Subtitles section Play video Print subtitles At a very basic level, Bitcoin is just a digital file or ledger that contains names and balances, and people exchange money by changing this file. When Bob sells Carol a lawn mower for 5.2 Bitcoins, Bob's balance goes up by 5.2, and Carol's down by 5.2. There's no gold or government issued money backing these numbers. Bob is only willing to trade his real-life lawn mower for a higher number in this digital file because he has faith that other people will also trust the system. So who maintains this ledger and makes sure no one cheats? One goal of Bitcoin is to avoid any centralized control, so every participant maintains their own copy of the ledger. One surprising consequence of this is that everyone can see everyone else's balances, although the real system only uses account numbers and not names, so there's some level of anonymity. If everyone maintains their own ledger, how are all the ledgers kept in sync as money is transferred? At a basic level, when you want to send money, you simply tell everyone else by broadcasting a message with your account number, the receiver's, and the amount. Everyone across the entire world then updates their ledger. As a quick aside, I'm describing how Bitcoin works for power users--people who help maintain the system. You can also just use the system to send a receive money, though, without maintaining a ledger. If sending money is as simple as creating a message with some account numbers, what's to stop a thief, Alice, from spending Bob's money by using his account number? Like a pen and paper check, Bitcoin requires a kind of signature to prove that the sender is the real owner of an account, but it's based on math rather than handwriting. When a new account number is created, it comes along with a private key mathematically linked to that account number. If you've heard of a Bitcoin wallet, these keys are what it holds, and are what allow you to create signatures. To create a signature, a private key and the text from a transaction are fed into a special cryptographic function. Another function allows other people to check the signature, making sure it was created by the account owner, and that it applies to that specific transaction. Unlike the handwritten version, these signatures can't be copied and reused in the future, as they're unique to each transaction. While the mathematical signatures prove who sent a transaction, they can't prove when it was sent, and this turns out to be problematic. In our traditional banking system, if Alice wrote two checks, but only had enough money to cover one of them, the bank would pay the first person attempting to cash his check, but refuse the 2nd, because Alice's account would be empty. So the order of these checks is critical, because it determines who should get paid. Unfortunately, order is much harder to determine in Bitcoin, where instead of single bank, there are individuals all over the world. Network delays might cause transactions to arrive in different orders at different places, and fraudsters could lie about timestamps. Two recipients might both think their transaction is first and ship a product, effectively allowing Alice to spend her money twice! Bitcoin prevents this by providing a way for the entire world to decide on transaction order. As new transactions are created, they go into a pool of pending transactions. And from here, they'll be sorted into a giant chain that locks in their order. To select which transaction is next, a kind of mathematical lottery is held. Participants select a pending transaction of their choice, and begin trying to solve a special problem that will link it to the end of the chain. The first person to find a solution wins, and gets to have their transaction selected as the next in the chain. So what's this linking problem? It's based on a special function called a cryptographic hash. As scary as this sounds, it just mixes up its inputs and spits out a number, but it's special because it's irreversible. There's no easy way to start with an output and then find an input that generates it other than making lots of guesses. And this is literally what people are doing in Bitcoin--feeding this function random numbers until the output meets certain criteria. Besides a random guess, you also input a transaction from the pending pool and chain, which is where the linking part comes in. So the lottery provides a way for the entire world to decide which transaction is next, but the math behind it also helps ensure that everyone agrees about past transactions, too. Suppose you're joining the network for the first time, and request a copy of the transaction chain to get caught up, but receive several different versions. Which one should you trust? Ideally, you would trust the one that the majority of people are using, but determining this on the internet is difficult. What would stop a single person from voting millions of times? Bitcoin prevents this by requiring people to solve math problems to vote. This causes each vote to have a cost in computing power, making it unlikely that a single person or group could ever afford to outvote or out-compute the majority of users. The transaction ordering process described before actually provides the voting system. Part of the input to the linking problem is a transaction from the end of a chain, so each guess is effectively a vote for that chain. But how are all the votes tallied? Because the cryptographic hash function has well defined statistical properties, you can look at any given answer and estimate how many guesses it took to find it, just like estimating how many coin flips it would take to get 100 heads in a row. So the links in a chain not only put transactions in order, but also act as an effective vote tally, making it easy to see which chain most people are using. Finally, how does the money get created? Every time someone wins the lottery to pick the next transaction in the chain, new Bitcoins are created out of thin air and awarded to their account. Solving these problem is commonly called "mining," as this is how money enters the system, but the main purpose of the math is to make sure everyone's ledgers agree. The math simply provides a convenient way to randomly distribute money into the world. In fact, sometime around 2140, no more money will be created, and participants will only be paid from fees added on to transactions. I hope this gives you a quick sense for how Bitcoin works. If you'd like a more detailed summary, check out my 22 minute video: How Bitcoin Works Under the Hood.
B2 US transaction chain account ledger math alice How Bitcoin Works in 5 Minutes 675 43 賴叮噹 posted on 2014/06/05 More Share Save Report Video vocabulary