and people exchange money by changing this file. When Bob sells Carol a lawn mower for

5.2 Bitcoins, Bob's balance goes up by 5.2, and Carol's down by 5.2. There's no gold or

government issued money backing these numbers.

Bob is only willing to trade his real-life lawn mower for a higher number in this digital file

because he has faith that other people will also trust the system.

So who maintains this ledger and makes sure no one cheats? One goal of Bitcoin is to avoid

any centralized control, so every participant maintains their own copy of the ledger.

One surprising consequence of this is that everyone can see everyone else's balances,

although the real system only uses account numbers and not names, so there's some level of anonymity.

If everyone maintains their own ledger, how are all the ledgers kept in sync as money

is transferred? At a basic level, when you want to send money, you simply tell everyone

else by broadcasting a message with your account number, the receiver's, and the amount. Everyone

across the entire world then updates their ledger.

As a quick aside, I'm describing how Bitcoin works for power users--people who help maintain

the system. You can also just use the system to send a receive money, though, without maintaining

a ledger.

If sending money is as simple as creating a message with some account numbers, what's

to stop a thief, Alice, from spending Bob's money by using his account number? Like a

pen and paper check, Bitcoin requires a kind of signature to prove that the sender is the

real owner of an account, but it's based on math rather than handwriting.

When a new account number is created, it comes along with a private key mathematically linked

to that account number. If you've heard of a Bitcoin wallet, these keys are what it holds,

and are what allow you to create signatures.

To create a signature, a private key and the text from a transaction are fed into a special

cryptographic function. Another function allows other people to check the signature, making

sure it was created by the account owner, and that it applies to that specific transaction.

Unlike the handwritten version, these signatures can't be copied and reused in the future,

as they're unique to each transaction.

While the mathematical signatures prove who sent a transaction, they can't prove when

it was sent, and this turns out to be problematic.

In our traditional banking system, if Alice wrote two checks, but only had enough money

to cover one of them, the bank would pay the first person attempting to cash his check,

but refuse the 2nd, because Alice's account would be empty.

So the order of these checks is critical, because it determines who should get paid.

Unfortunately, order is much harder to determine in Bitcoin, where instead of single bank,

there are individuals all over the world. Network delays might cause transactions to

arrive in different orders at different places, and fraudsters could lie about timestamps.

Two recipients might both think their transaction is first and ship a product, effectively allowing

Alice to spend her money twice! Bitcoin prevents this by providing a way for the entire world

to decide on transaction order.

As new transactions are created, they go into a pool of pending transactions. And from here,

they'll be sorted into a giant chain that locks in their order.

To select which transaction is next, a kind of mathematical lottery is held. Participants

select a pending transaction of their choice, and begin trying to solve a special problem

that will link it to the end of the chain. The first person to find a solution wins,

and gets to have their transaction selected as the next in the chain.

So what's this linking problem? It's based on a special function called a cryptographic

hash. As scary as this sounds, it just mixes up its inputs and spits out a number, but

it's special because it's irreversible. There's no easy way to start with an output and then

find an input that generates it other than making lots of guesses. And this is literally

what people are doing in Bitcoin--feeding this function random numbers until the output

meets certain criteria.

Besides a random guess, you also input a transaction from the pending pool and chain, which is

where the linking part comes in.

So the lottery provides a way for the entire world to decide which transaction is next,

but the math behind it also helps ensure that everyone agrees about past transactions, too.

Suppose you're joining the network for the first time, and request a copy of the transaction

chain to get caught up, but receive several different versions. Which one should you trust?

Ideally, you would trust the one that the majority of people are using, but determining

this on the internet is difficult. What would stop a single person from voting millions

of times? Bitcoin prevents this by requiring people to solve math problems to vote. This

causes each vote to have a cost in computing power, making it unlikely that a single person

or group could ever afford to outvote or out-compute the majority of users.

The transaction ordering process described before actually provides the voting system.

Part of the input to the linking problem is a transaction from the end of a chain, so

each guess is effectively a vote for that chain. But how are all the votes tallied?

Because the cryptographic hash function has well defined statistical properties, you can

look at any given answer and estimate how many guesses it took to find it, just like

estimating how many coin flips it would take to get 100 heads in a row. So the links in

a chain not only put transactions in order, but also act as an effective vote tally, making

it easy to see which chain most people are using.

Finally, how does the money get created? Every time someone wins the lottery to pick the

next transaction in the chain, new Bitcoins are created out of thin air and awarded to

their account.

Solving these problem is commonly called "mining," as this is how money enters the system, but

the main purpose of the math is to make sure everyone's ledgers agree. The math simply

provides a convenient way to randomly distribute money into the world. In fact, sometime around

2140, no more money will be created, and participants will only be paid from fees added on to transactions.

I hope this gives you a quick sense for how Bitcoin works. If you'd like a more detailed

summary, check out my 22 minute video: How Bitcoin Works Under the Hood.