Professional Documents
Culture Documents
Bitcoin by analogy
YEVGENIYBRIKMAN
Bitcoin by analogy
Apr 24, 2014
Bitcoin
3 Comments
30 min read
mind a lot lately and apparently, Im not the only one. Paul Graham called
it a paradigm shift; Marc Andreessen believes Bitcoin is as big of a
technological breakthrough as PCs and the Internet; Ben Bernanke said
virtual currencies may hold long-term promise; Chris Dixon is investing
millions in it; Google is interested in Bitcoin; Apple is afraid of it. In short,
Bitcoin is something you should be paying attention to.
Using Bitcoin is easy: to pay with Bitcoin, you just install an app called a
Bitcoin wallet on your computer or mobile device and click some buttons in
the app to send money to other Bitcoin users over the Internet:
le:///Users/neel/Pictures/Bitcoin%20by%20analogy.html
1/26
8/2/2016
Bitcoin by analogy
To receive money, you just give people your bitcoin address, or create a QR
code. For example, heres mine:
1G8qEUVUS8BBSwSWNM4EWR622vUpGtee66
2/26
8/2/2016
Bitcoin by analogy
nd more info?
Also, in the spirit of if you cant explain it simply, you dont understand it
well enough, Ive tried to make the key Bitcoin concepts accessible to
audiences without a programming background. Most sections in this post
start with a simple analogy for Bitcoin that involves no tech whatsoever
before diving into the tech details.
Of course, Im a Bitcoin novice myself, so if after reading this youre still
confused, or Ive made any errors or omissions, please leave a comment!
Validity
3/26
8/2/2016
Bitcoin by analogy
it exists only on computers and has no intrinsic value; it might not even
t the standard de nition of money because its not a stable store of value
and rarely used as a unit of account.
Despite all that, Bitcoin is still used as a medium of exchange: thousands of
merchants are willing to accept Bitcoin in trade for real goods or services.
Why? Because these merchants see Bitcoin as an e ective medium of
exchange and they believe that other merchants will feel the same way in
the future. Or, to put it another way:
It's not as much that the Bitcoin currency has some arbitrary value and
then people are trading with it; it's more that people can trade with
Bitcoin (anywhere, everywhere, with no fraud and no or very low fees)
and as a result it has value.
Marc Andreessen, Why Bitcoin Matters
le:///Users/neel/Pictures/Bitcoin%20by%20analogy.html
4/26
8/2/2016
Bitcoin by analogy
stone every time they make a purchase. As a result, the Yapese came up
with a clever solution: they decided to determine ownership by verbal
agreement. Whenever there was a trade, the parties involved would
communicate to the rest of the tribe the amount of stone that had been
exchanged. The stones wouldnt actually move from one house to another,
but the knowledge of who owned what was memorized and handed down
through oral history.
le:///Users/neel/Pictures/Bitcoin%20by%20analogy.html
5/26
8/2/2016
Bitcoin by analogy
rst step, imagine that a tribe on Yap struggled to accurately track Rai
ownership purely through memory and oral history. After many arguments
and
ghts over who owns what, they decided they were going to write
le:///Users/neel/Pictures/Bitcoin%20by%20analogy.html
6/26
8/2/2016
Bitcoin by analogy
Everything worked well for a while, but gradually, problems appeared: the
bookkeeper started charging transaction fees; trade would sometimes halt
entirely because the bookkeeper was on vacation or sick; pressured by the
chief, the bookkeeper would charge very high fees or completely ban
certain transactions, especially with other tribes; sometimes, after a
dispute, the bookkeeper would seize someones assets entirely. Eventually,
the bookkeeper became one of the most rich, powerful, and controversial
gures in society: despite rumors of corruption, fraud, and favoritsm, who
would dare question the person who controls all the money?
10 families in the tribe, upset with the bookkeepers behavior, decided to
nd a new way to manage their money. Since a single person cannot be
trusted to maintain the ledger, these families had a radical idea: every
family would maintain its own ledger!
le:///Users/neel/Pictures/Bitcoin%20by%20analogy.html
7/26
8/2/2016
Bitcoin by analogy
For example, if Alice wanted to to pay Bob 10 lbs of Rai, Alice would go to
the center of town and announce the new transaction to all the other
families. Each family would then check their own ledger, make sure Alice
really had 10 lbs of Rai, and if she did, add the new transaction to their
ledger. Since each family now kept a ledger, no one family had more power
than any other!
8/26
8/2/2016
Bitcoin by analogy
bank. In short, even though its Alices money, the entire process is
controlled by the banks rules and procedures:
This centralized approach has the same problems as the Yap bookkeeper:
even though its your money, a small group of institutions controls almost
everything about it, including who can spend money, when they can spend
it, what they can spend it on, where they can spend it, what fees and taxes
are imposed, and so on.
Bitcoin o ers an alternative without all of these limitations: a
decentralized currency. As in the Yap analogy, Bitcoin uses a distributed
ledger approach. Of course, instead of 10 families, Bitcoin consists of
thousands of computers, each of which maintains its own ledger; and
instead of someone yelling from the town center, these computers
communicate with each other by sending messages over the Internet.
For example, if Alice was transferring 10 Bitcoins to Bob, shed click some
buttons in her Bitcoin wallet, and it would broadcast this transaction to all
other Bitcoin users:
le:///Users/neel/Pictures/Bitcoin%20by%20analogy.html
9/26
8/2/2016
Bitcoin by analogy
10/26
8/2/2016
Bitcoin by analogy
luck. If Alice mines some new stone, she can get all the villagers to
recognize that she now owns more Rai by displaying the new stone in front
of her home and announcing it to the other villagers. All villagers will enter
this in their ledgers as a transaction where Alice is the recipient of some
amount of Rai stone.
le:///Users/neel/Pictures/Bitcoin%20by%20analogy.html
11/26
8/2/2016
Bitcoin by analogy
rst is mostly a
broadcast it out to the rest of the Bitcoin network, and all other nodes will
record in their ledgers that the lucky node has earned some new Bitcoin.
The problems to solve involve cryptographic hash functions; the math
behind them is beyond the scope of this post, but Ill give a brief
introduction.
If you pass a string of text through a cryptographic hash function, it will
convert it to a di erent string of text, called the digest, in a totally
unpredictable manner:
cryptographic-function("Hello World") = 124610xktj1l32kxjcj24j1
12/26
8/2/2016
Bitcoin by analogy
was the original text T. In other words, there is no way to reverse the
hash function.
In Bitcoin mining, you pass two pieces of data into the SHA-256
cryptographic hash function:
1. Information about a block, B: well discuss the details of this later
2. A random guess, R
sha-256(B, R) = digest
The goal is to
nd the right R so that you get back a digest that starts with
Since cryptographic hash functions are one way, there is no way to know
what value(s) of R will produce a digest that starts with zeroes. All you can
do is repeatedly guess random values of R until you accidentally stumble
across one that works. Since SHA-256 has 2256 possible outputs, as the
number of required leading zeroes goes up, the odds of any one guess
being right becomes extremely small.
In fact, the problem is intentionally designed - and occasionally
recalibrated (see Blockchain stats) - to take a very long time: a single
computer will have to guess non-stop, on average, for several years to
nd
the right value of R. However, with all the nodes on the Bitcoin network
guessing, the average time to
minutes.
le:///Users/neel/Pictures/Bitcoin%20by%20analogy.html
13/26
8/2/2016
Bitcoin by analogy
Spending so much CPU time and energy on useless calculations may seem
wasteful, but as well see later, the fact that the calculations are expensive
is essential in establishing a consistent timeline.
A few interesting notes on Bitcoin mining:
1. There is pre-determined,
number of Bitcoins that can be mined will drop by half and the total
supply will max out at 21 million.
2. After all Bitcoins have been mined, the reward for mining will switch
to small fees on each Bitcoin transaction. These are expected to be
signi cantly smaller than bank or credit card fees.
3. The number of nodes participating in Bitcoin mining today means it is
not practical or cost e ective to try to do mining on your home
computer. Instead, the recommendation is to join a mining pool and
even invest in dedicated hardware (see bitcoinmining.com for more
info).
4. The
xed supply of Bitcoin is not a problem as you can pay with tiny
le:///Users/neel/Pictures/Bitcoin%20by%20analogy.html
14/26
8/2/2016
Bitcoin by analogy
nd out Alices balance, you start at the beginning of the book and go
15/26
8/2/2016
Bitcoin by analogy
In this form of cryptography, there are two keys, or long strings of letters
and numbers, that are mathematically linked:
1. Public key: a public identi er that can be freely shared with others.
2. Private key: a secret or password that must never be shared with
anyone.
When you install a Bitcoin wallet on your computer, it will automatically
generate a public and private key pair for you. You can freely share your
public key: in fact, the public key is your identity or address in Bitcoin.
Public/private keys can be used for several tasks, but the main one we care
about is authenticity: that is, we can use them to mathematically verify
that a message really came from the person we expect and that the
message contents have not been modi ed along the way.
Every time Alice sends a message, she can pass the contents of the
message, along with her private key, through a sign function:
sign("Hello World", Alice's private key) = n67n54n6l10xf15
le:///Users/neel/Pictures/Bitcoin%20by%20analogy.html
16/26
8/2/2016
Bitcoin by analogy
If the signature is valid, then Bob can be con dent that it was really
Alice who sent the message and that the message is exactly as she
originally created it.
We now know enough to take a look at a typical Bitcoin transaction. For
example, if Alice was sending 10 Bitcoins to Bob, the message might look
something like this:
Signature
mn546yhg (signed with Alice's private key)
Inputs
nhn3891a (transaction where Alice got 7 BTC)
vc4232v32 (transaction where Alice got 3 BTC)
Outputs
To: 60sdfs951sdfxo66 (Bob's public key)
Amount: 10 Bitcoins
The message consists of 3 sections:
1. Signature: Alice includes a digital signature with her messages so that
le:///Users/neel/Pictures/Bitcoin%20by%20analogy.html
17/26
8/2/2016
Bitcoin by analogy
other Bitcoin nodes can verify the message really came from her.
2. Inputs: this is a list of the signatures of transactions already in the
ledger where Alice was the recipient of Bitcoins. In other words, these
are the funds Alice is using in this transaction, a total of 10 Bitcoins.
3. Outputs: this is a list of how the funds in the inputs should be
distributed. To keep calculations simple, you are required to
redistribute all the funds in the inputs. You can include more than one
recipient in the ouputs section - including yourself, if you need
change. In this case, Alice is sending 10 Bitcoin to a single recipient,
Bob, identi ed by his public key.
Since each transaction references a previous transaction in its inputs
section, it is possible to follow the graph of transactions all the way back to
the beginning of Bitcoin. This is the mechanism for checking the
ownership of bitcoins!
For example, to calculate a users balance, we use an approach very similar
to the Yap ledger: you go through every transaction, add up the ones where
the user was a recipient, and subtract the ones where they were a sender.
To check that a new message is valid, such as Alices transfer to Bob, you
can check that the inputs refer to valid transactions already in the ledger
where Alice was the recipient.
Eventually, the villagers noticed that this led to a problem: the order of
transactions was not consistent across all ledgers! This could lead to
le:///Users/neel/Pictures/Bitcoin%20by%20analogy.html
18/26
8/2/2016
Bitcoin by analogy
problems. For example, Alice wants to transfer 10 lbs of Rai to Bob. She
announces it at village center #1 and heads o
village centers. Bob, who lives near village center #1, hears Alices
announcement and, excited to
starts his own transaction to transfer 10lbs of Rai to Carole. Bob announces
his transaction at village center #1, where all the families now have the
follow transaction order:
1. Alice -> Bob, 10 lbs Rai
2. Bob -> Carole, 10 lbs Rai
Bob then heads o
le:///Users/neel/Pictures/Bitcoin%20by%20analogy.html
19/26
8/2/2016
Bitcoin by analogy
Every time a family mines new Rai stone, to get all the families to
recognize the new stone in their ledgers, this family must pick one
transaction to move from the unveri ed list to the ledger.
This mechanic accomplishes several goals at once:
1. Since limestone is scarce and randomly distributed, its a matter of
luck which family will get to verify the next transaction, so no
family can control transaction order to their advantage.
2. Every family now has a strong incentive to participate in maintaining
ledgers: its the only way that their newly mined limestone will be
allowed to enter circulation!
3. Since new limestone is randomly distributed and takes a long time to
nd, the odds of two families overlapping in
nd a
simple analogy that captures the math Bitcoin uses to handle these
occasional overlaps. Nevertheless, the main point still holds: a random,
unpredictable process means no family will be able to control the order of
multiple transactions in a row.)
le:///Users/neel/Pictures/Bitcoin%20by%20analogy.html
20/26
8/2/2016
Bitcoin by analogy
The block chain consists of a series of blocks (3 are shown above), where
each block contains:
1. Transactions: transactions or messages sent between users.
2. Proof of work: this is the digest from Bitcoin mining!
3. Previous reference: a reference to the digest of the previous block.
Notice how each block has a reference to the previous block: this chain of
references is what de nes the timeline in the Bitcoin network. The
transactions in a single block happened at the same time (there must be
no dependencies between them); the transactions in previous blocks
happened earlier. This is di erent than the Yap ledger, where order is
implicit from the order the transactions are written in the ledger.
You can follow the previous references from block to block, all the way
back to the very
Any node in the Bitcoin network can put several unveri ed transactions
into a block and send it out to the rest of the network as the proposed next
le:///Users/neel/Pictures/Bitcoin%20by%20analogy.html
21/26
8/2/2016
Bitcoin by analogy
block in the chain. The catch is that the proposed block must include a
proof of work, which is the solution to a computationally expensive
math problem involving cryptographic hash functions. Sound familiar?
Thats right, this is Bitcoin mining!
Just like the Yap families propose the next transaction when they mine new
Rai stones, it is the Bitcoin miners who propose new blocks for the block
chain when they mine new Bitcoin. Here are the rules: take all the text
from several unveri ed transactions T, plus the digest of the most recent
block in the ledger D, plus a random guess R, and do the following SHA256 calculation:
sha-256(T, D, R) = digest
nd a digest with
nd it gets a
rst miner to
reward of Bitcoin: to receive it, the miner must send out the new block,
which includes the digest as the proof of work, to all other Bitcoin
nodes. Assuming the new block is valid, it becomes a part of the block
chain:
In the example above, block 54 is now part of the block chainthat is, the
Bitcoin timelineand all the transactions in it, including Alices, are
considered veri ed.
What if multiple nodes come up with a proof of work at the same time?
This is a rare occurrence, but if it happens, the network will temporarily
have multiple possible paths in the block chain:
The solution is simple: Bitcoin nodes always accept the longest available
le:///Users/neel/Pictures/Bitcoin%20by%20analogy.html
22/26
8/2/2016
Bitcoin by analogy
chain.
In the example above, some parts of the network will be mining a new
block that has 56 as its previous reference, and others will be mining a new
block with 57 as its previous reference. Eventually, someone will complete
a proof of work on one of these paths, making it the longest one. For
example, if the
on the block 57 path, the network would switch to this path, and the
transactions in block 56 would get put back into the unveri ed bucket:
Of course, its possible that two blocks, one on each path, will be found
simultaneously again, but a) this is even more unlikely and b) it just means
that the block chain stays diverged for a little while longer while we wait
for yet another block to be found. Eventually, some path will end up longer,
and the network will converge on it.
Since nodes always accept the longest path, couldnt an attacker create
their own block chain with lots of fraudulent transactions and get the
whole network to adopt it, so long as it was longer? For example, if Mallory
managed to generate blocks 59, 60, and 61 while the network was still
working on 57 and 58, then Mallorys fraudulent blocks would be accepted
and all the others would be dropped:
Attacks of this sort are very unlikely to succeed because Mallory is in a race
against the entire Bitcoin network to generate those blocks. This is why the
proof of work calculation is intentionally designed to be very expensive.
Mallory would have to control more computing power than all other nodes
on the Bitcoin network, combined, to have a viable chance of winning this
race for a single block, let alone 3.
This is the real reason Bitcoins are o ered as a reward to miners: they are
le:///Users/neel/Pictures/Bitcoin%20by%20analogy.html
23/26
8/2/2016
Bitcoin by analogy
In fact, if Bob is a merchant, he can tune the level of risk hes willing to
tolerate by deciding how many blocks must elapse before he considers a
transaction veri ed. If its a tiny transaction, a single block (~10 minutes)
may be enough; if its a large transaction, waiting for 6 blocks (~1 hour)
may be more advisable. For a merchant, waiting 1 hour to avoid fraud may
still be better than the situation today with credit cards, where a
chargeback may appear a month after the transaction. An important
disclaimer: while Bitcoins design seems sound from a security standpoint,
its still susceptible to fraud as a result of user error, just like any other
system. The di erence with Bitcoin is that its a decentralized system:
when something goes wrong, there is no one you can call for help.
For example, if you accidentally send Bitcoin to the wrong address, there is
no way to get that money back. If you fall for a phishing attack, there is no
fraud department to report it to. If you lose your private key (e.g. in a hard
drive crash), you lose access to any Bitcoins associated with it, and there is
nothing anyone can do to help you get them back. In fact, if a private key is
le:///Users/neel/Pictures/Bitcoin%20by%20analogy.html
24/26
8/2/2016
Bitcoin by analogy
Further reading
In the spirit of giving credit where its due, these are the resources that
helped me put this post together, and may help you learn more:
1. How Bitcoin works under the hood (video).
2. How the Bitcoin protocol actually works
3. Why Bitcoin Matters
4. Bitcoin: a peer-to-peer electronic cash system (PDF)
5. Bitcoin and the Byzantine Generals Problem
6. Bitcoin homepage
7. Bitcoin FAQ
8. Bitcoin source code
9. Bitcoin Wikipedia page
10. Explaining Bitcoin to the man in the street, sort of
PREVIOUS
Yevgeniy Brikman
Did you enjoy this post? If so, check out my book, Hello, Startup. Need help with
le:///Users/neel/Pictures/Bitcoin%20by%20analogy.html
25/26
8/2/2016
Bitcoin by analogy
Comments
We were unable to load Disqus. If you are a moderator please see our troubleshooting
guide.
le:///Users/neel/Pictures/Bitcoin%20by%20analogy.html
26/26