a day, according to the consulting firm Deloitte. By comparison, Visa’s electronic payment processing network handles more than 150 million transactions a day from 2.1 billion credit cards and more than 2 million ATMs."
But Bitcoin has come to represent the possibility of an alternative way of thinking about money. In a conventional financial system, money is in bank accounts, and payments transfer money between accounts. To put it another way, the transaction relies on the fact that the bank can see what people have in their accounts. In a Bitcoin transaction, no third party can see what the buyer and seller have in their accounts; indeed, no third party can name the two parties that are making the transaction. People can buy and sell anonymously, without the interposition of a conventional currency or the control of a central bank. But through what magic of cryptography can such a system work? One of the best explanations I've seen of how Bitcoin actually works in a nuts and bolts way is by Robleh Ali, John Barrdear, Roger Clews, and James Southgate, who have two articles in the Quarterly Bulletin of the Bank of England (2014, Q3) that offer a nice overview: "Innovations in payment technologies and the emergence of digital currencies" and "The economics of digital currencies." Here's a step-by-step sense of how a Bitcoin transaction works, drawing from their essays.
Step 1: Two parties agree on a Bitcoin transaction. For simplicity, call the buyer Anne and the seller Bill.
Step 2: "Anne creates a message with three basic elements: a reference to the previous transaction through which she acquired the bitcoins, the addresses to pay (including Bill’s) and the amount
to pay each one." The message can also include other conditions: for example, Anne may specify that she is willing to pay a small amount to the party that verifies the transaction--a step to be discussed further in a moment.
Step 3: "Once the message has been created, Anne digitally signs it to prove that she controls the payer address." The concept of a "digital signature" gets deeper into theories of cryptography than I really understand. But at a basic level, Ann uses a "private key" to encode the transaction, and announces a "public key" that allows others to decode the transaction. But those who decode it cannot change the transaction, nor can they trace the transaction specifically to Anne. "Bitcoin addresses are a version of the public key, which can be made widely available and published. Addresses and their
private keys are random strings of alphanumeric characters. An address is typically 34 characters long (for example 1FfmbHfnpaZjKFvyi1okTjJJusN455paPH), while a private key is typically 51 characters long. Each Bitcoin address is paired with a corresponding private key, which is kept secret by the owner of the address, and needed to sign transactions from — and, hence, prove ownership of — the address."
Step 4: "Anne broadcasts the signed message to the network for verification." At this point, Anne has created an anonymous "buy" message, and the issue is how to verify that the funds should indeed be transferred.
Stage 5: "Miners gather Anne’s new transaction and combine it with others into new candidate ‘blocks’. They then compete to verify them in a way that other miners will accept." Let us postpone for a moment the notion of "blocks" and how the miners compete to verify the transactions, and just say that Claire is the miner who succeeds in verifying Anne's transaction. The transaction is then completed in one more step.
Stage 6: "Clare is a miner and successful at verifying a block with Anne’s transaction in it, so she will receive both a reward of new bitcoins, as well as the transaction fee from Anne’s transaction. Clare broadcasts this result and other miners add the block to the end of their copies of the block chain and return to step 5. Bill receives the 1 bitcoin sent to him ..." Notice that Bill now has a Bitcoin in his account, which he could use to initiate a transaction of his own.
Clearly, the activities of these "miners" are at the center of how Bitcom works. The basic idea of Bitcoin is that if it is to function, "all users agree on which transactions have actually happened and in which order." The block chain is the description of past transactions, built up one block of transactions at a time. But how can miners reach a consensus over what should be added to the block chain? Ali, Barrdear, Clews, and Southgate explain:
"Establishing consensus is purposefully more difficult and requires each miner to demonstrate the investment of computing resources known as a ‘proof of work’. ... The proof of work scheme used by Bitcoin means that the time taken for a miner to successfully verify a block of transactions is random. But as new miners join the network, or existing miners invest in faster computers, the time taken for a successful verification can fall. In order to allow time for news of each success to pass across the entire network, the difficulty of the proof of work problem is periodically adjusted so that the average time between blocks remains broadly constant at ten minutes for Bitcoin, meaning that payments are not instantaneous. ...
The chain of blocks representing the greatest sum of work done is the accepted truth within the Bitcoin network (sometimes referred to as the ‘longest chain’). Whichever branch is received by the majority of the network will initially be selected. However the branch with the most computation resources should ultimately take the lead. This branch will be most likely to have a subsequent block built on top of it and is therefore more likely to eventually ‘win’ the race. Miners that were working off blocks in the ‘shorter’ branch (that is, the branch with less demonstrated work done) then have a significant incentive to switch to the longer branch, as any work they contribute to the shorter branch will never be accepted by the majority of the network. ...
The rule that the chain with the greatest sum of work done wins is an important element in combating fraud in the Bitcoin network. Any attacker attempting to modify earlier blocks (so that bitcoins could be spent twice) would have to control enough computing power for them to both catch up with and then overtake the genuine block chain as the ‘longest’. ... It therefore makes more sense for anyone capable of assembling the necessary computing power to contribute to the continuation of the system, rather than attacking it.This seems more-or-less clear, and the point that Bitcoin transactions are not instantaneous strikes me as especially interesting in our credit-card economy. But there are two big holes remaining in the explanation. What exactly is the work done by the miners? And how are the miners rewarded for doing it?
Here is how Ali, Barrdear, Clews, and Southgate describe the "proof of work" done by the miners:
The proof of work scheme used by Bitcoin makes use of a special algorithm called a ‘cryptographic hash function’, which takes any amount of information as an input and creates an output of a standard length (the ‘hash value’). The function is cryptographic because the hash value produced is different for any change in the input (even of a single character), and it is almost impossible to know in advance what hash value will be produced for a given input. For example, the hash function used by Bitcoin (called ‘SHA-256’) generates the following:
The Bitcoin protocol requires that miners combine three inputs and feed them into a SHA-256 hash function:
• A reference to the previous block.• Details of their candidate block of transactions.• A special number called a ‘nonce’.
Outsiders can verify how much work it takes to get an acceptable hash value: that is, how many values of the nonce must be tried. Again, the one that took the most work is accepted as the basis for the block chain on which others will build.If the hash value produced is below a certain threshold, the proof of work is complete. If it is not, the miner must try again with another value for the nonce. Because there is no way to tell what value of the nonce, when combined with the other two inputs, will produce a satisfactory hash value, miners are forced to simply cycle through nonce values in trial and error.
Why do miners compete to do this calculation? They are rewarded by a combination of receiving a transaction payment specified by the original buyer, and also because the producer of the accepted block chain is directly paid by the issuance of new Bitcoins. "The first blocks created 50 new bitcoins per block and the Bitcoin protocol calls for this reward to be halved every 210,000 blocks (roughly every four years). The current reward is 25 bitcoins per block, and this is likely to be reduced
to 12.5 bitcoins per block in 2017. The planned eventual total number of bitcoins is therefore 21 million, which will be mostly reached by 2040. There are currently a little over thirteen million bitcoins in circulation, distributed over perhaps one or two million users worldwide. ... The Bitcoin protocol seeks to maintain a roughly constant time of ten minutes between each successfully verified block."
These incentives are powerful enough that the Bitcoin miners are continually updating the speed of their computers, to make it more likely that they will win more block chain competitions. Karin and Condon write: "As the work to mine bitcoins has increased, so has the cost. No one seems
to have precisely pegged the cost of the electricity to run—and cool—the computers that solve the algorithms, but estimates run up to $15 million a day."
The discussions in these articles tackle many other issues. What are some pros and cons of anonymous money? What would happen if someone started a Bitcoin bank? Might some small country set up its own currency in a Bitcoin style, and seek to attract those who desire such a currency? If law enforcement and governments wanted, could they find ways of tracking the flow of Bitcoins? What are the risks for fraud? What would competition between different Bitcoin-like currencies look like? If Bitcoin becomes more important, so will these kinds of questions.
But here's one final thought. The price of Bitcoins spiked in early 2013 and then even more in late 2013, and has since then fallen by about half. Watching this process casually, it seemed to me like evidence of grievous instability in this currency. Here's the pattern.
But it turns out that this is an interesting example where having the vertical axipresented as linear, rather than logarithmic, alters ones perceptions considerably. (A logarithmic graph rises in percentage terms. Thus, a continual percentage increase over time looks like a curved line on a linear graph, but like a straight line on a log graph.) Here's the price of Bitcoin on a log graph. It's still bumpy, but it now looks a lot more like a reasonably steady (if volatile) upward movement, not at crazy cycle of boom and bust.
Right now, people are experimenting with Bitcoin for a lot of reasons: pure novelty, anonymous transactions, getting some experience with this kind of transaction, and so on. But given that the ultimate supply of Bitcoins is fixed, their value will ultimately be determined by the demand for their use in transactions.