More on this book
Community
Kindle Notes & Highlights
by
Neel Mehta
Read between
January 26 - February 7, 2022
Bitcoin gives us, for the first time, a way for one Internet user to transfer a unique piece of digital property to another Internet user, such that the transfer is guaranteed to be safe and secure, everyone knows that the transfer has taken place, and nobody can challenge the legitimacy of the transfer.
In short, tangible money is insecure, inconvenient, easy to fake, and impractical for digital payments. Middleman-mediated money, or M3, solves these problems, but introduces problems of fees, lack of accessibility, and a different form of insecurity.
Is there a way to cut out the middleman while retaining intangibility?
But it turns out that people invented an intangible, middleman-free form of money centuries before Satoshi introduced Bitcoin to the world.
The traditional currency on Yap is giant stone rings known as rai stones.
Bitcoin is a digital currency, so it’s intangible, and it’s (in theory) middleman-free because it doesn’t rely on a bank or other institution to keep track of people’s money balances. Instead, Bitcoin relies on a network of computers around the world to keep a shared log, or ledger, of every past payment. This “shared public ledger,” as it’s known, is called a blockchain, and it’s basically a high-tech version of Yapese villagers’ shared memory of past payments.
A simplified way to think of the Bitcoin blockchain: it’s a Google sheet shared with the whole world.
Any Bitcoin user can use their computer to verify pending transactions and add only the valid transactions to the blockchain. For efficiency’s sake, transactions are batched into blocks of a few thousand transactions per block.
If you verify a block of transactions, you’ll earn some fees from every transaction in the block, and the Bitcoin software will also pay you a fixed chunk of bitcoins,[b] known as the block reward. The bitcoins in the block reward don’t exist before the verification — the Bitcoin software creates them out of thin air.
A more advanced model of Bitcoin’s blockchain, incorporating mining, fees, and rewards.
Bitcoin’s blockchain stores blocks in a linear “chain,” where each block mathematically points to the last one:
hashing, where you feed a bunch of information (words, numbers, Bitcoin blocks, etc.) into an algorithm that spits out a short “fingerprint” of the information.[43]
the core idea is the same: large inputs of data become short outputs.
In Bitcoin, each block has an associated hash. Each block’s hash is based partly on the hash of the block before it.[d] This way, each block refers to the block before it.
As a result, the blockchain doesn’t have to be a linear chain. In fact, it usually isn’t. The blockchain tends to look more like a “blocktree,” with a “trunk” and “branches”:
The longest branch is considered the “official” one.
The blocktree sometimes grows a new branch when two miners generate (or “mine”) a block at the same time. This is rare, but it does happen. When it does, there are two transactions splitting off the most recent transaction, and a new branch of the blocktree is born.
To have a linear official history, Bitcoin uses a rule of thumb called the longest chain rule, which says that the branch of the “blocktree” with the most blocks in it is the official blockchain.[50]
The Bitcoin software, which runs on Bitcoin users’ computers, enforces the longest chain rule by only paying miners who added a block to the longest chain.
If two miners mine a block at the same time, two branches are born, and only one branch is going to win out and become the longest chain.
What if a crooked miner created a new branch and mined blocks faster than everyone else, thus making her branch longer than the legitimate branch? Well, the crooked miner’s branch would become the longest chain, so it would become the official blockchain.
How do you stop attacks like these? You have to make it hard for attackers to mine faster than the honest miners. To do that, Satoshi made it very time-consuming to mine a block.
Transactions waiting to be vetted and confirmed sit around in the transaction pool, also known as the memory pool or mempool[53]. When you want to mine a block, you choose a few thousand transactions from the pool, verify them, and build your block.
Then all you have to do is generate a hash for your block, and you’ll be able to put it on the chain and get your rewards.
But generating the hash isn’t easy. It requires three inputs: the last block’s hash, the transactions, and a special number that you pick called a nonce.
The catch is that the hash value is different for each nonce, and you’re only allowed to add your block to the chain if your hash starts with the right number of zeroes.
What’s more, hash functions used by computers tend to be so-called one-way functions: it’s easy to compute the output given the input, but it’s nearly impossible to guess the input given the output.
So the only way to mine a block is to guess nonces over and over until you win — like playing a digital lottery. We call it the game of nonces.
(The word nonce comes from “number used only once,” since you try it once and throw it out if it’s no good.
Hashes are pretty much random, so the first digit of any hash has a 1/16 chance of being a zero. That means you’ll get a successful hash once out of every 16 tries, on average.
Now imagine if you had to pick a nonce that yielded a hash with at least four leading zeroes. Then, only one out of every 164 = 65,536 nonces would yield a winning hash.
At the time of writing, each nonce you try gives you a 1 in roughly 66,000,000,000,000,000,000,000 (that’s 66 with 21 zeroes, or 66 billion trillion) chance of mining a block.[59]
If you tried using a MacBook to run the mining algorithm, it would take you about two million years to guess a successful nonce.
Instead, they buy powerful computers outfitted with hyper-specialized computer chips called ASICs, or Application-Specific Integrated Circuits,
To pull this off, she’d need to be able to mine blocks faster than all the other “honest” miners put together, so she’d need to control just over 50% of the world’s hash power. This attack, known as a 51% attack,
If mining was easy as running a few lines of code, attackers could easily hijack the blockchain; making mining hard with the game of nonces is Bitcoin’s way of deterring attackers.
But without a central server, users can’t check if their desired usernames are taken. The solution: make users choose one of trillions of random “usernames,” offering such a huge set of potential names that there’s a vanishingly small chance of anyone getting a name that’s already taken.
Credentials
The next complication is having a system for checking passwords without a central server. Bitcoin solves this by using one-way functions (like the hash functions we met earlier) to compute the user’s “username” from their “password”: to prove that they own a “username,” users have to provide the “password” that turns into the “username” when run through those functions.
For Bitcoin, it starts with your private key, a long, totally-random number that only you should know. It’s usually written as a 52-character alphanumeric string; this encoding scheme is known as base-58.[71] [l] The private key fills the role of a password in Bitcoin.
From the private key, you can run a one-way function called the Elliptic Curve Digital Signature Algorithm, or ECDSA,[72] to generate an intermediary number called the public key.
Then you apply two more one-way functions (SHA-256 of Bitcoin mining fame[73] and another one called RIPEMD-160[74]) and do a few more mathematical tweaks to get a more compressed version of the public key,[75] called the address.
The address is the closest thing Bitcoin has to a username: it’s public and is used to identify you.
Once you have a private key and address, you can start sending and receiving bitcoins. To prove that you’re the sender of a transaction, you digitally “sign” it by using your private key to make a “tag'' on the transaction.
Tag - public key
Bitcoin goes a step farther than conventional username-password schemes, in fact: because all transactions are publicly listed on the blockchain, anyone see the past transactions and Bitcoin balances of any address.
Stepping back, you’ll notice that Bitcoin uses a lot of math: hash functions for mining, one-way functions for generating keys and addresses, and digital signatures for proving your identity. These are all forms of cryptography, the science of keeping information secure by encoding (or encrypting) it in a format that attackers can’t reverse-engineer.[83]
For this reason, Bitcoin is called a cryptocurrency.[84] Satoshi’s insight was that cryptography lets you have a currency that is secure yet transparent — and that’s the heart of Bitcoin.
It boils down to what the historian Yuval Noah Harari calls an intersubjective reality[101]: you think this thing has value because you know that other people think it has value.
The catch is that the block reward is always decreasing: the Bitcoin software halves the reward every four years.
The original block reward was 50 bitcoins per block back in 2008; the reward got halved to 25 bitcoins in 2012; and it got halved again to 12.5 bitcoins in 2016.[109] The most recent halving, at the time of writing, happened in May 2020, when the block reward fell to 6.25 bitcoins per block.[110][q]
If you extend this trend, you’ll find that the block reward will officially hit zero in 2140 after the 33rd halving.[r] At that point, 21 million bitcoins will have been mined, and the supply of bitcoins will never grow again.
