integrity of the system

[pringesgood]

where is this 'bitcoin system' stored?

in every individual's computer?  ( p2p network..)

what if there's a malicious version of this system and a large population is using this malicious version of the bitcoin system, would't that damage the system?



ok so lets say there's a fail safe that all individual computer routinely checks with the 'original system', then what if that 'original was tampered with' ?

[FreeMoney]

Really briefly there are two important parts, the blockchain and the rules (protocol)

The blockchain (currently) contains every bitcoin transaction.

Every full node has a copy of the blockchain, all you have to do to be a full node is run bitcoin-qt or similar and wait for download (from peers) and processing/checking the data they give you.

The rules are essentially enforced by ostracism, if you try to do something like spend money you don't have everyone else will just ignore you. If anyone is willing to play along, then they'll just be ignored as well.

[sounds]

FreeMoney's explanation is really good.

One thing that sometimes gets mentioned is a "51% attack," that is, if 51% of all miners suddenly decided to corrupt the bitcoin system, then the rules (protocol) would get derailed by them.

[RyNinDaCleM]

FreeMoney's explanation is really good.

One thing that sometimes gets mentioned is a "51% attack," that is, if 51% of all miners suddenly decided to corrupt the bitcoin system, then the rules (protocol) would get derailed by them.

Or if one person has 51% of the hashrate, he can then do the same, though very unlikely at this point! It would cost millions of dollars to pull it off between Hardware, electricity, development of a custom client, time... Not really worth it yet!

[Foxpup]

Transactions are stored in blocks, which are linked together in a structure called the blockchain. The blockchain is stored on everyone's computer. To prevent the blockchain from being modified, Bitcoin uses a proof-of-work system (mining). Each block requires a certain amount of computational to produce it, and it is impossible to produce a modified block without redoing that computational work. Furthermore, since each block builds on the one that came before it in the chain, modifying one block causes all the blocks that came after it to become invalid (since they're built on a block that no longer exists), so you have to redo the work for all those blocks, too.

When confronted with two conflicting blockchains, the software will accept whichever one required the most work to produce (and is not otherwise invalid, see below). In order to produce a malicious blockchain that will be accepted by the network, you have to produce malicious blocks faster than everyone else is producing good blocks (since while you're working on your malicious chain, everyone else is blissfully ignoring you and adding blocks to the good chain, forcing you to work even harder in order to keep up). To only way to do this is to have more processing power than the rest of the network combined (the 51% attack). Otherwise all your efforts will be wasted.

Also note that even if you do have this much processing power, you're still limited in what you can do with it, since proof-of-work is not the only thing that determines if a block is valid. A block which breaks the rules of Bitcoin will never be accepted (and nor will any blockchain that includes such blocks), regardless of how much work was involved. You can't create bitcoins out of thin air. You can't spend other people's coins (they're protected by public-key cryptography). Basically the only things you can do are reverse recent transactions (and, in case of your own coins only, spend those coins elsewhere to prevent the transaction being un-reversed later), and prevent other people's transactions from being confirmed.

[JoelKatz]

what if there's a malicious version of this system and a large population is using this malicious version of the bitcoin system, would't that damage the system?

If lots of people want to run a program that tells them they have a million bitcoins, more power to them. It won't hurt anyone who isn't running such a program.

ok so lets say there's a fail safe that all individual computer routinely checks with the 'original system', then what if that 'original was tampered with' ?

Unlike most other systems which determine what data is valid by who holds it or where it is held, Bitcoin has a set of objective rules for determining what data "wins" that looks only at the content of that data. So introducing bogus or nonsense data into the system does no harm. If it wins by the rules, then it's valid and not bogus or nonsense. If it loses by the rules, then it will be ignored.

If I create some chunk of data that says I have a million bitcoins, one of two things will be the case:

1) By the rules, this data is valid. In this case, I actually *do* have a million bitcoins because that's what it means to have a million bitcoins.

2) By the rules, this data is invalid. In which case, everyone will ignore this data because it's invalid. It doesn't matter who I send it to or where it's stored.

Bitcoin does *not* rely on any central authority of what is valid and what is invalid. Data is validated by objective rules that look only at the content of that data. The only exception to this is blockchain checkpoints.

The Satoshi client enforces all these rules. If sent data that doesn't comply with the rules, the client ignores it. If sent data that does comply with the rules, it accepts it. It isn't reliant on trusting some authority to tell it what data is valid or invalid.

The two vulnerabilities the system has in this area are the 51% attack (where more than half the computing power conspires to undo a transaction) and the Sybil attack (where someone cuts you off entirely from any source of data).

[DeathAndTaxes]

FreeMoney's explanation is really good.

One thing that sometimes gets mentioned is a "51% attack," that is, if 51% of all miners suddenly decided to corrupt the bitcoin system, then the rules (protocol) would get derailed by them.

Well not exactly.  With 51% of hashing power an entity has two large attacks but they can't change the rules.

a) The entity could prevent new transactions (create all empty blocks, and reject blocks from the 49%).
b) The entity could double spend transaction it created (spend coin X to address A, then recreate the block and spend it to address B)

Anything outside of that would be seen as invalid by existing nodes even if the entity had 100.0% of hashing power.

To help dispell this myth with 51% you can't:
a) change the minting rate
b) control the coins of anyone else (steal, delete, transfer them)
c) create coins out of thin air
d) modify the blockchain prior to the last checkpoint
e) (limited by amount of hashing power) replace very deep blocks above the last checkpoint.
f) approve invalid transactions
g) create invalid blocks

[DannyHamilton]

FreeMoney's explanation is really good.

One thing that sometimes gets mentioned is a "51% attack," that is, if 51% of all miners suddenly decided to corrupt the bitcoin system, then the rules (protocol) would get derailed by them.

Well not exactly.  With 51% of hashing power an entity has two large attacks but they can't change the rules.

a) The entity could prevent new transactions (create all empty blocks, and reject blocks from the 49%).
b) The entity could double spend transaction it created (spend coin X to address A, then recreate the block and spend it to address B)
c) Mine 100% of all new bitcoins for themselves.

Anything outside of that would be seen as invalid by existing nodes even if the entity had 100.0% of hashing power.

To help dispell this myth with 51% you can't:
a) change the minting rate
b) control the coins of anyone else (steal, delete, transfer them)
c) create coins out of thin air
d) modify the blockchain prior to the last checkpoint
e) (limited by amount of hashing power) replace very deep blocks above the last checkpoint.
f) approve invalid transactions
g) create invalid blocks

FTFY :-)

[JoelKatz]

To help dispell this myth with 51% you can't:
a) change the minting rate
b) control the coins of anyone else (steal, delete, transfer them)
c) create coins out of thin air
d) modify the blockchain prior to the last checkpoint
e) (limited by amount of hashing power) replace very deep blocks above the last checkpoint.
f) approve invalid transactions
g) create invalid blocks

I don't completely agree.

a) You can somewhat change the minting rate by falsifying the timestamps of your blocks.

b) You can control the coins of other people by changing an old transaction that indirectly gave them those coins in the first place. You could probably put yourself in the path of a significant number of coins by alternately withdrawing and depositing from a site like Mt. Gox.

e) If you have 51% of the hashing power, you can modify transactions right at the last checkpoint. You just start mining your own chain right at that checkpoint and yours will always be longer.