Wednesday, March 19, 2014

Bitcoin Demystified




This will definitely help the mystified and allow more conversation.  What bitcoin is providing is an arbitrary store of transaction value that is now freely traded.  That allows simple third party participation to set prices in the same way as a stock is priced.  The actual association with value is tenuous and in this case quite intangible.  Yet the evaluation of any stock has a tangible component say TV and a very significant intangible value say IV.  That intangible value IV can be both positive and less understood be negative.  Warren Buffet has made a career buying large – IV offset by substantial TV.

It presently remains a media of exchange and actually serves rather well although it has been volatile.  This should end.

It is also under steady attack and that should be no surprise.  We are been educated to the reality that government or banks are not needed to provide this critical service and they are becoming uncomfortable.

Bitcoin Demystified: A Hacker's Perspective

By Alexandra BerkePosted: 11/25/2013 6:59 pm EST  |  Updated: 01/25/2014 5:59 am EST


This is part 1 in what will be a 3 part series, which will become progressively more in depth and technical.

The term Bitcoin has been in the news lately; Bitcoins have been rising in value with volatility, but also mystery for someone without a computer science or mathematical background. In this post I will cover the vocabulary and basics of bitcoin and bitcoin transactions.


Basic Vocabulary:

Wallets and Addresses manage bitcoin transactions.

The Block Chain is a public record of every transaction that has ever occurred.

Mining is a resource-intensive process that rewards successful miners newly “minted” bitcoin (the current reward is 25 BTC; that quantity will halve to 12.5 in 4 years) 

Miners are those who mine bitcoin. In addition to adding new bitcoin to the network, miners are necessary to process transactions and maintain the Block Chain.

Pooled mining is when miners get together to cooperate so they can have a better chance to win new bitcoin and then share the reward.


I did not start mining because I saw it as a scheme to get rich. I know that savvy investors, those with specialized mining hardware and hackers who got involved when mining was still cheap and easy, like my buddy 
Mike Renz, have beat me to it.


I started mining because the term ‘decentralized pseudo-anonymous cryptocurrency’ is packed with buzzwords that resonate with extra clang to a recent mathematics graduate. Mining was a way to join and contribute to a network that I find fascinating, the way an economics nerd might invest on the side for fun.



A bitcoin is not tangible like a dollar, but I can still own a bitcoin; I can spend bitcoins because there are vendors that will accept bitcoins as payment and I can trade my bitcoins for Dollars, the same way that I can trade Euros for Dollars at a currency exchange.


Thankfully, I do not need to spend full bitcoins at a time - it’s not often that I buy goods or services between $500 and $900, which is what each bitcoin is currently trading at. In the same way a Dollar is divided into 100 cents, a bitcoin (1BTC) can be divided into decibitcoins (1 dBTC = 0.1 BTC), centibitcoins, millibitcoins, among other units. The smallest unit is called a “satoshi” (1 “satoshi” = 0.00000001 BTC), named after the pseudonym masking the group of mathematicians who created Bitcoin.


Owning a bitcoin:


All bitcoin transactions are permanently recorded in a public ledger. Owning a quantity of bitcoin is essentially a mark in the public ledger that a given amount of bitcoin is allocated to me. This is analogous to how your bank statement recognizes that a certain portion of your bank’s deposits belong to you; except for instead of just seeing your own deposits, withdrawals, and balance, you suddenly have access to the sum total of everyone’s transaction data, globally and in real time.

Spending Bitcoin:


To possess bitcoin I need an address. This address is just a string of letters and digits, like 31uEbMgunupShBVTewXjtqbBv5MndwfXhb, which serve as an identifier. The bitcoins allocated to me (or to that address) are known to be mine, because when bitcoins were transferred to my bitcoin address, that transaction was recorded in the public ledger.


It does not matter that my bitcoin are intangible because the public ledger contains all the necessary proof for which address owns how many bitcoins. If I ever try to spend more bitcoins from a given address than are owned by that address, my peers in the network will notice the inconsistency. Each participant in the network must come to consensus on the validity of a transaction, analogous to how a bank clears a credit card transaction. If I spend more bitcoin than I have, instead of verifying the transaction and broadcasting it to the rest of the network, my peers in the network will see in the ledger that the transaction is invalid. In this way double spending and fraud is prevented.


Say Alice has bitcoin address AAAAAAAAA, and Bob has bitcoin address BBBBBBBBB, and Alice wants to pay Bob 0.5 bitcoin for the new product that Bob promises to send her. How do Alice and Bob logistically make their transaction?



Alice and Bob need wallets. A bitcoin wallet is software that handles transactions and manages bitcoin addresses. Alice’s wallet might be an 
android app, or an application she downloaded onto to her computer, or it might be web based. The wallet handles notifying the bitcoin network that Alice is transferring funds from AAAAAAAAA to Bob’s BBBBBBBBB address. Bob’s wallet sees the transaction recorded in the public ledger and updates so that Bob can see that he has more bitcoin in his wallet. After the transaction, the entire bitcoin network can see that address AAAAAAAAA is 0.5 bitcoin poorer and address BBBBBBBBB is 0.5 bitcoin richer.


Alice never even needed to know who Bob was - bitcoin is pseudo-anonymous. Alice only needed to know that someone with the address BBBBBBBBB had a commodity that she wanted to buy. The transaction occurred between addresses, not people. The real Bob might even have tens of bitcoin addresses. Say Bob also has addresses CCCC,DDDD, and EEEE. Alice might have paid bitcoin to all of them at some time and never even realized that she was paying the same person, Bob.


Although every transaction that has ever occurred involving bitcoin is public, tracing these transactions between addresses back to people involves the difficult task of tracing addresses back to people. Creating a brand new address for each transaction is recommended to maintain anonymity.


You might be wondering what prevents theft. For example, if Alice can see in the public ledger that address ZZZZ owns 5 bitcoin, why can’t Alice pretend to be the owner of address ZZZZ and write a fake transaction message to convince the Bitcoin network that address ZZZZ is sending 5 bitcoin to her address AAAAAAAAA? This is where cryptography comes in.
Each bitcoin address has an associated public and private key pair. Although everyone’s public key and address are known, only the address owner knows their private key. The private key is used to sign the transaction. In other words, Alice cannot fake a transaction from the ZZZZ address because she is not able to properly sign the transaction without the private key belonging to ZZZZ. Similar technology is used to secure network connections every time your browser visits a website where the url address begins with ‘https’ rather than ‘http’.



Bitcoin Demystified: Math vs. Government
By Alexandra BerkePosted: 12/02/2013 5:22 pm EST  |  Updated: 01/23/2014 6:58 pm EST


This article is part 2 of a 3 part series that becomes progressively more technical. For necessary background on Bitcoin, see part 1.


The author will be holding a Q&A call-in session this Thursday, December 5th. You can submit a question at the bottom of this article. Selected questions will be published in a podcast.


Bitcoin’s success as a currency is a feat of mathematics and cooperation of the individuals that have lent their machines as nodes to the Bitcoin network. The United States Government maintains the circulation of Dollars, but no central government or agency regulates Bitcoin. Yet there is no Bitcoin inflation, no theft, no fraud, and no lasting discrepancy over the public ledger of transactions made. This article begins to explain how Bitcoin functions so seamlessly.

First of all, there is a network of ‘nodes’. Individuals have incentives (such as mining rewards or collecting transaction fees) to contribute their computing resources and join as nodes on the network. These nodes are really just servers - computers plugged into the Internet - which are running Bitcoin software. A node might be a teenager keeping her computer on running Bitcoin software in her basement while she’s at school, or someone running software in the cloud. Anyone can be a node. Every time a new transaction is made with Bitcoin, all of the nodes in the network record the transaction in their ledgers. The nodes are in constant communication and work to share each transaction with each other so that they can come to a consensus and prevent their transaction ledgers from differing.


This ledger is a database of every Bitcoin transaction that has ever been executed. It is constantly growing with new transactions and is broken into units called blocks. The ledger is referred to as the block chain because it is a linear, chronological ordering of these blocks. Upon joining the network, each node downloads the most recent copy of the block chain in its entirety.


The block chain in its entirety is analogous to banking transactions. Bank transactions are listed chronologically, just as Bitcoin transactions are; the record of bank transactions is broken into bank statements, just as the block chain is broken into blocks. A new bank transaction will only be appended to the current statement, just as a new Bitcoin transaction will only be appended to the current block. The previous blocks in the block chain are artifacts of history that can never be revised. If the blocks could be revised, then a malicious buyer might be able to retract a transaction and the person that they paid could lose the money that they were owed.

Let’s discuss where bitcoins come from.

Adding transactions to the block chain and updating a local copy of the block chain is part of a process called mining. At the same time that miners (nodes in the network) are doing the important work of processing and recording transactions, they are also competing in a race. They are racing to “complete the current block” in order to win bitcoins.


Each time a block is “completed”, the next block is generated in the block chain. The first transaction recorded in that next block is a transaction that awards newly minted bitcoins to the winning miner who completed the previous block.

Then, the cycle continues. The next block becomes the “current block,” the completed block becomes a permanent record of the past, transactions are recorded in the new “current block” and miners adjust their goal to work on completing this new “current block.”

What does this race to “complete a block” entail? Miners are not racing to add transactions to a block. They are actually racing to solve a math problem.

Each new block in the block chain has an associated math problem that is inherently difficult to solve. Solving the problem requires “brute force.” A problem that requires a “brute force” solution is one that no one knows how to reason about. Instead, miners must work to guess a solution with trial and error: They guess a solution, test if it works, and then test another solution, until they find a valid solution. Solving a problem with brute force in this way is resource intensive. Miners have software that runs computation after computation. Software is limited by hardware, and hardware can only run a computation so quickly. Directing hardware to run so many computations, one right after the next, is exhaustive. Mining new coins is analogous to gold miners expending physical energy to add gold to circulation, but it is CPU time and electricity that is expended. When the winning miner finally finds a solution, it shares its solution with the other mining nodes in the network and those nodes verify its validity.

The math problem is hard for a reason - it should take time to solve! Each time a miner solves the problem, a new 25BTC is “minted”, awarded to that miner, and entered into circulation. This quantity is on schedule to halve every 4 years until all 21 million bitcoins are released. The fact that it takes on average 10 minutes to solve the math problem means that 25 new bitcoins are minted on average every 10 minutes. The difficulty of the math problem regulates the rate of creation of new bitcoins.


Here’s a simplified version of the math problem:

find x such that h(x) <= y

h is a known function. The lower y is in value, the harder the problem is to solve because there is a smaller solution space.


The value of the target, y, is agreed upon by the miners in the network and adjusted depending on how quickly new blocks are being generated. As more miners join the network (or contribute more efficient hardware towards mining), more computing power goes towards solving the math problem, and the math problem is solved more quickly. To avoid inflation, the math problem must get harder - to reconcile that miners are mining faster.


The function h is a hash function. Hash functions have a few key properties that make them ideal for the Bitcoin math problem:


1. Given an input value, x, finding the value of the hash, h(x), is straightforward.
2. However, given an output value y, finding the x such that h(x) = y is difficult (h is not invertible; the pre-image space is smaller than the image space).
3. Knowing the value of h(x) does not give insight on hashing similar inputs like h(x+1) or h(2x).


Property 1 means that once a valid solution is found, the network can easily verify its validity. Properties 2 and 3 make solving the math problem a guessing game. Miners are racing to hash h(x1), h(x2), h(x3),..... and so on until they find an x satisfying h(x) <= y. Multiple x values exist to solve the problem. If two miners find such an x at the same time, the win goes to the miner that found the x such that h(x) is smaller, because that means they solved a harder problem. If two miners truly tie, then whichever miner floods the network with their information faster wins the race.


Mining is a serious competition nowadays and it consumes large computing resources. Although it’s possible to mine on a laptop, the math problems have become hard enough that a laptop’s CPU will likely never complete a block on its own. The cost of the electricity needed to run the mining software would exceed the return for mining. Macs and PC are certainly capable of computing hash functions, but are too slow compared to specialized mining hardware that is now available. 
Hardware designed with the purpose of computing hash functions is on sale for up to $14,500.


Fastest to the best hash wins - so how is this fair? What keeps the individuals who can invest in the best hashing hardware from completing every block and winning all the block rewards? For one, the strategy of pooling gives less sophisticated miners a share of the bounty. More importantly, the distributed nature the Bitcoin network makes the race to complete a block more complex than all nodes racing to solve the same problem.


Bitcoin Demystified: Security in Decentralization
By Alexandra BerkePosted: 12/04/2013 12:24 am EST  |  Updated: 01/23/2014 6:58 pm EST


This is the conclusion of a 3-part article series, which attempts to address unanswered questions from parts 1 and 2.


Dollars and other traditional currencies were conceived in a time of cash. The model that extends these currencies to the digital world of electronic payments is a fragile one that relies too heavily on third party financial institutions; Bitcoin was invented to provide an improved alternative.

In the world of cash, once $1 enters circulation, no third party needs to mediate its passage between hands. I can take my dollar to the corner-store, select my candy, and pass my dollar to the vendor in return for the candy. That transaction occurs between the vendor and myself, without any third party involved. The vendor does not need to know anything about me, I don’t need to know anything about her, and no one else needs to know that I ever bought a candy bar.

What if I buy my candy from a small business online? I enter my credit card information and a third party institution acting as the middleman, processes the payment.
A transaction as nominal as a $1 candy bar is unlikely to occur between a small business and I because the transaction costs imposed by the third party would be too high. Partly for good reason: Third party financial institutions must mediate transaction disputes and commit a large amount of resources to avoid fraud. Inevitably, transaction disputes must sometimes result in a reversed payment, and the costs of fraud must sometimes be absorbed.


The original Bitcoin paper published by Satoshi Nakamoto addresses the need for a secure electronic payment system that relies on cryptographic proof and a distributed network, instead of trusted third parties to process payments.


With Bitcoin, transactions are transparent while void of sensitive information. They are irreversible, fraud-safe, and instead of requiring a third party, they are processed by a distributed network that relies on mathematics rather than trusting financial institutions. Any financial institution has a discrete number of servers or locations by which it operates; these are discrete points of failure. The Bitcoin network can only fail if the majority of the computing power run by the nodes that operate it is corrupted. Such an effort to commit fraud or reverse a transaction would require overwhelming computing resources. A malicious group of attackers would likely have higher returns playing by the rules of the network and committing their computing power towards mining.

To paint a (simplified) picture of this distributed network that maintains Bitcoin, consider the following:


Wendy --- Alex --- Eli ---- Jasmine ---

Alex runs a Bitcoin network node. Her direct peer nodes on the network include Wendy to the west and Eli to the east. Wendy and Eli may have many direct peers as well. Even though Alex isn’t directly connected to Jasmine, she still hears from Jasmine, because when Jasmine catches word that a block, B, has been completed,


-- Alex --- Eli --- Jasmine <-- b="">B
 –

she tells her direct peers such as Eli,

-- Alex ---Eli <-- b="">B
-- Jasmine ---

and Eli tells his direct peers, which include Alex.


--- Alex <-- b="">B
-- Eli --- Jasmine –--

Alex doesn’t need to know whom the message originally came from, or the identities of Eli or Jasmine. Upon receiving the message about the completed block, she verifies that each transaction in block B is valid and that the miner that completed block B successfully completed the associated math problem (for background, see part 2). If the block is valid, she appends it to her copy of the block chain, broadcasts the block to her direct peers, excluding Eli, and begins work to complete the next block.


If Alex wanted to instead ignore or reject the valid block, B, to continue working on her current block and win the mining reward, her attempt to diverge would be futile. By the time she found a solution to her current block and broadcasted it to Wendy and Eli, it would be too late. Her peers on the network would have already heard about and accepted block B through their other peers, and updated their block chains to include that block as a record of the past. Alex’s block would be rejected because it would contain transactions that were already included in a completed block of the block chain.

A distributed network system, such as the Bitcoin network, is one where the data is shared across multiple nodes. In effect, individual nodes are incentivized by the rest of the network to be honest workers. If a node neglects to accept a new block or message, it will have old data and prevent itself from mining blocks that will be accepted by the other cooperating nodes. The distributed nature of the network is also what allows transactions to be transparent.

Suppose Wendy wants to make a transaction, TX, from an address she owns, WWWW, to the address JJJJ, which happens to be owned by Jasmine.


Wendy –-TX--> Alex ------ Eli ----- Jasmine

Wendy broadcasts the transaction message to her peers, including Alex, who broadcasts it to her peers, and eventually the message reaches Jasmine as well, perhaps via Eli.

Wendy ------- Alex ------- Eli –-TX--> Jasmine


Neither Wendy nor Jasmine should consider this circulation of the message as confirmation of the transaction. However, once they see that a block that includes the transaction has been completed and accepted by the network, they can view the transaction, TX, from WWWW to JJJJ as a permanent record of the block chain.

..older blocks ................ more recently completed blocks ................. current block
- - - -- |tx, tx, ..,tx|------|tx,tx,.., tx |----| tx,tx,.., tx |----|tx,TX,..,tx|-----|tx |


As subsequent blocks are completed, and the transaction is buried deeper within the block chain, the permanence of the transaction becomes more secure.

..older blocks ................ more recently completed blocks ................. current block
- - - -- |tx, tx, ..,tx|------|tx,tx,.., tx |----| tx,TX,.., tx |----|tx,tx,..,tx|-----|tx |

Each transaction, tx, that is included within a block, becomes directly tied to completing that block’s associated math problem. I previously described this math problem as:
find x such that h(x) <= y

where h is a known hash function. The output of a hash function, such as h(x), is called a hash value. y is a target hash value determined by the network and adjusted to keep the rate of block generation to about 1 block per every 10 minutes (the smaller the value of the target, y, the more difficult the problem).


For readers interested in more technical details, let me elaborate.

Each block has a header that contains metadata to describe the block. Notable items in this block header include:
Time - A current timestamp.

hashPrevBlock – the hash value resulting from hashing the header of the previously completed block.

hashMerkleRoot – a hash value representing all of the transactions included within the block (the root of the Merkle tree).

Nonce – A value that is incremented in order to find a winning solution to the math problem.

Time helps ensure the chronological ordering of blocks in the block chain.hashPrevBlock does this as well, in addition to preventing fraud and reversed transactions. It serves as a link between blocks; by virtue of the hashPrevBlock, each block references its predecessor. A transaction within a complete block cannot be altered because such a change would alter the block’s header (by altering the hashMerkleRoot), which would change the value of hashing that blocks header, and therefore invalidate the hashPrevBlock of the subsequent block in the block chain, as well as all the blocks that followed.

A slightly less simplified version of the Bitcoin math problem can be represented as:
find Nonce such that h(TimehashPrevBlockhashMerkleRootNonce) <= y

The Nonce is the value that is adjusted to solve the problem because the other inputs to the function are determined by the state of the network. Now you can think of a miner’s effort to complete a block as follows: Collect transaction messages in the block, compute the hashMerkleRoot, update the Time, compute h whereNonce=0. If the resulting hash value is less than the target y, the miner broadcasts the solution! Otherwise, the miner increments the Nonce, checks the new hash, and continues to increment the Nonce and compute the new hash iteratively in the hope of solving the problem. Every so often the miner updates the current block it is working on to include the transaction messages it has most recently received from the network, recomputes the hashMerkleRoot, update the Time, and starts iteratively computing hash functions all over again.


In theory, each miner has an equal chance of coming across the winning solution and claiming the rewarded bitcoins. A careful reader should be suspicious of this claim.

With the simplicity that I have presented the math problem, it would seem that the miner with the most powerful computing resources, that can iteratively compute hash functions most quickly, always wins. However, this is not quite the case because each miner is working on a slightly different problem; each miner is working on a slightly different block.

When a block is completed, the first recorded transaction in that completed block is one allocating the mining reward to an address owned by the miner that completed the block. This means that each miner inserts its own address in the first transaction of the block it is working on. Differing transaction logs result in differing hashMerkleRoot values. The result is that each miner is iteratively computing the hash function with slightly different input values. This effective randomization levels the playing field.


Bitcoin is only the first widely adopted cryptocurrency that provides an alternative to a centralized currency system. Concerns with Bitcoin have been raised, such as the lengthy 10-minute delay between block generations, or its cryptographic security. A trend of successive currencies, like Litecoin, are implemented in a similar fashion, but address these concerns. Time will tell whether these new currencies are in a bubble, or the future of the economy.




No comments: