Avoiding Two Bitcoin Pitfalls

[coqui33]

First, never leave your bitcoins sitting in someone else's privkey. Second, know your own privkeys.

Never leave your bitcoins sitting in someone else's privkey. It is hearbreaking to read daily stories from people whose bitcoins were stolen from moneychanger accounts. Here is the problem. Many of you routinely trust your bank, stockbroker, or Paypal with your money. You are so used to doing this without thinking, that you leave bitcoins sitting in your account with Mtgox, CampBX, Bitfloor, or other moneychanger. This makes it likely that a thief will figure out your user-ID and password, or penetrate the moneychanger's security, and will siphon off your bitcoins. It is pointless to blame the moneychanger. Bitcoins are too new for moneychangers to have the same FDIC protection as banks, credit unions, or brokerages. It is pointless to blame the bitcoin protocol, the miners, or the developers. The bitcoin concept makes you alone responsible for your money.

The bitcoin concept pivots on the breakthrough idea that everyone is capable of receiving, storing, and sending money on his or her own without interference by anyone else. If you embrace the concept and accept the responsibility, you will transfer bitcoins away from the moneychanger to your own address within seconds after buying them. If you do this, and keep your privkey secret from anyone else, it will be impossible for anyone to steal your bitcoins. Bitcoins that you leave in a moneychanger account are sitting in the moneychanger's privkey. Again, never leave your bitcoins sitting in someone else's privkey.

Second, know your own privkeys. By now you should understand that bitcoins are not stored in your wallet. They are not in your computer, nor on its hard drive, nor on a flashdrive. Your bitcoins are in "the cloud". You can spend them only by knowing their privkey and loading that privkey into "sending" software. The "sending" software transfers the coins from your privkey in the cloud to someone else's address in the cloud. Which brand of sending software you use is unimportant. Whether the sending sofware contains the blockchain or uses a server is unimportant. Whether the sending software resides on your computer, tablet, smartphone, or on someone's website is unimportant. The only thing that is important is that you should know your own privkeys. If you know your privkeys, you can spend your bitcoins even if your house burns to the ground. If you do not know your own privkeys, your money is lost forever. A wallet is nothing more than a handy place to hold a copy of your privkeys. There is nothing wrong with storing your privkeys in a wallet (as well as in eight or nine other secret places). But to store your privkeys in a wallet instead of knowing them is the height of foolishness. If you know your privkeys and lose your wallet, you can simply import them into a new wallet. But if you lose your wallet and do not know the privkeys that it held, your money is lost forever. Again, know your own privkeys.

[1714109740]

1714109740

[1714109740]

1714109740

[1714109740]

1714109740

[1714109740]

1714109740

[True___Blue]

So how do I find out what my Bitcoins privkeys are?

[ThreeJay]

Thanks, that actually heightened my understanding. Will go to figure out my privKeys.. 

[wpk]

Sorry, but that story is completely unreadable. Never heard of privkeys too. But I'm glad you do.

[Solaarian]

I am thinking that the privkey is short hand for private key - a cryptographic term.   There is a good explanation on the Wiki here:  https://en.bitcoin.it/wiki/Private_key.  Basically if someone has your private key they can access and spend your BTC.

[Gabi]

If you don't know what a private key is, please don't use bitcoin.

[Moonchopper]

Is the wallet address considered the public key in this regard?

[DannyHamilton]

So how do I find out what my Bitcoins privkeys are?

That depends on how you got your bitcoin address.

Sorry, but that story is completely unreadable. Never heard of privkeys too. But I'm glad you do.

Unreadable?  It seemed to use well formed sentences with proper capitalization and punctuation.  I'd expect anyone who completed 9th grade to be able to read it.
privKeys is an abbriviation of "private keys".  Most wallets hide the private keys from you.  It isn't necessarily needed for you to "know your own privKeys", but it is important for you to understand the wallet you've chosen well enough to know what needs to be backed up in order to restore the wallet in case of disaster.  As an example, with the Bitcoin-Qt wallet, the private keys are stored in a file named wallet.dat.  As long as you have a recent undamaged copy of this file accessible, you can restore your wallet.  If this file isn't protected, and someone else gains access to it, then they can restore your wallet and spend your bitcoins without your authorization.

Is the wallet address considered the public key in this regard?

The bitcoin address is actually a hash of the public key.  There is no need to know the actual public key, the wallet software takes care of that for you.  Note that for most bitcoin wallets, there is no such thing as a "wallet address".  A wallet can have multiple addresses.  Each address is a "bitcoin address".

[ChuckSteinmetz]

Is the wallet address considered the public key in this regard?

A wallet address is a hash of the public key and it starts with 1.

[oda.krell]

The following is a big newbie question, I am aware. Don't judge me, k?

If I never mined bitcoins, and never installed a bitcoin client, but I *did* sign up on of the exchanges (say mtgox), do I still have a wallet? Or are the bitcoins I buy on an exchange stored in some kind of "proprietary" wallet of the exchange I signed up for?

[Moonchopper]

Ahh, thank you for the response. So a wallet is basically just a way of keeping track of the addresses - those addresses are essentially in no way tied together - other than who 'owns' them. Would that be a correct statement?

[Undercover]

Coqui33 thanks for your post, it was very informative, but as a newbie I still have lots of questions.  Part of the confusion is that the term Bitcoin often refers to a fraction of a Bitcoin.  Santoshi's article states "We define an electronic coin as a chain of digital signatures.". How does that chain of digital signatures get stored in a wallet?  Each time a coin (or fraction thereof) a new block is added to chain.  Does that mean the digital signatures get longer and longer?  A block in the chain contains the addresses of both parties.  Are those public addresses which correspond to private addresses?  Are those private addresses the privkeys you refer to?  Do I have privkeys for every bitcoin ( or fraction thereof) I receive?  Should I consolidate them by doing a transaction to myself.

I apologize for so many questions.  Thanks for any replies.

[DannyHamilton]

The following is a big newbie question, I am aware. Don't judge me, k?

If I never mined bitcoins, and never installed a bitcoin client, but I *did* sign up on of the exchanges (say mtgox), do I still have a wallet? Or are the bitcoins I buy on an exchange stored in some kind of "proprietary" wallet of the exchange I signed up for?

The bitcoins are in a "proprietary" wallet of the exchange you signed up for.  You are trusting them to hold on to those bitcoins and keep them safe for you.  You are trusting them to send those bitcoins in a timely manner to any address you ask them to in the future.  You are trusting them to still be there in the future when you want to access those bitcoins.

Here are some commonly used wallets, you can research each on your own time and determine which best suits your needs:

Paper Wallet
Armory
Bitcoin-Qt
Electrum
MultiBit
https://blockchain.info/wallet

Ahh, thank you for the response. So a wallet is basically just a way of keeping track of the addresses - those addresses are essentially in no way tied together - other than who 'owns' them. Would that be a correct statement?

Yes, that would be a correct statement.

Santoshi's Satoshi's article states "We define an electronic coin as a chain of digital signatures.". How does that chain of digital signatures get stored in a wallet?

The chain (of all digital signatures associated with all bitcoins) is stored in the blockchain.  The blockchain is a verifiable digital ledger that every full peer maintains a complete copy of.  When miners create a new block, they broadcast it and all peers add the block to their own copy of the blockchain after validating it.

Each time a coin (or fraction thereof) a new block is added to chain.  Does that mean the digital signatures get longer and longer?

Figuratively I suppose you could look at it that way.  In reality the blockchain gets longer and longer.  Each new signature just has a reference back to the location of the previous signature in the blockchain file(s).

A block in the chain contains the addresses of both parties.  Are those public addresses which correspond to private addresses?

There are not private addresses.  There are private keys.  All addresses are considered public (although the public may not know about them until you receive bitcoins at them). A transaction has a reference to the public bitcoin address of the receiving party.  Since the transaction also has a reference to the previous transaction where the sending party was the receiving party, it is possible to find the bitcoin addresses that were used by the sending party to receive the bitcoins.  The private keys are used by the wallet software to generate the digital signature required to sign over control of the value to the new address.  The private keys used for the signature are the private keys that were used to generate the bitcoin addresses where the sending party received the value that they are sending.

Are those private addresses the privkeys you refer to?

The private keys that the wallet software maintains when it generates a new bitcoin address, and uses to create digital signatures to sign over control of value received at those addresses to someone else's address, are the privkeys being referred to.

Do I have privkeys for every bitcoin ( or fraction thereof) I receive?

That depends.  If you use a new address for every transaction, then yes, you have a private key for every bitcoin (or fraction or multiple thereof) that you receive.  If on the other hand you re-use addresses multiple times, then you have less private keys.  Specifically, you have a private key for every bitcoin address that your wallet is keeping track of.

Note that, depending on the wallet software you choose to use, it is possible that your wallet has created additional addresses that it hasn't told you about and sent some of your bitcoins to those addresses as well.  This would be true of any wallet (such as Bitcoin-Qt) that generates a new address for the "change" in every transaction sent.

Should I consolidate them by doing a transaction to myself.

If you are receiving lots of transactions that are all less than 0.5 BTC (such as players of SatoshiDice encounter), then you might want to consider consolidating the outputs received before you end up with hundreds of outputs all valued at less than 0.01 BTC.

I apologize for so many questions.  Thanks for any replies.

No need to apologize.  Asking about the things you don't understand is a good way to learn.  This is the Newbie forum after all.

[oda.krell]

After reading all of this, I a) feel mildly overwhelmed and b) have two more questions:

(1) Let me see if I got one thing right: not every transaction requires a new address being created for a (fraction of a) bitcoin, e.g. shuffling around your own bitcoins won't make that necessary. However, transfering ownership of a bitcoin over to another user *does* require creation of a new address, since the private key that enables spending and the (public) address are mathematically related. Correct, yes or no?

(2) How is ownership transferred, or rather: at what point is the new owner really the owner of a bitcoin. Say user A wants to hand over a bitcoin at address X to user B. Assuming he possesses the private key of said bitcoin, he is able to initiate a transaction that basically tells the world "from now on, the bitcoin at address X will be owned by B". Right so far? This transaction needs to be verified, i.e. a certain number of peers will have to agree that A was indeed the owner of bitcoin X, and that A hasn't spent X already. Let's say the transaction is confirmed. But now what? How is user B made the owner of bitcoin X? Does the network generate a new private key (and address) for bitcoin X, now called X', and transfers this private key secretely to user B? Is that (approximately) how it works?

[DannyHamilton]

(1) Let me see if I got one thing right: not every transaction requires a new address being created for a (fraction of a) bitcoin, e.g. shuffling around your own bitcoins won't make that necessary. However, transfering ownership of a bitcoin over to another user *does* require creation of a new address, since the private key that enables spending and the (public) address are mathematically related. Correct, yes or no?

Transferring ownership over to another user only requires a "new" address on the receiver's part if the receiver is choosing not to re-use an address that they've used before.  It is recommended that you generate a new address every time you receive bitcoins, but it isn't required.  There is no need to create a new address when sending bitcoin, but since there is usually some "change" involved, the Bitcoin-Qt wallet (and some other wallets) automatically create a new address for that change.  Bitcoin-Qt hides that address from you, but continues to track the private key and bitcoins associated with it for you.

(2) How is ownership transferred, or rather: at what point is the new owner really the owner of a bitcoin. Say user A wants to hand over a bitcoin at address X to user B. Assuming he possesses the private key of said bitcoin, he is able to initiate a transaction that basically tells the world "from now on, the bitcoin at address X will be owned by B". Right so far?

We are dealing with abstractions here, so as an analogy what youa re saying is fine so far. In reality there is no thing called "a bitcoin".  There is no magical string of numbers that anyone can point to and say "that's a bitcoin".  What you really have is an output that has a value associated with it.  What you spend is the entire output, there is no way in bitcoin to partially spend an output.

So lets say someone sent you 5 BTC and this is the only bitcoin you've ever received.  What exists in the blockchain is a transaction that has some inputs (we'll get to those in a minute), and one or more outputs.  At least one of those outputs will have a data field called "value" that will have 500000000 in it (all values are stored as integers and represented as "Satoshi's").  That output will also have a data field that has your bitcoin address in it.  This output makes it clear to the entire world that 5 BTC of value can only be transferred to another address (or addresses) if a digital signature is supplied by the private key that is mathematically linked to your bitcoin address.

Now say you want to send 2 BTC to someone else.  Your wallet will create a transaction with one input (since you only have one output right now).  That input will have a data field that will contain a reference to the output that you received.  It will also contain a digital signature created with the your private key associated with the receiving address you had used.  The transaction will have 2 outputs.  One will have 200000000 in the "value" field, and the receiving bitcoin address supplied by the person you are sending to.  The other output will have a 300000000 in the "value" field, and a bitcoin receiving address from your wallet (to send this "change" back into your wallet as a new unspent output).  Depending on the wallet you choose to use, that receiving address may be "new", or it may be one that was already in the wallet.

This transaction needs to be verified,

Every peer that receives the transaction will verify it and will refuse to relay it if it is invalid.  It won't make it out of your wallet if it doesn't pass verification.

a certain number of peers will have to agree that A was indeed the owner of bitcoin X, and that A hasn't spent X already.

No.  Not "a certain number".  Either it is valid and peers will relay it, or it isn't and it won't be relayed.

Let's say the transaction is confirmed.

Confirmation is different than validation.  Confirmation is done by miners and consists of adding the transaction to the blockchain.

But now what? How is user B made the owner of bitcoin X?

He is the owner by nature of the fact that the output can't be spent without supplying a signature created from a private key that only user B's wallet should have.

Does the network generate a new private key (and address) for bitcoin X, now called X', and transfers this private key secretely to user B? Is that (approximately) how it works?

No. User B's wallet first generates the private key.  Then it generates the bitcoin address from the private key.  Then user B supplies you with their receiving address.  Nobody and nothing except user B's wallet knows what the private key is.  Each private key has exactly one bitcoin address.  If anyone else has that same private key, they can generate the same bitcoin address.

[SalehCoder]

Thanks

[oda.krell]

Thanks. Extremely interesting and very accessible the way you explain it. If you're not tired of my questions yet, could you explain what validation is vs what confirmation is (I used both terms interchangeable, and therefore incorrect, as it seems)

[KarmaShark]

Thanks for hammering this message through to the newbies. I will be putting my crypto into cold storage soon with the private keys safely stored away in multiple places.

[DannyHamilton]

Thanks. Extremely interesting and very accessible the way you explain it. If you're not tired of my questions yet, could you explain what validation is vs what confirmation is (I used both terms interchangeable, and therefore incorrect, as it seems)

I'm not sure if there is a generally recognized meaning for "validation" and/or "verification", but the way I typically see them used:

"validation" and "verification" tend to be used interchangeably.  Every peer makes sure that anything they accept and relay (such as transactions and blocks) meet certain minimum requirements.  I'm not sure what the entire list of requirements is, but some of the key points are:

• A reference hash is supplied for each input
• A proper scriptSig is supplied for each input
• None of the inputs have been spent in the blockchain yet.
• None of the inputs have been spent in a currently known unconfirmed transaction.
• The sum of the "values" of the inputs is greater than or equal to the sum of the "values" of the outputs
• The transaction has the appropriate fee if necessary

If any of these verifications fails, the transaction won't be accepted by the peer and therefore won't be relayed to any other peers.

The first "confirmation" is the act of a miner broadcasting a properly solved block that includes the transaction.  Any peer that has a conflicting transaction in their list of "unconfirmed" transactions will accept the "confirmed" transaction as "official" and will remove the conflicting transaction from its memory.

Additional "confirmations" simply mean that additional blocks have been added to the blockchain after the block that contains the transaction.

[True___Blue]

Holly shit. I've been trading these things for about two weeks now, and this thread is the first concise but still somewhat detailed explanation of bitcoins and transactions that I have seen. Thank you. This has really helped me.