Jump to content

Want to really understand how bitcoin works? Here’s a gentle primer


Karlston

Recommended Posts

Deep dive —

Want to really understand how bitcoin works? Here’s a gentle primer

Ars goes deep on the breakthrough online payment network.

Want to really understand how bitcoin works? Here’s a gentle primer
The Matrix / Aurich
Update, 12/26/20: It's the year end holiday season, and Ars staff has been enjoying some much needed downtime. While that happens, we're resurfacing some classic Ars stories like this 2017 explainer on everything you've wanted to know about Bitcoin but may have been afraid to ask. (Because with the cryptocurrency's value reaching a new record high not even two weeks ago, it's perfectly reasonable to want the basic intel.) This piece first published on December 15, 2017 and it appears unchanged below.

 

The soaring price of bitcoin—the virtual currency is now worth more than $250 billion—has gotten a lot of attention in recent weeks. But the real significance of bitcoin isn't just its rising value. It's the technological breakthrough that allowed the network to exist in the first place.

 

Bitcoin's still anonymous inventor, who went by the pseudonym Satoshi Nakamoto, figured out a completely new way for a decentralized network to reach a consensus about a shared transaction ledger. This innovation made possible the kind of fully decentralized electronic payment systems that cypherpunks had dreamed about for decades.

 

As part of our recent efforts to shed light on the mechanics of the popular cryptocurrency, today we'll provide in-depth explanation of how bitcoin works, starting with the basics: how do digital signatures make digital cash possible? How did Nakamoto's invention of the blockchain solve the double-spending problem that had limited earlier digital cash efforts?

 

We'll also explore more recent happenings like the block size debate that has divided the bitcoin community into two warring camps. And finally, we'll look at the future and talk about why bitcoin's design could make it a uniquely fertile platform for innovation in the coming years. As you're about to see, there's simply a lot to cover.

Asymmetric encryption made digital cash possible

Whitfield Diffie was a key figure in the development of public-key cryptography and digital signatures in the 1970s.
Enlarge / Whitfield Diffie was a key figure in the development of public-key cryptography and digital signatures in the 1970s.

Until the 1970s, all publicly known encryption schemes were symmetric: the recipient of an encrypted message would use the same secret key to unscramble the message that the sender had used to scramble it. But that all changed with the invention of asymmetric encryption schemes. These were schemes in which the key to decrypt a message (known as the private key) was different from the key needed to encrypt it (known as the public key)—and there was no practical way for someone who only had the public key to figure out the private key.

 

This meant you could publish your public key widely, allowing anyone to use it to encrypt a message that only you—as the holder of the private key—could decrypt. This breakthrough transformed the field of cryptography because it became possible for any two people to communicate securely over an unsecured channel without establishing a shared secret first.

 

Asymmetric encryption also had another groundbreaking application: digital signatures. In normal public-key cryptography, a sender encrypts a message with the recipient's public key and then the recipient decrypts it with her private key. But you can also flip this around: have the sender encrypt a message with his own private key and the recipient decrypt it with the sender's public key.

 

That doesn't protect the secrecy of the message since anyone can get the public key. Instead, it provides cryptographic proof that the message was created by the owner of the private key. Anyone who has the public key can verify the proof without knowing the private key.

 

People soon realized that these digital signatures could make cryptographically secure digital cash possible. Using the classic example scenario, let's suppose Alice owns a coin and wants to transfer it to Bob.

 

She'll write a message that says, "I, Alice, transfer my coin to Bob," and then sign the message by encrypting it with her private key. Now Bob—or anyone else—can decrypt the signature using Alice's public key. Since only Alice could have created the encrypted message, Bob can use it to demonstrate that he's now the rightful owner of the coin.

 

If Bob wants to transfer the coin to Carol, he follows the same procedure, declaring that he's transferring the coin to Carol and encrypting the message with his private key. Carol can then use this chain of signatures—Alice's signature transferring the coin to Bob, and Bob's signature transferring the coin to Carol—as proof that she now owns the coin.

 

Notice that none of this requires an official third party to authorize or authenticate the transactions. Alice, Bob, and Carol can generate their own public-private key pairs without help from third parties. Anyone who knows Alice's and Bob's public keys can independently verify that the chain of signatures is cryptographically valid. Digital signatures—combined with a few innovations we'll discuss later—let people engage in banking without needing a bank.

How bitcoin transactions work

The generic digital cash scheme I described in the previous section is very close to how real bitcoin payments work. Here's a simplified diagram of what real bitcoin transactions look like:

Screen-Shot-2017-12-14-at-9.47.54-AM-640

A bitcoin transaction contains a list of inputs and outputs. Each output has a public key associated with it. For a later transaction to spend those coins, it needs an input with a matching digital signature. Bitcoin uses elliptic curve cryptography for digital signatures.

 

For example, suppose you own the private key corresponding to Public Key D in the diagram above. Someone wants to send you 2.5 bitcoins. The person will create a transaction like Transaction 3, with 2.5 bitcoins going to you—the owner of Public Key D.

 

When you're ready to spend those bitcoins, you create a new transaction like Transaction 4. You list Transaction 3, output 1 as a source of the funds (outputs are zero-indexed, so output 1 is the second output). You use your private key to generate Signature D, a signature that can be verified with Public Key D. These 2.5 bitcoins are then split up between two new outputs: 2 bitcoins for Public Key E and 0.5 bitcoins for Public Key F. Now they can only be spent by the owners of the corresponding private keys.

 

A transaction can have multiple inputs, and it must spend all of the bitcoins from the corresponding outputs of earlier transactions. If a transaction outputs fewer bitcoins than it takes in, the difference is treated as a transaction fee collected by the bitcoin miner who processed the transaction (more details on this later).

 

On the bitcoin network, the addresses people use to send each other bitcoins are derived from public keys like Public Key D. The exact details of bitcoin's address format are complicated and have changed over time, but you can think of a bitcoin address as a hash (a short, seemingly random string of bits that serves as a cryptographic fingerprint) of a public key. Bitcoin addresses are encoded in a custom format called Base58Check that minimizes the risk of mistyping. A typical bitcoin address is "18ZqxfuymzK98G7nj6C6YSx3NJ1MaWj6oN."

 

A real-world transaction looks like this:

Screen-Shot-2017-12-06-at-9.24.54-PM-640

This transaction took 6.07 bitcoins from one input address and split it between two output addresses. One output address got a bit more than 5 bitcoins, while the other got slightly less than 1 bitcoin. Most likely, one of those output addresses belongs to the sender—sending "change" back to themselves—while the other belongs to a third-party recipient.

 

Of course, real bitcoin transactions can be more complex than the simple examples I've shown so far. Probably the most important feature not illustrated above is that in place of a public key, an output can have a verification script written in a simple bitcoin-specific scripting language. To spend that output, a subsequent transaction must have parameters that allow the script to evaluate to true.

 

This allows the bitcoin network to enforce arbitrarily complex conditions governing how the money can be spent. For example, a script could require three different signatures held by different people and also require that the money not be spent prior to some future date. Unlike Ethereum, bitcoin's scripting language doesn't support loops, so scripts are guaranteed to complete in a short amount of time.

How bitcoin stops double spending

Sweet_success-640x428.jpg

Many people in the 1980s and 1990s dreamed of using digital signatures to build an electronic cash system like this that's fully decentralized. But there were two big issues a fully decentralized digital cash system needed to address.

 

One challenge is how to introduce new coins into the system. Obviously a viable payment network needs some way to create new coins, but if you let anyone create new coins whenever they want, the currency will quickly become worthless.

 

The second challenge is known as the double-spending problem. The rules of bitcoin say that each transaction output can only be spent once. If someone tries to spend the same output twice, the bitcoin community needs some way to detect this double-spending attempt and reject the later transaction.

 

The obvious solution is to have a company manage a shared record of all transactions. That's how conventional payment networks like MasterCard and PayPal work. But bitcoin inventor Satoshi Nakamoto wanted to build a network that wasn't controlled up by any single organization.

 

So Nakamoto invented a shared ledger called the blockchain that is maintained by computers, called nodes, operating on a peer-to-peer network. Thousands of computers around the world keep separate copies of the entire blockchain, storing every transaction that has happened since the network was launched in 2009. The network rewards nodes who help to create the blockchain by allowing them to create new bitcoins—solving the coin-distribution problem while simultaneously creating an incentive to help solve the ledger-updating problem.

 

The process works like this: when a user wants to make a bitcoin payment, she uses software to create a new transaction. From the user's perspective, this just means entering the amount of the transaction and the bitcoin address of the recipient into the bitcoin software and clicking "send."

 

The user's client software will formulate the transaction and send it to a nearby node in the bitcoin network. The first node to hear about the transaction shares it with others until it's widely distributed throughout the network.

 

Some of the nodes are miners that participate in the process of actually updating the blockchain. A miner makes a list of all the transactions it has heard about that aren't already in the blockchain. It checks to make sure that each transaction follows all of the rules of bitcoin—valid signatures, sum of outputs no greater than sum of inputs, and so forth—discarding those that break the rules. The resulting list of new, valid transactions is called a block. The miner also adds a special transaction granting itself a fixed reward—currently 12.5 bitcoins—for creating the block.

 

Currently 12.5 bitcoins is more than $200,000, so naturally lots of people would like to add the next block to the blockchain. To win the right to add the next block, bitcoin miners compete against each other by performing a highly repetitive computation. They add a random value called a nonce to the candidate block they have assembled. Then they apply the SHA-256 hash function, which produces a short, seemingly random string of 1s and 0s that serves as a cryptographic fingerprint for the block.

 

The goal is to find a block whose hash is very small—that is, its binary value starts with a large number of zeroes. As I'm writing this, a winning block needs a SHA-256 hash that starts with at least 72 zeros.

 

Because SHA-256 hash values are essentially random, the only way to find a very low value is by repeated guessing. Most of the time, the hash value will be too high and the miner will repeat the process—changing the nonce and computing another hash value. Right now, the network computes around 7 x 1021 SHA-256 hashes, on average, for every block that is created.

 

Whoever finds a block first announces it to the rest of the network. Everyone else verifies that the hash is low enough and that its transactions are all valid. If so, they then add that block to their copy of the blockchain. Everyone moves on to the next round of the race.

How the bitcoin network achieves consensus

The bitcoin network reaches consensus by always building on the longest chain. Ties in one round are resolved by the winner of the next round—in this case, the creation of the purple block made its predecessors an official part of the blockchain.
Enlarge / The bitcoin network reaches consensus by always building on the longest chain. Ties in one round are resolved by the winner of the next round—in this case, the creation of the purple block made its predecessors an official part of the blockchain.

Bitcoin's most important innovation is the development of a fully decentralized consensus process for resolving disagreements about which block to add to the blockchain next. The diagram above illustrates how this works.

 

Suppose two nodes on the network each discover a new block around the same time (meaning they both find blocks whose hash values are lower than the target value). These are the red and green blocks in step 2 above. Only one of these two blocks can become a part of the blockchain, because they include a lot of duplicate transactions.

 

To decide which block to accept, the network moves on to the next round of the race. Miners begin searching for a second new block. If someone finds a second new block, it will include a pointer to one of the two rival blocks created in the previous round. When this happens, both the new block (purple) and its predecessor (green) become part of the official blockchain. The other, rival block (red) gets discarded.

 

In principle, this kind of tie can happen more than once. Someone else could have discovered another block at the same time as the purple block, and this one could have pointed back to the red block. In that case, the race would have continued to a third round, with the winning block in that round choosing which of the two rival chains becomes an official part of the blockchain.

 

But this kind of confusion can't persist for very long, because nodes build on the block with the most predecessors—and in the case of a tie they choose the block they hear about first. So as soon as someone discovers a block like the purple block in step 3—one that makes its chain longer than other, rival chains—everyone else is supposed to accept the new block, along with its chosen predecessors. Everyone begins working on a block to follow the purple one.

 

Miners have good reason to follow this longest-chain rule because they only get their 12.5-bitcoin reward if their block winds up being part of the consensus blockchain. And because most other nodes on the network follow the longest-chain rule, the chances of a block being accepted are much higher if it builds on top of the block at the end of the previous longest chain—like the red block in the diagram above.

 

If a miner stubbornly insists on building on a different block (say the red block) any block it discovers will merely be tied with the purple block for chain length. And in ties like this, miners build on the block they hear about first, so the new block will get ignored.

 

Now suppose someone wanted to attack the integrity of the network by spending the same coins twice. The attacker makes a payment, gets the recipient to accept it (and provide goods or services in exchange), and then wants to remove that payment from the blockchain so he can send the same coins to someone else. Here's what that would look like:

A malicious party attacks the bitcoin network by trying to replace the yellow block with the grey block, allowing him to spend the same bitcoins twice. This attack is unlikely to succeed unless the attacker controls a majority of the network's hashing power.
Enlarge / A malicious party attacks the bitcoin network by trying to replace the yellow block with the grey block, allowing him to spend the same bitcoins twice. This attack is unlikely to succeed unless the attacker controls a majority of the network's hashing power.

In this diagram, the legitimate transaction the attacker wants to replace is in the yellow block. In step 2, the attacker generates a new block—the grey one with a devil-horn icon representing the malicious double-spending transaction. The attack succeeds if the attacker can get the network to drop the yellow block in favor of the grey one.

 

To do this, the attacker needs to extend its branch of the blockchain more quickly than the rest of the network can expand the legitimate branch. At first the attacker gets lucky, adding the orange block in step 3. This makes the malicious chain as long as the honest chain, but remember that honest nodes will continue building on the green block since they heard about it first.

 

The question is who builds the next block. In scenario 4a, the attacker discovers another block and the attack succeeds. Honest nodes following the longest-chain rule switch to recognizing the grey and orange blocks as valid, discarding the previously official yellow and green blocks.

 

In scenario 4b, the honest nodes extend their lead. I've shown the attacker's chain grayed out here, but the attacker hasn't necessarily lost here. It can continue adding blocks for as long as it wants—it will only be decisively defeated if the honest nodes build such a big lead that the attacker has no hope of catching up.

Waste secures the blockchain

powerplant-640x427.jpg

Mining is a probabilistic process, so whether an attack like this ultimately succeeds depends partly on luck. But it also depends on whether the attacker has more computing power than the rest of the network. If it does—a situation known as a 51 percent attack—then the attack is guaranteed to succeed eventually. On the other hand, if the attacker controls less than 50 percent of the network's total computing power, then the attack is unlikely to succeed, especially if the honest nodes have a decent head start.

 

And this is the silver lining to bitcoin's ludicrous levels of energy consumption. Right now, bitcoin miners have enough collective horsepower to compute more than 12 x 1018 SHA-256 hashes per second. An adversary would need to acquire comparable computing horsepower—something that would cost hundreds of millions, if not billions, of dollars.

 

Miners have amassed so much computing power because bitcoin mining is a lucrative business. Again, miners get 12.5 bitcoin—more than $200,000—per block.

 

When the price of bitcoins goes up, the industry's profits rise, and so mining companies spend more on bitcoin hardware and the electricity required to run it. In the short run, this will cause blocks to be produced more quickly.

 

But the bitcoin network is programmed to automatically adjust the difficulty of the mining task—that is, lower the maximum block hash value—to maintain a steady rate of six blocks per hour. If the network creates blocks too quickly, then the maximum block hash value is lowered to make it more difficult to find blocks. If block creation slows, the opposite occurs. As a result, the network produces an average of about one block every 10 minutes, no matter how much computing power the network has.

 

That 12.5-bitcoin block reward is programmed to go down steadily over time. When bitcoin was launched in 2009, each block created 50 bitcoins. The reward dropped to 25 bitcoins in 2012 and to the current value of 12.5 in 2016. It will halve again every four years—6.25 in 2020, 3.125 in 2024, and so forth.

 

Decades from now, the reward will eventually drop to an insignificant level. At that point, bitcoin mining will be supported solely by transaction fees. Any transaction can include a fee—a reward that goes to the miner who includes the transaction in the block. If there are more transactions than can fit in the next block, miners typically include the transactions with the highest fees first, effectively auctioning off space in the block to the highest bidder.

 

Early bitcoin supporters liked to tout the fact that bitcoin transactions were free or close to it. But as the bitcoin network has become more congested, that has stopped being true. By early December, the average bitcoin transaction fee had soared to around $20 as too many transactions jostled for space in too-small blocks.

A debate over scaling is tearing the community apart

Miami_traffic_jam_I-95_North_rush_hour-6

The network is becoming congested because a hard-coded value in bitcoin's code limits blocks to be no more than 1 megabyte. This limit, introduced with little controversy in 2010 as a measure to prevent abuse of the then-fledgling network, has since become the most controversial issue in the bitcoin world.

 

Typical bitcoin transactions are around 500 bytes, on average, so blocks start to fill up when they have around 2,000 transactions. If the network creates a new block every 10 minutes, that translates to about 3.33 transactions per second. Obviously, a mainstream global payment network needs to be able to process payments more quickly than that.

 

The bitcoin world has split into two warring camps with different solutions for this problem. One side has argued that the solution is simple: increase the block size. They've suggested immediately increasing the block size to 2, 4, or 8 megabytes, with further increases as needed in the future.

 

The other camp worries that a higher block limit will make it too expensive for ordinary bitcoin users to run a full node on bitcoin's peer-to-peer network. Full bitcoin nodes must download every bitcoin transaction ever made and store them indefinitely. Increasing the block size limit would increase the bandwidth and storage requirements for participating in the network. If it becomes more expensive to run a bitcoin node, then smaller nodes might shut down. The bitcoin network could become dominated by a small number of companies and other large organizations.

 

Big-block advocates argue this is nonsense. At the moment, the blockchain is 145 gigabytes, and it's been growing by about 4 gigabytes per month. Doubling the block size would mean the network would begin generating 8 gigabytes of data per month. Given that Amazon Web services currently charges about 2 cents per gigabyte per month for storage, they say, a reasonable block size increase isn't going to price anyone out of the market.

 

But small-block supporters argue this reasoning is too short-sighted. They point out that a single doubling of the block size won't be enough to accommodate demand in the long run. If bitcoin relies on larger blocks to scale the network, it will quickly get to 10 megabyte blocks, then 100 megabyte blocks, and perhaps eventually 1 gigabyte blocks. At some point, it really will be cost-prohibitive for ordinary people to run full nodes. So small-block advocates argue that it makes more sense to find ways to scale the network while keeping blocks small.

 

The first step they've advocated is a feature called segregated witness that was adopted by the network in September. This upgrade moved the cryptographic signatures (the "witness data") from transactions into a part of the blockchain that doesn't count against the 1 megabyte limit. Once a node has verified that these signatures are valid, it can discard them, reducing the amount of data that has to be stored permanently. When fully phased in, this should roughly double the bitcoin network's capacity without significantly increasing the burden on Bitcoin nodes.

 

Over the longer term, the small-block crowd has its hopes pinned on Lightning, a payment network that's designed to be layered on top of bitcoin. A draft Lightning specification was released in early December, and three companies are now building independent implementations of the specification.

 

A full explanation of Lightning is beyond the scope of this article (though we'll have much more to say about it in the future). In a nutshell, it uses a technique called payment channels that allow many small transactions to be made between two parties without posting individual transactions to the blockchain. The goal of the Lightning network is to stitch a patchwork of payment channels together into a global network that allows anyone to pay anyone else.

 

If Lightning works as well as advocates expect, then it could solve bitcoin's long-term scaling problems. But some big-block advocates are skeptical that it will reduce on-chain transactions enough to make a difference. And they argue that in the meantime, bitcoin's block size should be increased to accommodate steadily rising demand.

Two visions for bitcoin's future

The original big block movement.
Enlarge / The original big block movement.

The block size debate has become so convoluted that it can be easy to lose sight of the big picture. But what is ultimately at stake is two very different visions for bitcoin's future.

 

In the big-block vision, blocks might eventually grow to be gigabytes in size, pricing smaller players out of running full nodes. The network might come to be dominated by a few dozen mining companies, exchanges, and other major bitcoin businesses (compared to more than 10,000 full nodes on the network now). From the casual user's perspective, this future bitcoin network would look a lot like the network today, with people being able to make an unlimited number of transactions at low transaction fees. However, the greater concentration of the network might give disproportionate power to companies that run a full node—and might eventually make the network more susceptible to government regulation.

 

In contrast, small-blockers envision a new, layered architecture in which on-chain transactions are rare and expensive. In this vision, the blockchain becomes a "settlement layer" for the Lightning network, with payment channels bundling many Lightning payments into a single transaction on the blockchain. With a small block size—though even most small-blockers admit that it'll eventually need to be larger than 1 megabyte—the core bitcoin network remains decentralized, with thousands of nodes, including many operated by individuals.

 

The reason the block-size debate has become so bitter is that each camp sees the other's vision as a perversion of the original bitcoin vision. Big-block people believe small-blockers are needlessly sabotaging the network's growth in pursuit of an idiosyncratic ideological agenda. Small-block people argue that the big-block vision will undermine the decentralization that drew many people to the cryptocurrency in the first place.

The rise of bitcoin forks

forks.jpg
dvs

One reason this debate has been so bitter is that bitcoin is a network that operates on consensus. The system works because every node on the network enforces precisely the same rules to determine which blocks are legal and which are illegal.

 

If different nodes disagree about the rules they are enforcing, the result is a fork in the blockchain. In this scenario, one node produces a block—for example one larger than 1 megabyte—that some other nodes consider invalid. This will effectively split the network into two parts. Nodes that consider the block valid will recognize it as the new longest chain and build more nodes on top of it. Nodes that consider it invalid will ignore it and build on top of its predecessor. If left unchecked, this can lead to two mutually incompatible bitcoin networks operating side by side.

 

To avoid this outcome, everyone on the network—or at least almost everyone—needs to agree on new rules long before they take effect. This need for broad consensus was one reason the bitcoin community got bogged down in a protracted, years-long argument over block size changes. Since 2015, most people have thought that some changes were needed, but it has been a struggle to figure out a set of changes that everyone could agree on.

 

In August 2017, a dissident faction of big blockers decided to take matters into their own hands. They deliberately forked the blockchain without waiting for a consensus. The result was to create a new cryptocurrency called Bitcoin Cash.

 

There are lots of bitcoin-like cryptocurrencies out there, of course, but this one was different in an important way: because it was a fork of the existing blockchain, anyone who owned one conventional bitcoin pre-fork also owned one "cash" bitcoin post-fork. Surprisingly, the combined value of the two cryptocurrencies post-fork actually exceeded the value of bitcoin before the fork—which means that the fork effectively created billions of dollars in new wealth.

 

Then in November, a compromise proposal to double the block size in the mainstream bitcoin network to 2 megabytes collapsed in the face of determined small-block opposition. In response, some prominent big-blockers shifted their allegiance to Bitcoin Cash.

 

"Bitcoin Cash is what I started working on in 2010: a store of value AND means of exchange," wrote Gavin Andresen, a former leader of the bitcoin software project, in November. It was a pointed dig at small-block vision in which the bitcoin network could become too congested and expensive to be a viable means of exchange.

 

The result is that today, there are effectively two rival bitcoin communities. The small-block camp is now firmly in charge of the main bitcoin network and will be able to move forward with small blocks and the Lightning network. Big blockers are in charge of Bitcoin Cash and will be able to increase block sizes to their hearts' content.

 

Right now, the market values regular bitcoins more than ten times as highly as Bitcoin Cash. But the Bitcoin Cash crowd is betting that their vision will win in the long run. They believe that the Lightning Network won't live up to the hype, and that high fees will eventually drive many bitcoin users to look for alternatives.

Why bitcoin could change the world

arpanet_interface_message_processor-4e98

Bitcoin's fundamental innovation is that it was the first electronic payment system to be fully decentralized. This is often framed in political terms, positioning the bitcoin network as a rival to networks managed by the Federal Reserve and major banks.

 

But bitcoin's decentralization also had another consequence that was more subtle yet could turn out to be more important: bitcoin transactions are irreversible. If you buy something with a conventional credit card and the merchant doesn't deliver the product, you can ask the credit card network to reverse the transaction. Make the same purchase with bitcoin, and you'd be out of luck. There's no Bitcoin, Inc. to take your call.

 

In a 2014 piece, I drew an analogy to the Internet, which tossed the circuit-switched model of early telecommunications networks in favor of a packet-switched model. The Internet abandoned the reliability guarantees of traditional networks; if an Internet route becomes congested, routers simply discard packets they can't deliver. It's the job of sender to notice that a packet wasn't delivered and send another copy.

 

This approach drove old telecom hands crazy, but it turned out to be a crucial innovation. It allowed Internet routers to be simpler and made it easier for different types of networks to interoperate. And in the long run, it actually worked better, because computers at the edges of the Internet are in a better position to verify that the full message was delivered successfully.

 

Bitcoin makes a similar shift: the network itself doesn't provide end users with robust anti-fraud protection. Instead, responsibility shifts to the creators of bitcoin applications, who must figure out ways to protect their users from fraud.

 

This makes bitcoins a particularly risky asset to hold. In 2011, an early bitcoin speculator claimed that he'd had 25,000 bitcoins—they were worth around $500,000 then, and would be worth more than $400 million today—stolen by a hacker. It's a story that would repeat over and over again over the following six years.

 

But while this is obviously a significant downside, bitcoin's irreversibility also has an important upside: it makes bitcoin (like the Internet) a uniquely open and programmable financial platform. Software that interacts with a conventional payment network like Visa or MasterCard must take into account their complex security models and the risk that a payment could later be reversed by the network. They have to worry about anti-money laundering rules. It often takes a day or two for transactions to clear—partly to give human customers an opportunity to spot fraudulent payments.

 

Building a new kind of financial service on a conventional platform requires approval from a conventional network owner, and the companies tend to be risk-averse—partly because a poorly designed application can become a magnet for fraudulent transactions that imposes costs on others in the network. As a consequence, it's difficult for startups to build new financial services using conventional payment networks.

 

In contrast, the validity of bitcoin transactions can be verified entirely in software. There's no need to worry about them later being reversed and no limits to the kinds of applications you can build and no approvals are required.

 

A few years ago, I expected to see the emergence of user-facing financial apps built on bitcoin in much the same way that Google and Facebook are built on TCP/IP. I expected that these apps would offer higher-level services—like biometric authentication, escrow services for pending purchases, and customer liability guarantees—that would protect customers from fraud as well as the anti-fraud measures of conventional financial networks.

 

So far, that hasn't really happened. Almost nine years after its creation, bitcoin usage is still confined to a small minority of bitcoin and cryptocurrency hobbyists.

 

But maybe people just need to be patient. It took about 25 years for the Internet to evolve from an experimental network to a technology that was useful to ordinary people. There's currently a lot of innovation happening in the bitcoin ecosystem, and some of that innovation may have surprising consequences in the coming years.

Bitcoin has become the reserve currency of the cryptocurrency world

hundred-dollar-bills.jpg

One impact that bitcoin has already had is inspiring and supporting a Cambrian explosion of new blockchain-based technologies. There are now hundreds of cryptocurrencies inspired by bitcoin, including more than 20 worth more than $1 billion.

 

Reversible and irreversible networks are like oil and water. It's relatively easy to move money from one reversible network to another. If a criminal transfers funds from one reversible network to another, then a chargeback on the first network can trigger a chargeback on the second network. Likewise, it's easy to move money between irreversible networks because neither network needs to worry about chargebacks.

 

But a company that accepts a payment from a reversible network (say a credit card deposit) and then allows a second transaction on an irreversible network (say, a bitcoin withdrawal) is taking a big financial risk. If the credit card transaction turns out to be unauthorized, the company won't be able to issue a chargeback on the bitcoin network.

 

Bitcoin exchanges offer exactly this service, and the risk of chargeback fraud is a big reason that cryptocurrency exchanges are difficult to set up and run. Modern bitcoin exchanges ask for identifying information partly to comply with money-laundering regulations, but also as an anti-fraud measure. bitcoin exchanges also impose a variety of limits on deposits and withdrawals in an effort to minimize their exposure.

 

This fraud risk makes dollar-to-cryptocurrency conversions a bottleneck for the cryptocurrency economy. However, once someone has successfully obtained one cryptocurrency, the irreversibility of cryptocurrencies means that cryptocurrency-to-cryptocurrency transactions are less risky for intermediaries.

 

This is why people wanting to obtain more exotic cryptocurrencies often buy bitcoins first. Typically, no one has done the work required to build a secure, scalable exchange for buying and selling the obscure or new cryptocurrency in question. But it's vastly easier to build a platform for trading bitcoins against other cryptocurrencies.

 

As a result, bitcoin has come to play a similar role in the blockchain economy that the dollar plays in international trade. When two small countries want to trade with one another, they sometimes use dollars as their unit of account because the global financial system makes this easy. That pushes up the value of the dollar and makes it easy for Americans to trade with anyone around the world.

In the same way, bitcoin has become a convenient medium of exchange for transactions between cryptocurrencies and between other cryptocurrencies and conventional currencies.

 

 

Want to really understand how bitcoin works? Here’s a gentle primer

Link to comment
Share on other sites


  • Views 1.1k
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...