Bitcoin is an incredibly well thought out system, but understanding it all can feel overwhelming at first. This post covers what’s going on under the hood every step of the way, from creating a wallet to sending bitcoins.
Creating a Wallet
When you create a wallet, a new Bitcoin address and key pair are created automatically for you. Every Bitcoin wallet has one or more Bitcoin addresses associated with it, and every address has a set of cryptographic keys that allow a user to create transactions related to that address. If you think of your address as your home, you can think of your keys as what you use to lock and unlock your house.
When a new address is requested (either because a new wallet has been generated, or the user of a Bitcoin client has decided to make one), a random Elliptic Curve Digital Signature Address (ECDSA) private key is generated. This key is essentially a very large random number. As the name implies, this private key should never be shared with anyone. It is what allows the bearer to generate transactions on the Bitcoin network related to the associated Bitcoin address.
Next, a public key is generated from the private key. While you can generate the public key from the private key, you cannot do the opposite. This allows the public key to be shared. The public key is used to claim bitcoins that are sent to you. The public key is then used to generate the Bitcoin address. To get the address, the public key is hashed using several different algorithms, some other functions are performed like including the Bitcoin version, and the result is a Bitcoin address.
So, to summarize, the private key is a random number. The public key is created based on the private key, and the bitcoin address is based on the public key. It’s important to note that you cannot go backwards up the chain – you cannot figure out the public key from the address, and you cannot figure out the private key from the public key.
Connecting to the Bitcoin Network
Bitcoin uses peer-to-peer networking, which means that there is no central Bitcoin server controlling things. Instead, your Bitcoin client connects directly to other Bitcoin clients, and those clients connect to yet more clients, and so on.
When your client first connects to another one (let’s call it the remote client), it sends an introductory message and asks if the remote client is accepting connections. If it is, the remote client responds back with Your Bitcoin client connects directly to many an acknowledgement, and the two clients begin other Bitcoin clients in a peer-to-peer network.
Your new Bitcoin client will need to download the entire block chain before it can start sending transactions from your address. The block chain is the official record of transactions that have occurred to date that the Bitcoin network has decided are valid. To download the block chain, your client will ask all of the other clients to which it is connected to start sending blocks in the chain. It can take several hours to get fully synced with the entire block chain. When you generate a new transaction by sending bitcoins to another address, the transaction is sent to all of the clients you are connected to. In turn, those clients relay it on to other clients, and so forth, until it’s been seen by every Bitcoin client currently on the network.
Sending a Transaction
Here’s something to wrap your head around – there is no such thing as a bitcoin. When you buy bitcoins, you do not receive anything. There are no special files floating around that represent bitcoins, no special bits or bytes you receive. Bitcoins only exist as transactions, which means that they only exist in the block chain, the record of transactions that every Bitcoin client has.
Let’s say Alice wants to buy a product from Carl that costs 100 bitcoins. Alice got bitcoins from earlier transactions. She generates a new transaction that references those earlier transactions (called the transaction inputs), which total 100 bitcoins, and sends them to Carl’s Bitcoin address (this is called the transaction output). Carl has been mining bitcoins (we’ll talk about how that works in a minute) and successfully generated an additional 50 bitcoins, so he has a total of 150 bitcoins to spend.
Now Carl purchases a product from Dave and sends him 101 bitcoins, referencing the output of the transaction from Alice, and the bitcoins he generated. Because those two transactions total 150 bitcoins, he has to send the remaining 49 bitcoins back to himself as “change”, which he can spend later. Carl’s Bitcoin client automatically sends the change to a new Bitcoin address Carl controls.
Now Dave wants to send those 101 bitcoins to Ed, so he generates a new transaction that references the output of the transaction from Carl, and the new transaction is recorded on the network. Dave is now unable to send the bitcoins again, because the output of the transaction from Carl has already been used up and recorded on the block chain. Until Ed uses the bitcoins in a future transaction, the transaction that Dave made just sits unclaimed on the Bitcoin network.
So what prevents Carl from sending those same Bitcoins to someone else?
Remember that every transaction is being sent to every client on the network, but since there is no central authority, it’s possible for a client to send more than one transaction that includes the same input transactions. This is referred to as the “Double Spend” problem, and Bitcoin has an elegant solution to it, and it’s something that we’ve already talked about – the block chain. A block in the chain is a collection of transactions that have been grouped together and verified by a “miner”. You can think of a block as a page in a bank’s ledger. In addition to transactions, every block contains a reference to the previous block, which is what make it a chain.
When a block is being created, the client creating the block makes sure each transaction isn’t double spending the coins by checking to see if the input to each transaction in the new block has already been claimed in another transaction in a previous block. If it sees a transaction that is trying to double spend coins, it does not add the transaction to the block. Once a new block has been created, it is broadcast out into the network in nearly the same way that a transaction is. Every client that receives the new block verifies it, and adds it to their own copy of the block chain.
Since adding a block to the block chain helps the entire Bitcoin network reach consensus on which transactions are valid, whoever creates the block is rewarded with bitcoins. This process is called Bitcoin mining, and is how bitcoins are created.
Creating a block is more than just wrapping up some transactions and verifying that each is valid. If that’s all it took then every client would be broadcasting new blocks all the time, which could lead to the double spend problem if someone started sending “bad” blocks. Instead, the Bitcoin network forces a miner to work a bit harder.
Every block contains a block header, which is basically a summary of the contents of the block, where the transactions are stored. Every block header must include a hash of the block header, and this hash must meet special conditions that make them hard to generate. A hash is a way of turning any amount of data into a smaller, fixed-length representation. Bitcoin uses the SHA-256 algorithm to hash the block header.
In order to make creating a new block and claiming the bitcoin reward harder, the Bitcoin network imposes a difficulty target on each miner. This target is the largest hash that the network will allow when adding a new block to the block chain. When a miner hashes the block header it checks to see if the hash is lower than the target. If it is, the miner can send it out to the network and claim the reward. If not, the miner has to modify the block header’s “nonce”. The nonce is a small section of the header that can be changed to produce a new hash. Changing the nonce and producing a new hash can be done very quickly, but there is no way to know in advance what the new hash will be. The miner may have to try millions of possible combinations before a hash is found that is below the target.
Of course, while a miner is trying to generate a new block, so are thousands of other miners. When a miner finds a valid hash, the new block is transmitted out into the network as part of the block chain. If other miners were trying to generate a new block that includes the same transactions, then they must start over.
The difficulty target is adjusted by the Bitcoin network regularly, roughly every two weeks, to make sure that a new block is created, on average, about every 10 minutes. Whoever creates a new block is awarded bitcoins for their effort. Currently, a new block is worth 12.5 bitcoins, but this number will go down over time. Roughly every 4 years the reward is cut in half. Because the rate is known in advance, we know that only about 21 million bitcoins will ever be created.
It’s possible that two different miners generate a valid block at nearly the same time. Both blocks would start propagating out across the network, and both would refer to the same previous block in the block header. In essence, these two blocks are now competing to become part of the chain. Some clients will accept one block; some clients will accept the other.
This competition is called a “fork” in the chain and must be resolved – there can only be one path in the block chain. This resolution occurs as new blocks are built on top of each fork. Each fork will grow at a different rate (because a different number of miners are building off of each fork). When clients see that a larger fork exists than the fork they are on, they discard their fork in favor of the longer one.
Since Bitcoin started, people have been looking for ways to generate blocks faster and claim the bitcoin reward that goes along with it. Some companies have released hardware specifically designed to mine bitcoins. These machines have what is called application-specific integrated circuits (ASIC), and can hash blocks millions of times faster than the average desktop computer.
In addition to the bitcoin reward that comes with successfully creating a new block, the miner may also claim any fees from transactions in the blocks. The transaction fee is voluntary (though your Bitcoin client may not give you a way to not send it). However, miners are also free to not include transactions in a block. Transaction fees are meant to be an incentive for miners to include a transaction into a block quickly.
Transaction fees are included in a transaction by having the outputs of the transactions add up to less than the inputs. Any difference can be claimed by the miner who generates a block that includes the transaction.