If you think you can improve or add to this please do.
I've been reading quite a bit on bitcoin which is an incredibly fascinating digital currency and very different to the other digital currencies available. I'm trying to wrap my head around how the mining process works. Are you able to please explain it to me in a very dumbed down way?
Also, I've been reading nakamoto's paper on bitcoin and was wondering if you knew what the following meant:
- nodes
- hash
- zero bits
- proof-of-work
Here is some brief background to help with the understanding.
The bitcoin network is essentially a shared log of all the transactions ever made (this log is known as the blockchain, but I will refer to it as the log, since I found lingo to be a serious hindrance to my own initial understanding). By adding up all the cumulative transactions since the beginning of time, the current balance of each person can be determined (much like how your regular bank account works). If you can easily change previous entries in this log, you can easily change your balance, so the purpose of mining is to make it infeasible for any individual to artificially alter this log.
There are really two challenges that mining solves - making the log unchangeable, and allowing a group of potentially untrusted computers to arrive at an agreement about what the current state of the log should be.
1) Mining to make the log unchangeable - ie making the log secure
For your google, 'proof of work' is the key to how this works (explained later in this email).
Miners all have an agreed-upon version of the log on their computer which they have downloaded via the p2p network. When a new transaction is broadcast on the network, it needs to be added to the log. The idea of mining is to make adding the new transaction simple but to make changing old transactions difficult. To achieve this, miners perform a specific calculation on 'the soon-to-be future version the log'.
The miner is seeking a specific piece of random data (aka a nonce). They add this random piece of data to the existing log, plus any new transactions, and do a calculation on that data (the calculation is known as a 'hash'). The aim is for the calculation to give an answer which is less than a specific value (know as a 'target') set by the network. When the miner finds the random piece of data that leads to the answer being suitable, they announce their finding to the network and the network verifies that indeed that piece of information gives the result desired, and those transactions are added to everyone's log. This requires some deeper explanation, and a tangent.
Hashing is the process of taking a piece of data and creating a 'fingerprint' for this data. The fingerprint is known as a 'hash'. You can pretty-much substitute 'hash' with 'fingerprint' throughout this document. You can hash a piece of text, a file, a number, a database - any piece of data. The main thing about a hash is that the content of the hash will be different for different pieces of data, but every hash is the same size. For example, the hash of 'test' is 098f6bcd4621d373cade4e832627b4f6 and the hash of 'Test' (capital t) is 0cbc6611f5540bd0809a388dc95a615b - completely different despite only a small change in the input, but both the same length. (Although these hashes have letters, they are actually numbers in base16, aka hex format. a=10, b=11, c=12 ... - hex numbers can be converted to regular base10 decimal numbers trivially, but base16 is friendlier to computers... I badly want to geek out about hashes here but it's a bit tangential so you'll have to ask me if you want that kinda info). Another thing about hashes is if someone gives you a hash, you can't easily say what original data resulted in that hash, but if you have the original data, calculating the hash is very easy. This property leads to the hash being known as a 'one-way function'. This 'one-way'-ness is very important for mining. Note that in this example I hashed 'test', which is a tiny piece of data, but bitcoin miners are hashing the entire bitcoin history, which is several gigabytes of data.
Back to the topic - what miners do is calculate the hash of the old transactions (the log), plus the new ones, plus some random data. They look at the number which results from the hash (it's completely unpredictable what that value will be) and see if it's less than a certain value set by the network. If it is, it means that (statistically speaking) there has been a certain minimum amount of calculation that has been undertaken to reach that result. This is the 'proof' of work. An example:
I am a miner. I perform one of these hashes on the old log + new transactions + a random piece of data and it gives me the number 1000. The network says I need to find a result which is less than 200. It won't accept my result, so these new transactions cannot be added to the network yet. I do another hash with a new random piece of data. The result is 777. Still not low enough. I try a hashing a third, fourth, fifth random piece of data, with no luck, but my sixth piece of random data I get the value 160. The random value I used to get 160 is announced to the network, and after others on the network confirm the result, the network accepts my solution and the new transactions are added to the old log. The fact I am able to provide this random number is 'proof' that at least a minimum number of calculations has been performed. The network knows this because for a hash to give a result less than 200 will take, on average, a certain number of calculations. Of course the numbers in mining are ridiculously large, but this example highlights the principle. Sometimes the next result will be found very quickly, sometimes it takes a long time to find. But in the long run, it all averages out. On the bitcoin network these random values are found approximately every ten minutes.
This is where the 'one-way function' property of the hash comes in. Miners know what they want the result of the hash to be; the network has told them - in the example above the result must be less than 200 - but they can't easily work out what the random portion of the data should be by 'reversing' the hash. They just have to guess the random part over and over until they find a suitable random portion that hashes to the less than the value required by the network.
The problem now is, if more people start hashing, successful hashes will be found much more quickly. (Why this is a problem is something I can answer later if you want). To account for this the network adjusts the minimum value required so that solutions are found by miners roughly every ten minutes, regardless if it's a few guys mining on their pcs or if it's governments using their crazy supercomputers. Another example:
The hash that the network in this example uses leads to results between 0 to 9999. The minimum value required by the network to accept a 'proof' is 9000. It's pretty easy to find a hash that is less than 9000. On my own, I could find the random piece of information to give me the right hash every ten minutes. But then fifty more people start calculating hashes on the network, and new solutions can be found every fifteen seconds. The network notices this speed up and adjusts the target value to be less than 6000. Now it takes me a lot longer as an individual to find the value, but because there are more people performing the computation, it still takes on average ten minutes to find the value. The bitcoin network does this adjustment (known as a 'retarget') after 2016 hashes have been solved ('solving a hash' is known as 'finding a block'), which is about every two weeks. This is one of the mechanisms which allows anyone to take part in securing the network, or to stop taking part without compromising the security.
So apparently this hash / proof of work thing is a way to ensure transactions are only added to the network at a certain rate. But it does much more than that. Because the result of the hash changes depending on what the inputs are, if someone uses an altered history from what everyone else is using, their history + new transactions + random value hash won't be the same as everyone else's, and their random value will be rejected even if they think it's a good value (ie there is no purpose to them mining). Because the log is cumulative, and a certain minimum amount of computation has gone into building that log up, to change it would require more computation power than what the miners are putting into it, which is a lot (far more than any individual would realistically have - this concept has been horribly simplified but it gets the idea across).
We have arrived at one of the purposes of mining - the log cannot be easily changed.
2) Allow untrusted computers to share a common log
The point above showed that malicious miners cannot use an altered history because it would affect their hash. This requires some more explaining.
Users of bitcoin would only ever aim to potentially alter their own transactions from the log, eg to say that the transaction they made five days ago never happened. Mining prevents this from happening (known as a 'double-spend').
Say I have a transaction in the log which is one day old, where I sent someone 100 bitcoins. I want to change that transaction from having sent 100 bitcoin to having sent 0.1 bitcoin (or even completely remove the transaction). If I can do this, the person I sent 100 btc to yesterday would now have only 0.1, and I would have regained 99.9 bitcoin. To understand how to do this and why it's hard, a tangent must be taken, regarding how the 'correct' version of the history is determined.
The network decides which history is valid by a very simple rule - it takes the longest history and uses that. And by longest I mean the one with the most transactions (even that is simplified, but essentially good enough). So for me to change a transaction from one day ago, I can't just cut the last days transactions because the network would reject my history for being too short. I must provide the network with a modified history that is at least as long as the current history. To do that, I would have to have had enough computation to recalculate any transactions after the modified one up to the present moment, thus making my history longer than the currently accepted one, despite containing a fraudulent transaction from a day ago. To achieve this is computationally and economically infeasible. The older the transaction, the harder it becomes to change. Hopefully you can begin to see that the 'cutting edge' of the log is a fairly tumultuous place, and that the explanation given here is indeed fairly simple.
This demonstrates how mining prevents malicious users from altering the history and allows untrusted people to maintain and agree on a common piece of data that is continually changing. You can see that if miners stopped performing their computation then it becomes easier for a malicious user to be able to alter the log.
3) A bonus purpose of mining is as a way to distribute the currency. When a miner finds that random piece of information and contributes to the log, they're given brand new coins by the network. This is their reward for securing the log. And it solves that simple yet necessary problem of who to give the coins to and how to initially distribute it. It made me stop for a moment when I learned this and ask how do current printers of money deal with the initial distribution... something I had not previously considered.
Now, for the words you wanted clarified -
Nodes:
A node is a computer running the bitcoin software. Some (most) nodes simply store the log and don't do any work on it. They receive new transactions and pass them on to other computers on the network (known as 'relaying a transaction'). You might say this is one of the significant parts of the p2p portion of the network, along with p2p sharing of the log itself. Some nodes perform the computation I talked about, known as mining. Any node can mine for bitcoin, ie add transactions to the log, the person just has to tell the software to start mining. But most nodes do not mine. Any time you are running the bitcoin software, you are a node on the bitcoin network.
- hash
Explained above - essentially a digital fingerprint for a piece of data.
- zero bits
Not sure your level of understanding of computers so I will explain it in full. A number on a computer is a binary value, a series of 0s and 1s. For example, the number 5 in binary is 101. 5 is a 'three bit' binary number. Another example, 128 is an eight bit binary number - 10000000. You can open your calculator and change it to programming mode, and go from binary to decimal if you want to better grasp this. But I'm pretty sure you know binary! The point here is that 'bits' is the length of a number in binary format.
A zero bit is any bit that has zero in it. For the purpose of bitcoin, leading zero-bits are of interest. Consider the number 0001 in binary. This is simply the number 1, but with three leading zero bits.
Remember how a hash is 'fixed-length' number? This means it's possible to have a hash which has the first part of it as zero. In normal decimal maths, the leading zero is ignored, but because hashes are a fixed length, the leading zero is included in the number.
Also remember the network requires the output of a hash to be less than a certain value for it to be considered valid? You can see how miners would be interested in how many leading zero bits are in the result of their hash, because that determines how small the value is. eg a hash that results in 1000 is quite large, but a hash that results in 0001 is quite small.
In other words, the number of leading zero bits determines how small a number is.
- proof-of-work
Outlined above, proof of work is a system that proves, statistically speaking, that a certain amount of computation has been performed.
