Bitcoin: Not a Bit and Not a Coin
SEE LAST PAGE OF THIS REPORT Howard Mason
FOR IMPORTANT DISCLOSURES 203.901.1635
February 28, 2014
Bitcoin: Not a Bit and Not a Coin
- The founding principle behind Bitcoin is to eliminate the need for, and hence cost of, intermediaries in a payments system. The two key functions of payments intermediaries are to process transactions securely and to mediate disputes. Bitcoin addresses the first with cryptography and the second through requiring such a large amount of computer-processing to reverse reasonably-aged transactions that, to all intents and purposes, they are irreversible with current technology.
- Bitcoin uses federal standards in cryptography (and particularly the encoding and authentication of data through “hashing” and digitally-signature respectively). This note describes them to illustrate that familiar terms used in the Bitcoin lexicon refer to ideas which will be unfamiliar to the majority of potential stakeholders. (For example, a “coin” is a chain of digital signatures).
- As a result, Bitcoin differs dramatically from, say, PayPal or bank-sponsored P2P apps such as Chase QuickPay which rely on the digital representation of existing currency (and so the regulatory safeguards that go along with it), and not the extension of ideas such as “coin” and “currency” to objects and techniques in financial cryptography.
- A key case for Bitcoin, of course, is that it is free of regulation but governments are unlikely to allow mass-adoption until it meets the same oversight standards as the rest of the financial services industry. This will require the crypto-currency movement to engage in an intensive education initiative with regulators around highly-technical subject matter.
- Furthermore, unless users interact directly with the Bitcoin network through downloading the bitcoin client (from https://bitcoin.org/en/download), they will need to work with an intermediary and hence will bring into play the inherent weakness of a trust-based system that Bitcoin was intended to eliminate. This month’s collapse in prices on Mount Gox exchange (accounting until this month for approximately one-third of Bitcoin trading volumes) which today confirmed bankruptcy is a stark illustration; on other exchanges bitcoins are trading at near US$600.
Exhibit: US$ Value of a Bitcoin on the Mount Gox Exchange
A bitcoin is neither a bit nor a coin; in fact, it is a chain of digital signatures. The founding paper by Satoshi Nakamoto (a pseudonym) summarizes it best: “we define an electronic coin as a chain of digital signatures. Each owner transfers the coin to the next by signing a hash [i.e. encoded version – see below] of the previous transaction and the public key of the next owner and adding these to the end of the coin”.
A hash simply means a code, and there are various cryptographic standards for encoding or “hashing” data. Bitcoin uses the “Secure Hash Algorithm” SHA-256 designed by the National Security Agency and part of a family of cryptographic hash functions incorporated in the US Federal Information Processing Standard (FIPS). Hashing is a standard technology used to protect passwords.
- For example in the Secure Sockets Layer or SSL, which is the standard security technology for an encrypted link between a web server and a browser, your password is hashed before being transmitted to the server and the provider of the password-protected service authenticates on the hash rather than on the password in its original form. Obviously, a secure hashing algorithm is not reversible (i.e. you cannot recover the input from the hash value) and has an acceptably low probability of generating the same hash from different inputs (to avoid “collisions”).
Nakamoto’s summary includes other terms that need unpacking. The “public keys” of participants in the Bitcoin system are numbers that serve as addresses in that they identify nodes of the network. A public key is the part of a public/private key pair that is publicized; the private key, appropriately hashed, acts as a signature. The use of public/private key pairs is standard technique in cryptography for allowing anyone to verify a digital signature given the public key but not generate the signature without the private key. As it happens, Bitcoin uses the Elliptic Curve Digital Signature Algorithm or ECDSA which is part of FIPS.
The Block Chain
All confirmed Bitcoin transactions are recorded in a transaction ledger (with the ledger, and indeed all other network data, being shared by all nodes), and the system will reject transactions where senders attempt to claim coins not associated with their addresses. Notwithstanding encryption, the system as described and without additional safeguards has the following two vulnerabilities:
- Double-Spend: A fraudulent owner can send the same coin near-simultaneously to two different recipients so that the second transaction propagates in the system before the first posts to the ledger. Given sharing delays (or “latency”) in the system of a second or so, this “race attack” results in conflicting transactions; one must be repudiated with the victim experiencing what, in a credit-card transaction, would be called a chargeback .
- Ledger Hack: An attacker can hack the transaction ledger and alter the transaction records.
Bitcoin resolves both issues through a crowd-sourced approach to confirming transactions. New transactions are not posted immediately to the ledger but rather propagate through the network as a result of the peer-to-peer connections between nodes. Some nodes, referred to as “miner” nodes, gather the transactions they see into a “block” and attempt to validate the entire block. To validate or “mine” a block, a miner must validate all the transactions in the block; append the block to the transaction ledger; and (as discussed below) solve a cryptographic problem as “proof of work”.
The first of these conditions is obvious enough. The miner is recruited by the network to check transactions in the block are valid (i.e. protocol-compliant) including, for example, that the amount of outgoing coins in a transaction does not exceed the amount of incoming coins, that the transaction is properly signed, and that there is no double-spend. Once all this is confirmed (and proof of work is completed) the miner appends the block to the transaction ledger by connecting it digitally to an earlier valid block. Miners in the network indicate acceptance of the newly-added block by using it as the connecting point for the next mined block. If miners do not accept the newly-added block, they connect to an earlier block.
This “block chain” approach resolves the problem of a “race attack” double-spend since a miner can select only one of any conflicting transactions to mine a protocol-compliant block; if this transaction becomes part of the definitive ledger the conflicting transaction is rejected as a double-spend attempt. However disagreements among miners over whether a block is valid, as well as the possibility that two miners may simultaneously append valid blocks to the transaction ledger, create the potential for “forking” or “branching” in the block chain which, if unresolved, could lead to conflicting transaction records.
Proof of Work
Bitcoin resolves the issue of branching in the block chain through a “proof of work” requirement tied to the branch of the block chain a miner seeks to extend. The Bitcoin protocol is that miners must append to the “longest” block chain they deem as valid where “longest” means the chain whose creation involved the largest amount of proved work. If there is a fork in the block chain, an honest (i.e. protocol-compliant) miner will work on the longest branch he deems valid and the consensus among honest miners will be reflected in a single longest branch; shorter branches will wither because, under the protocol, honest miners will not work on them. To hack the ledger, a dishonest miner needs to alter the block chain by branching from an early point but success in over-riding subsequent transactions in the longest branch requires catching up and overtaking that branch in terms of proved work. In practice, that is difficult for a dishonest miner who does not control at least half of the processing-capacity of the network.
For a Bitcoin user, a consequence of the block chain and proof of work requirement is that a transaction becomes more certain (less reversible) with time. Given that the computer-processing work required to mine a new block, it typically takes about 10 minutes for a transaction to be confirmed (that is included in a mined block). The risk then is that, because of forking, this block is does not become part of the longest block chain representing the definitive transaction record. In practice, the risk that a transaction is invalidated becomes acceptable for most purposes once the confirming block is 5-6 blocks deep in the block chain (since over-riding 5-6 blocks demands meaningful work) and vanishingly small once it is 100 blocks deep.
Mining Incentives and Confirm Times
Participants are incentivized to mine because they are rewarded for new blocks with bitcoin. Today, the reward includes newly-issued bitcoin credited to the miner in the first transaction of the block (referred to as the “coinbase” transaction). The Bitcoin protocol limits coins in circulation to 21 million (presently there are just over 12 million) at which point miners will be rewarded from transaction fees.
We noted earlier that the protocol calls for miners to check that transactions incorporated in a block do not send more coins than they claim. Some transactions send fewer coins than they claim and the difference is deemed a transaction fee payable to the miner who confirms the transaction by incorporating it in a block. Miners are not required to include all transactions in a block (and, indeed, may not know of all transactions) and, hence, can be selective. This creates an incentive for users to include a transaction fee since those transactions with the highest fees are likely to be prioritized by miners and hence confirmed (through incorporation in a block) more quickly.