Main content
Finance and capital markets
Course: Finance and capital markets > Unit 8
Lesson 8: Bitcoin- Bitcoin: What is it?
- Bitcoin: Overview
- Bitcoin: Cryptographic hash functions
- Bitcoin: Digital signatures
- Bitcoin: Transaction records
- Bitcoin: Proof of work
- Bitcoin: Transaction block chains
- Bitcoin: The money supply
- Bitcoin: The security of transaction block chains
© 2023 Khan AcademyTerms of usePrivacy PolicyCookie Notice
Bitcoin: The security of transaction block chains
A detailed explanation of what makes bitcoin transaction block chains secure. Created by Zulfikar Ramzan.
Want to join the conversation?
Bit coin has already attracted the operators of botnets.
-Bitcoin mining is being done by the Zero Access and SkyNet botnets and formerly the ESEA exploit botnet.
-The SkyNet operator launched a DDOS on Bitcoin sites in order to drive a devaluation of the Bitcoin in order to purchase it cheaply.
It seems as though if the bitcoin transaction was large enough there would be sufficient incentive for someone with one of these botnets to try to produce a fraudulent chain.
e.g. if the transaction was for 1,000 bitcoins instead of just 5 bitcoins.
Is there something built in to the scheme that makes branching chains more difficult when larger transactions are involved ?
Is there a ballpark estimate on how much of the mining is being done by botnets ? And is there any projections on what the figures will be in the future ?(21 votes)
Since Bitcoin mining has advanced from using CPU's to GPU's and now to using ASICs (Specialized chips designed just for mining Bitcoins) botnets do not have sufficient computing power to fork the blockchain.
Towards autumn 2013 the total hashrate is going to skyrocket because of the launch of tens of thousands of new custom designed mining machines which are significantly more efficient than GPU's and CPU's. This further increases the network security because it makes it even more unlikely that one entity could assemble the 51% computing power to attack the blockchain.(7 votes)
It seems all the incentives are for finding new transaction blocks out of new transaction orders. Does anyone ever check the old transaction blocks?
Since the transaction block chain is only the hash for the previous transactions. How is the history of transaction block chain prevented to be hacked ? Where is the data of the transactions corresponding to the hash of the transaction block chain? If it isn't safe there's no way of retracing which source transactions are honest or fraudulent.
Couldn't Dan invent a new source for having more Bitcoins like "false carol gave 30 Bicoints to Dan" and use it for new purchases. If nobody ever (or too late) checks if the source transaction does correspond with a hash in the history of the chain, wouldn't Dan get away with that?(4 votes)- The hash includes the "merkle root" in addition to the transaction. This is dependent on all previous blocks and, yes, this is what stops changing old blocks. If you try to put in fake blocks you can only add them at the end of the chain and you must have the longest chain for it to be accepted by the nodes so you have to create blocks faster than the rest of network combined.(8 votes)
- Isn't a lot of electrical energy and processor time being used just to keep the transaction block chain going?
I really don't understand why this is any better than everyone updating one database and for that database to be mirrored and made public?
Sorry this turned into two questions :-)(1 vote)
It is no more wasteful than the wastefulness of mining gold out of the ground, melting it down and shaping it into bars, and then putting it back underground again. Not to mention the building of big fancy buildings, the waste of energy printing and minting all the various fiat currencies, the transportation thereof in armored cars by no fewer than two security guards each of whom could be doing something more productive, etc.
As far as mediums of exchange go, Bitcoin is actually quite economical of resources, compared to others.(7 votes)
- Iy may be that somewhere else an answer to my question exists. But id Dave right after sending money to Pete sends money to Fred there are two transactions NON YET included in a block which could be considered as acceptable by the miners. So what happens in this case?(3 votes)
- Then either Fred or Pete will receive the money. Miners will try to work on the one that they receive first, and because of network traffic time, miners could receive the transactions in either order. Most of the time, Pete should wait until the transaction is confirmed before giving him the product. With a pizza service, this is easy, since that time is anyway being used to make the pizza.(4 votes)
- what happens when there is a plethora of transactions, is there a queue thats forms? Is there a delay since all nodes are working on processing the transaction for atleast 10 minutes?(3 votes)
Processing a transaction consists of two things:
1. Validating the digital signature. Check out video "Digital signatures" for more details.
2. If the validation succeeds: Saving the transaction in the new transaction block.
Both steps only require a minimal computing power. So processing transactions in comparison to solving the proof of work puzzle will always be neglectable. That's why even a plethora of transactions won't make the miners busy.
BUT: It is currently possible that a queue of transactions forms that are not incorporated into a transaction block. Here's why: There exists a hard coded size limit for one transaction block. It is 1,000,000 bytes. One transaction varies in size but a simple one is about 250 bytes big. So if a LOT of transactions happen in a short amount of time it can happen that they will not all fit into a block.
But this is intended: Only those transaction with a high priority will become part of the block. You can raise priority of your transaction with the transaction fee.
If it should ever happen that the queue becomes bigger and bigger it is estimated that the size limit will get increased.(3 votes)
- Is it true that the main Bitcoin vulnerability not storing keys securely, which can easily be prevented by using a VPN? I read this on vpnexpress.net and wanted to confirm.(3 votes)
- Yes, it is. Avoid using public networks when sending bitcoins, just like you would avoid logging on to your bank account on a public network.(3 votes)
- Do I understand it correctly that since a new block is generated every 10 minutes, it will take at least 10 minutes for a pizza cafe to accept an order? Also, since one new block is not enough to determine if a seller sees the longest chain does it need to wait for few more blocks to be generated before accepting an order?
If the later is correct, it means that it will take at least 20-30 minutes to order a pizza, which is significantly longer than purchasing anything with a bank card or with PayPal. This also seems very impractical if one wants to buy an item in a shop and does not want to wait for half an hour. Are there any mechanisms in the Blockchain that allows to speed up this process?(2 votes)- Not exactly. A pizzeria can accept an order immediately. When the customer sends a transaction, everyone on the network receives it within a second and can verify that it came from that customer, that that person has the money they say they do, and that it is being sent to you. The only thing you can't verify immediately is that they haven't spent it somewhere else as well. Note that this is a greater guarantee than purchasing with a credit card, where the bank will verify that the sender has the money they say they do and that it is being sent to you, but can't verify that the sender is the same as your customer (and won't be able to for 120 days). They also aren't able to verify that the sender hasn't double spent until the end of the day.
So, if you are willing to accept instantaneous credit card transactions, you should also be willing to accept instantaneous bitcoin transactions. If you are selling a pizza, you can be reasonably sure that the money is yours when you first see the transaction, more sure than with credit cards.
Then after 1 block, you will honestly not have to worry about it in the slightest. Of course, the NSA could use their entire computing resources to run an attack in an attempt to get the money back and steal your pizza. If the NSA tries that, they will succeed; they will steal your pizza.
At this point, it starts to fall into the realm of "who cares?" For a pizza, you don't need to worry about getting the transaction into a block because the transaction is worth so little that it's not worth the bother. For higher value transactions, it makes sense to wait a little while though.
For instance, think about the most valuable thing most people own: their house. For most, it takes several months to sell a house, but that is only because of the difficulty in getting a mortgage. If a buyer already has the money, it takes about a week to sell a house. With bitcoin, though, it can be done in an hour. After 6 blocks, it will be even more securely yours than physical cash in your hand would be.(5 votes)
Is there any history of successful 'forking attacks' since Bitcoins inception?(2 votes)- Once. In one software update, there was a bug in the code which caused nodes that hadn't upgraded to reject blocks from miners that had. The result was two separate chains. The fork reached 23 blocks before the problem was fixed. Many people were able to double spend during that interval.(4 votes)
Does Pete need to send a confirmation of receipt? He sends the order, and it is timestamped and approved, but what if there was a server issue that intercepted the bitcoin before reaching Pete. The system is an interesting one, however it will face the same issue money does today. Only the wealthy will be able to afford the CPU power required to profit. I thought the beauty of this system was that it would award intelligence over wealth.(2 votes)- No. Pete does not need to send a confirmation. In fact, Pete doesn't even have to be online in order to accept payments. If there is a server issue on Pete's end that prevents Pete from seeing the payment, the payment will still eventually be confirmed, and Pete will see it then. On the other hand, if there is an issue on Bill's end, then the payment may not go through.
And you don't need very much processing power unless you are mining bitcoins, something that isn't very profitable anyway due to electricity costs.(3 votes)
- it said in the video that an attacker with enough CPU power to out run the entire network is better of mining honest bitcoins - which is not correct since by creating a false block chine the attacker already wins the bitcoins on the way, just like he would if he behave honestly.
Actually, an honest miner has all the incentive to fraud by adding to his block chine txs that cancel his own txs.
Or am I missing something?(3 votes)- To be clear, all miners have an incentive to put in their own double spends into their own blocks, as long as the first spend was not already put into a block. However, they do not have the incentive to orphan previous blocks discovered by other miners and replace that with their own blockchain.(1 vote)
Video transcript
What I would like to do
is describe an imaginary, or a fictitious,
Bitcoin transaction. And then talk about how
somebody might try to game or defraud the system. And why that's not only
mathematically hard to do, but why there's actually
an incentive-- actually an economic incentive
in the Bitcoin system for different people
to behave honestly. So let's suppose that there is
someone out there named Dan, and that Dan wants to
order a pizza-- maybe a cheese pizza, from
Pete's Pizza Shop. And let's say that Pete's
Pizza Shop accepts Bitcoins as payment, and that it costs
1 Bitcoin for a pizza pie. And imagine that Dan
receive previously-- let's say he received 5
Bitcoins from his cousin, Carol. So maybe Carol, who I'm
going to label by C, gave to Dan 5 Bitcoins,
which we can label as a B with a circle around it. And that he wants to use
1 of these 5 Bitcoins to buy a pizza from Pete. And so what Dan's
Bitcoin client will do is it will create a
transaction record that includes information about
how Dan got these Bitcoins. In this case, it
includes information about this transaction between
Carol, who we've marked by C, and Dan for 5 Bitcoins. And then it specifies
that Dan wants to give one of these
Bitcoins to Pete-- and we'll label Pete
by a P. And also that Dan is going to take
the remaining 4 Bitcoins. And that will be basically
change to himself. And the way that
Bitcoin is built is that you have to
actually specify the change, because you need to have a way--
whatever goes into the Bitcoin system has to come
out at the other end. And so you can't
have a transaction where the numbers don't add up. And so whatever is remaining
is either change, or part of it can be used as a
transaction fee. And so on. But for this example,
to keep things simple, I'll assume that there is
no transaction fee in place. The transaction fee is just 0. And we'll focus only on the
situation in which everything is being accounted for
in the transaction. Now, this transaction
record is going to be broadcast out to
the entire Bitcoin world. And so in particular,
Pete is going to receive a copy
of this transaction. But in addition to
Pete receiving it, so too will the other people
on the Bitcoin system. And if you recall, there
are these special nodes, the special entities
or people in Bitcoin, that are known as
Bitcoin miners. And these Bitcoin
miners are going to be responsible for making
sure that everything checks out in the transaction from
a global perspective. What they do is they look at
the full record of transactions. And this transaction
record is public. It's known as a
transaction block chain, and I've put a description of
the transaction block chain right here. And this transaction block
chain contains the history of every single
transaction that's ever occurred within
the Bitcoin system from the beginning of time--
the time of the first block, which is known in Bitcoin
as the genesis block. And everyone can verify the
details of any transaction if they want to because
that information is public. And in particular, what these
Bitcoin miners will look at is they'll look at whether
or not Dan previously received five Bitcoins
from anybody else. In this particular case,
it was his cousin, Carol. Whether or not Dan has tried to
spend those Bitcoin previously. And so on and so forth. And these Bitcoin miners
are all collectively trying to take all these recent
transactions that haven't yet been recorded, and that includes
not only the transaction between Dan and Pete, but
there may be other transactions floating out there that
took place on the same time. And the Bitcoin
miners will basically look at all these different
transactions at once. And they're going
to basically try to figure out how to form
a transaction block out of these transactions. And they want to add
this transaction block to the end of the current
transaction block chain. Now, if you might recall
from previous videos, that for a Bitcoin miner
to add a transaction block to a transaction
block chain, they have to solve what's known
as a proof-of-work puzzle. And the Bitcoin system is
designed-- or maybe calibrated is a better word-- so that
on average one miner will solve a puzzle in
about 10 minutes. I think it's actually
worth stressing here that it could take a long time
for any one individual miner solve the puzzle. It could even take maybe
a year, or even two years. But because there are so
many of these miners working at the same time,
one of them is bound to get lucky and solve
the puzzle quickly. Now, each of these
proof-of-work puzzles that is associated with
a transaction block happens to have a difficulty
score associated with it. And this difficulty
basically represents how hard it was to solve that
proof-of-work puzzle. So imagine that there
are some numbers, and we'll call
these numbers D sub N. For the most recent
difficulty score, they'll be D sub N minus 1. These are just numbers that
somehow represent how hard it was to solve this proof-of-work. And when you look at an overall
chain, what the Bitcoin is interested in is it's
interested in how hard was it to construct
that entire chain. And the reason it's
important for someone to understand how hard the
entire chain is constructed is because this is overall
score for this chain-- this difficulty
score for the chain is what's used by Pete or by
other people who are receiving Bitcoins to figure
out whether or not they trust that transaction. The more work that went into the
overall chain, the more trust they'll have in
that transaction. And the reason for that is
that the way Bitcoin works is that if there was for
more than one transaction block chain out
there-- let's say there was a bad user out
there, or maybe somebody didn't receive a particular
message in time, or whatever reason--
if there's somehow more than one transaction
block chain out there, according to the
Bitcoin protocol, everyone is just
supposed to work off of the chain that had the
most work put into it. So we ignore chains that
have a lot less work and only consider the chain that
had the most work put into it. And in the Bitcoin system,
that particular chain is often referred to as the
longest chain in the system. And this is actually a
confusing piece of terminology. Because by longest
here, we don't mean that this change is
long in any physical sense. We really just
mean-- and I'm going to put three equal bars
to say what it means. By the longest chain,
we mean the change that has the most work. And the way that
the work is defined is that you look at all these
different difficulty scores, and these are difficulty
numbers, and you add them up, and that gives you a difficulty
score for the entire chain. And now we're going to be
interested in the chain that had the most work put into it. And we call that
the longest chain. Now let's imagine
that Dan is dishonest and that after he
eats the pizza-- let's say Pete's convinced and
he gets his Bitcoin from Dan. He waits a bit. He sees that there
is a long chain after that contains
a transaction. He sends the pizza over to Dan. Dan eats the pizza
and then decides that he doesn't want
to behave honestly and he wants to
somehow cheat Pete, or he wants to
defraud the system. And the way that Dan is going
to try to defraud the system is by attempting to create
another transaction in which he assigns the 5 Bitcoins he got
from Carol to somebody else. And it could be-- let's
call this person Fred. And let's say Fred
is basically-- Fred could be Dan's alter ego. It could be a friend of Dan's. It doesn't matter who Fred is
because we know that Fred isn't the rightful owner
of these Bitcoins. But what Dan is
going to try to do is he's going to
try to take those 5 Bitcoins that he got from Carol. And he's going to now try
to take those 5 Bitcoins and assign them over to Fred. And we know that
this is something that we don't want to allow
because that would mean that somehow Dan was able to
spend these 5 Bitcoins twice over. He's effectively
double-spent those Bitcoins, and obviously one of
these transactions should be considered
fraudulent, the other one should be allowed to go through. Now, it's important to keep
in mind that if Dan just tried to spend these
same coins again without trying to
cover his tracks or anything of that nature,
then everybody out there would know that Dan is up to no good. Because they can see from the
existing longest transaction block chain--
namely this existing chain from the
beginning-- they can see that, hey, Dan
already spent these coins before, he shouldn't be allowed
to spend these coins again. And so what Dan has to do
is actually-- on his own-- he has to create a
different transaction block chain that contains just this
second bogus transaction in it. This would be the
transaction to Fred. And that would leave out the
other transaction to Pete and hope that everybody else
will start to accept or believe this newer chain. And remember that since
everyone in Bitcoin ultimately goes with the
transaction block chain that contains the most work,
namely this longest chain that we talked about, Dan
has a fighting chance. He has a hope,
potentially, of being able to pull off this type
of a fraudulent scheme. And the real question
now is, how likely is it for Dan to succeed? So for Dan to be able
to pull this off, he has to start off with
the transaction block chain that existed previously. And he has to try to add
to that transaction block chain a different transaction. So rather than having this
previous transaction where he gave money to
Pete, he's going to try to create
a new transaction and add it to the transaction
block chain that contains this other fraudulent
transaction between Dan and his friend Fred. OK. So this is going to be the
bad transaction between Dan and Fred-- will be
in this new block. And in Bitcoin
lingo, this idea is known as a fork in the chain. And all we mean by fork
is that somehow there is more than one
version of history. Somebody tried to
rewrite their tracks, or to cover their tracks,
and to revise history the way we know it. And what that really means
is there's now somehow more than one version of
what happened out there. So in this example, one branch
in this fork is legitimate, and the other branch is bogus. And the legitimate
branch with the one, in our minds, where
Dan paid his friend Peter this vendor,
Pete, for a pizza. And the bogus one is this
follow on transaction where Dan attempted
to pay his friend Fred with those same exact Bitcoins. But now remember that any
transaction block that's added to this
transaction block chain has to contain within it
a proof-of-work puzzle-- or solution, rather,
to a proof-of-work. Otherwise, no one
will accept the chain. And so if Dan wants
to cheat the system, he has to secretly solve a new
proof-of-work puzzle himself. But the challenge for Dan
is that he's starting off with a bit of a handicap because
there's already this longer chain out there that people
have started accepting. And keep in mind that because
this chain is out there, other nodes may have started
to build on top of this chain. Every 10 minutes, somebody's
adding to this change, on average. And so there's this
longer transaction block chain out there. And Dan wants to create
his own fake chain. And so he has to create a chain. In order for that
chain to be believable, it has to now be the
longest chain out there. And he has to basically do
all these proof-of-works to create a chain
that is longer. And to come up with this
longer chain on his own, Dan has to outrun the
existing proof-of-work chain. And that means he has to
solve not just typically one proof-of-work
puzzle, but he may need to solve several
proof-of-work puzzles to create another chain that he hopes will
be longer than the chain that's out there. And if he can get
the longest chain, he can get people to start
using that chain instead. And that the chain that
he might want people to use because it contains
this fake transaction. But it removes the
previous transaction where he gave money to Pete. And to solve a
proof-of-work, Dan has to basically take
whatever computing power he has access to. And he has to start
working on solving the proof-of-work puzzle. And there are no known shortcuts
for solving these puzzles. If you recall from any of
the proof-of-work videos, to succeed in a
proof-of-work is kind of like winning the lottery. There are ways to do it. But it really depends on how
much computing power you have. The more computing
power you have access to, the more lottery
tickets you have. And if somebody has
even one lottery ticket, they do have a chance
to win the lottery. But they are far less likely
to succeed compared to somebody who has a lot of
lottery tickets in hand. And even if you succeed
once in winning the lottery with a small number of tickets,
the likelihood of repeating that feat over and over
again, several times in a row, becomes much smaller. But that's exactly
Dan has to do. He has to basically win this
lottery multiple times until he has a bigger chain. And so the key metric
here-- the key thing you have to look for is how much
computing power Dan has versus how much computing power all
the honest nodes in the system have together. And if it the case that all
the honest nodes-- we'll call this the honest
computing power. And when I say honest
computing power, I mean the total computing
power for all the nodes who are honest. All the Bitcoin mining nodes
who are honest in the network. If that total computing power
that they have access to is greater than the
power that Dan has access to-- so Dan's
computing power-- then the Bitcoin system will
be safe, because it'll be hard for Dan to
be able to create this fraudulent
transaction chain because he won't be able to
outrun the honest people. The honest people will win
the lottery more frequently and they'll create
a longer chain. And Dan's attempt is going to
be very much an uphill battle. Now, it's theoretically possible
that Dan could have access to a lot of computing power. Maybe he's very wealthy or
he has a lot of resources. But he'll really need a
lot to be able to that. More than everyone else
who's legitimate combined. So that's one aspect of
why the transaction block chain is secure. Because it's unlikely for
any one individual to have access to just that
much computing power. And here I should point
out that there is also another aspect to the
security of Bitcoin. If Dan has access to that
kind of computing power to solve these
proof-of-work puzzles, then rather than trying to fight
this uphill battle of forking the transaction block chain,
and creating fake transactions, and so on, Dan is
probably much better off just using that
computing power he has for legitimate
Bitcoin mining himself. You might remember
that Bitcoin miners who solve proof-of-work puzzles get
both a reward for succeeding-- they get some
number of Bitcoins-- and they also get
a transaction fee for all the transactions in
the block that they validated. So there's this economic
incentive for Dan to behave honestly. So maybe I should just
recapping in closing the video that the security
of Bitcoin transactions comes from, first of all,
this mathematical barrier that makes it hard for Dan to
fork the transaction block chain in a dishonest way, as
well as an economic incentive for Dan to just act honestly
and mine Bitcoins for himself.