Bitcoin double spend hacker news rss feed
Many thousands of articles have been written purporting to explain Bitcoin, the online, peer-to-peer currency. Most of those articles give a hand-wavy account of the underlying cryptographic protocol, omitting many details. Even those articles which delve deeper often gloss over crucial points. My aim in this post is to explain the major ideas behind the Bitcoin protocol in a clear, easily comprehensible way.
Understanding the protocol in this detailed way is hard work. It is tempting instead to take Bitcoin as given, and to engage in speculation about how to get rich with Bitcoin, whether Bitcoin is a bubble, whether Bitcoin might one day mean the end of taxation, and so on. Understanding the details of the Bitcoin protocol opens up otherwise inaccessible vistas.
New financial instruments can, in turn, be used to create new markets and to enable new forms of collective human behaviour. This post concentrates on explaining the nuts-and-bolts of the Bitcoin protocol. To understand the post, you need to be comfortable with public key cryptographyand with the closely related idea of digital signatures.
None of this is especially bitcoin double spend hacker news rss feed. The basic ideas can be taught in freshman university mathematics or computer science classes. In the world of atoms we achieve security with devices such as locks, safes, signatures, and bank vaults.
In the world of bits we achieve this kind of security with cryptography. My strategy in the post is to build Bitcoin up in stages. We will have reinvented Bitcoin! This strategy is slower than if I bitcoin double spend hacker news rss feed the entire Bitcoin protocol in one shot.
But while you can understand the mechanics of Bitcoin through such a one-shot explanation, it would be difficult to understand why Bitcoin is designed the way it is. The advantage of the slower iterative explanation is that it gives us a much sharper understanding of each element of Bitcoin. You bitcoin double spend hacker news rss feed find these interesting, but you can also skip them entirely without losing track of the main text. On the face of it, a digital currency sounds impossible.
If Alice can use a string of bits as money, how can we prevent her from using the same bit string over and over, thus minting an infinite supply of money? Or, if we can somehow solve that problem, how can we prevent someone else forging such a string of bits, and using that to steal from Alice? These are just two of the many problems that must be overcome in order to use information as money.
Suppose Alice wants to give another person, Bob, an infocoin. She then digitally signs the message using a private cryptographic key, and announces the signed string of bits to the entire world. A similar useage is common, though not universal, in the Bitcoin world. But it does have some virtues. So the protocol establishes that Alice truly intends to give Bob one infocoin. The same fact — no-one else could compose such a signed message — also gives Alice some limited protection from forgery.
To make this explicit: Later protocols will be similar, in that all our forms of digital money will be just more and more elaborate bitcoin double spend hacker news rss feed [1].
Bitcoin double spend hacker news rss feed problem with the first version of Infocoin is that Alice could keep sending Bob the same signed message over and over. Does that mean Alice sent Bob ten different infocoins? Was her message accidentally duplicated?
Perhaps she was trying to trick Bob into believing that she had given him ten different infocoins, when bitcoin double spend hacker news rss feed message only proves to the world that she intends to transfer one infocoin.
They need a label or serial number. To make this scheme work we need a trusted source of serial numbers for the infocoins. One bitcoin double spend hacker news rss feed to create such a source is to introduce a bank. This bank would provide serial numbers for infocoins, keep track of who has which infocoins, and verify that transactions really are legitimate.
Instead, he contacts the bank, and verifies that: This last solution looks pretty promising. However, it turns out that we can do something much more ambitious. We can eliminate the bank entirely from the protocol. This changes the nature of the currency considerably. It means that there is no longer any single organization in charge of the currency. The idea is to make it so everyone collectively is the bank. You can think of this as a shared public ledger showing all Infocoin transactions.
Now, suppose Alice wants to transfer an infocoin to Bob. A more challenging problem is that this protocol allows Alice to cheat by double spending her infocoin. And so they will both accept the transaction, and also broadcast their acceptance of the transaction.
How should other people update their block chains? There may be no easy way to achieve a consistent shared ledger of transactions.
And even if everyone can agree on bitcoin double spend hacker news rss feed consistent way to update their block chains, there is still the problem that either Bob or Charlie will be cheated.
At first glance double spending seems difficult for Alice to pull off. After all, if Alice sends the message first to Bitcoin double spend hacker news rss feed, then Bob can verify the message, and tell everyone else in the network including Charlie to update their block chain. Once that has happened, Charlie would no longer be fooled by Alice. So there is most likely only a brief period of time in which Alice can double spend. Worse, there are techniques Alice could use to make that period longer.
She could, for example, use network traffic analysis to find times when Bob and Charlie are likely to have a lot of latency in communication. Or perhaps she could do something to deliberately disrupt their communications. If she can slow communication even a little that makes her task of double spending much easier.
How can we address the problem of double spending? Rather, he should broadcast the possible bitcoin double spend hacker news rss feed to the entire network of Infocoin users, and ask them to help determine whether the transaction is legitimate. If they collectively decide that the transaction is okay, then Bob can accept the infocoin, and everyone will update their block chain.
Also as before, Bob does a sanity check, using his copy of the block chain to check that, indeed, the coin currently belongs to Alice. But at that point the protocol is modified. Other members of the network check to see whether Alice owns that infocoin. This protocol has many imprecise elements at present. Fixing that problem will at the same time have the pleasant side effect of making the ideas above much more precise.
Suppose Alice wants to double spend in the network-based protocol I just described. She could do this by taking over the Infocoin network. As before, she tries to double spend the same infocoin with both Bob and Charlie. The idea is counterintuitive and involves a bitcoin double spend hacker news rss feed of two ideas: The benefit of making it costly to validate transactions is that validation can no longer be influenced by the number of network identities someone controls, but only by the total computational power they can bring to bear on validation.
But to really understand proof-of-work, we need to go through bitcoin double spend hacker news rss feed details. For instance, another network user named David might have the following queue of pending transactions:. David checks his copy of the block chain, and can see that each transaction is valid. He would like to help out by broadcasting news of that validity to the entire network.
However, before doing that, as part of the validation protocol David is required to solve a hard computational puzzle — the proof-of-work. What puzzle does David need to solve? Bitcoin uses the well-known SHA hash function, but any cryptographically secure hash function will do. Suppose David appends a number called the nonce to and hashes the combination. The puzzle David has to solve — the proof-of-work — is to find a nonce such that when bitcoin double spend hacker news rss feed append to and hash the combination the output hash begins with a long run of zeroes.
The puzzle can be made more or less difficult by varying the number of zeroes required to solve the puzzle. A relatively simple proof-of-work puzzle might require just three or four zeroes at the start of the hash, while a more difficult proof-of-work puzzle might require a much longer run of bitcoin double spend hacker news rss feed, say 15 consecutive zeroes.
We can keep trying different values for the nonce. Finally, at we obtain:. This nonce gives us a string of four zeroes at the beginning of the output of the hash. This will be enough to solve a simple proof-of-work puzzle, but not enough to solve a more difficult proof-of-work puzzle. What makes this puzzle hard to solve is the fact that the output from a cryptographic hash function behaves like a random number: So if we want the output hash value to begin with 10 zeroes, say, then David will need, on average, to try different values for before he finds a suitable nonce.
In fact, the Bitcoin protocol gets quite a fine level of control over the difficulty of the puzzle, by using a slight variation on the proof-of-work puzzle described above. This target is automatically adjusted to ensure that a Bitcoin block takes, on average, about ten minutes to validate.
In practice there is a sizeable randomness in how long it takes to validate a block — sometimes a new block is validated in just a minute or two, other times it may take 20 minutes or even longer. Instead of solving a single puzzle, we can require that multiple puzzles be solved; with some careful design it is possible to considerably reduce the variance in the time to validate a block of transactions.
Other participants bitcoin double spend hacker news rss feed the Infocoin network can verify that is a valid solution to the proof-of-work puzzle. And they then update their block chains to include the new block of transactions. For the proof-of-work idea to have any chance of succeeding, network users need an incentive to help validate transactions.
Your computer—in collaboration with those of everyone else reading this post who clicked the button above—is racing thousands of others to unlock and claim the next batch. For as long as that counter above keeps climbing, your computer will keep running a bitcoin mining script and trying to get a piece of the action. Your computer is not blasting through the cavernous depths of the internet in search of digital ore bitcoin double spend hacker news rss feed can be fashioned into bitcoin bullion.
The size of each batch of coins drops by half roughly every four years, and aroundit will be cut to zero, capping the total number of bitcoins in circulation at 21 million.
But the analogy ends there. What bitcoin miners actually do could be better described as competitive bookkeeping. Miners build and maintain a gigantic public ledger containing a record of every bitcoin transaction in history. Every time somebody wants to send bitcoins to somebody else, the transfer has to be validated by miners: If the transfer checks out, miners add it to the ledger.
Finally, to protect that ledger from getting hacked, miners seal it behind layers and layers of computational work—too much for a would-be fraudster to possibly complete. Or rather, some miners are rewarded. Miners are all competing with each other to be first to approve a new batch of transactions and finish the computational work bitcoin double spend hacker news rss feed to seal those transactions in the ledger.
With each fresh batch, winner takes all. As the name implies, double spending is when somebody spends money more than once. Traditional currencies avoid it through a combination of hard-to-mimic physical cash and trusted third parties—banks, bitcoin double spend hacker news rss feed providers, and services like PayPal—that process transactions and update account balances accordingly.
But bitcoin is completely digital, and it has no third parties. The idea of an overseeing body runs completely counter to its ethos. The solution is that public ledger with records of all transactions, known as the block chain.
If she indeed has the right to send that money, the transfer gets approved and entered into the ledger. Using a public ledger comes with some problems. The first is privacy. How bitcoin double spend hacker news rss feed you make every bitcoin exchange completely transparent while keeping all bitcoin users completely anonymous? The second is security. If bitcoin double spend hacker news rss feed ledger is totally public, how do you prevent people from fudging it for their own gain?
The ledger only keeps track of bitcoin transfers, not account balances. In a very real sense, there is no such thing as a bitcoin account. And that keeps users anonymous. Say Alice wants to transfer one bitcoin to Bob.
That bitcoin double spend hacker news rss feed record is sent to every bitcoin miner—i. Now, say Bob wants to pay Carol one bitcoin. Carol of course sets up an address and a key. And then Bob essentially takes the bitcoin Alice gave him and uses his address and key from that transfer to sign the bitcoin over to Carol:. After validating the transfer, each miner will then send a message to all of the other miners, giving her blessing. The ledger tracks the coins, but it does not track people, at least not explicitly.
The first thing that bitcoin does to secure the ledger is decentralize it. There is no huge spreadsheet being stored on a server somewhere. There is no master document at all. Instead, the ledger is broken up into blocks: Every block includes a reference to the block that came before it, and you can follow the links backward from the most recent block to the very first block, when bitcoin creator Satoshi Nakamoto conjured the first bitcoins into existence.
Every 10 minutes miners add a new block, growing the chain like an expanding pearl necklace. Generally speaking, every bitcoin miner has a copy of the entire block chain on her computer. If she shuts her computer down and stops mining for a while, when she starts back up, her machine will send a message to other miners requesting the blocks that were created in her absence. No one person or computer has responsibility for these block chain updates; no miner has special status.
The updates, like the authentication of new blocks, are provided by the network of bitcoin miners at large. Bitcoin also relies on cryptography. The computational problem is different for every block in the chain, and it involves a particular kind of algorithm called a hash function.
Like any function, a cryptographic hash function takes an input—a string of numbers and letters—and produces an output. But there are three things that set cryptographic hash functions apart:. The hash function that bitcoin relies on—called SHA, and developed by the US National Security Agency—always produces a string that is 64 characters long. You could run your name through that hash function, or the entire King James Bible.
Think of it like mixing paint. If you substitute light pink paint for regular pink paint in the example above, the result is still going to be pretty much the same purplejust a little lighter. But with hashes, a slight variation in the input results in a completely different output:.
The proof-of-work problem that miners have to solve involves taking a hash of the contents of the block that they are working on—all of the transactions, some meta-data like a timestampand the reference to the previous block—plus a random number called a nonce. Their goal is to find a hash that has at least a certain number of leading zeroes.
That constraint is what makes the problem more or less difficult. More leading zeroes means fewer possible solutions, and more time required to solve the problem. Every 2, blocks roughly two weeksthat difficulty is reset. If it took miners less than 10 minutes on average to solve those 2, blocks, then the difficulty is automatically increased.
If it took longer, then the difficulty is decreased. Miners search for an acceptable hash by choosing a nonce, running the hash function, and checking. When a miner is finally lucky enough to find a nonce that works, and wins the block, that nonce gets appended to the end of the block, along with the resulting hash. Her first step would be to go in and change the record for that transaction. Then, because she had modified the block, she would have to solve a new proof-of-work problem—find a new nonce—and do all of that computational work, all over again.
Again, due to the unpredictable nature of hash functions, making the slightest change to the original block means starting the proof of work from scratch. But unless the hacker has more computing power at bitcoin double spend hacker news rss feed disposal than all other bitcoin miners combined, she could never catch up. She would always be at least six blocks behind, and her alternative chain would obviously be a counterfeit.
She has to find a new one. The code bitcoin double spend hacker news rss feed makes bitcoin mining possible is completely open-source, and developed by volunteers. But the force that really makes the entire machine go is pure capitalistic competition.
Every miner right now is racing to solve the same block simultaneously, but only the winner will get the prize. In a sense, everybody else was just burning electricity. Yet their presence in the network is critical.
But it also solves another problem. It distributes new bitcoins in a relatively fair way—only those people who dedicate some effort to making bitcoin work get to enjoy the coins as they are created. But because mining is a competitive enterprise, miners have come up with ways to gain an edge.
One obvious way is by pooling resources. Your machine, right now, is actually working as part of a bitcoin mining collective that shares out the computational load. Your computer is not trying to solve the block, at least not immediately.
It is chipping away at a cryptographic problem, using the input at the top of the screen and combining it with a nonce, then taking the hash to try to find a solution.
Solving that problem is a lot easier than solving the block itself, but doing so gets the pool closer to finding a winning nonce for the block. And the pool pays bitcoin double spend hacker news rss feed members in bitcoins for every one of these easier problems they solve. If you did find a solution, then your bounty would go to Quartz, not you.
This whole time you have been mining for us! We just wanted to make the strange and complex world of bitcoin a little easier to understand. An earlier version of this article incorrectly stated that the long pink string of numbers bitcoin double spend hacker news rss feed letters in the interactive at the top is the target output hash your computer is trying to find by running the mining script.
In fact, it is one of the inputs that your computer feeds into the hash function, not the output it is looking for. Obsession Future of Finance. This item has been corrected.
So if you have your tokens in an exchange read the latest news, get in touch with its customer service make sure they are going to distribute the CLO. Full disclosure: I know and am friends with some of the current Tether team and was recruited for RealCoin in the early stages bitcoin double spend hacker news rss feed the project.
The use of smart contracts adds yet another layer of security which in addition to reduced transactional costs makes it attractive to businesses.