Bitcoin Forum

First, never leave your bitcoins sitting in someone else's privkey. Second, know your own privkeys.

Never leave your bitcoins sitting in someone else's privkey. It is hearbreaking to read daily stories from people whose bitcoins were stolen from moneychanger accounts. Here is the problem. Many of you routinely trust your bank, stockbroker, or Paypal with your money. You are so used to doing this without thinking, that you leave bitcoins sitting in your account with Mtgox, CampBX, Bitfloor, or other moneychanger. This makes it likely that a thief will figure out your user-ID and password, or penetrate the moneychanger's security, and will siphon off your bitcoins. It is pointless to blame the moneychanger. Bitcoins are too new for moneychangers to have the same FDIC protection as banks, credit unions, or brokerages. It is pointless to blame the bitcoin protocol, the miners, or the developers. The bitcoin concept makes you alone responsible for your money.

The bitcoin concept pivots on the breakthrough idea that everyone is capable of receiving, storing, and sending money on his or her own without interference by anyone else. If you embrace the concept and accept the responsibility, you will transfer bitcoins away from the moneychanger to your own address within seconds after buying them. If you do this, and keep your privkey secret from anyone else, it will be impossible for anyone to steal your bitcoins. Bitcoins that you leave in a moneychanger account are sitting in the moneychanger's privkey. Again, never leave your bitcoins sitting in someone else's privkey.

Second, know your own privkeys. By now you should understand that bitcoins are not stored in your wallet. They are not in your computer, nor on its hard drive, nor on a flashdrive. Your bitcoins are in "the cloud". You can spend them only by knowing their privkey and loading that privkey into "sending" software. The "sending" software transfers the coins from your privkey in the cloud to someone else's address in the cloud. Which brand of sending software you use is unimportant. Whether the sending sofware contains the blockchain or uses a server is unimportant. Whether the sending software resides on your computer, tablet, smartphone, or on someone's website is unimportant. The only thing that is important is that you should know your own privkeys. If you know your privkeys, you can spend your bitcoins even if your house burns to the ground. If you do not know your own privkeys, your money is lost forever. A wallet is nothing more than a handy place to hold a copy of your privkeys. There is nothing wrong with storing your privkeys in a wallet (as well as in eight or nine other secret places). But to store your privkeys in a wallet instead of knowing them is the height of foolishness. If you know your privkeys and lose your wallet, you can simply import them into a new wallet. But if you lose your wallet and do not know the privkeys that it held, your money is lost forever. Again, know your own privkeys.

So how do I find out what my Bitcoins privkeys are?

Thanks, that actually heightened my understanding. Will go to figure out my privKeys..  :)

Sorry, but that story is completely unreadable. Never heard of privkeys too. But I'm glad you do.

I am thinking that the privkey is short hand for private key - a cryptographic term.   There is a good explanation on the Wiki here:  https://en.bitcoin.it/wiki/Private_key.  Basically if someone has your private key they can access and spend your BTC.

If you don't know what a private key is, please don't use bitcoin.

Is the wallet address considered the public key in this regard?

That depends on how you got your bitcoin address.


Unreadable?  It seemed to use well formed sentences with proper capitalization and punctuation.  I'd expect anyone who completed 9th grade to be able to read it.
privKeys is an abbriviation of "private keys".  Most wallets hide the private keys from you.  It isn't necessarily needed for you to "know your own privKeys", but it is important for you to understand the wallet you've chosen well enough to know what needs to be backed up in order to restore the wallet in case of disaster.  As an example, with the Bitcoin-Qt wallet, the private keys are stored in a file named wallet.dat.  As long as you have a recent undamaged copy of this file accessible, you can restore your wallet.  If this file isn't protected, and someone else gains access to it, then they can restore your wallet and spend your bitcoins without your authorization.


The bitcoin address is actually a hash of the public key.  There is no need to know the actual public key, the wallet software takes care of that for you.  Note that for most bitcoin wallets, there is no such thing as a "wallet address".  A wallet can have multiple addresses.  Each address is a "bitcoin address".

A wallet address is a hash of the public key and it starts with 1.

The following is a big newbie question, I am aware. Don't judge me, k?

If I never mined bitcoins, and never installed a bitcoin client, but I *did* sign up on of the exchanges (say mtgox), do I still have a wallet? Or are the bitcoins I buy on an exchange stored in some kind of "proprietary" wallet of the exchange I signed up for?

Ahh, thank you for the response. So a wallet is basically just a way of keeping track of the addresses - those addresses are essentially in no way tied together - other than who 'owns' them. Would that be a correct statement?

Coqui33 thanks for your post, it was very informative, but as a newbie I still have lots of questions.  Part of the confusion is that the term Bitcoin often refers to a fraction of a Bitcoin.  Santoshi's article states "We define an electronic coin as a chain of digital signatures.". How does that chain of digital signatures get stored in a wallet?  Each time a coin (or fraction thereof) a new block is added to chain.  Does that mean the digital signatures get longer and longer?  A block in the chain contains the addresses of both parties.  Are those public addresses which correspond to private addresses?  Are those private addresses the privkeys you refer to?  Do I have privkeys for every bitcoin ( or fraction thereof) I receive?  Should I consolidate them by doing a transaction to myself.

I apologize for so many questions.  Thanks for any replies.

The bitcoins are in a "proprietary" wallet of the exchange you signed up for.  You are trusting them to hold on to those bitcoins and keep them safe for you.  You are trusting them to send those bitcoins in a timely manner to any address you ask them to in the future.  You are trusting them to still be there in the future when you want to access those bitcoins.

Here are some commonly used wallets, you can research each on your own time and determine which best suits your needs:

Paper Wallet
Armory
Bitcoin-Qt
Electrum
MultiBit
https://blockchain.info/wallet


Yes, that would be a correct statement.


The chain (of all digital signatures associated with all bitcoins) is stored in the blockchain.  The blockchain is a verifiable digital ledger that every full peer maintains a complete copy of.  When miners create a new block, they broadcast it and all peers add the block to their own copy of the blockchain after validating it.


Figuratively I suppose you could look at it that way.  In reality the blockchain gets longer and longer.  Each new signature just has a reference back to the location of the previous signature in the blockchain file(s).


There are not private addresses.  There are private keys.  All addresses are considered public (although the public may not know about them until you receive bitcoins at them). A transaction has a reference to the public bitcoin address of the receiving party.  Since the transaction also has a reference to the previous transaction where the sending party was the receiving party, it is possible to find the bitcoin addresses that were used by the sending party to receive the bitcoins.  The private keys are used by the wallet software to generate the digital signature required to sign over control of the value to the new address.  The private keys used for the signature are the private keys that were used to generate the bitcoin addresses where the sending party received the value that they are sending.


The private keys that the wallet software maintains when it generates a new bitcoin address, and uses to create digital signatures to sign over control of value received at those addresses to someone else's address, are the privkeys being referred to.


That depends.  If you use a new address for every transaction, then yes, you have a private key for every bitcoin (or fraction or multiple thereof) that you receive.  If on the other hand you re-use addresses multiple times, then you have less private keys.  Specifically, you have a private key for every bitcoin address that your wallet is keeping track of.

Note that, depending on the wallet software you choose to use, it is possible that your wallet has created additional addresses that it hasn't told you about and sent some of your bitcoins to those addresses as well.  This would be true of any wallet (such as Bitcoin-Qt) that generates a new address for the "change" in every transaction sent.


If you are receiving lots of transactions that are all less than 0.5 BTC (such as players of SatoshiDice encounter), then you might want to consider consolidating the outputs received before you end up with hundreds of outputs all valued at less than 0.01 BTC.


No need to apologize.  Asking about the things you don't understand is a good way to learn.  This is the Newbie forum after all.

After reading all of this, I a) feel mildly overwhelmed and b) have two more questions:

(1) Let me see if I got one thing right: not every transaction requires a new address being created for a (fraction of a) bitcoin, e.g. shuffling around your own bitcoins won't make that necessary. However, transfering ownership of a bitcoin over to another user *does* require creation of a new address, since the private key that enables spending and the (public) address are mathematically related. Correct, yes or no?

(2) How is ownership transferred, or rather: at what point is the new owner really the owner of a bitcoin. Say user A wants to hand over a bitcoin at address X to user B. Assuming he possesses the private key of said bitcoin, he is able to initiate a transaction that basically tells the world "from now on, the bitcoin at address X will be owned by B". Right so far? This transaction needs to be verified, i.e. a certain number of peers will have to agree that A was indeed the owner of bitcoin X, and that A hasn't spent X already. Let's say the transaction is confirmed. But now what? How is user B made the owner of bitcoin X? Does the network generate a new private key (and address) for bitcoin X, now called X', and transfers this private key secretely to user B? Is that (approximately) how it works?

Transferring ownership over to another user only requires a "new" address on the receiver's part if the receiver is choosing not to re-use an address that they've used before.  It is recommended that you generate a new address every time you receive bitcoins, but it isn't required.  There is no need to create a new address when sending bitcoin, but since there is usually some "change" involved, the Bitcoin-Qt wallet (and some other wallets) automatically create a new address for that change.  Bitcoin-Qt hides that address from you, but continues to track the private key and bitcoins associated with it for you.


We are dealing with abstractions here, so as an analogy what youa re saying is fine so far. In reality there is no thing called "a bitcoin".  There is no magical string of numbers that anyone can point to and say "that's a bitcoin".  What you really have is an output that has a value associated with it.  What you spend is the entire output, there is no way in bitcoin to partially spend an output.

So lets say someone sent you 5 BTC and this is the only bitcoin you've ever received.  What exists in the blockchain is a transaction that has some inputs (we'll get to those in a minute), and one or more outputs.  At least one of those outputs will have a data field called "value" that will have 500000000 in it (all values are stored as integers and represented as "Satoshi's").  That output will also have a data field that has your bitcoin address in it.  This output makes it clear to the entire world that 5 BTC of value can only be transferred to another address (or addresses) if a digital signature is supplied by the private key that is mathematically linked to your bitcoin address.

Now say you want to send 2 BTC to someone else.  Your wallet will create a transaction with one input (since you only have one output right now).  That input will have a data field that will contain a reference to the output that you received.  It will also contain a digital signature created with the your private key associated with the receiving address you had used.  The transaction will have 2 outputs.  One will have 200000000 in the "value" field, and the receiving bitcoin address supplied by the person you are sending to.  The other output will have a 300000000 in the "value" field, and a bitcoin receiving address from your wallet (to send this "change" back into your wallet as a new unspent output).  Depending on the wallet you choose to use, that receiving address may be "new", or it may be one that was already in the wallet.

Every peer that receives the transaction will verify it and will refuse to relay it if it is invalid.  It won't make it out of your wallet if it doesn't pass verification.


No.  Not "a certain number".  Either it is valid and peers will relay it, or it isn't and it won't be relayed.


Confirmation is different than validation.  Confirmation is done by miners and consists of adding the transaction to the blockchain.


He is the owner by nature of the fact that the output can't be spent without supplying a signature created from a private key that only user B's wallet should have.


No. User B's wallet first generates the private key.  Then it generates the bitcoin address from the private key.  Then user B supplies you with their receiving address.  Nobody and nothing except user B's wallet knows what the private key is.  Each private key has exactly one bitcoin address.  If anyone else has that same private key, they can generate the same bitcoin address.

Thanks

Thanks. Extremely interesting and very accessible the way you explain it. If you're not tired of my questions yet, could you explain what validation is vs what confirmation is (I used both terms interchangeable, and therefore incorrect, as it seems)

Thanks for hammering this message through to the newbies. I will be putting my crypto into cold storage soon with the private keys safely stored away in multiple places.

I'm not sure if there is a generally recognized meaning for "validation" and/or "verification", but the way I typically see them used:

"validation" and "verification" tend to be used interchangeably.  Every peer makes sure that anything they accept and relay (such as transactions and blocks) meet certain minimum requirements.  I'm not sure what the entire list of requirements is, but some of the key points are:

• A reference hash is supplied for each input
• A proper scriptSig is supplied for each input
• None of the inputs have been spent in the blockchain yet.
• None of the inputs have been spent in a currently known unconfirmed transaction.
• The sum of the "values" of the inputs is greater than or equal to the sum of the "values" of the outputs
• The transaction has the appropriate fee if necessary

If any of these verifications fails, the transaction won't be accepted by the peer and therefore won't be relayed to any other peers.

The first "confirmation" is the act of a miner broadcasting a properly solved block that includes the transaction.  Any peer that has a conflicting transaction in their list of "unconfirmed" transactions will accept the "confirmed" transaction as "official" and will remove the conflicting transaction from its memory.

Additional "confirmations" simply mean that additional blocks have been added to the blockchain after the block that contains the transaction.

Holly shit. I've been trading these things for about two weeks now, and this thread is the first concise but still somewhat detailed explanation of bitcoins and transactions that I have seen. Thank you. This has really helped me.

:)

Danny: thanks, excellent explanation regarding the "change" being sent back - this should be added to the .it wiki

Yes this has been very informative.  New questions:

There seems to be at least 3 cryptographic elements

1- addresses have public and private keys, they can be easily generated but doesn't seem like there is any reason you couldn't have duplicate addresses, other than highly improbable.

2- the nonce within a block.  It seems like this has to be found like mining.  Do most miners mine for nonces?  Once someone discovers the nonce for the current block the block is finalized and search for a new nonce begins.

3- bitcoins themselves.  These seem to be some other key that miners search for and seems to be independent of the nonce.  Once a coin is discovered (mined) it is put in a block so the miner has ownership, it is assigned to the miners address.

Does each new block contain one and only one new bitcoin along with a bunch of other transactions?

More questions

All bitcoins solve the same problem but with increasing levels of difficulty , is at correct?

If I mine a bitcoin today that barely solves the problem, I should immediately put it in a block and take ownship.  But if I mine a bitcoin that solves the problem by a wide margin, I can sit on it because even when the difficulty goes up my coin will still be valid.  Is that correct?

Another way to put it is I could mine a coin that would have been a  slid bitcoin 6 months ago, but because the bar has been raised, it is not a bit coin today.  Today it is worthless.

More questions

Why arent bitcoins that solve more difficult problems worth more?
Or the first bitcoin, that should be worth more.  I would rather have one millionth of the first bitcoin or the last bitcoin than one in the middle.

Thank you for taking the time to provide in-depth answers. Although I'm not entirely new to Bitcoin, this thread has helped clarify some things and solidify my understanding. Your helpfulness is sincerely appreciated, as is your attitude regarding this being the Newbie forum.

By contrast...



Wow, what elitist crap. The height of foolishness? Don't use Bitcoin if you don't understand the technical underpinnings? And these comments are directed to people who are most likely new to Bitcoin! We all start life completely ignorant, and leave it almost as ignorant as we started. We learn some things along the paths of our lives but there is much more that we will never learn than what we do manage to learn. Everybody (other than the original architect(s)) had to learn about Bitcoin at some point. Treating new people as if their ignorance is "foolish" -- and disqualifies them from using Bitcoin! -- will do nothing to increase the adoption or correct (secure) use of Bitcoin.

+1 Thank you for the info.

highly, Highly, HIGHLY improbable.



That's why they call it mining.


All miners mine for nonces.  That's why they call it mining.


Correct.


Here you are mistaken.  New bitcoins value is simply freely assigned to the address of the miner in a special transaction (called a "coinbase" transaction) in the block.  This is the only transaction in the block that is allowed to exist without any inputs.


The miner builds the coinbase transaction before they start mining.  The coinbase transaction is just another transaction in the block.


No.  Each new block right now contains 25 new bitcoin (plus the transaction fees from the transactions in the block) in a single transaction, along with a bunch of other transactions.


Cryptographic entities I can think of at the moment:

• Private key (and it's ECDSA public key counterpart)
• SHA-256 hash of public key as a step towards generating public address
• RIPEMD-160 hash of public key as a step towards generating public address
• SHA-256 hash of transaction used as a transactionID
• SHA-256 hash of block used as proof-of-work
• Merkle-Root of chain of block transactions in the block header
• ECDSA signature of transaction proving ownership of inputs

Bitcoins don't solve anything.  Bitcoins are an abstraction that we humans use to make discussion of value easier.  In reality there is nothing that can be pointed to and say "that's a bitcoin".  Bitcoins are simply the sum total of the "value" fields of all unspent outputs associated with an address.

All miners solve a SHA-256 hash of the block header looking for a hash that has a value lower than a target difficulty.  When they find that hash, they publish the block.  In the block is a transaction with no inputs and outputs assigning block subsidy and transaction fees to the miner(s).


No. Hopefully my previous post, and previous comment in this post, have clarified this.

Bitcoins don't solve problems.  Bitcoins are given to miners for solving a block as a way of providing an incentive to perform the mining, and as a way to fairly issue the currency to the community.


Due to a quirk in the way bitcoin was created, the first 50 bitcoin are unspendable.  They will most likely remain forever trapped, unspent, in the first block created.

Thank you for the information. It greatly heightened my understanding on the wallet/keys.

Many people in here are helpful, but the first transaction I'm going to make once I have my first "real" wallet will be to send a tip to Mr. DannyHamilton

This is very helpful.  Thank you.

So it seems machines mine for nonces and get rewarded bitcoins. Once a nonce is found, the block is created which always has the new reward bitcoins and other transactions and the search for a new nonce begins. 

Mining cannot be done offline since every ten minutes you start searching for a different nonce.  Is that correct?

And if you find a nonce seconds after someone else you will most likely not get the reward because the majority of miners will start searching for the nonce following the block of the person that got there just before you.   Seems like there is a high frequency trading strategy here.  If you find a nonce, you are better off if you can propagate it faster than everyone else.

anybodies open on "zerocoin"?

You need to supply the miner with a blockheader.  Building the blockheader requires, at a minimum, knowing what the hash of the most recently solved block was.  If you have a way to transmit this hash to the "offline" machine, then I suppose that the miner could do the searching for the nonce offline.  If the miner successfully finds a nonce that causes the block header to hash to a value that less than the target, then you'd need a way to transmit this nonce back to a machine that could broadcast the block to the network.

Note that the time to find a nonce is random.  It won't always be 10 minutes.  You can end up with two consecutive blocks found within seconds of each other. You can also have a couple hours between blocks.  The difficulty is adjusted to try to keep the average time between blocks close to 10 minutes over a period of 2016 blocks.


Correct.  The longer the elapsed time, the more widespread the other block will have been relayed.


Correct. For this reason, mining pools will generally try to remain connected to a very large number of peers.