Finance and capital markets
- Bitcoin: What is it?
- Bitcoin: Overview
- Bitcoin: Cryptographic hash functions
- Bitcoin: Digital signatures
- Bitcoin: Transaction records
- Bitcoin: Proof of work
- Bitcoin: Transaction block chains
- Bitcoin: The money supply
- Bitcoin: The security of transaction block chains
A detailed explanation of what makes bitcoin transaction block chains secure. Created by Zulfikar Ramzan.
Want to join the conversation?
- Bit coin has already attracted the operators of botnets.
-Bitcoin mining is being done by the Zero Access and SkyNet botnets and formerly the ESEA exploit botnet.
-The SkyNet operator launched a DDOS on Bitcoin sites in order to drive a devaluation of the Bitcoin in order to purchase it cheaply.
It seems as though if the bitcoin transaction was large enough there would be sufficient incentive for someone with one of these botnets to try to produce a fraudulent chain.
e.g. if the transaction was for 1,000 bitcoins instead of just 5 bitcoins.
Is there something built in to the scheme that makes branching chains more difficult when larger transactions are involved ?
Is there a ballpark estimate on how much of the mining is being done by botnets ? And is there any projections on what the figures will be in the future ?(21 votes)
- Since Bitcoin mining has advanced from using CPU's to GPU's and now to using ASICs (Specialized chips designed just for mining Bitcoins) botnets do not have sufficient computing power to fork the blockchain.
Towards autumn 2013 the total hashrate is going to skyrocket because of the launch of tens of thousands of new custom designed mining machines which are significantly more efficient than GPU's and CPU's. This further increases the network security because it makes it even more unlikely that one entity could assemble the 51% computing power to attack the blockchain.(7 votes)
- It seems all the incentives are for finding new transaction blocks out of new transaction orders. Does anyone ever check the old transaction blocks?
Since the transaction block chain is only the hash for the previous transactions. How is the history of transaction block chain prevented to be hacked ? Where is the data of the transactions corresponding to the hash of the transaction block chain? If it isn't safe there's no way of retracing which source transactions are honest or fraudulent.
Couldn't Dan invent a new source for having more Bitcoins like "false carol gave 30 Bicoints to Dan" and use it for new purchases. If nobody ever (or too late) checks if the source transaction does correspond with a hash in the history of the chain, wouldn't Dan get away with that?(4 votes)
- The hash includes the "merkle root" in addition to the transaction. This is dependent on all previous blocks and, yes, this is what stops changing old blocks. If you try to put in fake blocks you can only add them at the end of the chain and you must have the longest chain for it to be accepted by the nodes so you have to create blocks faster than the rest of network combined.(8 votes)
- Isn't a lot of electrical energy and processor time being used just to keep the transaction block chain going?
I really don't understand why this is any better than everyone updating one database and for that database to be mirrored and made public?
Sorry this turned into two questions :-)(1 vote)
- It is no more wasteful than the wastefulness of mining gold out of the ground, melting it down and shaping it into bars, and then putting it back underground again. Not to mention the building of big fancy buildings, the waste of energy printing and minting all the various fiat currencies, the transportation thereof in armored cars by no fewer than two security guards each of whom could be doing something more productive, etc.
As far as mediums of exchange go, Bitcoin is actually quite economical of resources, compared to others.(7 votes)
- Iy may be that somewhere else an answer to my question exists. But id Dave right after sending money to Pete sends money to Fred there are two transactions NON YET included in a block which could be considered as acceptable by the miners. So what happens in this case?(3 votes)
- Then either Fred or Pete will receive the money. Miners will try to work on the one that they receive first, and because of network traffic time, miners could receive the transactions in either order. Most of the time, Pete should wait until the transaction is confirmed before giving him the product. With a pizza service, this is easy, since that time is anyway being used to make the pizza.(4 votes)
- what happens when there is a plethora of transactions, is there a queue thats forms? Is there a delay since all nodes are working on processing the transaction for atleast 10 minutes?(3 votes)
- Processing a transaction consists of two things:
1. Validating the digital signature. Check out video "Digital signatures" for more details.
2. If the validation succeeds: Saving the transaction in the new transaction block.
Both steps only require a minimal computing power. So processing transactions in comparison to solving the proof of work puzzle will always be neglectable. That's why even a plethora of transactions won't make the miners busy.
BUT: It is currently possible that a queue of transactions forms that are not incorporated into a transaction block. Here's why: There exists a hard coded size limit for one transaction block. It is 1,000,000 bytes. One transaction varies in size but a simple one is about 250 bytes big. So if a LOT of transactions happen in a short amount of time it can happen that they will not all fit into a block.
But this is intended: Only those transaction with a high priority will become part of the block. You can raise priority of your transaction with the transaction fee.
If it should ever happen that the queue becomes bigger and bigger it is estimated that the size limit will get increased.(3 votes)
- Is it true that the main Bitcoin vulnerability not storing keys securely, which can easily be prevented by using a VPN? I read this on vpnexpress.net and wanted to confirm.(3 votes)
- Yes, it is. Avoid using public networks when sending bitcoins, just like you would avoid logging on to your bank account on a public network.(3 votes)
- Do I understand it correctly that since a new block is generated every 10 minutes, it will take at least 10 minutes for a pizza cafe to accept an order? Also, since one new block is not enough to determine if a seller sees the longest chain does it need to wait for few more blocks to be generated before accepting an order?
If the later is correct, it means that it will take at least 20-30 minutes to order a pizza, which is significantly longer than purchasing anything with a bank card or with PayPal. This also seems very impractical if one wants to buy an item in a shop and does not want to wait for half an hour. Are there any mechanisms in the Blockchain that allows to speed up this process?(2 votes)
- Not exactly. A pizzeria can accept an order immediately. When the customer sends a transaction, everyone on the network receives it within a second and can verify that it came from that customer, that that person has the money they say they do, and that it is being sent to you. The only thing you can't verify immediately is that they haven't spent it somewhere else as well. Note that this is a greater guarantee than purchasing with a credit card, where the bank will verify that the sender has the money they say they do and that it is being sent to you, but can't verify that the sender is the same as your customer (and won't be able to for 120 days). They also aren't able to verify that the sender hasn't double spent until the end of the day.
So, if you are willing to accept instantaneous credit card transactions, you should also be willing to accept instantaneous bitcoin transactions. If you are selling a pizza, you can be reasonably sure that the money is yours when you first see the transaction, more sure than with credit cards.
Then after 1 block, you will honestly not have to worry about it in the slightest. Of course, the NSA could use their entire computing resources to run an attack in an attempt to get the money back and steal your pizza. If the NSA tries that, they will succeed; they will steal your pizza.
At this point, it starts to fall into the realm of "who cares?" For a pizza, you don't need to worry about getting the transaction into a block because the transaction is worth so little that it's not worth the bother. For higher value transactions, it makes sense to wait a little while though.
For instance, think about the most valuable thing most people own: their house. For most, it takes several months to sell a house, but that is only because of the difficulty in getting a mortgage. If a buyer already has the money, it takes about a week to sell a house. With bitcoin, though, it can be done in an hour. After 6 blocks, it will be even more securely yours than physical cash in your hand would be.(5 votes)
- Is there any history of successful 'forking attacks' since Bitcoins inception?(2 votes)
- Once. In one software update, there was a bug in the code which caused nodes that hadn't upgraded to reject blocks from miners that had. The result was two separate chains. The fork reached 23 blocks before the problem was fixed. Many people were able to double spend during that interval.(4 votes)
- Does Pete need to send a confirmation of receipt? He sends the order, and it is timestamped and approved, but what if there was a server issue that intercepted the bitcoin before reaching Pete. The system is an interesting one, however it will face the same issue money does today. Only the wealthy will be able to afford the CPU power required to profit. I thought the beauty of this system was that it would award intelligence over wealth.(2 votes)
- No. Pete does not need to send a confirmation. In fact, Pete doesn't even have to be online in order to accept payments. If there is a server issue on Pete's end that prevents Pete from seeing the payment, the payment will still eventually be confirmed, and Pete will see it then. On the other hand, if there is an issue on Bill's end, then the payment may not go through.
And you don't need very much processing power unless you are mining bitcoins, something that isn't very profitable anyway due to electricity costs.(3 votes)
- it said in the video that an attacker with enough CPU power to out run the entire network is better of mining honest bitcoins - which is not correct since by creating a false block chine the attacker already wins the bitcoins on the way, just like he would if he behave honestly.
Actually, an honest miner has all the incentive to fraud by adding to his block chine txs that cancel his own txs.
Or am I missing something?(3 votes)
- To be clear, all miners have an incentive to put in their own double spends into their own blocks, as long as the first spend was not already put into a block. However, they do not have the incentive to orphan previous blocks discovered by other miners and replace that with their own blockchain.(1 vote)
What I would like to do is describe an imaginary, or a fictitious, Bitcoin transaction. And then talk about how somebody might try to game or defraud the system. And why that's not only mathematically hard to do, but why there's actually an incentive-- actually an economic incentive in the Bitcoin system for different people to behave honestly. So let's suppose that there is someone out there named Dan, and that Dan wants to order a pizza-- maybe a cheese pizza, from Pete's Pizza Shop. And let's say that Pete's Pizza Shop accepts Bitcoins as payment, and that it costs 1 Bitcoin for a pizza pie. And imagine that Dan receive previously-- let's say he received 5 Bitcoins from his cousin, Carol. So maybe Carol, who I'm going to label by C, gave to Dan 5 Bitcoins, which we can label as a B with a circle around it. And that he wants to use 1 of these 5 Bitcoins to buy a pizza from Pete. And so what Dan's Bitcoin client will do is it will create a transaction record that includes information about how Dan got these Bitcoins. In this case, it includes information about this transaction between Carol, who we've marked by C, and Dan for 5 Bitcoins. And then it specifies that Dan wants to give one of these Bitcoins to Pete-- and we'll label Pete by a P. And also that Dan is going to take the remaining 4 Bitcoins. And that will be basically change to himself. And the way that Bitcoin is built is that you have to actually specify the change, because you need to have a way-- whatever goes into the Bitcoin system has to come out at the other end. And so you can't have a transaction where the numbers don't add up. And so whatever is remaining is either change, or part of it can be used as a transaction fee. And so on. But for this example, to keep things simple, I'll assume that there is no transaction fee in place. The transaction fee is just 0. And we'll focus only on the situation in which everything is being accounted for in the transaction. Now, this transaction record is going to be broadcast out to the entire Bitcoin world. And so in particular, Pete is going to receive a copy of this transaction. But in addition to Pete receiving it, so too will the other people on the Bitcoin system. And if you recall, there are these special nodes, the special entities or people in Bitcoin, that are known as Bitcoin miners. And these Bitcoin miners are going to be responsible for making sure that everything checks out in the transaction from a global perspective. What they do is they look at the full record of transactions. And this transaction record is public. It's known as a transaction block chain, and I've put a description of the transaction block chain right here. And this transaction block chain contains the history of every single transaction that's ever occurred within the Bitcoin system from the beginning of time-- the time of the first block, which is known in Bitcoin as the genesis block. And everyone can verify the details of any transaction if they want to because that information is public. And in particular, what these Bitcoin miners will look at is they'll look at whether or not Dan previously received five Bitcoins from anybody else. In this particular case, it was his cousin, Carol. Whether or not Dan has tried to spend those Bitcoin previously. And so on and so forth. And these Bitcoin miners are all collectively trying to take all these recent transactions that haven't yet been recorded, and that includes not only the transaction between Dan and Pete, but there may be other transactions floating out there that took place on the same time. And the Bitcoin miners will basically look at all these different transactions at once. And they're going to basically try to figure out how to form a transaction block out of these transactions. And they want to add this transaction block to the end of the current transaction block chain. Now, if you might recall from previous videos, that for a Bitcoin miner to add a transaction block to a transaction block chain, they have to solve what's known as a proof-of-work puzzle. And the Bitcoin system is designed-- or maybe calibrated is a better word-- so that on average one miner will solve a puzzle in about 10 minutes. I think it's actually worth stressing here that it could take a long time for any one individual miner solve the puzzle. It could even take maybe a year, or even two years. But because there are so many of these miners working at the same time, one of them is bound to get lucky and solve the puzzle quickly. Now, each of these proof-of-work puzzles that is associated with a transaction block happens to have a difficulty score associated with it. And this difficulty basically represents how hard it was to solve that proof-of-work puzzle. So imagine that there are some numbers, and we'll call these numbers D sub N. For the most recent difficulty score, they'll be D sub N minus 1. These are just numbers that somehow represent how hard it was to solve this proof-of-work. And when you look at an overall chain, what the Bitcoin is interested in is it's interested in how hard was it to construct that entire chain. And the reason it's important for someone to understand how hard the entire chain is constructed is because this is overall score for this chain-- this difficulty score for the chain is what's used by Pete or by other people who are receiving Bitcoins to figure out whether or not they trust that transaction. The more work that went into the overall chain, the more trust they'll have in that transaction. And the reason for that is that the way Bitcoin works is that if there was for more than one transaction block chain out there-- let's say there was a bad user out there, or maybe somebody didn't receive a particular message in time, or whatever reason-- if there's somehow more than one transaction block chain out there, according to the Bitcoin protocol, everyone is just supposed to work off of the chain that had the most work put into it. So we ignore chains that have a lot less work and only consider the chain that had the most work put into it. And in the Bitcoin system, that particular chain is often referred to as the longest chain in the system. And this is actually a confusing piece of terminology. Because by longest here, we don't mean that this change is long in any physical sense. We really just mean-- and I'm going to put three equal bars to say what it means. By the longest chain, we mean the change that has the most work. And the way that the work is defined is that you look at all these different difficulty scores, and these are difficulty numbers, and you add them up, and that gives you a difficulty score for the entire chain. And now we're going to be interested in the chain that had the most work put into it. And we call that the longest chain. Now let's imagine that Dan is dishonest and that after he eats the pizza-- let's say Pete's convinced and he gets his Bitcoin from Dan. He waits a bit. He sees that there is a long chain after that contains a transaction. He sends the pizza over to Dan. Dan eats the pizza and then decides that he doesn't want to behave honestly and he wants to somehow cheat Pete, or he wants to defraud the system. And the way that Dan is going to try to defraud the system is by attempting to create another transaction in which he assigns the 5 Bitcoins he got from Carol to somebody else. And it could be-- let's call this person Fred. And let's say Fred is basically-- Fred could be Dan's alter ego. It could be a friend of Dan's. It doesn't matter who Fred is because we know that Fred isn't the rightful owner of these Bitcoins. But what Dan is going to try to do is he's going to try to take those 5 Bitcoins that he got from Carol. And he's going to now try to take those 5 Bitcoins and assign them over to Fred. And we know that this is something that we don't want to allow because that would mean that somehow Dan was able to spend these 5 Bitcoins twice over. He's effectively double-spent those Bitcoins, and obviously one of these transactions should be considered fraudulent, the other one should be allowed to go through. Now, it's important to keep in mind that if Dan just tried to spend these same coins again without trying to cover his tracks or anything of that nature, then everybody out there would know that Dan is up to no good. Because they can see from the existing longest transaction block chain-- namely this existing chain from the beginning-- they can see that, hey, Dan already spent these coins before, he shouldn't be allowed to spend these coins again. And so what Dan has to do is actually-- on his own-- he has to create a different transaction block chain that contains just this second bogus transaction in it. This would be the transaction to Fred. And that would leave out the other transaction to Pete and hope that everybody else will start to accept or believe this newer chain. And remember that since everyone in Bitcoin ultimately goes with the transaction block chain that contains the most work, namely this longest chain that we talked about, Dan has a fighting chance. He has a hope, potentially, of being able to pull off this type of a fraudulent scheme. And the real question now is, how likely is it for Dan to succeed? So for Dan to be able to pull this off, he has to start off with the transaction block chain that existed previously. And he has to try to add to that transaction block chain a different transaction. So rather than having this previous transaction where he gave money to Pete, he's going to try to create a new transaction and add it to the transaction block chain that contains this other fraudulent transaction between Dan and his friend Fred. OK. So this is going to be the bad transaction between Dan and Fred-- will be in this new block. And in Bitcoin lingo, this idea is known as a fork in the chain. And all we mean by fork is that somehow there is more than one version of history. Somebody tried to rewrite their tracks, or to cover their tracks, and to revise history the way we know it. And what that really means is there's now somehow more than one version of what happened out there. So in this example, one branch in this fork is legitimate, and the other branch is bogus. And the legitimate branch with the one, in our minds, where Dan paid his friend Peter this vendor, Pete, for a pizza. And the bogus one is this follow on transaction where Dan attempted to pay his friend Fred with those same exact Bitcoins. But now remember that any transaction block that's added to this transaction block chain has to contain within it a proof-of-work puzzle-- or solution, rather, to a proof-of-work. Otherwise, no one will accept the chain. And so if Dan wants to cheat the system, he has to secretly solve a new proof-of-work puzzle himself. But the challenge for Dan is that he's starting off with a bit of a handicap because there's already this longer chain out there that people have started accepting. And keep in mind that because this chain is out there, other nodes may have started to build on top of this chain. Every 10 minutes, somebody's adding to this change, on average. And so there's this longer transaction block chain out there. And Dan wants to create his own fake chain. And so he has to create a chain. In order for that chain to be believable, it has to now be the longest chain out there. And he has to basically do all these proof-of-works to create a chain that is longer. And to come up with this longer chain on his own, Dan has to outrun the existing proof-of-work chain. And that means he has to solve not just typically one proof-of-work puzzle, but he may need to solve several proof-of-work puzzles to create another chain that he hopes will be longer than the chain that's out there. And if he can get the longest chain, he can get people to start using that chain instead. And that the chain that he might want people to use because it contains this fake transaction. But it removes the previous transaction where he gave money to Pete. And to solve a proof-of-work, Dan has to basically take whatever computing power he has access to. And he has to start working on solving the proof-of-work puzzle. And there are no known shortcuts for solving these puzzles. If you recall from any of the proof-of-work videos, to succeed in a proof-of-work is kind of like winning the lottery. There are ways to do it. But it really depends on how much computing power you have. The more computing power you have access to, the more lottery tickets you have. And if somebody has even one lottery ticket, they do have a chance to win the lottery. But they are far less likely to succeed compared to somebody who has a lot of lottery tickets in hand. And even if you succeed once in winning the lottery with a small number of tickets, the likelihood of repeating that feat over and over again, several times in a row, becomes much smaller. But that's exactly Dan has to do. He has to basically win this lottery multiple times until he has a bigger chain. And so the key metric here-- the key thing you have to look for is how much computing power Dan has versus how much computing power all the honest nodes in the system have together. And if it the case that all the honest nodes-- we'll call this the honest computing power. And when I say honest computing power, I mean the total computing power for all the nodes who are honest. All the Bitcoin mining nodes who are honest in the network. If that total computing power that they have access to is greater than the power that Dan has access to-- so Dan's computing power-- then the Bitcoin system will be safe, because it'll be hard for Dan to be able to create this fraudulent transaction chain because he won't be able to outrun the honest people. The honest people will win the lottery more frequently and they'll create a longer chain. And Dan's attempt is going to be very much an uphill battle. Now, it's theoretically possible that Dan could have access to a lot of computing power. Maybe he's very wealthy or he has a lot of resources. But he'll really need a lot to be able to that. More than everyone else who's legitimate combined. So that's one aspect of why the transaction block chain is secure. Because it's unlikely for any one individual to have access to just that much computing power. And here I should point out that there is also another aspect to the security of Bitcoin. If Dan has access to that kind of computing power to solve these proof-of-work puzzles, then rather than trying to fight this uphill battle of forking the transaction block chain, and creating fake transactions, and so on, Dan is probably much better off just using that computing power he has for legitimate Bitcoin mining himself. You might remember that Bitcoin miners who solve proof-of-work puzzles get both a reward for succeeding-- they get some number of Bitcoins-- and they also get a transaction fee for all the transactions in the block that they validated. So there's this economic incentive for Dan to behave honestly. So maybe I should just recapping in closing the video that the security of Bitcoin transactions comes from, first of all, this mathematical barrier that makes it hard for Dan to fork the transaction block chain in a dishonest way, as well as an economic incentive for Dan to just act honestly and mine Bitcoins for himself.