This will
definitely help the mystified and allow more conversation. What bitcoin is providing is an arbitrary
store of transaction value that is now freely traded. That allows simple third party participation
to set prices in the same way as a stock is priced. The actual association with value is tenuous
and in this case quite intangible. Yet
the evaluation of any stock has a tangible component say TV and a very
significant intangible value say IV.
That intangible value IV can be both positive and less understood be
negative. Warren Buffet has made a
career buying large – IV offset by substantial TV.
It presently
remains a media of exchange and actually serves rather well although it has
been volatile. This should end.
It is also
under steady attack and that should be no surprise. We are been educated to the reality that
government or banks are not needed to provide this critical service and they
are becoming uncomfortable.
Bitcoin
Demystified: A Hacker's Perspective
By Alexandra BerkePosted: 11/25/2013 6:59 pm
EST | Updated: 01/25/2014 5:59 am EST
This is part 1 in what will be a 3 part series, which will become
progressively more in depth and technical.
The term Bitcoin has
been in the news lately; Bitcoins have been rising in value with volatility,
but also mystery for someone without a computer science or mathematical
background. In this post I will cover the vocabulary and basics of bitcoin and
bitcoin transactions.
Basic Vocabulary:
Wallets and Addresses manage
bitcoin transactions.
The Block Chain is a public record of every transaction that has ever occurred.
Mining is a resource-intensive process that rewards successful miners newly “minted” bitcoin (the current reward is 25 BTC; that quantity will halve to 12.5 in 4 years)
Miners are those who mine bitcoin. In addition to adding new bitcoin to the network, miners are necessary to process transactions and maintain the Block Chain.
Pooled mining is when miners get together to cooperate so they can have a better chance to win new bitcoin and then share the reward.
I did not start mining because I saw it as a scheme to get rich. I know that savvy investors, those with specialized mining hardware and hackers who got involved when mining was still cheap and easy, like my buddy Mike Renz, have beat me to it.
I started mining because the term ‘decentralized pseudo-anonymous cryptocurrency’ is packed with buzzwords that resonate with extra clang to a recent mathematics graduate. Mining was a way to join and contribute to a network that I find fascinating, the way an economics nerd might invest on the side for fun.
A bitcoin is not tangible like a dollar, but I can still own a bitcoin; I can spend bitcoins because there are vendors that will accept bitcoins as payment and I can trade my bitcoins for Dollars, the same way that I can trade Euros for Dollars at a currency exchange.
Thankfully, I do not need to spend full bitcoins at a time - it’s not often that I buy goods or services between $500 and $900, which is what each bitcoin is currently trading at. In the same way a Dollar is divided into 100 cents, a bitcoin (1BTC) can be divided into decibitcoins (1 dBTC = 0.1 BTC), centibitcoins, millibitcoins, among other units. The smallest unit is called a “satoshi” (1 “satoshi” = 0.00000001 BTC), named after the pseudonym masking the group of mathematicians who created Bitcoin.
Owning a bitcoin:
All bitcoin transactions are permanently
recorded in a public ledger. Owning a quantity of bitcoin is essentially a mark
in the public ledger that a given amount of bitcoin is allocated to me. This is
analogous to how your bank statement recognizes that a certain portion of your
bank’s deposits belong to you; except for instead of just seeing your own
deposits, withdrawals, and balance, you suddenly have access to the sum total
of everyone’s transaction data, globally and in real time.
Spending Bitcoin:
To possess bitcoin I need an address. This address is just a string of letters and digits, like 31uEbMgunupShBVTewXjtqbBv5MndwfXhb, which serve as an identifier. The bitcoins allocated to me (or to that address) are known to be mine, because when bitcoins were transferred to my bitcoin address, that transaction was recorded in the public ledger.
It does not matter that my bitcoin are intangible because the public ledger contains all the necessary proof for which address owns how many bitcoins. If I ever try to spend more bitcoins from a given address than are owned by that address, my peers in the network will notice the inconsistency. Each participant in the network must come to consensus on the validity of a transaction, analogous to how a bank clears a credit card transaction. If I spend more bitcoin than I have, instead of verifying the transaction and broadcasting it to the rest of the network, my peers in the network will see in the ledger that the transaction is invalid. In this way double spending and fraud is prevented.
Say Alice has bitcoin address AAAAAAAAA, and Bob has bitcoin address BBBBBBBBB, and Alice wants to pay Bob 0.5 bitcoin for the new product that Bob promises to send her. How do Alice and Bob logistically make their transaction?
Alice and Bob need wallets. A bitcoin wallet is software that handles transactions and manages bitcoin addresses. Alice’s wallet might be an android app, or an application she downloaded onto to her computer, or it might be web based. The wallet handles notifying the bitcoin network that Alice is transferring funds from AAAAAAAAA to Bob’s BBBBBBBBB address. Bob’s wallet sees the transaction recorded in the public ledger and updates so that Bob can see that he has more bitcoin in his wallet. After the transaction, the entire bitcoin network can see that address AAAAAAAAA is 0.5 bitcoin poorer and address BBBBBBBBB is 0.5 bitcoin richer.
Alice never even needed to know who Bob was - bitcoin is pseudo-anonymous. Alice only needed to know that someone with the address BBBBBBBBB had a commodity that she wanted to buy. The transaction occurred between addresses, not people. The real Bob might even have tens of bitcoin addresses. Say Bob also has addresses CCCC,DDDD, and EEEE. Alice might have paid bitcoin to all of them at some time and never even realized that she was paying the same person, Bob.
Although every transaction that has ever occurred involving bitcoin is public, tracing these transactions between addresses back to people involves the difficult task of tracing addresses back to people. Creating a brand new address for each transaction is recommended to maintain anonymity.
You might be wondering what prevents theft. For example, if Alice can see in the public ledger that address ZZZZ owns 5 bitcoin, why can’t Alice pretend to be the owner of address ZZZZ and write a fake transaction message to convince the Bitcoin network that address ZZZZ is sending 5 bitcoin to her address AAAAAAAAA? This is where cryptography comes in.
Each bitcoin address has an associated public and private key pair. Although everyone’s public key and address are known, only the address owner knows their private key. The private key is used to sign the transaction. In other words, Alice cannot fake a transaction from the ZZZZ address because she is not able to properly sign the transaction without the private key belonging to ZZZZ. Similar technology is used to secure network connections every time your browser visits a website where the url address begins with ‘https’ rather than ‘http’.
Bitcoin
Demystified: Math vs. Government
By Alexandra BerkePosted: 12/02/2013 5:22 pm
EST | Updated: 01/23/2014 6:58 pm EST
This article is part 2 of a 3 part series that becomes
progressively more technical. For necessary background on Bitcoin, see part 1.
The author will be holding a Q&A call-in session this Thursday, December 5th. You can submit a question at the bottom of this article. Selected questions will be published in a podcast.
Bitcoin’s success as a currency is a feat of
mathematics and cooperation of the individuals that have lent their machines as
nodes to the Bitcoin network. The United States Government maintains the
circulation of Dollars, but no central government or agency regulates Bitcoin.
Yet there is no Bitcoin inflation, no theft, no fraud, and no lasting
discrepancy over the public ledger of transactions made. This article begins to
explain how Bitcoin functions so seamlessly.
First of all, there is a network of ‘nodes’. Individuals have incentives (such as mining rewards or collecting transaction fees) to contribute their computing resources and join as nodes on the network. These nodes are really just servers - computers plugged into the Internet - which are running Bitcoin software. A node might be a teenager keeping her computer on running Bitcoin software in her basement while she’s at school, or someone running software in the cloud. Anyone can be a node. Every time a new transaction is made with Bitcoin, all of the nodes in the network record the transaction in their ledgers. The nodes are in constant communication and work to share each transaction with each other so that they can come to a consensus and prevent their transaction ledgers from differing.
This ledger is a
database of every Bitcoin transaction that has ever been executed. It is
constantly growing with new transactions and is broken into units called blocks. The ledger is referred
to as the block chain because it is a
linear, chronological ordering of these blocks. Upon joining the network, each
node downloads the most recent copy of the block chain in its entirety.
The block chain in its entirety is analogous
to banking transactions. Bank transactions are listed chronologically, just as
Bitcoin transactions are; the record of bank transactions is broken into bank
statements, just as the block chain is broken into blocks. A new bank
transaction will only be appended to the current statement, just as a new
Bitcoin transaction will only be appended to the current block. The previous
blocks in the block chain are artifacts of history that can never be revised.
If the blocks could be revised, then a malicious buyer might be able to retract
a transaction and the person that they paid could lose the money that they were
owed.
Let’s discuss where bitcoins come from.
Adding transactions to
the block chain and updating a local copy of the block chain is part of a
process called mining. At
the same time that miners (nodes in the network) are doing the important work
of processing and recording transactions, they are also competing in a race.
They are racing to “complete the current block” in order to win bitcoins.
Each time a block is “completed”, the next
block is generated in the block chain. The first transaction recorded in that
next block is a transaction that awards newly minted bitcoins to the winning
miner who completed the previous block.
Then, the cycle continues. The next block
becomes the “current block,” the completed block becomes a permanent record of
the past, transactions are recorded in the new “current block” and miners
adjust their goal to work on completing this new “current block.”
What does this race to “complete a block”
entail? Miners are not racing to add transactions to a block. They are actually
racing to solve a math problem.
Each new block in the block chain has an
associated math problem that is inherently difficult to solve. Solving the
problem requires “brute force.” A problem that requires a “brute force”
solution is one that no one knows how to reason about. Instead, miners must
work to guess a solution with trial and error: They guess a solution, test if
it works, and then test another solution, until they find a valid solution.
Solving a problem with brute force in this way is resource intensive. Miners
have software that runs computation after computation. Software is limited by
hardware, and hardware can only run a computation so quickly. Directing
hardware to run so many computations, one right after the next, is exhaustive.
Mining new coins is analogous to gold miners expending physical energy to add
gold to circulation, but it is CPU time and electricity that is expended. When
the winning miner finally finds a solution, it shares its solution with the
other mining nodes in the network and those nodes verify its validity.
The math problem is
hard for a reason - it should take
time to solve! Each time a miner solves the problem, a new 25BTC is “minted”,
awarded to that miner, and entered into circulation. This quantity is on
schedule to halve every 4 years until all 21 million bitcoins are released. The
fact that it takes on average 10 minutes to solve the math problem means that
25 new bitcoins are minted on average every 10 minutes. The difficulty of the
math problem regulates the rate of creation of new bitcoins.
Here’s a simplified version of the math problem:
find x such that h(x) <= y
h is a known function. The lower y is in value, the harder the problem is to solve because there is a smaller solution space.
The value of the target, y, is agreed upon by the miners in the network and adjusted depending on how quickly new blocks are being generated. As more miners join the network (or contribute more efficient hardware towards mining), more computing power goes towards solving the math problem, and the math problem is solved more quickly. To avoid inflation, the math problem must get harder - to reconcile that miners are mining faster.
The function h is a hash function. Hash functions have a few key properties that make them ideal for the Bitcoin math problem:
1. Given
an input value, x, finding the value of the hash, h(x), is
straightforward.
2. However, given an output value y, finding the x such that h(x) = y is difficult (h is not invertible; the pre-image space is smaller than the image space).
3. Knowing the value of h(x) does not give insight on hashing similar inputs like h(x+1) or h(2x).
2. However, given an output value y, finding the x such that h(x) = y is difficult (h is not invertible; the pre-image space is smaller than the image space).
3. Knowing the value of h(x) does not give insight on hashing similar inputs like h(x+1) or h(2x).
Property 1 means that once a valid solution is found, the network can easily verify its validity. Properties 2 and 3 make solving the math problem a guessing game. Miners are racing to hash h(x1), h(x2), h(x3),..... and so on until they find an x satisfying h(x) <= y. Multiple x values exist to solve the problem. If two miners find such an x at the same time, the win goes to the miner that found the x such that h(x) is smaller, because that means they solved a harder problem. If two miners truly tie, then whichever miner floods the network with their information faster wins the race.
Mining is a serious competition nowadays and it consumes large computing resources. Although it’s possible to mine on a laptop, the math problems have become hard enough that a laptop’s CPU will likely never complete a block on its own. The cost of the electricity needed to run the mining software would exceed the return for mining. Macs and PC are certainly capable of computing hash functions, but are too slow compared to specialized mining hardware that is now available. Hardware designed with the purpose of computing hash functions is on sale for up to $14,500.
Fastest to the best hash wins - so how is this fair? What keeps the individuals who can invest in the best hashing hardware from completing every block and winning all the block rewards? For one, the strategy of pooling gives less sophisticated miners a share of the bounty. More importantly, the distributed nature the Bitcoin network makes the race to complete a block more complex than all nodes racing to solve the same problem.
Bitcoin
Demystified: Security in Decentralization
By Alexandra BerkePosted: 12/04/2013 12:24
am EST | Updated: 01/23/2014 6:58 pm EST
This is the conclusion of a 3-part article series, which attempts
to address unanswered questions from parts 1 and 2.
Dollars and other traditional currencies were
conceived in a time of cash. The model that extends these currencies to the
digital world of electronic payments is a fragile one that relies too heavily
on third party financial institutions; Bitcoin was invented to provide an
improved alternative.
In the world of cash, once $1 enters
circulation, no third party needs to mediate its passage between hands. I can
take my dollar to the corner-store, select my candy, and pass my dollar to the
vendor in return for the candy. That transaction occurs between the vendor and
myself, without any third party involved. The vendor does not need to know
anything about me, I don’t need to know anything about her, and no one else
needs to know that I ever bought a candy bar.
What if I buy my candy
from a small business online? I enter my credit card information and a third
party institution acting as the middleman, processes the payment.
A transaction as nominal as a $1 candy bar is unlikely to occur between a small business and I because the transaction costs imposed by the third party would be too high. Partly for good reason: Third party financial institutions must mediate transaction disputes and commit a large amount of resources to avoid fraud. Inevitably, transaction disputes must sometimes result in a reversed payment, and the costs of fraud must sometimes be absorbed.
A transaction as nominal as a $1 candy bar is unlikely to occur between a small business and I because the transaction costs imposed by the third party would be too high. Partly for good reason: Third party financial institutions must mediate transaction disputes and commit a large amount of resources to avoid fraud. Inevitably, transaction disputes must sometimes result in a reversed payment, and the costs of fraud must sometimes be absorbed.
The original Bitcoin paper published by Satoshi Nakamoto addresses
the need for a secure electronic payment system that relies on cryptographic
proof and a distributed network, instead of trusted third parties to process
payments.
With Bitcoin, transactions are transparent while
void of sensitive information. They are irreversible, fraud-safe, and instead
of requiring a third party, they are processed by a distributed network that
relies on mathematics rather than trusting financial institutions. Any
financial institution has a discrete number of servers or locations by which it
operates; these are discrete points of failure. The Bitcoin network can only
fail if the majority of the computing power run by the nodes that operate it is
corrupted. Such an effort to commit fraud or reverse a transaction would
require overwhelming computing resources. A malicious group of attackers would
likely have higher returns playing by the rules of the network and committing
their computing power towards mining.
To paint a (simplified) picture of
this distributed network that
maintains Bitcoin, consider the following:
Wendy --- Alex --- Eli ---- Jasmine ---
Alex runs a Bitcoin network node. Her direct peer nodes on the network include Wendy to the west and Eli to the east. Wendy and Eli may have many direct peers as well. Even though Alex isn’t directly connected to Jasmine, she still hears from Jasmine, because when Jasmine catches word that a block, B, has been completed,
-- Alex --- Eli --- Jasmine <-- b="">B-->
she tells her direct peers such as Eli,
-- Alex ---Eli <-- b="">B-->
-- Jasmine ---
and Eli tells his
direct peers, which include Alex.
--- Alex <-- b="">B-->
Alex doesn’t need to
know whom the message originally came from, or the identities of Eli or
Jasmine. Upon receiving the message about the completed block, she verifies
that each transaction in block B is valid and that the miner that completed
block B successfully completed the associated math problem (for background, see part
2). If the block is valid, she appends it to her copy of the
block chain, broadcasts the block to her direct peers, excluding Eli, and
begins work to complete the next block.
If Alex wanted to instead ignore or reject the
valid block, B, to continue working on her current block and win the mining
reward, her attempt to diverge would be futile. By the time she found a
solution to her current block and broadcasted it to Wendy and Eli, it would be
too late. Her peers on the network would have already heard about and accepted
block B through their other peers, and updated their block chains to include
that block as a record of the past. Alex’s block would be rejected because it
would contain transactions that were already included in a completed block of
the block chain.
A distributed network system, such as the
Bitcoin network, is one where the data is shared across multiple nodes. In
effect, individual nodes are incentivized by the rest of the network to be
honest workers. If a node neglects to accept a new block or message, it will
have old data and prevent itself from mining blocks that will be accepted by
the other cooperating nodes. The distributed nature of the network is also what
allows transactions to be transparent.
Suppose Wendy wants
to make a transaction,
TX, from an address she owns, WWWW, to the address JJJJ, which happens to be
owned by Jasmine.
Wendy –-TX--> Alex ------ Eli ----- Jasmine
Wendy broadcasts the transaction message to
her peers, including Alex, who broadcasts it to her peers, and eventually the
message reaches Jasmine as well, perhaps via Eli.
Wendy ------- Alex
------- Eli –-TX--> Jasmine
Neither Wendy nor Jasmine should consider this
circulation of the message as confirmation of the transaction. However, once
they see that a block that includes the transaction has been completed and
accepted by the network, they can view the transaction, TX, from WWWW to JJJJ
as a permanent record of the block chain.
..older blocks ................ more recently completed blocks
................. current block
- - - -- |tx, tx, ..,tx|------|tx,tx,.., tx |----| tx,tx,.., tx |----|tx,TX,..,tx|-----|tx |
- - - -- |tx, tx, ..,tx|------|tx,tx,.., tx |----| tx,tx,.., tx |----|tx,TX,..,tx|-----|tx |
As subsequent blocks are completed, and the
transaction is buried deeper within the block chain, the permanence of the
transaction becomes more secure.
..older blocks ................ more recently completed blocks
................. current block
- - - -- |tx, tx, ..,tx|------|tx,tx,.., tx |----| tx,TX,.., tx |----|tx,tx,..,tx|-----|tx |
- - - -- |tx, tx, ..,tx|------|tx,tx,.., tx |----| tx,TX,.., tx |----|tx,tx,..,tx|-----|tx |
Each transaction, tx,
that is included within a block, becomes directly tied to completing that
block’s associated math problem. I previously described
this math problem as:
find x such that h(x) <= y
where h is a
known hash function. The output of a
hash function, such as h(x), is called a hash
value. y is a target hash value determined by the network and adjusted
to keep the rate of block generation to about 1 block per every 10 minutes (the
smaller the value of the target, y, the more difficult the problem).
For readers interested in more technical details, let me
elaborate.
Each block has a header that contains metadata
to describe the block. Notable items in this block header include:
Time -
A current timestamp.
hashPrevBlock – the hash value resulting from hashing the header of the previously completed block.
hashMerkleRoot – a hash value representing all of the transactions included within the block (the root of the Merkle tree).
Nonce – A value that is incremented in order to find a winning solution to the math problem.
Time helps
ensure the chronological ordering of blocks in the block chain.hashPrevBlock does this as well, in addition to
preventing fraud and reversed transactions. It serves as a link between blocks;
by virtue of the hashPrevBlock, each block
references its predecessor. A transaction within a complete block cannot be
altered because such a change would alter the block’s header (by altering the hashMerkleRoot),
which would change the value of hashing that blocks header, and therefore
invalidate the hashPrevBlock of the
subsequent block in the block chain, as well as all the blocks that followed.
A slightly less simplified version of the
Bitcoin math problem can be represented as:
find Nonce such that h(Time, hashPrevBlock, hashMerkleRoot, Nonce) <= y
The Nonce is the value that is adjusted to solve the
problem because the other inputs to the function are determined by the state of
the network. Now you can think of a miner’s effort to complete a block as follows:
Collect transaction messages in the block, compute the hashMerkleRoot, update the Time, compute h whereNonce=0. If the
resulting hash value is less than the target y, the miner broadcasts the
solution! Otherwise, the miner increments the Nonce, checks the
new hash, and continues to increment the Nonce and
compute the new hash iteratively in the hope of solving the problem. Every so
often the miner updates the current block it is working on to include the
transaction messages it has most recently received from the network, recomputes
the hashMerkleRoot, update the Time, and starts iteratively computing hash functions
all over again.
In theory, each miner has an equal chance of
coming across the winning solution and claiming the rewarded bitcoins. A
careful reader should be suspicious of this claim.
With the simplicity that I have presented the
math problem, it would seem that the miner with the most powerful computing
resources, that can iteratively compute hash functions most quickly, always
wins. However, this is not quite the case because each miner is working on a
slightly different problem; each miner is working on a slightly different
block.
When a block is
completed, the first recorded transaction in that completed block is one
allocating the mining reward to an address owned by the miner that completed
the block. This means that each miner inserts its own address in the first
transaction of the block it is working on. Differing transaction logs result in
differing hashMerkleRoot values. The result is that each
miner is iteratively computing the hash function with slightly different input
values. This effective randomization levels the playing field.
Bitcoin is only the first widely adopted
cryptocurrency that provides an alternative to a centralized currency system.
Concerns with Bitcoin have been raised, such as the lengthy 10-minute delay
between block generations, or its cryptographic security. A trend of successive
currencies, like Litecoin, are implemented in a similar fashion, but address
these concerns. Time will tell whether these new currencies are in a bubble, or
the future of the economy.
No comments:
Post a Comment