Академический Документы
Профессиональный Документы
Культура Документы
∗
Guillaume Haeringer† and Hanna Halaburda ‡
July 8, 2018
Abstract
Today more and more people talk about Bitcoin, cryptocurrencies, blockchain, or
smart contracts, and many predict that these technologies will revolutionize our lives.
But the apparent complexity of Bitcoin and its related technology makes it hard to
participate to the debate. The purpose of this chapter is to offer a non-technical de-
scription of this new phenomenon, giving answers to many common questions (e.g.,
the electricity consumption of Bitcoin, or the necessity of ”wasteful” mining) and de-
bunking some of the myths surrounding Bitcoin and the blockchain technology (e.g.,
that it is 100% tamper proof).
1 Introduction
In 2008, a white paper describing a cash system (i.e., a “currency”) that could be fully
decentralized was published on the internet. Satoshi Nakamoto is the pseudonym of the
author, or group of authors, who invented the system and wrote the proposal. He (or she
or they) coined (pun intended) this new system Bitcoin.1 Ten years later, Bitcoin became
a household name, periodically making the headlines of newspapers, blogs and other media.
∗
We thank Debbie Haeringer, Mihai Manea, Lukasz Pomorski, Meredith Stevens and Larry White for
helpful comments and suggestions.
†
Baruch College
‡
NYU-Stern and Bank of Canada. Views presented here are views of the author and do not necessarily
represent a position of Bank of Canada. Email: hhalaburda@gmail.com.
1
The paper is available here: https://bitco.in/pdf/bitcoin.pdf. As of today the true identity of Satoshi
Nakamoto remains unknown.
12c6DSiU4Rq3P4ZxziKxzrL5LmMBrzjrJX.
To send bitcoins to someone we need a Bitcoin address of that person, our Bitcoin address
and our Bitcoin private key. The latter is a little bit like the PIN of your debit card. For
Bitcoin that PIN is not made of 4 digits, it is a much longer number. It is 77 digits long! To
make it “easier” this number is usually represented with a string of characters, similar to a
Bitcoin address. Here is an example of what a Bitcoin private key looks like:
873D79C6D87DC0FB6A5778633389.8
Together, the Bitcoin address and the Bitcoin private key form the Bitcoin wallet. Note
that under the Bitcoin terminology we do not use the word “account” but rather “address”
(or “wallet”). So now we are all set: Users have account numbers (the Bitcoin address) and
a PIN (the Bitcoin private key) that allow them to spend or receive bitcoins. Note that
6
The “Bitcoin coins” one can buy on websites like eBay or Amazon are not bitcoins, there are mere pieces
of metal on which the word “Bitcoin” has been engraved.
7
This Bitcoin address is one the very first Bitcoin addresses that has been created and is believed to
belong to Nakamoto himself/herself.
8
Bitcoin supports different ways to encode (i.e., rewrite) the private key into a string of characters.
Remark 1 Many people think that because the blockchain only contains Bitcoin addresses
it is an anonymous form of payment. Not quite so. Computer scientists have shown that a
careful analysis of the blockchain, and cross-referencing the information contained in it with
other sources, may provide an opportunity to identify some users.11
If we want to know the balance of an address we have to parse the whole blockchain
looking for that address, and the balance is simply the sum of all incoming transactions
minus the sum of all outgoing transactions (we don’t need to know the private key associated
with that address). There are a number of websites doing that for us, so we do not need to
download the whole blockchain and search it. The same websites also offer tools to easily
send bitcoins from one address to another address.
There are tens of thousands of computers across the planet with a copy of the blockchain
and that are maintained by people called miners (we describe what they do in the next
section).12 The multiplicity of copies of the blockchain brings some safety to the system.
Since each copy of the blockchain contains the bitcoins associated with any wallet there is no
risk that they could be lost due to a computer failure. The multiplicity of copies, however,
does not protect the blockchain from manipulation and fraud. We will see in Section 3 how
other Bitcoin properties play a role in preventing that.
9
A large one and growing: at the end of 2017 the size of the Bitcoin blockchain was nearly 150 gigabytes.
10
This is why we said that the Bitcoin address shown above is believed to belong to Satoshi Nakamoto.
11
See Androulaki et al. (2013).
12
The estimates vary from 10,000 (bitnodes.earn.com) to 30,000. See also
https://en.bitcoin.it/wiki/Clearing Up Misconceptions About Full Nodes
So this is how bitcoins are stored. But how can we get some bitcoins? The most common
way to get bitcoins is to buy them with some known currency like euros or dollars. There are
a number of websites —called exchanges— created for that purpose.14 Once you have bought
bitcoins you tell the exchange to send them to your Bitcoin address. Et voilà! Another way
to get bitcoins is to sell something and get paid in bitcoins. There is a third way to acquire
bitcoins: to mine them.
2.2 Mining
In the Bitcoin system, mining is a twofold activity: processing transactions and creating new
bitcoins. For each block added to the blockchain there was one miner who was the first to
construct this block and sent it to all the other miners with the message “please add this new
block to the blockchain.” One of the key aspects of Bitcoin is that there is a competition
between miners to be the one constructing the next block. Each time a block is added to the
blockchain new bitcoins are created and they constitute what is called the block reward. It
is awarded to the miner who creates the block. That miner also collects all the transaction
fees associated with the transactions in the block.
If there is a competition, it necessarily means that creating a block of transactions is not
easy: it is not enough to simply create a list of transactions and send it to the other miners.
In this section we explain what miners have to do to construct a block. Section 3 focuses on
the competition — how it works and why it is a necessary element of Bitcoin system.
13
http://fortune.com/2017/11/25/lost-bitcoins/
14
Some of the most popular websites are coinbase.com, bitstamp.com or blockchain.info, but these
are not the only ones.
• The fees the sender is paying to the miner who will process the transaction. The
amount of the fee is decided by the sender (it can be zero);
The miners observe the transactions that have not been processed yet (i.e., that are not
in the blockchain) and they can choose which transactions they include in the block they
will propose. This is where the fees come into play: a miner is more interested in processing
transactions that carry higher fees.
For each transaction that has been selected, the miner, who has a copy of the blockchain,
first checks whether the transaction is valid. To do that, the miner verifies whether the
sender’s address has the bitcoins it attempts to send by parsing the blockchain and checking
that the address has received the bitcoins in the past but has not yet spent them. The miner
also makes sure that the sender is indeed the owner of the sender’s Bitcoin address. This
is where the “signature” comes into play. The signature is generated using the private key
and the message. Cryptographic tools are amazing: they permit verifying that the signature
has been generated by the private key associated with the Bitcoin address without knowing
what the private key is! In other words, the signature permits the miner to authenticate
the sender, that is, to be sure that the sender is in possession of the private key associated
to the senders’ Bitcoin address (and thus likely to be the owner of the address).16 The fact
that the signature is generated using not only the private key but also the message implies
that the signature changes for each transaction. So any transaction re-utilizing a signature
of a previous transaction will be immediately understood as being fraudulent and rejected
by the miners.
15
The Bitcoin network is simply a network of computers connected to each other through the internet.
16
We say “likely to be the owner” because it could be a thief who stole someone’s wallet.
3.1 Forks
But wait, why would the other miners accept replacing one blockchain with another? This
is by design. Bitcoin would not work if this was not possible. The reason is that sometimes
19
An alternative would be to replace the transaction with one where Zoe sends her bitcoins to herself
(e.g., to another address she owns) instead of the bike seller’s address. The mechanics would be the same.
However, she cannot create a transaction where the seller sends the bitcoins back to her. For that, she would
need to know the private key of the seller, and she would also need to do it before the seller spends his
bitcoins.
10
In the example depicted in Figure 1, the original blockchain finishes with the blocks
20
Transferring data over the internet can be fast, but it cannot be instantaneous because the speed of data
transmission is bound by the speed of light. For instance, there are a bit more than 10,000km between New
York and Tokyo, so it is impossible to take less than 67 milliseconds to send data from one city to the other.
If you manage to transmit data faster than this, then you have proven Einstein wrong.
11
Remark 3 A transaction that appears in an orphaned version of the blockchain but not in
the “winning” version of the blockchain is not lost. For the miners working on that blockchain
that transaction is still in the pool of transactions that have not been processed yet.
Because the blockchain can sometimes fork, most people wait a few blocks before consid-
ering that a transaction is indeed recorded in the blockchain. If I received bitcoins and that
transaction is stored in the last block that has been added, most people will refuse my bitcoins
21
Alice’s and Bob’s block may also have some transactions in common. If Bob wants to create a block
after Alice’s block he may then need to first reconstruct the set of transactions that he wants to process,
eliminating the transactions already processed by Alice.
12
2. (Difficult) Re-construct the block without her transaction (and thus solve the numer-
ical puzzle again);
3. (Extremely difficult) Add blocks that came later (solving the numerical puzzle for
each of them) and be fast enough so that the blockchain she constructs becomes longer
than the original blockchain (and thus the other miners will switch to her blockchain).
Point 3 is what makes Bitcoin very difficult and costly to hack. During the time Zoe
constructs blocks on her version of the blockchain the other miners do not stay idle! They
continue to work on the main blockchain. What determines the probability that her attack
succeeds is her share of computing power when compared to the total computing power
across all Bitcoin miners. For instance, if there are 10,000 miners, each with the same
mining equipment, then each miner has 0.01% of the computing power.
If Zoe has a small share of the total computational power it is extremely unlikely that
she will be able to solve a number of puzzles faster than the rest of the miners. A higher
share of computational power will increase the chances of success. And having 50% of
the computational power ensures an attacker that she will eventually construct a longer
competing blockchain.22 But that much computational power is very expensive to acquire
and operate: It would amount to paying the electricity bill of half of Denmark! Note that
technically it is not impossible to forge or rewrite transactions. It is just unlikely and very
expensive. Thus, potential attackers do not find it worthwhile.
22
Some detailed analyses show that around 30% or 40% is, in fact, enough to have very high probability
of constructing a longer competing blockchain. See, e.g., Kiayias et al. (2016).
13
Scenario A: Besides the attacker, there are 10 honest miners (i.e., miners working on
the “true” blockchain). That is, there are only 11 miners on the Bitcoin network.
Scenario B: Besides the attacker, there are 1,000 honest miners (so 1,001 miners in
total).
For simplicity we assume that every miner in either scenario is equipped with an identical
mining computer, i.e., they all have the same nominal computational power.
Under either scenario A and B the honest version of the blockchain will grow at roughly
the same pace, whether the attacker builds her own version of the blockchain or continues
to work on the honest blockchain — on average one block every 10 minutes. This feature
is embedded in Bitcoin’s protocol. The average of 10 minutes is obtained by adjusting
the difficulty of the puzzle. Without adjusting periodically the difficulty of the puzzle a
larger number of miners with more computational power would keep finding solutions to the
puzzles, and mining new bitcoins, faster. The same happens when, for instance, you do not
remember where your keys are. The more people searching for your keys, the faster you will
find them. In order to keep the release of new bitcoins at a steady pace (on average), the
Bitcoin protocol periodically adjusts the difficulty of mining. As a consequence, the difficulty
of the puzzle depends on the total number of miners (i.e., the total computational power
involved in mining).
So what is the difference between scenarios A and B for our attacker? Since there is more
computational power involved in mining in scenario B, the puzzle is much more difficult.
This means that for the attacker, who is alone working on her version of the blockchain,
finding solutions to the puzzles under scenario B will take much more time than under
scenario A. And therefore, under scenario B she is much less likely to succeed in building a
longer competing blockchain.
Under both scenarios, for each block there is only one miner who wins the competition,
every 10 minutes or so. But what matters is that in scenario A there are only 9 “losers” who
waste their computational effort, whereas in scenario B there are 999 losers, wasting much
14
15
16
payment systems that some cell phones are equipped with. Moreover, potential users often
indicate that existing methods of payment serve their needs well, and they see no reason to
adopt a new one.24
There is also a technical reason that may limit wide-spread adoption of Bitcoin. Recall
that Bitcoin transactions are processed in blocks, at a rate of one block every 10 minutes. By
design a block in the blockchain cannot exceed certain size, which severely limits the number
of transactions that can be processed by the Bitcoin network: at most 7 transactions per
second. In comparison, VISA handles on average a few thousands transactions per second
and can handle up to 56,000 transactions per second (which is almost 5 billions per day!).25
In 2017, on many occasions, the demand for Bitcoin transactions exceeded the system’s
capacity. In such cases, there may be a significant delay in processing transactions. Users
may ensure their transactions are processed and included in the blockchain more quickly by
offering higher fees to the miners. And so, towards the end of 2017 Bitcoin fees increased
multiple times to as much as $30 per transaction.26 For most transactions it is higher than
the credit card fee!
Nonetheless, in some cases people may prefer to use Bitcoin for trading rather than
24
See, e.g., survey results in Henry, Huynh and Nicholls (2018)
25
https://usa.visa.com/dam/VCOM/download/corporate/media/visa-fact-sheet-Jun2015.pdf.
26
See, e.g., https://news.bitcoin.com/miami-bitcoin-conference-stops-accepting-bitcoin-due-to-fees-and-
congestion/.
17
5 What’s Next?
The “Bitcoin revolution” did not stop with the creation of Bitcoin. It has just started.
Bitcoin opened the door to a vast array of innovations and ideas, which can be divided into
two categories, cryptocurrencies and non-currency applications.
27
It takes only a few hours to send bitcoins to the other side of the planet while it takes several days with
international bank transfers. Services like Western Union are fast but the fees they charge can be higher
and for some countries they do not offer as much anonymity as Bitcoin for large amounts.
18
19
20
21
22
23
24
6 Conclusion
Almost ten years after its inception Bitcoin managed to become a household name. Every
day thousands of people buy or sell bitcoins and other cryptocurrencies, and some of them
are even using bitcoins for what it was intended, a currency to buy or sell goods and services.
There is now little doubt that Bitcoin’s design is a succesful attempt to create a decentralized
digital cash system. Whether bitcoins can claim the status of a currency is still an open
question. Because of a number of Bitcoin’s limitations, it is not adequate for mass use. But
perhaps other cryptocurrencies will be.
Bitcoin’s contribution is more than that of a cryptocurrency. The excitement about the
properties of the blockchain that Bitcoin’s technological design generated, has opened up a
discussion about its use for a wide range of applications. In effect, it has turned attention
and prompted some innovative uses of smart contracts and distributed databases. If we
think carefully, most developments and applications proposed are not new. The concepts of
distributed database and smart contracts existed well before Bitcoin or Ethereum.
For aficionados, blockchain based solutions are infinite. Current projects claiming to be
based on blockchain range from voting (Soverign) or equity management (Chain, launched
by Nasdaq) to internet domain registry (Namecoin) or file storage (Storj ). But the truth is,
as of today there is still no “killer application” for the technology.
So, is Bitcoin a revolution after all? We may say it is. Or we may argue and say that
there is not much innovation around Bitcoin (i.e., most of the concepts already existed). But
there is little doubt that popularity around Bitcoin and blockchain has spurred the debate
and the development of decentralized and automated solutions.
30
The whole system is backed up on servers in Luxembourg in case of failure or an invasion by Russia.
25