What is Bitcoin? How Does It Work? Explain more

Many people have heard of bitcoin, which is a purely digital currency that does not require a government to issue it or banks to handle accounts and verify transactions. Nobody knows who came up with it. To get there, and to ensure that the technical aspects underpinning this response feel motivated, we’ll walk through “how do bitcoins work?” and how to develop your own version of bitcoin step by step.

1. What is bitcoin?

We’ll start by having you use a shared ledger to keep track of payments with your buddies. Then, when you lose faith in your friends and the world, and if you’re clever enough to incorporate a few cryptographic methods to assist sidestep the requirement for trust, you end up with what’s known as a “cryptocurrency”.

What is bitcoin? It is just the first example of a cryptocurrency that has been used. There are now thousands of other currencies that can be traded on exchanges with real money. Anyone who wants to buy a cryptocurrency should really know what bitcoin is first. A direct description of what computers are doing when they send, receive, and make cryptocurrencies is what we’re talking about.

There are a lot of apps that are easy to use that let you send and get these bitcoins very quickly. The difference is that the backbone of this is not a bank that verifies transactions, but a clever system of decentralized trustless verification based on some of the math that came from cryptography, which is how bitcoin works.

2. Ledgers and digital signature

Let’s begin with something more grounded in reality: ledgers and digital signatures.

If you and your friends routinely swap money, such as paying your half of the dinner bill, it might be cumbersome to constantly shift cash. Thus, you may maintain a shared ledger in which you keep track of payments you expect to make in the future.

For example: Alex pays $20 to James, James pays $40 to Carla, and so forth. This ledger will be public and open to everybody, similar to a website where anybody can go and just enter new lines. At the conclusion of each month, you review the list of transactions and reconcile everything. If you have spent more than you have gotten, you add that amount to the pot; if you have received more than you have spent, you deduct that amount from the pot.

Thus, the procedure for participation in this system is as follows: anybody can add lines to the ledger, and at the conclusion of each month, everyone gathers to settle accounts using real money.

One issue with a public ledger of this type is that if anybody may add a line, how is James to prevent himself from writing “Alex gives James $100” without Alex’s approval? How are we to believe that all of these transactions are what the sender intended?

This is when the first bit of cryptography enters the picture: One issue with a public ledger of this type is that if anybody may add a line, how is James to prevent himself from writing “Alex gives James $100” without Alex’s approval? How are we to believe that all of these transactions are what the sender intended?

This is when the first semblance of cryptography enters the picture: Digital signatures.

As with a handwritten signature, the aim is for Alex to be able to append anything to a transaction that verifies she saw it and approved of it. Additionally, anybody else should be unable to fake her signature.

3. How to prevent forgery?

Because digital signatures are made up of data that can be read and copied by any computer, it might seem like they should not be possible. How do you stop people from making fakes?

Everyone makes what’s called a public key and a private key, which both look like a string of bits. The private key is sometimes called the “secret” key, so we can abbreviate it to sk and the public key to pk. As the names imply, you should keep the secret key to yourself.

In the real world, your handwritten signature will seem the same regardless of the paper you are signing.

A digital signature is far more secure, as it is unique for each transmission. It seems to be a string of 1’s and 0’s, typically 256 bits in length, and modifying the message even slightly alters how your signature on that message should appear.

3.1. Your keys secret or not?

Formally, signing a message requires some function that is dependent on both the message and your private key. The private key assures that the signature can be produced only by you, and the fact that it is message-dependent means that no one can just duplicate one of your signatures and forge it on another message.

This is accompanied by a function that verifies the validity of a signature, which is where the public key comes into play. It simply outputs true or false to indicate whether or not this was a signature made using the private key associated with the public key used for verification.

We will not go into detail about how these functions operate, but the idea is that finding a valid signature without knowing the secret key should be utterly impossible. There is no better technique than just guessing and testing whether random signatures using the public key are valid until you find one that works.

With 256 bits, there are 2^{256} potential signatures, and you’d need to discover one that works. To summarize, when you verify a signature against a particular message and public key, you may be highly certain that it could only have been created by someone who possessed the secret key associated with the public key.

3.2. Fake the signature?

There is one minor exception here: If Alex signs a transaction such as “Alex pays James $100,” even if James cannot counterfeit Alex’s signature on new messages, he may just replicate that same line as many times as he wishes, as the message/signature combination is legitimate.

To circumvent this, we require that when you sign a transaction, the message must contain a unique identifier (ID) for that transaction. Thus, if Alex sends $100 to James numerous times, each transaction will require a new signature. In brief, digital signatures obliterate a significant portion of the confidence inherent in our first approach.

3.3. Spending more than they have on the ledger?

Specifically, you’re relying on everyone to follow through and settle their accounts in cash at the end of each month.

However, what if Carla has amassed thousands of dollars in debt and simply refuses to appear? The only legitimate justification to resort to cash settlement is if certain individuals, I’m looking at you Carla, owe a large sum of money. Thus, you may have the astute notion that you never have to pay in cash as long as you have some mechanism in place to discourage individuals from spending more than they earn.

What you could do is have everyone contribute $100 to the pot and have the first few lines of the ledger say “Alex receives $100, James receives $100, and so on.” Now, you simply refuse to accept transactions from parties that spend more than they have on their ledger.

3. How does bitcoin work?

For instance, if Carla begins with $100 and the first two transactions are “Carla pays Alex $50” and “Carla pays James $50,” attempting to add “Carla pays You $20” is worthless, just as if he never signed it.

For example, after starting everyone off with $100, if the first two transactions are “Carla pays Alex $50” and “Carla pays James $50”, if he were to try to add “Carla pays You $20”, that would be invalid, as invalid as if he never signed it.

Notice that this means you need to know the whole history of transactions to make sure that a new one is real. Similarly, this is going to be true for cryptocurrencies as well, though there’s still room to improve how they work. What’s interesting about this step is that it kind of breaks the link between the Ledger and real money.

This ledger could theoretically be used by everyone in the world. If everyone used it, you could live your whole life just sending and receiving money on this ledger without ever having to convert it to the real US.

In order to make this point clearer, let’s start calling the amounts on the ledger “LedgerDollars,” or LD, for short, from now on. People who use LedgerDollars can exchange them for real money, like if Alex gives James a $10 bill in exchange for him adding and signing the transaction “James pays Alex 10 LedgerDollars” to the ledger.

However, such exchanges are not guaranteed by the protocol. It’s now more akin to exchanging Dollars for Euros or any other currency on the open market; it’s become its own distinct entity.

This is the first critical concept to grasp when it comes to Bitcoin or any other cryptocurrency: Bitcoin is a ledger; the currency is the history of transactions.

Of course, with Bitcoin, money does not join the ledger through cash purchases. Prior to that, there is a more profound distinction between our existing system of LedgerDollars and the way cryptocurrencies operate. But this requires trusting a central location. Namely, who hosts that website? Who controls the rules of adding new lines?

To remove that bit of trust, we’ll have everyone keep their own copy of the ledger. Then to make a transaction, like “Alex pays James 100 LedgerDollars”, you broadcast into the world for people to hear and record on their own private Ledgers. But unless we do something more, this system would be absurdly bad.

How can you get everyone to agree on what the right ledger is? When James receives the transaction “Alex pays James 10 LedgerDollars”, how can he be sure that everyone else received and believes that same transaction? That he’ll be able to later use those 10 LedgerDollars to make a trade with Carla.

Really, imagine yourself just listening to transactions being broadcast. How can you be sure that everyone else is recording the same transactions in the same order?

Now we’ve hit on an interesting puzzle: Can you come up with a protocol for how to accept or reject transactions and in what order so that you can feel confident that anyone else in the world following the same protocol has a personal ledger that looks the same as yours?

This is the problem addressed in the original Bitcoin paper. At a high level, the solution Bitcoin offers is to trust whichever ledger has the most computational work put into it. But it’s a really cool idea, and if you understand it, you understand the heart of bitcoin and other cryptocurrencies.

4. Hash Function

A hash function takes in any kind of message or file, and outputs a string of bits with a fixed length, like 256 bits. This output is called the “hash” or “digest” of the message, and it’s meant to look random. It’s not random. It always gives the same output for a given input. But the idea is that when you slightly change the input, maybe editing just one character, the resulting hash changes completely.

5. What is proof of work in crypto?

In fact, the way that output changes as you slightly change the input is entirely unpredictable. This is not just any hash function, it’s a cryptographic hash function. That means it’s infeasible to compute in the reverse direction.

If I show you some specific string of 1’s and 0’s and ask you to find an input message so that the SHA256 hash of that message gives this exact string of bits, you will have no better method than to guess and check. Again, if you want a feel for just how much computation would be needed to go through 2256 guesses.

You might think you could reverse engineer the desired input by really digging through the details of how the function works, but no one has ever found a way to do that. Interestingly, there’s no proof that it’s hard to compute in the reverse direction, yet a huge amount of modern security depends on cryptographic hash functions.

If you were to take a look at what algorithms underlie the secure connection that your browser is making with YouTube right now, or that it makes with a bank, you will likely see a name like SHA256 in there.

Imagine someone shows you a list of transactions, and they say “I found a special number so that when you put this number at the end of the list of transactions, and apply SHA256 the entire thing, the first 30 bits of the output are zeros”.

How hard do you think it was for them to find that number? For a random message, the probability that the hash happens to start with 30 successive zeros is 1 in 230, which is about 1 in a billion. Because SHA256 is a cryptographic hash function, the only way to find a special number like this is just guessing and checking. So this person almost certainly had to go through about a billion different numbers before finding this special one.

And once you know the number, you can quickly verify that this hash really does start with 30 zeros. In other words, you can verify they went through a large amount of work without having to go through that same effort yourself. This is called a “proof of work”.

And importantly, all this work is intrinsically tied to that list of transactions. If you change one of the transactions, even slightly, it would completely change the hash, so you’d have to go through another billion guesses to find a new proof of work, a new number that makes it so that the hash of the altered list together with this new number starts with 30 zeros.

6. What is blockchain?

So now think back to our distributed ledger situation. Everyone is broadcasting transactions, and we want a way for everyone to agree on what the correct ledger really is. The core idea behind the original bitcoin paper is to have everybody trust whichever ledger has the most work put into it. This work is to first organize a given ledger into blocks, where each block consists of a list of transactions, together with a proof of work.

This means that there is a special number that makes the hash of the whole block start with a lot of zeros. When we say it has to start with 60 zeros, we’ll say that for now. Later, we’ll talk about how you might choose that number.

In the same way that a transaction is only valid if the sender signs it, a block is only valid if it has proof of work. If there is no way to order these blocks, we’ll make it so that each block has to have its predecessor’s hash.

That way, if you change any block, or try to swap the order of two blocks, it would change the block after it, which changes that block’s hash, which changes the next block, and so on. That would require redoing all the work, finding a new special number for each of these blocks that makes their hashes start with 60 zeros.

Because blocks are chained together like this, instead of calling it a ledger, this is commonly called a “Blockchain”. As part of our updated protocol, we’ll now allow anyone in the world to be a “block creator”.

What this means is that they’ll listen for the transactions being broadcast, collect them into a block, then do a whole bunch of work to find the special number that makes the hash of this block start with 60 zeros, and broadcast out the block they found. To reward a block creator for all this work, when she puts together a block, we’ll allow her to include a special transaction at the top in which she gets, say, 10 LedgerDollars out of thin air.

6.1. Block Reward & Mining

This is called the block reward. It’s a special exception to our usual rules about whether or not to accept transactions; it doesn’t come from anyone, so it doesn’t have to be signed. It also means that the total number of LedgerDollars in our economy increases with each new block. Creating blocks is often called “mining”, since it requires a lot of work, and it introduces new bits of currency into the economy. But when you hear or read about miners, keep in mind that what they’re really doing is creating blocks, broadcasting those blocks, and getting rewarded with new money for doing so.

From the miners’ perspective, each block is like a miniature lottery, where everyone is guessing numbers as fast as they can until one lucky individual finds one that makes the hash of the block start with many zeros, and gets rewarded for doing so.

Instead of listening for transactions, users of this system will now listen for new blocks broadcast by miners, which will update their own personal copy of the blockchain. The key difference is that if you hear of two distinct blockchains with conflicting transaction histories, you choose the one with the longest history and the most work put into it.

Wait until you hear of an additional block that makes one longer if there is a tie. So, even though there is no central authority and everyone keeps their own copy of the blockchain, if everyone agrees to give preference to the blockchain that has the most work put into it, we have a way to achieve decentralized consensus.

6.2. The working of blockchain system

To see why this makes for a trustworthy system, and to understand at what point you should trust that a payment is legitimate, it’s helpful to walk through what it would take to fool someone in this system.

If Alex wants to fool James with a fraudulent block, she might try to send him one that includes her paying him 100 LedgerDollars, but without broadcasting that block to the rest of the network.

That way everyone else thinks she still has those 100 LedgerDollars. To do this, she’d have to find a valid proof of work before all other miners, each working on their own block. And that could happen! Maybe Alex wins this miniature lottery before anyone else.

But James will still be hearing broadcasts made by other miners, so to keep him believing the fraudulent block Alex would have to do all the work herself to keep adding blocks to this special fork in James’s blockchain that’s different from what he’s hearing from the rest of the miners.

Remember, as per the protocol James always trusts the longest chain he knows about. Alex might be able to keep this up for a few blocks if just by chance she happens to find blocks more quickly than all of the rest of the miners on the network combined.

But unless Alex has close to 50% of the computing resources among all miners, the probability becomes overwhelming that the blockchain that all the other miners are working on grows faster than the single fraudulent blockchain that Alex is feeding James.

So in time James will reject what he’s hearing from Alex in favor of the longer chain that everyone else is working on. Notice that means you shouldn’t necessarily trust a new block that you hear immediately.

Instead, you should wait for several new blocks to be added on top of it. If you still haven’t heard of any longer blockchains, you can trust that this block is part of the same chain everyone else is using. And with that, we’ve hit all the main ideas.

This distributed ledger system based on a proof of work is more or less how the bitcoin protocol works, and how many other cryptocurrencies work. There’s just a few details to clear up. Earlier we wrote that the proof of work might be to find a special number so that the hash of the block starts with 60 zeros.

The way the actual bitcoin protocol works is to periodically change that number of zeros so that it should take, on average, 10 minutes to find a block. So as there are more and more miners on the network, the challenge gets harder and harder in such a way that this miniature lottery only has about one winner every 10 minutes.

Many newer cryptocurrencies have much shorter block times. All of the money in Bitcoin ultimately comes from some block reward. These rewards are 50 Bitcoin per block. There’s a great site called “block explorer” where you can look through the bitcoin blockchain, and if you look at the very first few blocks on the chain, they contain no transactions other than the 50 Bitcoin reward to the miner.

Every 210,000 blocks, which is about every 4 years, that reward is cut in half. This is how the reward works: So right now, the reward for each block is 12.5 bitcoin, and because this reward decreases exponentially over time, there will never be more than 21 million bitcoin in the world. As long as miners keep making money, this doesn’t mean they’ll stop. Besides the reward that comes with each block, miners can also get transaction fees.

Whenever you make a payment, there’s an option to pay the miner of the block that includes your payment a small fee. This fee will go to them. You might do this to make it more likely that miners will put the transaction you broadcast into the next block.

6.3. Block Limitation

In bitcoin, each block is limited to about 2,400 transactions, which many critics argue is unnecessarily restrictive. For comparison, Visa processes an average of around 1,700 transactions per second, and they’re capable of handling more than 24,000 per second. Slower processing on Bitcoin means higher transaction fees, since that’s what determines which transactions miners choose to include in new blocks.

Summary

The challenges and benefits of decentralization are not limited to currency and transaction histories, and the utility of cryptographic tools such as hash functions and digital signatures is also much broader.