Blockchain weaknesses, how does bitcoin solve/protect against it ?

[DannyHamilton]

If an attacker modifies a block that block now needs to be "signed" w/ a hash."

Simple question, why? 

Is there some entity or centralized verifier somewhere that holds the key or algorithm to knowing when a transaction entry/hash is valid/invalid?  If the problem was simpler, conflicts between chains that could not be resolved, or massive deletions of transactions from the chain, is there a reference point somewhere that says "ok I'm the big guy in charge, copy from me to restore order". Break it down for me.

Every transaction and every block is verified by every full node on the entire peer-to-peer network.

If a transaction isn't valid, then none of the nodes will relay it and miners won't try to add it to the blocks they are mining.
If a block isn't valid, then none of the nodes will add it to their blockchain or relay it.

By adding a proof-of-work to this system, the entire network is able to reach a consensus on the ordering of transactions and blocks without a centralized entity to verify or timestamp anything.

[1714912065]

1714912065

[1714912065]

1714912065

[1714912065]

1714912065

[Terikan]

If an attacker modifies a block that block now needs to be "signed" w/ a hash."

Simple question, why? 

Is there some entity or centralized verifier somewhere that holds the key or algorithm to knowing when a transaction entry/hash is valid/invalid?  If the problem was simpler, conflicts between chains that could not be resolved, or massive deletions of transactions from the chain, is there a reference point somewhere that says "ok I'm the big guy in charge, copy from me to restore order". Break it down for me.

Every transaction and every block is verified by every full node on the entire peer-to-peer network.

If a transaction isn't valid, then none of the nodes will relay it and miners won't try to add it to the blocks they are mining.
If a block isn't valid, then none of the nodes will add it to their blockchain or relay it.

By adding a proof-of-work to this system, the entire network is able to reach a consensus on the ordering of transactions and blocks without a centralized entity to verify or timestamp anything.

I've read this vague answer a few times, so it just isn't entirely clear how that would prevent anything.   I've read the proof of work page on the wiki, it doesn't shed any light on it.  You have this network of nodes that store a file or filesystem of data called the block chain, if I've gotten anything wrong so far, then I must really need a dummy explanation. 

When people accept a bitcoin as a form of payment, where does their validation query go to ensure the address has that fund, and then where do they send the transfer info so that it then gets added to the block chain?  No central server or main node?  Then where? 

Whatever the answer is, how does anyone know if something has been altered on the block chain via node-side malware?  With every transaction is it checked against others copies?  If so how many?  How does it decide what to verify it against.  Which copies take precedence when two block chains are different?

Hopefully I actually sound really stupid and someone can point out where I can read a better understanding of how it all works.  It doesn't have to get that technical, if it's secure it can be made understandable on a conceptual level.   Let me come back to one thing:

"Every transaction and every block is verified by every full node on the entire peer-to-peer network."

My understanding was that every miner has a full copy.  My question is how every transaction and block is verified, if the ones doing the verifying are the ones under attack by theoretical malware (or possibly transaction spoofing where an exploit in the software is found), then how can you trust their verification?  A compromised computer could tell you that 3+4=17 if so ordered to.  And if there are compromised nodes with altered data (but not randomly altered, all compromised blocks match and confirm each other), then how is such a scenario resolved? 

And when a significant % of nodes get compromised, and payment processors are trying to do business during such a situation, which nodes are going to be providing them with verification of funds etc?

[DannyHamilton]

I've read this vague answer a few times, so it just isn't entirely clear how that would prevent anything.   I've read the proof of work page on the wiki, it doesn't shed any light on it.  You have this network of nodes that store a file or filesystem of data called the block chain, if I've gotten anything wrong so far, then I must really need a dummy explanation. 

So far, so good.  Nothing there that I can see that's wrong yet.

When people accept a bitcoin as a form of payment, where does their validation query go to ensure the address has that fund, and then where do they send the transfer info so that it then gets added to the block chain?

When a person sends bitcoin as a form of payment, the transaction is sent to each peer that they are connected to. Each of those peers validates the transaction before relaying it to each peer that they are connected to.  Each of those peers validates the transaction before relaying it to each peer that they are connected to, and so on, and so on until almost every node on the network is aware of the transaction.

Each node verifies that the appropriate signatures have been provided and compares the transaction to the history of transactions that they already know about to make sure that the funds being spent are previously unspent.  If the receiver is running a full node (such as Bitcoin-Qt, then their software does the same when it hears about the transaction from any of the peers that it is connected to.

No central server or main node?

No.

Then where? 

Their own knowledge of the entire history of bitcoin transactions.

Whatever the answer is, how does anyone know if something has been altered on the block chain via node-side malware?

You would have to alter the blockchain on every node on the entire network. Otherwise, it would become quickly obvious that your copy of the blockchain didn't match your peers. All you'd have to do then is regenerate your blockchain and any invalid transactions would become immediately identifiable since the hash wouldn't match.

With every transaction is it checked against others copies?

Yes.

If so how many?

All of them.

How does it decide what to verify it against.

It verifies it against the UTXO set that it is aware of.

Which copies take precedence when two block chains are different?

Each node compares against it's own copy.

Hopefully I actually sound really stupid and someone can point out where I can read a better understanding of how it all works.

Have you read the "Satoshi Whitepaper" yet?  Do you at least understand the concepts of a hash and a digital signature?

My understanding was that every miner has a full copy.  My question is how every transaction and block is verified, if the ones doing the verifying are the ones under attack by theoretical malware (or possibly transaction spoofing where an exploit in the software is found), then how can you trust their verification?

Every miner has a full copy.  Every full node also has a full copy.

If malware was created that could simultaneously alter every copy of the blockchain in existence in exactly the same way, I suppose it would be possible to destroy some information from the blockchain.  However, there are people who keep copies of the blockchain offline.  There are copies on multiple operating systems, both on and offline all over the world.  It would be exceedingly difficult to damage them all in an identical way simultaneously.

A compromised computer could tell you that 3+4=17 if so ordered to.  And if there are compromised nodes with altered data (but not randomly altered, all compromised blocks match and confirm each other), then how is such a scenario resolved?

In order to create blocks that "match and confirm each other", the attacker would have to generate an appropriate proof-of-work.  Since each block includes the hash of the block before, it would be necessary to complete more proof-of-work than the entire honest network.  This is often known as a 51% attack (since it requires the attacker to have more than 50% of the entire netowrk's hashing power to reliably accomplish it for an extended period of time).  In this case, the blocks broadcast by the attacker are considered valid (as long as they only include valid transactions that spend unspent transaction outputs and have appropriate signatures).

And when a significant % of nodes get compromised, and payment processors are trying to do business during such a situation, which nodes are going to be providing them with verification of funds etc?

I don't understand the question.

[Terikan]

Sadly I don't really have any answers yet.  Just more of "it verifies against other copies".  Not that I don't appreciate, and maybe I'm just too dense for this.  But let me give it another try.

"When a person sends bitcoin as a form of payment, the transaction is sent to each peer that they are connected to. Each of those peers validates the transaction before relaying it to each peer that they are connected to.  Each of those peers validates the transaction before relaying it to each peer that they are connected to, and so on, and so on until almost every node on the network is aware of the transaction."

How many peers are we talking about?  If one peer reports the transaction is invalid, but 4 say it's valid, what then?  Is it majority decision, or does it have to be 100%?

"Each node verifies that the appropriate signatures have been provided and compares the transaction to the history of transactions that they already know about to make sure that the funds being spent are previously unspent.  If the receiver is running a full node (such as Bitcoin-Qt, then their software does the same when it hears about the transaction from any of the peers that it is connected to."

Is the signature something different from the public key, private key, address?

"You would have to alter the blockchain on every node on the entire network. Otherwise, it would become quickly obvious that your copy of the blockchain didn't match your peers. All you'd have to do then is regenerate your blockchain and any invalid transactions would become immediately identifiable since the hash wouldn't match."

This is important.  Yes, it's given that your copy would not match peers.  But not just yours, many others, all not matching each other.  I'm assuming that if malware had compromised a node or miner, that it would not longer be capable of detecting bad hashes.  It would tell you that yours is fine.  Uncompromised nodes wouldn't agree, but what then?  Retailers might still be connected to compromised nodes that could tell them whatever the malware wanted right?  

Or even worse, if the node software on the payment gateway were compromised, it might not even really reach out to other nodes, and just approve all fake transactions.  It might not directly compromise the blockchain for the overall system, but that gateway would be hosed financially.

Now about the hash.  Why can't that be faked by malware?  And further, is there private info (like private key for example) that is sent to the payment gateway that's used to generate a hash, but then isn't actually stored in the block?  If so, is that private key sent to all the nodes like the transaction to verify that the hash is correct, or can it verify that without needing the key? this might be too tedius to answer, I'll understand.

You said no central server.  I had read that bitcoin can change the way the blockchain is stored.  How would that be possible without some central server to refer to for instruction?  I seriously google every way I can "where do bitcoins come from" and read everything and I still don't get a clear answer, I assume because most media that write about it also don't understand what they are writing.  I don't get how new ones are generated, or if that involves some central resource or verification.  

"Each node compares against it's own copy."

I don't know what UTXO is.  Each node compares against it's own copy, and then what?  Does it trust it's own copy more than what other nodes tell it in case of a conflict or what?  I feel like I'm going to keep getting the same answer about hashes and verification and this ability to use these things to know whether or not a transaction is valid... when I don't understand how such a thing is possible... Maybe not impossible, but how it's infallible is what confuses me.  At one point in time, CC takers could use math to tell whether or not a credit card number was a POSSIBLE real one.  But the only way to know that it was a real one that belonged to Teri A Kan was to check a database that spelled that out for them.  I find any verification less than this hard to grasp.

I have not read the whitepaper.  

"If malware was created that could simultaneously alter every copy of the blockchain in existence in exactly the same way, I suppose it would be possible to destroy some information from the blockchain.  However, there are people who keep copies of the blockchain offline.  There are copies on multiple operating systems, both on and offline all over the world.  It would be exceedingly difficult to damage them all in an identical way simultaneously."

True, and you can't blame the system if a payment gateway infected with malware results in massive fraud, as the same can happen with banks and credit cards... with one huge exception that since bitcoin fraud victims have absolutely no recourse (assuming the gateway has protected itself through geographic locations or user agreements or both).  But once again this ability to just take the one true copy of the blockchain to fix all the incorrect ones via verification that is infallible seems to be at the heart of my confusion.

"In order to create blocks that "match and confirm each other", the attacker would have to generate an appropriate proof-of-work.  Since each block includes the hash of the block before, it would be necessary to complete more proof-of-work than the entire honest network.  This is often known as a 51% attack (since it requires the attacker to have more than 50% of the entire netowrk's hashing power to reliably accomplish it for an extended period of time).  In this case, the blocks broadcast by the attacker are considered valid (as long as they only include valid transactions that spend unspent transaction outputs and have appropriate signatures)."

This is way above me.  Uncompromised nodes would know what's wrong, but how would people know what's compromised and what's not if they don't know which nodes are compromised by hidden attacks?  And also, what if just one node another node is connected to reports back that 99999999999999 other nodes agree with it (it lies), so that it outweighs the report back from all the nodes it's connected to that are actually checking with the rest of the network?

"And when a significant % of nodes get compromised, and payment processors are trying to do business during such a situation, which nodes are going to be providing them with verification of funds etc?

I don't understand the question."

See if I can clarify.  The payment gateway communicates with several other nodes to verify right?  If X number come back saying one thing and X come back saying something else, how does that gateway know which to believe?

Thanks.

[DeathAndTaxes]

Start with this.
http://www.youtube.com/watch?v=Lx9zgZCMqXE

If you really want to understand Bitcoin at a technical level you MUST read the whitepaper.  Also a minimum level of knowledge is required.  You should know how digital signature work, what is a private key, what  a public key is and how they are used together.  You will also need to understand how hashing algorithms work and why the output is considered a random oracle.  You should understand what SHA-256, RIPEMD-160, and ECDSA are (inputs, outputs, how they are used, what they are used for). Most people will never understand Bitcoin at a technical level but trying to "know it" without basic introductory knowledge is like trying to walk into an operating room say "show me surgery" when you lack basic anatomy.

One thing you keep going making a mistake about is nodes don't have to ask other nodes if a tx (transaction) is valid.  All nodes immediately can INDEPENDENTLY verify if a tx (or block) is valid or not.  When a node relays a tx to its peers, those nodes verify the tx, not for the senders sake but because nodes in the Bitcoin network work on a no-trust basis.  They NEVER use information from other nodes until they INDEPENDENTLY verify it first.

The use of the blockchain (the UXTO is simply a subset of the blockchain which contains unspent outputs of txs), and the properties of ECDSA allows all nodes to verify if a new tx is valid without needing any input of another node.

[JoelKatz]

How many peers are we talking about?  If one peer reports the transaction is invalid, but 4 say it's valid, what then?  Is it majority decision, or does it have to be 100%?

If the transaction is valid, a peer that reported it invalid would only be lying to itself. It can't convince anyone else it's invalid.

This is important.  Yes, it's given that your copy would not match peers.  But not just yours, many others, all not matching each other.  I'm assuming that if malware had compromised a node or miner, that it would not longer be capable of detecting bad hashes.  It would tell you that yours is fine.  Uncompromised nodes wouldn't agree, but what then?  Retailers might still be connected to compromised nodes that could tell them whatever the malware wanted right?

No. Each node independently verifies everything, period. If your software is compromised, you are screwed, of course. But if someone else lies to you, you can always detect it. All the verification is mathematical -- it is based on what is said, not who says it.

Or even worse, if the node software on the payment gateway were compromised, it might not even really reach out to other nodes, and just approve all fake transactions.  It might not directly compromise the blockchain for the overall system, but that gateway would be hosed financially.

Of course. If any computer is compromised, its own operations will be screwed up for the person who operates it. But that has nothing to do with Bitcoin or the blockchain. You must make sure your own software isn't compromised, that's true of any software that does anything.

Now about the hash.  Why can't that be faked by malware?

What would make it "fake"? If it follows the mathematical rules, it is not fake. If it doesn't follow the mathematical rules, then nobody will be fooled. It really is that simple.

And further, is there private info (like private key for example) that is sent to the payment gateway that's used to generate a hash, but then isn't actually stored in the block?

What do you mean by "payment gateway"? Bitcoin transactions are public because everyone verifies them.

If so, is that private key sent to all the nodes like the transaction to verify that the hash is correct, or can it verify that without needing the key? this might be too tedius to answer, I'll understand.

The private key is not sent anywhere. It's just used the generate the signature that is included in the transaction. This signature makes the transaction comply with the mathematical rules for a validtransaction.

You said no central server.  I had read that bitcoin can change the way the blockchain is stored.  How would that be possible without some central server to refer to for instruction?

Each server stores the blockchain, thus each server can store the blockchain however it wants.

I don't know what UTXO is.  Each node compares against it's own copy, and then what?  Does it trust it's own copy more than what other nodes tell it in case of a conflict or what?

If the node itself is broken, then it can't do anything reliable. If the node is not broken, then its copy can be 100% trusted by it because it 100% checked that it complied with the mathematical rules.

I feel like I'm going to keep getting the same answer about hashes and verification and this ability to use these things to know whether or not a transaction is valid... when I don't understand how such a thing is possible... Maybe not impossible, but how it's infallible is what confuses me.  At one point in time, CC takers could use math to tell whether or not a credit card number was a POSSIBLE real one.  But the only way to know that it was a real one that belonged to Teri A Kan was to check a database that spelled that out for them.  I find any verification less than this hard to grasp.

It sounds like you don't understand enough of the basics of public key encryption for an explanation to be possible. Let me give you an imperfect analogy.

Suppose you pick two very large prime numbers and multiply them together. Call the result X. The result will be a number whose factors only you know. Now, I can tell someone "give the $50,000 to anyone who knows the two numbers that multiply to X". You can now prove perfectly that you are the recipient of the $50,000 by revealing the two numbers that multiply to X. This identification is infallible (except that you must reveal the two numbers to complete it. But that's easy to fix with small adjustments).

But once again this ability to just take the one true copy of the blockchain to fix all the incorrect ones via verification that is infallible seems to be at the heart of my confusion.

Imagine you had some rule that could compare any two blockchains and tell you which one was "greater". And say we had a rule -- the "greatest" blockchain is the valid one. Wouldn't that do it? (And, in fact, Bitcoin has such a rule. The chain that follows all the required mathematical rules that would be expected to take the greatest amount of work to generate is the valid one.)

This is way above me.  Uncompromised nodes would know what's wrong, but how would people know what's compromised and what's not if they don't know which nodes are compromised by hidden attacks?

What does "compromised" mean here? If the results follow the mathematical rules, what makes them compromised? If they don't follow the mathematical rules, what would stop people from seeing that they're compromised?

You still miss the basic concept -- a block chain is valid if, and only if, it follows certain mathematical rules. The correct blockchain, of all the valid ones, is the one with the most proof of work. All of this is easily testable by every node.

And also, what if just one node another node is connected to reports back that 99999999999999 other nodes agree with it (it lies), so that it outweighs the report back from all the nodes it's connected to that are actually checking with the rest of the network?

Each node's verification is independent. It's not based on agreement but 100% independent verification.

See if I can clarify.  The payment gateway communicates with several other nodes to verify right?  If X number come back saying one thing and X come back saying something else, how does that gateway know which to believe?

Any that violate the rules are ignored. Of those that follow the rules, the one with the greatest proof of work is believed. That covers every case except the case where every node is lying.

[DannyHamilton]

"When a person sends bitcoin as a form of payment, the transaction is sent to each peer that they are connected to. Each of those peers validates the transaction before relaying it to each peer that they are connected to.  Each of those peers validates the transaction before relaying it to each peer that they are connected to, and so on, and so on until almost every node on the network is aware of the transaction."

How many peers are we talking about?

All of them.

If one peer reports the transaction is invalid, but 4 say it's valid, what then?

Then the 4 will relay it to their peers, and the 1 won't.

Is it majority decision, or does it have to be 100%?

Every node decides for itself if it will relay or not.

"Each node verifies that the appropriate signatures have been provided and compares the transaction to the history of transactions that they already know about to make sure that the funds being spent are previously unspent.  If the receiver is running a full node (such as Bitcoin-Qt, then their software does the same when it hears about the transaction from any of the peers that it is connected to."

Is the signature something different from the public key, private key, address?

Yes.  It is something different from the public key, private key, and address. And if you don't understand what a signature is or how it works, then you aren't going to understand bitcoin.  You might as well be saying, "I have no idea how an internal combustion engine works, and I don't really want to bother learning about it.  Can someone just tell me why putting gasoline into the tank of my car makes it so the wheels can turn when I press the accelerator?"

"You would have to alter the blockchain on every node on the entire network. Otherwise, it would become quickly obvious that your copy of the blockchain didn't match your peers. All you'd have to do then is regenerate your blockchain and any invalid transactions would become immediately identifiable since the hash wouldn't match."

This is important.  Yes, it's given that your copy would not match peers.  But not just yours, many others, all not matching each other.  I'm assuming that if malware had compromised a node or miner, that it would not longer be capable of detecting bad hashes.  It would tell you that yours is fine.  Uncompromised nodes wouldn't agree, but what then?  Retailers might still be connected to compromised nodes that could tell them whatever the malware wanted right?

Assuming the retailer is running an uncompromised node, they will be able to distinguish between the valid and invalid hashes.

Or even worse, if the node software on the payment gateway were compromised, it might not even really reach out to other nodes, and just approve all fake transactions. It might not directly compromise the blockchain for the overall system, but that gateway would be hosed financially

Payment gateway? I'm not sure what you're talking about.  You do realize that bitcoin is decentralized, right?

Now about the hash.  Why can't that be faked by malware?

Because any node that isn't compromised will be able to tell that it is an invalid hash.

And further, is there private info (like private key for example) that is sent to the payment gateway that's used to generate a hash, but then isn't actually stored in the block?

There's that phrase "payment gateway" again.  I'm not sure what you're asking about.  A hash is a hash.  It's a mathematical formula.  I'm not sure what you're trying to ask.

If so, is that private key sent to all the nodes like the transaction to verify that the hash is correct, or can it verify that without needing the key? this might be too tedius to answer, I'll understand.

A hash is a mathematical formula applied to a set of data.  Since the hash is a standard well known formula, any node can verify the result of the hash.

You said no central server.  I had read that bitcoin can change the way the blockchain is stored.  How would that be possible without some central server to refer to for instruction?

The instructions necessary to follow the protocol are stored in the client software that every node runs.

I seriously google every way I can "where do bitcoins come from" and read everything and I still don't get a clear answer, I assume because most media that write about it also don't understand what they are writing.  I don't get how new ones are generated, or if that involves some central resource or verification.

When a miner creates a new block, they assign some value to themselves.  The protocol allows this, and all nodes are aware of the protocol, so they all allow it.  There is no central source, but every node on the network verifies that the correct value is created with each block.

"Each node compares against it's own copy."

I don't know what UTXO is.

And this is why you don't understand the overall system.  You are skipping the basics.  That isn't going to work.  If you haven't read the "Satoshi Whitepaper" yet, then please go read it before you ask any more questions.

Each node compares against it's own copy, and then what?  Does it trust it's own copy more than what other nodes tell it in case of a conflict or what?

Yes.  Bitcoin is entirely trustless.  No node trusts anything it is told by any peer.  Every node verifies everything against its own knowledge of the transaction and block history.

I feel like I'm going to keep getting the same answer about hashes and verification and this ability to use these things to know whether or not a transaction is valid... when I don't understand how such a thing is possible... Maybe not impossible, but how it's infallible is what confuses me.  At one point in time, CC takers could use math to tell whether or not a credit card number was a POSSIBLE real one.  But the only way to know that it was a real one that belonged to Teri A Kan was to check a database that spelled that out for them.  I find any verification less than this hard to grasp.

The "belongs to" part is handled by the digital signature.  Only the person who has access to the private key can generate a valid signature.  This is the nature of digital signatures.  The "what are they spending" part is handled by keeping track of every single transaction that has ever occurred, and knowing what the list of Unspent Transaction Outputs (UTxO) is. The ONLY thing that can be spent is an unspent transaction output with a valid signature.

I have not read the whitepaper.

Please don't ask anymore questions until you do.

"If malware was created that could simultaneously alter every copy of the blockchain in existence in exactly the same way, I suppose it would be possible to destroy some information from the blockchain.  However, there are people who keep copies of the blockchain offline.  There are copies on multiple operating systems, both on and offline all over the world.  It would be exceedingly difficult to damage them all in an identical way simultaneously."

True, and you can't blame the system if a payment gateway infected with malware results in massive fraud, as the same can happen with banks and credit cards...

There's that phrase again (payment gateway).  What exactly is a payment gateway in bitcoin?

"In order to create blocks that "match and confirm each other", the attacker would have to generate an appropriate proof-of-work.  Since each block includes the hash of the block before, it would be necessary to complete more proof-of-work than the entire honest network.  This is often known as a 51% attack (since it requires the attacker to have more than 50% of the entire netowrk's hashing power to reliably accomplish it for an extended period of time).  In this case, the blocks broadcast by the attacker are considered valid (as long as they only include valid transactions that spend unspent transaction outputs and have appropriate signatures)."

This is way above me.  Uncompromised nodes would know what's wrong, but how would people know what's compromised and what's not if they don't know which nodes are compromised by hidden attacks?

Because they can verify the signatures and hashes themselves.

And also, what if just one node another node is connected to reports back that 99999999999999 other nodes agree with it (it lies), so that it outweighs the report back from all the nodes it's connected to that are actually checking with the rest of the network?

No node is trusted.  Nodes aren't asked how many nodes agree with them.  Every node verifies everything it receives from any other node.

The payment gateway communicates with several other nodes to verify right?

No.  There is no payment gateway.  Each node has a complete copy of the blockchain. The node verifies for itself.

If X number come back saying one thing and X come back saying something else, how does that gateway know which to believe?

There is no believing.  The nodes verify for themselves.

[Terikan]

Thanks for the replies, this helps me a lot.  It's clear I don't understand enough, but I disagree about whether or not I should be asking questions.  Until a whitepaper was mentioned here, I had no idea such a thing existed.  Had I not asked, I still wouldn't.

"You might as well be saying, "I have no idea how an internal combustion engine works, and I don't really want to bother learning about it.  Can someone just tell me why putting gasoline into the tank of my car makes it so the wheels can turn when I press the accelerator?""

Eh, you could tell them how a combustion engine works (to my brain it's simpler than bitcoin).   Anyone interested in bitcoin expansion is going to deal with people far less knowledgeable than I, and people in general aren't going to take a programming class to understand how their currency works.  Inconvenient, I realize.  A quicker, easier method of explaining to the uninitiated why their money is safer than their Playstation Network personal information is likely going to be vital at some point.  Right now, seemingly impossible.

I thank you guys again, lots of good responses to questions coming from a less knowledgeable base.

[DannyHamilton]

Thanks for the replies, this helps me a lot.  It's clear I don't understand enough, but I disagree about whether or not I should be asking questions.

The problem isn't the asking of questions.  The problem is the making assumptions about how you think it works, and then asking how it can be secure based on those assumptions.  You are a elementary school student asking about how calculus works.  You need to get the basics first, then buil your understanding on a solid foundation.

Until a whitepaper was mentioned here, I had no idea such a thing existed.  Had I not asked, I still wouldn't.

So have you read it yet now?

"You might as well be saying, "I have no idea how an internal combustion engine works, and I don't really want to bother learning about it.  Can someone just tell me why putting gasoline into the tank of my car makes it so the wheels can turn when I press the accelerator?""

Eh, you could tell them how a combustion engine works (to my brain it's simpler than bitcoin).

Sure, but to anyone that has never been exposed to the concepts of Ideal Gas Law, pressure, combustion, torque, reduction gears, etc. Any explanation is just going to sound like magic.  And if the person is trying to tie their understanding to the concept of a horse drawn vehicle, they are simply goin to become more confused.

 Anyone interested in bitcoin expansion is going to deal with people far less knowledgeable than I, and people in general aren't going to take a programming class to understand how their currency works.  Inconvenient, I realize.  A quicker, easier method of explaining to the uninitiated why their money is safer than their Playstation Network personal information is likely going to be vital at some point.  Right now, seemingly impossible.

Those same people don't seem to have any problem using a computer without understanding binary mathematics or the physics of a semiconductor.  They use the internet without any understanding of the TCP/IP protocol.  Why will the bitcoin protocol be any different?