FSP0019 – Blockchain and Bitcoin – Facility Science Podcast #19

This is about blockchain with contextual reference to Bitcoin

Bitcoin white paper: https://bitcoin.org/bitcoin.pdf

Abstract from the bitcoin white paper

“A purely peer-to-peer version of electronic cash would allow online payments to be sent directly from one party to another without going through a financial institution. Digital signatures provide part of the solution, but the main benefits are lost if a trusted third party is still required to prevent double-spending. We propose a solution to the double-spending problem using a peer-to-peer network. The network timestamps transactions by hashing them into an ongoing chain of hash-based proof-of-work, forming a record that cannot be changed without redoing the proof-of-work. The longest chain not only serves as proof of the sequence of events witnessed, but proof that it came from the largest pool of CPU power. As long as a majority of CPU is controlled by nodes that are not cooperating to attack the network, they’ll generate the longest chain and outpace attackers. The network itself requires minimal structure. Messages are broadcast on a best effort basis, and nodes can leave and rejoin the network at will, accepting the longest proof-of-work chain as proof of what happened while they were gone.”

Bitcoin white paper section 1. Introduction

“Commerce on the Internet has come to rely almost exclusively on financial institutions serving as trusted third parties to process electronic payments. While the system works well enough for most transactions, it still suffers from the inherent weaknesses of the trust based model. Completely non-reversible transactions are not really possible since financial institutions cannot avoid mediating disputes. The cost of mediation increases transaction costs, limiting the minimum possible transaction size and cutting off the possibility for small casual transactions, and there is a broader cost in the loss of ability to make non-reversible payments for non-reversible services. With the possibility of reversal, the need for trust spreads. Merchants must be wary of their customers, hassling them for more information than they would otherwise need. A certain percentage of fraud is accepted as unavoidable. These cost and payment uncertainties can be avoided in person by using physical currency, but no mechanism exists to make payments over a communication channel without a trusted party.”

“What is needed is an electronic payment system based on cryptographic proof instead of trust, allowing any two willing parties to transact directly with each other without the need for a trusted third party. Transactions that are computationally impractical to reverse would protect sellers from fraud, and routine escrow mechanisms could easily be implemented to protect buyers. In this paper, we propose a solution to the double-spending problem using a peer-to-peer distributed timestamp server to generate computational proof of the chronological order of transactions. The system is secure as long as honest nodes collectively control more CPU power than any cooperating group of attacker nodes.”

Basically, they were trying to devise a system with which we could transact over the Internet in the same way we can in person (or at least in an analogous way). When we’re standing next to each other, and you have something that I think is valuable and I have something you think is equally valuable (could be cash or goods or services), we just trade (I give you the thing you want and you give me the thing I want and we’re good to go). We only have to trust each other exactly as far as required to make that one transaction. (And) We don’t have to trust a third party with access to to our financial information or our relationship to the details of the transaction. We don’t have to ask permission. We just trade with each other.

If instead we’re halfway across the world from each other, we have to involve potentially a whole bunch of other parties to make the transaction happen. There will be at least a payment processing company and a couple of banks (yours and mine) each of which will require some personal financial information from both of us, sometimes including the details of the transaction. Depending on which countries we are in and the nature of the transaction, our transaction may also face scrutiny from various governments

So what we basically have with Bitcoin is a digital analogy to cash or maybe something like gold.

It’s a token with a strictly limited supply. Limited supply is important for any currency because currency is meant to represent real value, and at any give time there is limited supply of real value (goods and services) in existence.
Individual Bitcoin users have exclusive control over the spending of their Bitcoins.
The trade value of Bitcoin is not restricted to a specific physical location (a limitation of cash or gold).
The value represented by Bitcoin can’t be directly manipulated (as with inflationary spending – money printing) or seized or frozen by governments or financial institutions (as with bank accounts)
Some people argue that Bitcoin (and other crypto currencies) is a legitimate alternative to paper currency or even an alternative to gold as a store of value. Others believe it’s a fad or even a scam with no real value.
On the one hand Bitcoin provides a way for people to control their assets without the ability of a third party financial institution or government to interfere, on the other hand, a Bitcoin user can’t rely on anyone to help them recover Bitcoin that is lost or stolen.
On the subject of government oversight, Bitcoin allows people to trade value outside the direct influence of oppressive or irresponsible government, but with the tradeoff that it potentially makes financing illegal activities easier.
These are some of the many active debates around Bitcoin and others systems like it. They are what I will call outside the scope of this podcast. For our purposes, we’re more interested in the idea of being able to have a cryptographically provable record of events that is extremely difficult to tamper with, and that’s the basic promise of blockchain.

What does a bitcoin transaction look like:

Again, while we are using bitcoin to tokenize financial value and using that token to make financial transactions, we can use the same mechanism for anything that we can represent with a digital token (this could be ownership of assets, the existence of something at a certain time, agreement between parties on a particular issue, etc). And also, another quick disclaimer, this isn’t meant to teach you how to acquire or use Bitcoin. I’m going to gloss over some details that I don’t think are important to general understanding but might be important if you actually want to participate in these transactions.

First, all bitcoins are represented by numbers. Numbers must have context to mean anything, an in the case of bitcoins the context is the blockchain. All Bitcoins are inherently part of the blockchain and only exist there. If you are holding some kind of “Bitcoin wallet” in your hand, you aren’t holding any Bitcoins, instead you are holding the credentials required to transfer control of some Bitcoins to someone else.
The Bitcoins are stored on the blockchain as what they call “unspent transaction outputs” (UTXOs).
In order to receive Bitcoins you generate a key pair (a private key and and its corresponding public key). You then create an address by hashing the private key (actually your Bitcoin wallet software probably does this). I covered the idea of private/public key pairs in #18. Just a little refresher, with this kind of key pair, the public key can be given to anyone and the private key must be kept absolutely secret. Anything encrypted with one of the keys can only be decrypted with the other key. This is done using very clever math.
You give the address to the person who is supposed to send you Bitcoins and they create a transaction that transfers some Bitcoin from UTXO’s they control to your address.
Since the address you provided is based on the public key that corresponds to a private key only you have, only you can move Bitcoin out of the UTXO corresponding to that address.
In order to spend your Bitcoins, you provide to the Bitcoin network:
- The public key that corresponds to the address you received the Bitcoins into. That public key can be hashed to determine the address.
- A message signed with the private key that corresponds to the public key. That signature can be verified using the public key. This fact that the verification can be done using the public key demonstrates that you control the private key which proves that you own the bitcoins that were sent to the address which means that you are authorized to transfer then to someone else.
- An address or addresses you want to transfer Bitcoins to.
- A Bitcoin transaction will typically have multiple inputs and outputs. In fact, most transactions have at least 2 outputs just because when Bitcoin is transferred from a UTXO, all of the Bitcoin is transferred out. If the amount you want to pay is less than the total you have in the UTXO you would also need to provide an address to put the “change” (the leftovers) so you can maintain control of them.
I don’t want to spend too much more time on that, so hopefully I convinced you that the transaction mechanism does in fact allow someone to keep control of their Bitcoins and transfer them to others without requiring the trust of a third party.

Before getting into how transactions are actually carried out, I’ll describe what is meant by the term blockchain.

What is blockchain?

Blockchain is a ledger, or more generally a kind of database. It’s a record of things or events. In the Bitcoin context, the blockchain is the ledger of bitcoin transactions or payments from one user to another.
The term blockchain is made up of two parts, “block” and “chain.”
- A block is a collection of ledger entries. In the bitcoin block chain, the maximum block size is one megabyte. This means that in each block, there are some number of ledger entries (Bitcoin transactions) such that the total size of the data doesn’t exceed 1 MB. The exact number varies because not all transactions are the same size and also because there is no requirement to use the whole 1MB.
- The blocks are attached together in a chronological chain so that the order of transactions can be determined by anybody reading the blockchain (so block chain is a chain of blocks). The blocks aren’t actually physically attached, they’re just bits of data, instead they are numbered and the numbering and ordering is secured using cryptographic hashes.
The hashed linking of the blocks works like this:
- Each block contains the list of transactions to be included in the block, the hash of the previous block, and the a random number (called a nonce – number used once).
- The random number is chosen so that the blocks’s hash is below a certain target number (the difficulty). Since it is computationally infeasible to choose create a block that gives you the hash you want, the only way to get a hash of a certain value is to choose the nonce, and hash the block to see if the hash value is low enough. If the hash is low enough, the block is complete and can be aded to the chain. If the hash is too high, increment the nonce and try again. The difficulty of this cryptographic puzzle is chosen so that it will take, on average, a certain amount of time to create a block. This is called proof of work.
- Changing anything in a block will change the block’s hash value. Since each block contains the hash of the previous block, changing something in a block will not only change the block’s own hash but it will change the hash of every block that comes after it. So if somebody wanted go back and change history, they would have to do the hash calculations for every block after the one they wanted to change.
If the blockchain was controlled by one party, then changing history would be trivial for them to do. The blockchain model requires one more piece. The Bitcoin network (and really all blockchain networks) is a distributed network.
- This means that there are many network nodes.
- Anyone can run a node
- Each node has a full copy of the blockchain (that’s basically the ledger)
- Each node can verify the ledger.
- The steps to run the network are as follows (quoting from section 5 of the bitcoin white paper)
  - New transactions are broadcast to all nodes
  - Each node collects new transactions into a block.
  - Each node works on finding a difficult proof-of-work for its block.
  - When a node finds a proof-of-work, it broadcasts toe block to all nodes.
  - Nodes accept the block only if all transactions in it are valid and not already spent.
  - Nodes express their acceptance of the block by working on creating the next block in the chain, using the has of the accepted block as the previous hash (for the new block they are trying to create).
  - Nodes always consider the longest chain to be the correct one and will keep working on extending it. If two nodes broadcast different versions of the next block simultaneously, some nodes may receive one or the other first. In that case, they work on the first one they received, but save the other branch in case it becomes longer. The tie will be broken when the next proof-of-work is found and one branch becomes longer; the nodes that were working on the other branch will then switch to the longer one
  - New transaction broadcasts do not necessarily need to reach all nodes. As long as they reach many node, they will get into a block before long. Block broadcasts are also tolerant of dropped messages. If a node does not receive a block, it will request it when it receives the next block and realizes it missed one.
- I said before that if someone wanted to change history they would have to recalculate every block after the block they wanted to change and that this would be trivial to do its only one party was keeping the ledger. In the distributed version where anyone can keep the ledger, the attacker would have to do the calculations in a way that created their new blocks faster than the rest of the network is creating new blocks so that the fraudulent chain would eventually become longer than the legitimate chain. Since the proof-of-work is a computationally-intensive job, in order to do this the attacker would have to control more than 50% of all of the CPU power on the network and also be use more power (as in electricity) to run the computations fast enough to outpace the legitimate network. This is theoretically possible (they call it the 51% attack) but becomes less likely with each node that is added to the network.