How the Bitcoin protocol actually works

Absolutely love this quote from the article: "Money is like gas in the car – you need to pay attention or you’ll end up on the side of the road – but a well-lived life is not a tour of gas stations!" - Tim O'Reilly

Great article. There is a lot in the bitcoin protocol that is possible that the vast majority of people have never heard of, some of which this article touches on.<p>For an idea of some of what could be done, see the Contracts section on the bitcoin wiki:<p><a href="https://en.bitcoin.it/wiki/Contracts" rel="nofollow">https:&#x2F;&#x2F;en.bitcoin.it&#x2F;wiki&#x2F;Contracts</a><p>In the near future, we may start to see things like multi signature transactions* and the like. In theory, it could open up some very interesting options.<p>*Technically, I believe there exist a few of these transactions already on the blockchain.

From the article: &quot;I don’t understand why double spending can’t be prevented in a simpler manner using two-phase commit. What drawbacks and advantages does it have compared to the full Bitcoin protocol? uppose Alice tries to double spend an infocoin with both Bob and Charlie. The idea is that Bob and Charlie would each broadcast their respective messages to the Infocoin network, along with a request: “Should I accept this?” They’d then wait some period – perhaps ten minutes – to hear any naysayers who could prove that Alice was trying to double spend. If no such nays are heard (and provided there are no signs of attempts to disrupt the network), they’d then accept the transaction.&quot;<p>The problem with 2PC is that a malicious node could stop somebody from being able to spend their coins by always sending nays out to the network when ever the victim sent a transaction. To prevent this, you would need to be able to detect when a node is faulty&#x2F;malicious which would require implementing a costly Byzantine Consensus Protocol [1]. In practical systems that can withstand Byzantine faults, the number of messages required to agree on a log entry (e.g. a transaction) would be O(n^2) in the number of nodes in the network, which would greatly limit scalability.<p>The genius of Bitcoin&#x27;s Proof of Work protocol is that:<p>1) it is more resilient than Byzantine agreement. Byzantine agreement with 3f+1 nodes can handle at most f faulty nodes, while Bitcoin can tolerate 49% of the network hashing power being malicious. (though this is being debated currently due to theoretical strategies like selfish-mining)<p>2) it is much more efficient than Byzantine agreement in the number of messages sent, which has allowed the network to scale to thousands of nodes, although they have been running into issues with the blocksize&#x2F;block limit, but their are currently research efforts [4] underway to remedy this.<p>The main problem with Bitcoin&#x27;s proof of work scheme it is that it is extremely expensive in terms of CPU cycles, but this is solved by compensating miners for their efforts through coin generation and transaction fees.<p>[1] - <a href="http://www.cs.cornell.edu/courses/cs614/2004sp/papers/lsp82.pdf" rel="nofollow">http:&#x2F;&#x2F;www.cs.cornell.edu&#x2F;courses&#x2F;cs614&#x2F;2004sp&#x2F;papers&#x2F;lsp82....</a> [2] - <a href="http://pmg.csail.mit.edu/papers/osdi99.pdf" rel="nofollow">http:&#x2F;&#x2F;pmg.csail.mit.edu&#x2F;papers&#x2F;osdi99.pdf</a> [3] - <a href="http://arxiv.org/pdf/1311.0243v5.pdf" rel="nofollow">http:&#x2F;&#x2F;arxiv.org&#x2F;pdf&#x2F;1311.0243v5.pdf</a> [4] - <a href="http://www.cs.huji.ac.il/~avivz/pubs/13/btc_scalability_full.pdf" rel="nofollow">http:&#x2F;&#x2F;www.cs.huji.ac.il&#x2F;~avivz&#x2F;pubs&#x2F;13&#x2F;btc_scalability_full...</a>

The smallest of nits to pick, but Readability has issues with the &quot;images as text&quot; behavior of the variables and numbers in the crypto parts of the post.<p>Otherwise, I&#x27;m very sorry that I didn&#x27;t find this until after Thanksgiving. As many of you are likely similarly tagged, I&#x27;m the &quot;computer&quot; guy in the family, and so whenever something happens in the news that&#x27;s got anything to do with computers, I&#x27;m the guy people bug for answers.<p>Bitcoin was the topic de jour this Thanksgiving, and my explanations would have benefitted greatly from this plain-English run-through.<p>Fortunately, after having read this, I now will be able to give people the deluxe explanation, should they make the fatal mistake of asking. :) Thanks.

Amazing post. I thought I had a pretty good understanding of Bitcoin, yet this is the first time I&#x27;ve even heard of an associated scripting language. I can&#x27;t wait for the post detailing that. Here&#x27;s the wiki article for now: <a href="https://en.bitcoin.it/wiki/Script" rel="nofollow">https:&#x2F;&#x2F;en.bitcoin.it&#x2F;wiki&#x2F;Script</a>

Here&#x27;s two dumb questions you might want to answer in a follow-up (and I encourage you to write more articles).<p>1. If it&#x27;s a principle that &quot;everybody&quot; has a copy of the block chain, and the block chain records every transaction ever, isn&#x27;t that going to be a storage problem? How big is one person&#x27;s copy of the block chain now, and how many petabytes might it grow to be in a few years?<p>2. The way to spend a fractional coin is to have one input and two outputs, one back to yourself with the unspent change. But doesn&#x27;t one&#x27;s wallet begin to be cluttered with lots and lots of little fractional items? Like having a pocketful of small coins... So is there an automated way to every so often, do a many-small-input, one-big-output payment to yourself to consolidate the change?

In answer to the question:<p>&quot;Suppose Bitcoin mining software always explored nonces starting with x = 0, then x = 1, x = 2,\ldots. If this is done by all (or even just a substantial fraction) of Bitcoin miners then it creates a vulnerability.&quot;<p>The reward for mining the block includes the miner&#x27;s account, so each miner is hashing a unique block.

This explanation is pure genius. Instead of explaining something very complicated, explain how to arrive at the complicated solution by evolving the simple solution and eliminating its flaws. Wish more explanations were like this. Someone do git.

&gt; Of course, any still-pending transactions in A will still be pending in the queues of the miners working on fork B, and so all transactions will eventually be validated.<p>I don&#x27;t understand this. So you have fork A and fork B, and once fork B wins, what happens to the transactions being done on fork A? Discarded? Do transactions sometimes not ever get verified?<p>From what I&#x27;ve quoted, I&#x27;m guessing no, transactions in fork A somehow get verified by work being done in fork B. How? Do these transactions exist in both forks?<p>Also, in general, how do p2p networks facilitate the finding of nodes? The links provided [0] describes how a node figures out what to tell other nodes about itself [0], and how to talk to other nodes once they&#x27;ve been discovered [1], but how does a node actually <i>find</i> other nodes, to begin with? Best I can tell it&#x27;s just a text file with a bunch of &quot;starter&quot; nodes.<p><pre><code> [0] - https:&#x2F;&#x2F;en.bitcoin.it&#x2F;wiki&#x2F;Satoshi_Client_Node_Discovery [1] - https:&#x2F;&#x2F;en.bitcoin.it&#x2F;wiki&#x2F;Network</code></pre>

&gt; Early in the section I mentioned that there is a natural way of reducing the variance in time required to validate a block of transactions. If that variance is reduced too much, then it creates an interesting attack possibility...<p>You&#x27;ve described a 51% attack. The security model of bitcoin assumes these are economically infeasible to mount.<p>&gt; Suppose Bitcoin mining software always explored nonces starting with x = 0, then x = 1, x = 2,\ldots. If this is done by all (or even just a substantial fraction) of Bitcoin miners then it creates a vulnerability. Namely, it’s possible for someone to improve their odds of solving the proof-of-work merely by starting with some other (much larger) nonce...<p>No, this does not improve their odds. No miners are scanning the same ranges, because the block header is different for each miner (due to different coinbase transactions and timestamps, if for no other reason).

Two questions:<p>Mining bitcoins is about being the first one to generate the hash that satisfies having however many 0s. Whoever gets there first wins the prize, cool.<p>Does that mean that you can only get new bitcoins in blocks of 25? If my mining program gets unlucky, and never gets a hit, do I get nothing for it? Or are there schemes where I am helping, and I get a portion?<p>Further, is there something in the data being hashed that includes the previous block chain?<p>Otherwise, couldn&#x27;t I make myself some free bitcoins by pre-computing the hash for a transaction I&#x27;m going to do in the future, and verifying it first? Sure it might take some computing power, but with no competition I just need to make sure that my costs are less than 25 bitcoins- and at today&#x27;s prices, that&#x27;s a lot cash to work with.

A bit shorter explanation from me: <a href="http://perlalchemy.blogspot.com/2011/05/bitcoin-protocol-highlevel-explanation.html" rel="nofollow">http:&#x2F;&#x2F;perlalchemy.blogspot.com&#x2F;2011&#x2F;05&#x2F;bitcoin-protocol-hig...</a><p>Not so detailed - but I think it covers the main mechanics.

Nice start. Another dumb question: how do individual transactions get to the miners for addition to the blockchain? Is there some P2P-type auto discovery going on? A central server shouting out miner IPs?

How many transactions end up in a block? How big are blocks?

<a href="http://www.howstuffworks.com/everyday-tech/bitcoin.htm/printable" rel="nofollow">http:&#x2F;&#x2F;www.howstuffworks.com&#x2F;everyday-tech&#x2F;bitcoin.htm&#x2F;print...</a>