Bitcoin is a commodity currency designed for the internet age. This is opposed to fiat currency, such as the United States’ Dollars or the European Union’s Euros, or other currencies which are backed by some sort of central authority. However, unlike the traditionally considered commodity monies, such as gold, Bitcoin is not tied to any actual goods. It is completely free-floating, it’s value and conversion rates to other currencies are driven purely by supply and demand; and due to it’s management being distributed algorithmically across the entire ecosystem, it has nearly no transaction fees.
In a typical fiat currency, transaction fees are higher not just due to a profit motive, but because the central authority (typically a government) managing the currency provides services to the ecosystem using that currency, such as protection against counterfeit currency and transaction reversing. Bitcoin provides some of these services through it’s algorithm’s design (eg. counterfeit protection, transaction clearing), relies on third parties for others (eg. currency exchange), and does away with others entirely (eg. transaction reversal).
The key to Bitcoin’s design is the concept of the blockchain. The blockchain is simply a record of all transactions that have occurred in the Bitcoin ecosystem, and at it’s simplest, all Bitcoin’s algorithm really does is delineate how entries are to be added to the blockchain.
There’s really just two crucial cryptographic concepts used in the design of Bitcoin: hashing and asymmetric keys. While understanding the finer points of cryptographic math could easily be a life’s work (and it is, for many people far smarter than me), understanding the rudimentary concepts is not hard. Just to breeze through them:
- In hashing, the user takes any amount of raw data, an algorithm, sticks them together, and gets a fixed-length output known as a hash. No one can figure out the raw data from the hash, but if you find the raw data and put it through the algorithm again, you’ll get the exact same hash.
- In symmetric encryption, the user uses the algorithm on the secret data, or plaintext, and a secret key, getting some obscured data, or ciphertext, in return. And taking the ciphertext and the same secret key and plugging them into the algorithm again will result in the original plaintext. The idea is that your ciphertext can be intercepted, but no one will understand it without the secret key to decode it. This is great if all the participants know the key ahead of time (or if there’s only one participant, such as a user writing in a journal), but frequently it’s a huge security problem figuring out how to transmit the secret key in a secure way between multiple participants. (Bitcoin doesn’t use this, but it’s important for the next bit.)
- In asymmetric encryption, otherwise known as public-private cryptography, the user generates a pair of keys, knowns as the private key and the public key; the former is tightly guarded, and the latter is made available to anyone who needs it. Now anyone can plug their plaintext and the user’s public key into the algorithm and get a ciphertext. The user can then use the same algorithm with the ciphertext and their private key to retrieve the plaintext. The crucial difference is that with asymmetric cryptography, encryption and decryption must happen with separate keys, which removes the need to securely and secretly transmit a secret key. Lastly, the reverse is also true: a plaintext encrypted with the private key can only be decrypted by the public key. This is useless for keeping secrets, but useful for what comes next.
- Lastly, the concept of cryptographic signing can be derived by combining hashing and asymmetric cryptography. Given a piece of data, someone can hash the data, and then encrypt the hash with a private key, and attach the result to the data. Anyone who wants to verify the signature needs simply do two steps: First, use the public key to decrypt the hash – thereby proving that the hash was created by the holder of the private key. And then, hash the content and compare the new hash to the decrypted one. If they match, then the content has not been tampered with since the signing.
So, just assuming that the above “just works” (which it usually — but not always — does), understanding the blockchain becomes quite easy.
A single bitcoin is defined by it’s transaction history indicating each transfer of ownership. To perform a new transfer, the current owner takes the whole history of transfers up until the coin came into their possession, and adds the new owner to the top of the list, as represented by the new owner’s public key. The current owner then hashes the resulting data, and signs the transaction (by encrypting it with their private key). The current owner then sends the resulting transaction record to everyone they know in the Bitcoin ecosystem. And now everyone knows who the new owner of the Bitcoin is. No one else (in theory) knows the old owner’s private key, so they can’t fake a transfer. But they do all know the old owner’s public key, so they can decrypt the signature, get the hash, hash the transaction history themselves, and confirm that the hashes match and thereby verify the transaction. And now, one would expect it to be added to the blockchain, but it isn’t.
There’s one big problem with this model: namely, that a bad actor could create multiple transaction records with the same bitcoin, but each transaction to a different party, thereby double-spending (or triple-spending, or whatever) the same bitcoin. This effectively creates counterfeit bitcoins.
In a standard fiat currency, the central authority serves as the middleman to all transactions, and therefore determines which transaction came first and declines to process any subsequent ones. Bitcoin’s solution is to distribute that responsibility across the ecosystem through the use of timestamp servers.
Nodes in the Bitcoin ecosystem can aggregate a number of recently received transactions and hash them all together with a timestamp, thereby proving that the transaction must have existed at that time. Just as in the transaction log, where each transaction’s hash included the hash of the transaction before it, creating a chain, so too does each block include the hash of the block before it. If a double-spending transaction occurs, all nodes would see that the bitcoin had already been transferred to a new owner, and reject the second transaction. Once that block is created, it too is broadcasted, to everyone else, so that all nodes have a complete history of all transactions that have occurred in the Bitcoin network.
However, just including the timestamp, previous block’s hash, and that of new transactions would make block creation too easy. In order to raise the difficulty of creating a new block, Bitcoin uses a “proof-of-work” mechanism when generating new blocks – a way of forcing a node to invest CPU energy in the block creation process. The way Bitcoin does this is by requiring that the hash string generated for a block has certain properties. Nodes must add a “nonce”, a small piece of data whose only purpose is to change the outcome of the hash, to each block, trying different nonces until the resulting block hash meets those properties.
In order for a bad actor to rewrite the transaction history, the actor would have to regenerate all blocks from the moment of alteration up to the present moment. And because new blocks are added to the blockchain at a rapid clip, and it takes a lot of computing power to create a block – the effort being typically distributed across the entire network – an attacker would have a tremendous amount of difficulty mustering up the resources to regenerate every block singlehandedly and outpace the network as a whole. In fact, to control the blockchain, someone would have to control 51% of all computing power in the network, which is improbable and would be progressively more improbable as Bitcoin adoption grows…but has in fact happened, even just a few weeks ago.
While the security of the blockchain isn’t guaranteed, it does go a long way towards ensuring that a given digital asset is probably only owned by one person, and provides reasonable security for transactions. Now that the blockchain concept has entered the popular consciousness, people are starting to come up with new uses for those techniques to try and replace centralized institutions with decentralized alternatives in areas such as DNS and voting.