A View Inside My Head

Jason's Random Thoughts of Interest


Inside Bitcoin: What is a Bitcoin?

Bitcoin is best described as an open source digital currency and decentralized/peer-to-peer payment system. Okay, but what does that mean? 

Let’s break it down:

  • Open Source: Every aspect of how Bitcoin works is public knowledge. The primary client software, called the QT wallet, is an open-source project hosted on GitHub, so any developer can review the source to look for bugs or code that introduces malicious behavior.
  • Digital Currency: The core purpose of Bitcoin is to serve as a currency, or form of money. Currency, in general terms, refers to a medium of exchange. That is, I give you something of value in exchange for something else of value. Both parties must recognize the value of each item being exchanged to be equal for the system to be valid.

    Bitcoin fulfills one half of that exchange, being a medium that holds value. It is digital currency because it exists only as numbers in cyberspace, protected by cryptographic information that only the owners of each Bitcoin are privy to (because of this, it is also commonly referred to as a cryptocurrency).  Ownership of Bitcoin can be transferred from one person to another.
  • Decentralized/Peer-to-Peer Payment System: Bitcoin is designed so that no one person or agency is in control of the system. It’s truly the people’s currency, where users that give Bitcoin its value also maintain the underlying system that allows value to be transferred between owners.

Value in Bitcoin is assigned by address. A person can own any number of addresses – they are very cheap to create at random, and the probability of your computer creating an address that collides with one owned by another person’s is practically 0%.

To spend a Bitcoin that you own, you transfer it to the recipient’s address. This is known as a transaction. A transaction has two parts: IN and OUT.

While it’s convenient to think of a Bitcoin address as being like a bank account, where all of the value is accumulated and stored, the reality is that the value is stored in transactions. You can only spend value that has been sent to you as the OUT part of a prior transaction, and you spend it by referencing that OUT as the IN of your new transaction. So, the balance of any Bitcoin address is the sum of all of the unspent transaction OUTs destined for that address (referred to as UTXO).

When you create a new transaction, using your Bitcoin-QT wallet or some other piece of client software, the transaction is broadcast to the entire network of nodes that make up the Bitcoin network. Eventually (usually within 10 minutes), that transaction is recorded into the permanent public ledger, and then everyone in the world knows that the Bitcoin that you spent has been transferred from your address to the recipient’s address (and they are then free to spend it themselves).

One important thing to note: Bitcoin is built upon the concept of distrust.

“What’s that!?” you say?

Since Bitcoin exists only on the Internet, and there is no one centralized authority to trust, then you must question and validate each piece of data that the system provides to ensure that it is real and not generated by a clever thief. This is why all of the details about how to verify data is public knowledge – as long as the majority of the users participating follow the same rules, then it becomes impossible for somebody to game the system by introducing data that does not conform to those rules.

As a result, every node that participates in the Bitcoin network must download and verify every transaction since the beginning of time (which was in 2009 for Bitcoin itself) to ensure that they are valid and have not been tampered with. For each transaction downloaded, the node must ensure that the IN part had not been previously spent within another transaction (known as a double spend). As more and more nodes confirm the validity of transactions, the confidence in the transaction increases and the risk of a double spend occurring decreases.

Note: Some things above have been generalized for the purpose of being a general overview. The goal of this blog series is to dive deeper into how Bitcoin works, which will clarify/expand upon some of the vague or technically incomplete parts listed here.


Inside Bitcoin: SHA256

SHA256 is a cryptographic hash function. Its purpose is to take in an arbitrary length of bytes (the “message”), perform number crunching, and then produce 32 bytes that uniquely represents the original message (the “hash value”, or “digest”).  A small change to the message, even toggling a single bit somewhere, results in a vastly different digest due to a property of cryptographic hash functions known as the “Avalanche Effect”. 

While it is easy to calculate the hash code for any given message, it is considered to be infeasible for somebody to generate a message that results in a particular hash code. This makes SHA256 a one-way function. Likewise, it is considered infeasible at the moment to find two different messages that have the same hash code (known as a “collision”). 

Note: This does not mean that collisions are impossible, though, because after all, the output is only 32 bytes for any length of input.  So, being fed enough bytes will eventually result in a repeated hash code.  Being infeasible in this case simply means that collisions are random events that cannot be used to create other collisions for other messages.

Because of these properties, hash functions like SHA256 are often used to verify that a message hasn’t been tampered with, or hasn’t become corrupted during transmission.  It is also convenient to store the hashes of passwords in a database instead of the passwords themselves, so that in the event of a security breech, the secrets are not revealed.

Calculating a SHA256 hash code consists of multiple rounds of bitwise operations: and, or, xor, shifts, and rotates. Because there are no conditional branching operations in the algorithm, SHA256 can be implemented entirely in hardware.  This is the basis behind FPGA and ASIC mining devices (a topic for a later blog post).

Try it yourself! Type a message to view the resulting SHA256 hash, and see how small changes to the input greatly impacts the results.  Also, try to find a message that results in one or more leading zeros.

SHA256 Sample