"When a person sends bitcoin as a form of payment, the transaction is sent to each peer that they are connected to. Each of those peers validates the transaction before relaying it to each peer that they are connected to. Each of those peers validates the transaction before relaying it to each peer that they are connected to, and so on, and so on until almost every node on the network is aware of the transaction."
How many peers are we talking about?
All of them.
If one peer reports the transaction is invalid, but 4 say it's valid, what then?
Then the 4 will relay it to their peers, and the 1 won't.
Is it majority decision, or does it have to be 100%?
Every node decides for itself if it will relay or not.
"Each node verifies that the appropriate signatures have been provided and compares the transaction to the history of transactions that they already know about to make sure that the funds being spent are previously unspent. If the receiver is running a full node (such as Bitcoin-Qt, then their software does the same when it hears about the transaction from any of the peers that it is connected to."
Is the signature something different from the public key, private key, address?
Yes. It is something different from the public key, private key, and address. And if you don't understand what a signature is or how it works, then you aren't going to understand bitcoin. You might as well be saying, "I have no idea how an internal combustion engine works, and I don't really want to bother learning about it. Can someone just tell me why putting gasoline into the tank of my car makes it so the wheels can turn when I press the accelerator?"
"You would have to alter the blockchain on every node on the entire network. Otherwise, it would become quickly obvious that your copy of the blockchain didn't match your peers. All you'd have to do then is regenerate your blockchain and any invalid transactions would become immediately identifiable since the hash wouldn't match."
This is important. Yes, it's given that your copy would not match peers. But not just yours, many others, all not matching each other. I'm assuming that if malware had compromised a node or miner, that it would not longer be capable of detecting bad hashes. It would tell you that yours is fine. Uncompromised nodes wouldn't agree, but what then? Retailers might still be connected to compromised nodes that could tell them whatever the malware wanted right?
Assuming the retailer is running an uncompromised node, they will be able to distinguish between the valid and invalid hashes.
Or even worse, if the node software on the payment gateway were compromised, it might not even really reach out to other nodes, and just approve all fake transactions. It might not directly compromise the blockchain for the overall system, but that gateway would be hosed financially
Payment gateway? I'm not sure what you're talking about. You do realize that bitcoin is decentralized, right?
Now about the hash. Why can't that be faked by malware?
Because any node that isn't compromised will be able to tell that it is an invalid hash.
And further, is there private info (like private key for example) that is sent to the payment gateway that's used to generate a hash, but then isn't actually stored in the block?
There's that phrase "payment gateway" again. I'm not sure what you're asking about. A hash is a hash. It's a mathematical formula. I'm not sure what you're trying to ask.
If so, is that private key sent to all the nodes like the transaction to verify that the hash is correct, or can it verify that without needing the key? this might be too tedius to answer, I'll understand.
A hash is a mathematical formula applied to a set of data. Since the hash is a standard well known formula, any node can verify the result of the hash.
You said no central server. I had read that bitcoin can change the way the blockchain is stored. How would that be possible without some central server to refer to for instruction?
The instructions necessary to follow the protocol are stored in the client software that every node runs.
I seriously google every way I can "where do bitcoins come from" and read everything and I still don't get a clear answer, I assume because most media that write about it also don't understand what they are writing. I don't get how new ones are generated, or if that involves some central resource or verification.
When a miner creates a new block, they assign some value to themselves. The protocol allows this, and all nodes are aware of the protocol, so they all allow it. There is no central source, but every node on the network verifies that the correct value is created with each block.
"Each node compares against it's own copy."
I don't know what UTXO is.
And this is why you don't understand the overall system. You are skipping the basics. That isn't going to work. If you haven't read the "Satoshi Whitepaper" yet, then please go read it before you ask any more questions.
Each node compares against it's own copy, and then what? Does it trust it's own copy more than what other nodes tell it in case of a conflict or what?
Yes. Bitcoin is entirely trustless. No node trusts anything it is told by any peer. Every node verifies everything against its own knowledge of the transaction and block history.
I feel like I'm going to keep getting the same answer about hashes and verification and this ability to use these things to know whether or not a transaction is valid... when I don't understand how such a thing is possible... Maybe not impossible, but how it's infallible is what confuses me. At one point in time, CC takers could use math to tell whether or not a credit card number was a POSSIBLE real one. But the only way to know that it was a real one that belonged to Teri A Kan was to check a database that spelled that out for them. I find any verification less than this hard to grasp.
The "belongs to" part is handled by the digital signature. Only the person who has access to the private key can generate a valid signature. This is the nature of digital signatures. The "what are they spending" part is handled by keeping track of every single transaction that has ever occurred, and knowing what the list of U
utputs (UTxO) is. The ONLY
thing that can be spent is an unspent transaction output with a valid signature.
I have not read the whitepaper.
Please don't ask anymore questions until you do.
"If malware was created that could simultaneously alter every copy of the blockchain in existence in exactly the same way, I suppose it would be possible to destroy some information from the blockchain. However, there are people who keep copies of the blockchain offline. There are copies on multiple operating systems, both on and offline all over the world. It would be exceedingly difficult to damage them all in an identical way simultaneously."
True, and you can't blame the system if a payment gateway infected with malware results in massive fraud, as the same can happen with banks and credit cards...
There's that phrase again (payment gateway). What exactly is a payment gateway in bitcoin?
"In order to create blocks that "match and confirm each other", the attacker would have to generate an appropriate proof-of-work. Since each block includes the hash of the block before, it would be necessary to complete more proof-of-work than the entire honest network. This is often known as a 51% attack (since it requires the attacker to have more than 50% of the entire netowrk's hashing power to reliably accomplish it for an extended period of time). In this case, the blocks broadcast by the attacker are considered valid (as long as they only include valid transactions that spend unspent transaction outputs and have appropriate signatures)."
This is way above me. Uncompromised nodes would know what's wrong, but how would people know what's compromised and what's not if they don't know which nodes are compromised by hidden attacks?
Because they can verify the signatures and hashes themselves.
And also, what if just one node another node is connected to reports back that 99999999999999 other nodes agree with it (it lies), so that it outweighs the report back from all the nodes it's connected to that are actually checking with the rest of the network?
No node is trusted. Nodes aren't asked how many nodes agree with them. Every node verifies everything it receives from any other node.
The payment gateway communicates with several other nodes to verify right?
No. There is no payment gateway. Each node has a complete copy of the blockchain. The node verifies for itself.
If X number come back saying one thing and X come back saying something else, how does that gateway know which to believe?
There is no believing. The nodes verify for themselves.