bitcoin has gained much popularity over the decade; but there are still people who dont understand what it is and how it works; this article intends to be an introductory text which hopefully makes it easier to answer these questions;

disclaimer of warranties: we write this article as “it is”, without warranty of any kind; we expressly disclaim all warranties, whether express or implied, including but not limited to, any warranty of merchantability, fitness for a particular purpose, security, accuracy and non-infringement;

limitation of liability: we will not be liable for any claims, damages, losses or other liability, whether direct or indirect, arising from, out of or in connection with your use or inability to use the article;

## what is bitcoin

bitcoin is a decentralized crypto-currency; bitcoin is a completely digital money maintained and transacted on a peer-to-peer network without a central authority;

from a user perspective, bitcoin is like digital cash;

## how bitcoin works

before we describe relevant technology, we recommend downloading bitcoin core, the reference implementation of bitcoin, and keeping its source code at hand for reference; we also recommend reading the original bitcoin paper;

### core data structures

bitcoin uses the blockchain technology; the core data structures are:

• a blockchain is a chain of blocks;

• a block contains a block header and a list of transactions;

• a block header (doc, source) is a 80-byte structure containing these fields:

• block version number;

• hash of the previous block header;

• hash of the merkle root of transactions (aka: txs) included in this block;

• timestamp;

• proof-of-work requirement (nbits);

• nonce;

this is block header class in the bitcoin core implementation:

class CBlockHeader
{
public:
int32_t nVersion;
uint256 hashPrevBlock;
uint256 hashMerkleRoot;
uint32_t nTime;
uint32_t nBits;
uint32_t nNonce;

...

• a transaction contains a list of inputs and a list of outputs;

a graph may make it easier to visualize the blockchain:

### bitcoin protocol: a node perspective

in this section, we analyze bitcoin protocol as an individual node in the bitcoin network;

with the data structures in mind, the job of a bitcoin node is easy to explain:

• create a valid block meeting proof-of-work requirement;

• broadcast the block to the full network;

• hope the block is accepted by other nodes as the next block in the main chain;

easy, but still some questions with this explanation:

• what is proof-of-work requirement?

• what is main chain?

• proof-of-work requirement is a target threshold for a block header hash; specifically, a block header hash must be less than or equal to its target threshold; the target threshold is encoded as a block header field nbits;

the point of using a proof-of-work is to ensure generation of a new block takes a reasonable amount of time;

• main chain is the longest chain among all well-formed block chains;

the point of using a main chain is to have a public ledger recording all past transactions, so that every cash flow and every account balance are publicly available and verifiable;

### bitcoin protocol: a user perspective

in this section, we analyze bitcoin protocol as a user;

as a digital currency, bitcoin must solve some basic problems about its usage:

• how to issue new bitcoins?

• how to pay with bitcoins?

• how to store bitcoins safely?

#### how to issue new bitcoins

new bitcoins are issued via a process called mining, and the person called a miner; recall from above: mining is about creating a valid block meeting proof-of-work requirement; in fact, the proof-of-work requirement is adjusted by the network; thus a miner cant freely change it; instead, a miner has these freedoms over the block it generates:

• determine the previous block;

this is usually the current head of the main chain; but if a miner wishes, it can branch off an earlier block; however, this would require more computation because it has to generate more blocks to catch up;

• determine which transactions to include in this block;

this will change hash of the merkle root of transactions;

• determine the block timestamp;

the freedom on block timestamp is limited by a range;

• determine nonce;

this is the value on which a miner has the most freedom; including this value has no purpose other than rolling a different block header hash; the mining work is largely about trying different nonces until one works (which means the block header hash satisfies proof-of-work requirement);

a miner earns two types of rewards on a successful mining:

• a block subsidy, whose amount varies over time;

originally block subsidies are paid at 50 btc/blk, but halving every 210,000 blocks; a geometric series calculates the upper limit of all bitcoins as:

210000 * 50 + 210000 * 50 / 2 + 210000 * 50 / 4 + ... = 21000000


so there will ever be at most 21 million bitcoins;

• transaction fees;

each transaction may have one or more inputs and outputs, the sum of which dont have to be the same; for each transaction included in this block, the difference between its outputs and inputs, termed transaction fee, becomes the income of the miner; this is to reward the miner for its hard work in making this transaction possible;

in fact, many miners are self-interested and will priorize including transactions with higher fees; this is an incentive by design;

the block subsidy and transaction fees are collected via a special coinbase transaction , which is always the first transaction in a block; every block must have a coinbase transaction (ref);

#### how to pay with bitcoins

paying with bitcoins is about making a transaction and finding a miner to incorporate your transaction into the main chain;

to send or receive bitcoins, you need one or more bitcoin addresses; think these addresses like bitcoin accounts;

recall from above: a transaction contains a list of inputs and a list of outputs;

• an input has 3 fields:

• an outpoint, which references a previous output (which transaction and which output in that transaction);

basically, this tells you where the money comes from;

• a signature script, which satisfies the pubkey script in the referenced output;

basically, this is the key to unlock the money;

• a sequence number, which is currently not being used;

• an output has 2 fields:

• a value field, which indicates how much money to send to this output;

• a pubkey script, which indicates what conditions must be fulfilled for those money to be actually sent;

basically, this is the lock on the money;

each bitcoin address is identified and protected by a pubkey script; to spend money stored in this bitcoin address, one must provide a signature script to satisfy this pubkey script (ie: unlock the money); this is similar to public key cryptography; and if thinking with scripts sounds too complicated, you may view pubkey script as public key, and signature script as secret key;

in real life, you dont have to deal with scripts or keys; you only need bitcoin addresses, and a bitcoin wallet can help you manage those addresses and do transactions;

#### how to store bitcoins safely

bitcoin uses the elliptic curve digital signature algorithm (ecdsa) with the secp256k1 curve; secp256k1 private keys are 256 bits of random data; to store bitcoins safely, dont disclose your signature script to others; practically, it is impossible to spend the money without a valid signature script;

when you decide to spend the money, list the address (more precisely, the outputs in transactions where this address received its money) with its signature script as an input in a transaction; if there is any change, deposit to another bitcoin address; bitcoin requires each output of a particular transaction can only be used as an input once in the block chain;

### bitcoin protocol: a system perspective

in this section, we analyze bitcoin protocol as an overall system;

the bitcoin system is designed for electronic transactions without central authority; ownership of money is protected by digital signatures; double spending is prevented by running a consensus protocol across the p2p network to maintain a longest block chain as a public ledger recording all transactions; the chaining of blocks makes adversary work harder; nodes express their acceptance of valid blocks by extending them and rejection of invalid blocks by not extending them; nodes vote with their computing power so that it is impossible to disrupt the network if honest nodes control a majority of computing power (and thus control the longest block chain);

### forking

because a block can branch off any other block on the blockchain, the blockchain sometimes grows into one or more side branches; this is called forking;

because different miners may produce new blocks at roughly the same time, forkings happen occasionally; this is absolutely normal; usually, forks are short-term; as mining continues, with a few more blocks, one of the branches will excel and become the main chain and others will die natually; sometimes, several branches grow at similar speed and may produce long-term forks;

due to the existence of forks, a transaction confirmed on the main chain by 1-2 more blocks are not considered safe; there is a risk that a side branch may later grow longer and supersede the current main chain; this will render the current main chain stale, forfeiting all transactions on it; the current recommendation is to wait for 6 confirmations before assuring the transaction has been fully checked in;

#### consensus rule changes

forks happen occasionally when all nodes are running under the same consensus rules; when the consensus rules are changed, however, nodes may be upgraded at different times; for a period of time, non-upgraded nodes will follow old rules and upgraded nodes will follow new rules; then a fork will almost always happen;

depending on whether new rules are looser or tighter than old rules, 2 types of forks can happen:

• a soft fork happens when rules become tighter; this means, a block may be rejected by upgraded nodes but accepted by non-upgraded nodes; this means, upgraded nodes accept a subset of blocks accepted by non-upgraded nodes;

this is called soft fork because the diverge is temporary: as more and more nodes are upgraded, the hash rate of upgraded nodes will finally outgrow non-upgraded nodes; this means upgraded nodes grow their main chain faster than non-upgraded nodes; because all blocks accepted by upgraded nodes are also accepted by non-upgraded nodes, the upgraded main chain will finally grow longer than non-upgraded main chain, and also become non-upgraded main chain;

• a hard fork happens when rules become looser; this means, a block may be rejected by non-upgraded nodes but accepted by upgraded nodes; this means, upgraded nodes accept a superset of blocks accepted by non-upgraded nodes;

this is called hard fork because the diverge is permanent (unless all nodes are upgraded); as more and more nodes are upgraded, upgraded main chain will grow faster than non-upgraded main chain; but non-upgraded nodes will not accept blocks which only qualify the new rules and thus will not accept the upgraded main chain as their main chain; this creates a permanent diverge;

the most famous hard fork happened in mid-2017 which created a fork of bitcoin itself, named bitcoin cash;

### epilog

who designed bitcoin? satoshi nakamoto!

who is satoshi nakamoto? sorry, i dont know…