measure to prevent this transaction being duplicated is to give each transaction a unique ID so that each transaction requires a new signature.

To prevent overspending, you need to know the transaction history of each wallet at all times. So you can tally up what they received vs what they spent. This is why Bitcoin is a currency. The history of transactions IS the currency. Think about it this way: if you had an agreement with 3 of your friends where everyone can lend money to each other as long as they have enough (and you verify this by storing the transaction history in a ledger), you can freely trade this way virtually forever. Instead of using regular currency (like USD), you can just have your own “Ledger Dollars” that you can use to buy and sell items 3

Sweet, so how do you “decentralize” this ledger? Decentralization is inherently simple. Everybody keeps a copy of the ledger. After every change, broadcast your changes.

Ok, now whose ledger do I trust in the case of different copies? We can devise a system to make it computationally infeasible to create fraudulent copies of the ledger.

Here’s how it will work: Encode a set of transactions (a block) into a special number (a nonce) in a manner that when you put that block data (the transactions and metadata) and hash it (through a cryptographic hash function like SHA256), the first X (say 30 bits) are all zeros. That was dense, please re-read it

The chance you’ll find this number is 1 in 2^X (one in a billion for the case of X=30). Bitcoin changes the value of X periodically so that it takes, on average, about 10 minutes to find the new block. It is computationally expensive because the miner must brute-force different nonces until the hash output meets the condition.

Cryptographic hash function AKA One-way function: A function that produces an output that is infeasible to compute in the reverse direction i.e. given the output, you can’t find the input. You basically would have to brute-force your way to the answer but you can’t because the hash function is SHA256 (meaning you need 2^256 guesses). Speaking of the security of SHA256…

Now here is the beauty of cryptographic hash functions: they are hard to compute but easy to verify (see related: NP complexity). Once you find the special number (that we obtained after encoding our block), you can verify it easily by just plugging it into SHA256 to see that there are 30 zeros.

You can verify that they(a minor) did a lot of work to get the number without having to do it yourself. Thus proof of work

Proof of work: A very expensive, computationally expensive puzzle. The sole output of the computation is just a proof that the computer did a costly computation.

A block contains:

  • a list of transactions
  • a proof of work to show that a costly computation occurred to generate the block
  • the hash of the previous block: To maintain the right order of blocks and for extra integrity (If someone alters a transaction in a previous block, they must redo everything that comes after it)

Now we have a blockchain

Blockchain: A chain of blocks, where each block is a set of an arbitrary number of transactions The “chains” should be Merkle trees or other cryptographic structures with a similar integrity functionality of post-unforgeable integrity Post-unforgeable/Immutable: can’t be undetectably altered after being commited to the blockchain.

Transactions are grouped into blocks and about every 10 minutes (once a new block has been generated), a new block of transactions is sent out, becoming part of the block chain, which renders the transaction (more-or-less) official.

The block creator gets a block reward that has no sender (and thus no signature) and adds supply of money. This is not to be confused with transaction fees, which miners can also pick up. It is an optional “bribe” to the miner to incentivize them to include your transaction in the next block.

Bitcoin’s block has a limit of ~2400 transactions, and each block takes about 10 minutes to create which means Bitcoin processes ~4 transactions/sec. This slow processing speed is what fuels transaction fee inflation since these fees determine what transactions miners choose to include in a new block.

The process of listening for transactions, creating blocks and broadcasting those blocks is called mining

Mining is the process that puts transactions into a block. To mine a block, miners must find an extremely rare solution to an (otherwise pointless) cryptographic problem. Finding this problem generates a block.[2] When a block is successfully mined, new bitcoins are generated in the block and paid to the miner. The mining reward is large. Because of this, mining is very competitive with many people attempting to mine blocks. The difficulty and competitiveness of mining is a key part of Bitcoin security, since it ensures that nobody can flood the system with bad blocks.

When you become part of the bitcoin network, you download the blockchain from some random node(s). When you create a Bitcoin transaction, you send it to some peer, who sends it to some peers, and so on, until it reaches the entire network. Miners pick up your transaction, generate a mined block containing your transaction, and send this mined block to peers. Eventually your client will receive the block and your client shows that they transaction was processed.

If you receive 2 conflicting blockchains, always defer to the longest one. Basically, whichever block has the most computational work is the most trustworthy. Unless someone has more than 50% computational power in the network, you can always trust that the longest blockchain is the most trustworthy.
This means that nodes shouldn’t necessarily immediately trust the longest block. A node should instead wait for several new blocks before they trust a single particular chain.

All the money in Bitcoin comes from block rewards. In the beginning this was 50BTC and it halves every 210,000 blocks (~ 4 years). As of December 2024 it is at 3.125 Bitcoins.

Design criticisms

Bitcoin has many inelegant features 4 :

  1. The network’s security depends on having more brute-force computing power than your opponents(the attackers, if any)
  2. The “good nodes” need at least half the processing power just to avoid double-spending
  3. A hash tree that just keeps growing indefinitely
  4. Can’t be used offline without proxies and workarounds
  5. All transactions are tracked publicly which means it can never really e completely anonymous

Gwern 4 argues that Bitcoin’s inelegance is actually better than the already existing elegant solutions for a cryptocurrency. It covered the most important practical situations, went viral and became widely adopted, then improved over time; kinda like many other things on the internet.

References

A from scratch tour of Bitcoin in Python

  1. Bitcoin whitepaper by Satoshi Nakamoto ↩︎

  2. Bitcoins the hard way: Using the raw Bitcoin protocol by Ken Shirriff ↩︎

  3. But how does Bitcoin actually work by 3Blue1Brown ↩︎

  4. Bitcoin Is Worse Is Better by Gwern ↩︎ ↩︎