Well but transactions only record "how much" btc where moved not "which" bitcoins.
That is completely false. Did you even read what I wrote?
Transactions do not record "how much" BTC were moved. They ONLY record "which" unspent transaction outputs are being spent, and which new unspent outputs are being created.
So if A and B give C a bitcoin each - C has now two btc. If C gives D a bitcoin there is no way i could say that this bitcoin D now has came from A or B - it could originate from both - A or B.
Lets look at an example...
- Alan sends Carl 1 BTC in output 1 of transaction XYZ
- Bob sends Carl 1 BTC in output 2 of transaction UVW
- Carl now has control over 2 BTC
- More specifically Carl has the private key that can provide the required signature to spend either (or both) of output 1 of transaction and output 2 of transaction UVW
- Carl sends 1 BTC to Dennis with transaction RST
- Which BTC does Dennis have?
There are 3 possibilities when Carl created his transaction, and properly written visualization software should be able to handle all 3.
Possibility 1Carl built a transaction RST that spent
output 1 of transaction XYZ as an input, and which created a new output 0 valued at 1 BTC encumbered with a spending requirement that a signature generated with a private key that only Dennis has access to be provided.
In this case it is clear that the bitcoin received by Dennis (to the extent that bitcoins exist) is the same bitcoin that was originally
sent by Alan.
Possibility 2Carl built a transaction RST that spent
output 2 of transaction UVW as an input, and created a new output 0 valued at 1 BTC encumbered with a spending requirement that a signature generated with a private key that only Dennis has access to is provided.
In this case it is clear that the bitcoin received by Dennis (to the extent that bitcoins exist) is the same bitcoin that was originally
sent by Bob.
Possibility 3Carl built a transaction RST that spent BOTH
output 1 of transaction XYZ AND
output 2 of transaction UVW as an inputs. The transaction was therefore provided with 2 BTC of value. Carl created 2 new outputs in his transaction. Output 0 valued at 1 BTC is encumbered with a spending requirement that a signature generated with a private key that only Dennis has access to is provided. Output 1 valued at 0.99 BTC is encumbered with a spending requirement that a signature generated with a private key that only Carl has access to is provided. The remaining 0.01 BTC is left unassigned to any output. This 0.01 BTC is considered by the protocol to be a "transaction fee", and the miner that confirms the transaction in a block is entitled to assign this 0.01 BTC to himself.
In possibility 3, 1 BTC was sent to Dennis, 0.99 BTC of "change" was sent back to Carl, and a fee of 0.01 BTC was paid. Half of each of those values was from each of the two inputs supplied. So:
- 0.5 BTC of the 1 BTC output received by Dennis is from Alan
- 0.5 BTC of the 1 BTC output received by Dennis is from Bob
- 0.495 BTC of the 0.99 BTC output that Carl sent to himself is from Alan
- 0.495 BTC of the 0.99 BTC output that Carl sent to himself is from Bob
- 0.005 BTC of the 0.01 BTC fee received by the miner is from Alan
- 0.005 BTC of the 0.01 BTC fee received by the miner is from Bob
Forward it is the same: A and B give C a btc each. C now has two bitcoins. C gives D a bitcoin. At this moment i do not know if C gave D the btc from A or the one from B.
Of course you do. Just look at the transaction. The transaction will specify which of the received outputs was listed as an input to the transaction. It is possible that the transaction spends BOTH of the received 1 BTC outputs. In that case, each new output will have received half its value from each input.
Atleast if i look at the protocol it should not be possible to identify D`s btc.
Have you actually looked at the protocol? Or are you just guessing how you think it might work and then assuming that your guess is right?
Because in the transaction most importantly two things are checked - do i have the private key to sign the transaction - and if the sum of the future transactions from and to this address enables me to send amount X of btc to another address.
Nope. Nope. Nope. Nope.
First of all, there are more than two important things that are checked. Second of all, there is no check against "the sum of the future transactions from and to this address".
There is a check that the
signatures are valid.
There is a check that all the outputs listed in the transaction are not spent yet (that they are still in the UTXO).
There is a check that the
sum of the values of the transaction's outputs does not exceed the sum of the values of the transaction's inputs.
There is a check that all the scripts in the transaction are valid.
There are additional checks, but those 4 all apply to this discussion we are having.
EDIT:
Ok i might have missed something - in an outgoing transaction .. do i specify which incoming transaction is used to "spend" my btc?
Yes. Or more specifically, you specify exactly which transaction output is being spent (since a single transaction can, and often does, have more than 1 output).
So in this case A and B give a btc to C - C now has two btc which he can spend.
Actually, he has 2 distinct and separate unspent transaction outputs that he can spend.
If C now gives D a bitcoin - does C specify in the transaction WHICH transaction(s) he uses as input to give D the btc?
Yes. More specifically, he specifies WHICH transaction outputs he uses as input to supply value to the transaction. That transaction then assigns that value to one or more new outputs, at least one of which requires a signature from D.
And is this probably transparent in the blockchain? That would ofcourse change how i have to think about the whole picture.
That's what I keep telling you.