Bitcoin is a peer-to-peer electronic cash system. Bitcoin is the concept, bitcoin is an instance of the currency.

Bitcoin doesn't require a central authority that oversees transactions. It relies on the network of peer machines participating in the protocol.

To understand bitcoin, you need to understand a bit of cryptography:

There are two separate keys:
1) Private-key - visible only to owner.
2) Public-key  - visible to everybody.

Public-key is used to encrypt plain text.
Private-key is used to decrypt cipher text.

These two keys are mathematically linked.

Every node in the bitcoin network has a public-key and a private-key.

Public-key cryptography can be used to make digital signatures.
- Digital signature binds an identity to a message.
- Only the person with the private-key can produce valid signatures.
- Anybody who has the public-key can test the validity of the signature.

Simplified:
  sign(message, private_key)   => signature
  verify(message, public_key)  => true or false

Bitcoin uses a hash function called SHA-256.
Hash function takes a string and maps it to another fixed length string.

The beef of Bitcoin is that it prevents double-spending with blockchain. Double-spending is a fundamental problem with cryptocurrencies. If the currency is digital, how can we be sure you don't spend it multiple times?

Main selling points in the original Bitcoin paper were:

• using cryptography instead of mutual trust
• minimize transaction costs, removing limitations on minimum practical transaction size
• making non-reversible transactions, after a transaction is complete there is no entity that can undo that transaction
• privacy, problem is that though if privacy is ever cracked, your full purchase history will be wide open.

Each bitcoin is a chain of digital signatures. An owner transfers the coin to the next by signing a hash of the previous transaction and the public-key of the next owner and adding these to the end of the coin.

Hash
    -> Add public-key of the next owner.
        -> Hash again using private-key of the current owner.
            -> New hash is send to the next owner for verification.
                -> Transaction is now complete.

Just this chain of signatures is not enough. It does not prevent double-spending. We need a central authority or some other way to agree on a single history of all transactions.

Timestamp server.

1. Takes a hash of a block of items.
2. Timestamps it.
3. Publishes the new hash.
4. Timestamp proves that the data must have existed at that time.
5. Each timestamp includes the previous timestamp in its hash.

Proof-of-Work

A distributed timestamp server implementation.

Searching for a value that, when hashed, the hash begins with a number of zero bits.

# hash(c + n) will result with a certain number of leading zeros.
# Hashing "Hello world!" + nonce will take 4251 tries.

SHA-256("Hello, world!0") = 1312af17...
SHA-256("Hello, world!1") = e9afc424...
...
SHA-256("Hello, world!4249") = c004190b...
SHA-256("Hello, world!4250") = 0000c3af...

Bitcoin block is:

• a record of a number of transactions in the bitcoin network.
• Transactions that happened during a period of time, from 2 to 20 minutes about, usually 10
• Metadata:
  • (Previous hash?)
  • Timestamp
  • Nonce, solution to the proof-of-work
  • Current proof-of-work difficulty
  • Reference to the previous block
  • The root hash of the Merkle tree of all transactions in the block.

Bitcoin decision making:

• Avoid one-IP-address-one-vote, as anyone could allocate thousands of IPs.
• Use one-CPU-one-vote as you need to calculate the proof-of-work.
• Largest group of CPU power rises the fastest.
• Longest chain is always the dominant one.
• It will be really hard for the attackers to change the history, as each block depends on the previous. An attacker would need to redo all blocks; while the main block just becomes longer and longer.
• Attackers would need to get more CPU power than the honest ones combined.

"Longest chain" doesn't mean the chain with the most blocks, it is the chain with most amount of work put into it.

Each block contains a nonce that tells how much work went into creating the hash.
    One block with 10 zero bits > Ten blocks with 1 zero bits.

Bitcoin Proof-of-Work

Instead of requiring leading zeros, the Bitcoin proof-of-work puzzle requires the hash of a block’s header to be lower than or equal to a number known as the target.

This target is automatically adjusted to ensure that a Bitcoin block takes, on average, about ten minutes to validate.

Sometimes a new block is validated in just a minute or two, other times it may take 20 minutes.

This validation process is called mining. Initially, this was set to be a 50 bitcoin reward. But for every 210,000 validated blocks (roughly, once every four years) the reward halves.

A miner’s chance of winning the competition is (roughly, and with some caveats) equal to the proportion of the total computing power that they control.

Network

Network is what protects against double-spending.

1. New transactions are broadcast to all nodes.
2. Each node collects new transactions into a block.
3. Each node works on finding a proof-of-work for its block.
4. When a node finds the proof-of-work, it broadcasts the block to all nodes.
5. Nodes accept the block only if all transactions in it are valid.
6. Nodes express their acceptance of the block by working on the next block, using the accepted block hash as the previous hash.

If two proofs are found simultaneously, some nodes will work on different base hashes, but will eventually switch to the longer chain when the next block is found.

Thus, new transactions don't need to reach all nodes. As long as a transaction reaches many nodes, transactions will get into a block before long.

Incentive

Why would anyone participate in such a network?

1. First transaction in a block starts a new coin owned by the creator.
2. Incentives nodes to support the network.
3. Provides a way to distribute coins into circulation.
4. Each "block" generates a set number of bitcoins. It started from 50 BTC per block but it halves every X number of found blocks. Currently it is 12.5 BTC per block (2017).
5. Later nodes will be paid a small transaction fee for computation. Making the system inflation-free.

Merkle Tree pruning is used to reduce required disk space. Only the root is included in the block's hash.

Simplified Payment Verification (SVP) allows verifying that a transaction has been added into the blockchain without having to download the whole blockchain.

1. Download the block header only, without the transactions.
2. Check if transaction T is part of block number 2.
3. Request more nodes (hashes) of the block 2 Merkle tree from someone who has the whole blockchain locally.
4. Compute Merkle root from those hashes.
5. Compare that root with the one in the block header.

Each transaction contains multiple inputs and outputs.

1. Any number of inputs
2. At most two outputs, to send and to receive back.

Transaction can only be forwarded as a whole, not broken down.

You have 10 bitcoins in your wallet.
If you want to send 2 bitcoins to Alice, you need to make two outputs:
1. Output 0: Send 2 bitcoins to Alice
2. Output 1: Send 8 bitcoins to yourself

Privacy

Public-keys are visible to everybody, but none knows who they belong to.

As an additional firewall, a new key pair should be used for each transaction to keep them from being linked to a common owner.

Multi-input transactions will give some information to public though. You can tell that the inputs were previously owned by the same owner.

Attacks

Honest nodes will never accept blocks with invalid transactions. Thus attacker can only try to change on of his own transactions to take back money he already spent.

You need to be really lucky to catch up to the chain. It will become exponentially hard to catch up to the chain as new blocks are generated.

Sources

• Bitcoin: A Peer-to-Peer Electronic Cash System
• How the Bitcoin protocol actually works