How the #^%$* does Bitcoin work?

[FreeMoney]

In this thread we will work out how bitcoin works and what are good ways of explaining it to normal people.

In another thread Martin posted:

Just to get this straight before I go off and do any script writing

Everyone has a balance stored in their wallet which it how much money they have, much like when you log into internet banking with any other currency. This balance can be changed by sending and receiving money in transactions. A transaction, just like normal, is money changing hands. To keep people honest and stop them spending money they don't have is the real cleverness of bitcoin. When you make a transaction you announce it to the rest of the network. They all check that this transaction is valid. In this way, the amount of money that anyone has is know by the network, and you can't spend money that you don't have (because the network would know and would deny the trasnaction). When you submit a transaction to be verified by the network not everyone can take a vote on if it is a valid transaction, that would make the system too easy to fool with a large amount of nodes all broadcasting that a fake transaction was real, instead nodes do some very difficult computational work (generating blocks), when they complete it that seals the transaction as valid. Other nodes verify this work is correct and in this way votes are limited by CPU power (which is much harder to accumulate large amounts of). Each new block buries old blocks deeper to form a chain of blocks, this makes changing older transactions even harder, so transactions become more certain as time passes. A fraud can only be carried out by generating blocks faster than the rest of the entire network and building a longer chain. When you first join the network (or after rejoining the network) you must download all the blocks generated since you left, once this is done your node can verify new blocks against the rest of the block chain.
 

[1713512449]

1713512449

[1713512449]

1713512449

[1713512449]

1713512449

[1713512449]

1713512449

[FreeMoney]

I'm a newb, so I'm looking to have my thoughts fixed.

They all check that this transaction is valid. In this way, the amount of money that anyone has is know by the network...

This makes it sound like this "John is trying to spend 45, he has 50. Go for it John."

Is that close to what is happening or is it more like this:

John selects a coin which is actually a code of some sort and tells the coin where to go, possibly splitting it and sending some change back to himself. Other nodes check the code on that coin, they do not need to check all of John's coins.

I'd like to know more about the connection between the code and the amount and how that can't be tricked. I guess this is what everyone knows? How much bitcoin is attached to each address/code? What's the right terminology?

nodes do some very difficult computational work (generating blocks), when they complete it that seals the transaction as valid. Other nodes verify this work is correct and in this way votes are limited by CPU power (which is much harder to accumulate large amounts of).

It's cool how it is like a trillion times easier to verify a valid block than to find one, that should get mentioned.

I don't know if it's right to say a transaction is "sealed" after one block. I know it's very likely to be good if it gets in one, but "sealed" is strong.

Maybe say how the client is programed to vote correctly automatically and most votes are near unanimous. Is there ever legitimate disagreement? I suppose when two valid versions are found at nearly the same time, any other way?

[theymos]

These two wiki articles explain most of the basics:
http://www.bitcoin.org/wiki/doku.php?id=address
http://www.bitcoin.org/wiki/doku.php?id=block

To send a transaction, you say:

I was the recipient of this (or these) previously-published transactions. Here's a cryptographic signature to prove it. Change the owner of x coins from my public key to this person's public key. Then they can prove that they own this transaction by making a cryptographic signature, and so on.

[bytemaster]

That is the best description of money transfer I have seen thus far.

[FreeMoney]

These two wiki articles explain most of the basics:
http://www.bitcoin.org/wiki/doku.php?id=address
http://www.bitcoin.org/wiki/doku.php?id=block

To send a transaction, you say:

I was the recipient of this (or these) previously-published transactions. Here's a cryptographic signature to prove it. Change the owner of x coins from my public key to this person's public key. Then they can prove that they own this transaction by making a cryptographic signature, and so on.

Nice, I hadn't read the address wiki.

[vess]

I might describe it as the following conversation:

Buyer: "Hey, have you heard of account 24225...21?"

Seller: ... checks ... "yup."

Buyer: "So, we both know it has like 200 BTC in it, right?"

Seller: ... checks ... "yup."

Buyer: "So, I'm in control of that account, and I'm going to prove it by transferring 180BTC to you."

Seller: "Okay. I'm in control of account 1244...231. Tell everyone that you're moving 180BTC over to it."

Buyer: "Done."
Seller: ... checks ...  "Cool, here's your stuff."


--- Meanwhile ---
The Buyer has sent out a notification that 24225..21 should have 180 BTC transfered to 1244...231 and the rest should be transfered back to 24225...21. And he's proven that he has the rights to do this because he's signed the message with the private key for 24225...21, something nobody else should be able to do.

--- Also Meanwhile ---
As blocks are generated, this transaction is verified, and included in a block. At that point, the transfer becomes 'truth' and gains 'truthiness' the more blocks are generated on top of the one creating this transaction.

-- Is it Real? --
The seller knows that even one block confirmation from a generally trustworthy source means something, but as time goes on, he hears from more and more people that the block with the transaction is part of everyone's accepted reality. At some point, the seller concludes that it's really unlikely that the payment block was faked, and he turns over the goods, or stops worrying about it.

[bytemaster]

Great explanation, but needs some visualization to help because even after reading it I had to double check my thinking.   

Items that are missing:

1) Timestamp of the transaction

2) Buyer turns to Seller B and has the same conversation
    - Seller B may or may not have seen transaction with Seller A and so still believes account 24224...21 has 200 BTC instead of 20BTC.

    - Seller B accepts the transaction tentatively until he sees his transaction posted in a block buried several deep.


Just a thought for future work:  It appears to me that with a properly designed BTC client it could "verify" that the other user is using a certified client and thus could trust that
    the client itself prevents "double spending".   Some kind of "software signing system".    This would work very well for iPhone apps which are all digitally signed by the developer.  Thus, you could trust iPhone to iPhone transactions using the same client with a high degree of confidence immediately.  This is particularly true if the only way to "transfer" money off of an iPhone is via the BTC transfer and not a wallet transfer.   

[vess]

Okay, I updated a bit on how the Seller thinks about things.

[ArtForz]

OT, but

Just a thought for future work:  It appears to me that with a properly designed BTC client it could "verify" that the other user is using a certified client and thus could trust that
    the client itself prevents "double spending".   Some kind of "software signing system".    This would work very well for iPhone apps which are all digitally signed by the developer.  Thus, you could trust iPhone to iPhone transactions using the same client with a high degree of confidence immediately.  This is particularly true if the only way to "transfer" money off of an iPhone is via the BTC transfer and not a wallet transfer.   

That's only gonna work if your platform is 100% secure from the bottom up.
Your app can't check its own signature, because someone could simply modify the check.
So the OS has to check the apps signature, but someone could modify the OS.
So the bootloader has to check the OSes signature, but someone could modify the bootloader.
So the BIOS has to check the bootloaders signature, but someone could modify the BIOS.
So the hardware itself has to check the BIOSes signature, and finally it's secure.
But if any component in the chain has a vulnerability that allows someone to modify it (at load or runtime) without getting detected by the lower level, game over.
See various console modchips/softmods, iphone unlocking, ...

[Insti]

That's only gonna work if your platform is 100% secure from the bottom up.
...
So the hardware itself has to check the BIOSes signature, and finally it's secure.

You have too much trust in hardware manufacturers.

[bytemaster]

I didn't say it was perfect.  But for 99.9% of iphone users they do not jail break their phone and install only binaries from the apple store. 

BTC is P2P and so the iPhone app could use a special iPhone2Iphone transfer of the transaction. 

If the user trusts the app developer who is known publicly and can be sued.  And knows enough about the other user to determine that they are not in the .1% of "hackers" who would even know where to begin 'hacking' an iPhone wallet you could be fairly certain that the transaction was as good as "cash".  In fact, it might be more secure than cash.  If you are trading with "hackers" vs "grandma" or in large amounts you may want to verify it with the BC network.   The key is that even though BC practically eliminates the need for trust, it doesn't mean that you cannot choose to trust.  This is particularly true if you want to pay your baby sitter or the kid next door.  Both parties know each other.

Then, each client independently transmits the transaction to the BC network when they get an opportunity to.   There is some small chance of a hacker cheating someone, but it should be far more secure than any alternative unless you are able to detect quality counterfeit bills.  Without an internet connection cash is the only option. 

[Insti]

This probably should be in it's own thread.

Hey, can you guys help verify that the below information makes sense? It's not 100% accurate, but it's designed to explain Bitcoin to non-programmers in sufficent detail so that they will trust the system. I stole a bunch of ideas from this thread and from the technical paper (but don't worry I'm going to add in a section giving credit where it is due).

Actually, I'm planning on publishing this as part of a Bitcoin article that will go out to 20K+ people soon, so I want to get it right! But they're not programmers so I'm trying to keep it simple.

Any feedback would be IMMENSELY appreciated.

-BrightAnarchist

How no-technical is your audience? My Mom wouldn't understand any of this.
I just ended up confused. (and I know how the system works!)

How does Bitcoin work?

Part 1: Digital Signatures
The foundation of Bitcoin lies with digital signatures, which are related to cryptography. Consider two people, Dick and Roberto. Dick wants to send Roberto messages over the internet, and Dick wants to be certain that nobody impersonates him. To accomplish this, Dick uses a pair of what are called asymmetric cryptographic keys. Asymmetric keys have the special property that a message encrypted using one key can only be decrypted using the other matching key.

Dick can publish one of his keys for everyone to see (his “public” key), and keep the other secret (his “private” key). Before sending a message to Roberto, he first encrypts the message using his private key. Although anyone can decrypt and read the message (because everyone can access his public key), everyone knows that Dick truly wrote the message because only he could have encrypted it using his private key. This is the basis for a digital signature.

Finally, it should be noted that real world digital signatures can also verify that the signed document has not been tampered with or modified since it was signed.

Traditionally when explaining cryptography you use Alice and Bob.
Starting with explaining asymmetric cryptography is not a good way to start.

Part 2: Neighborly Agreement
In the world of Bitcoin, every user has a wallet which contains (1) their personal public/private key pair and (2) all transactions between all Bitcoin users. A transaction is just a record of money changing hands from one Bitcoin wallet to another: it contains the public key to identify the spender, the public key of the receiver, and the amount. Additionally, the transaction is digitally signed by the spender, proving that they agreed to the transaction.

To check your current balance, you take a look at all the transactions, and add up all the ones that have been signed over to you. You can verify this balance with all of your neighbors, since everyone knows about all transactions.

To give someone money, you simply digitally sign a new transaction, and broadcast it publicly to everyone. Everyone else will audit your transaction before they accept it to be sure you have a sufficient balance. The receiver will get confirmations from auditors as they accept the transaction. In this manner, you cannot spend money that you don’t have.

People have more than 1 key pair.
This is what a bitcoin address is.
A wallet is the sum of the transactions made with an address to which you have a private key.

The block chain is independent of the wallet.

Part 3: Dealing with Dishonesty
When someone publishes a transaction to be audited by everyone else, not everyone can send confirmations to the receiver. If this were true, then it would be too easy to fool receivers if a large number of auditors were dishonest. To solve this problem, everyone who agrees with a transaction must also work together to perform a very difficult computational operation on that transaction, that when complete seals the transaction as valid.

The computational operation that must be performed on each new transaction also relates to previous old transactions, much like a stack of blocks. The tallest stack of valid, sealed transactions is regarded as “the truth”, and receivers will therefore only trust auditors with the tallest valid stack. Since it takes enormous computing power to build a valid stack, any group of dishonest users would need more computational power than all of the honest users to continue to grow and propagate a false stack of transactions.

Finally, even if a group of dishonest users managed to accumulate more processing power than all of the honest users, they would have to decide between using that power to defraud the system (thus invalidating their claim to wealth) or using it to collect legitimate transaction fees (which are earned by helping to seal transactions onto the stack). Someone who worked hard to accumulate such immense computational resources would find it more profitable to use it to earn legitimate wealth rather than destroy the currency.

This section confused me.

Part 4: Anonymity
Previously it was mentioned that each wallet has a pair of cryptographic keys. Actually, however, each wallet can contain an indefinite amount of public/private key pairs. Ideally one could use a new key pair for every single transaction. In this way, even though everyone has a record of all transactions, there is no way for them to (1) discover or track individual account balances and (2) discover the common source or destination of multiple transactions. To audit, the wallet owner merely need to prove that they own enough Bitcoins for any particular transaction, which they can do without revealing their total balance.

This section confused me too.

Overall much of what you are saying is mostly true, and I can kinda see what you're trying to do, but the whole thing just left me confused.
It's hard to tell which points you're 'simplifying' and which points you don't actually understand yourself. I suspect you understand things better than you've explained them here.

Who is your target audience?
What is your goal with this piece?
Why did you choose to explain things in the order you did?

Sections that are missing:
What is Bitcoin?
Why should I care about Bitcoin?
What is in it for me? (hint: it's not minting coins by generating blocks)

I suggest you start a new thread about this topic.
I think you've made a good start on things here, it just needs some refining.
I'd be happy to keep working on this with you.
Sorry my criticism was not more constructive.

[bytemaster]

I think your explanation was fairly accurate from a technical perspective. 

I also think that it would confuse the heck out of new users.    Given that I started the bounty in an effort to communicate "how it works" I think that that your summary is good, but it needs a better introduction. 

I would start at identifying the problem:
  1) There was a way to "pay cash" over the internet.  Only credit/check and these have high transaction costs and no privacy and risk of identity theft.
  2) I wish there was a way to be anonymous or not have to trust my personal information
  3) The government is inflating our currency and tracking and taxing our every move.
  4) Pay-pals transaction fees are very high for small purchases.
 
Then I would focus on the requirements for any solution:

  1) decentralized, hard to shutdown without shutting down the entire internet 
  2) built in prevention of currency debasement
  3) ability to backup wealth
  4) No need to trust a 3rd party
  5) ability to verify payment and prevent "double spending"

Then I would introduce the solution and explain how the solution meets all of the above requirements.

Then I would address the FAQ:
  1) Is it legal?   Money laundering?  Bearer bonds?  Negotiable instruments? 
  2) What are they currently worth?  How do I buy, sell or earn them?
  3) What can I buy with them?




 

[theymos]

I think you "simplified" too much. There are a few cases where you lied about something when first talking about it, then changed it a little later; this is very confusing.

Don't try to explain how public-key cryptography works. Just say what its properties are.

In the world of Bitcoin, every user has a wallet which contains (1) their personal public/private key pair and (2) all transactions between all Bitcoin users.

Change this to, "Every user stores (1) their personal public private key pairs...". Using "wallet" at this point is just confusing.

"Dealing with Dishonesty" explains the effects of the block chain OK, but you skip incentives. Also, generating nodes don't "work together" -- they're all working on their own separate problems and competing for the winning block. The block chain is the real innovation of Bitcoin, so I would devote a lot of time to that topic.

[BrightAnarchist]

I posted the full article to a new thread "help! Bitcoin Article to be published, please review".

Please put all comments there. I will integrate comments and refine the article, and hopefully the review/edit cycle will eventually produce a decent article.

Thanks