Bitcoin Part 3 – Hashes, Public Key Cryptography “for Dummies” and the Block Chain
Recap – Bitcoin = direct electronic transactions without intermediary
To recap, I explained the main idea behind the Bitcoin protocol, which allows electronic peer-to-peer transactions without an intermediary. In brief, the process works as follows:
- I own a certain amount of Bitcoin. This can be publicly verified, because every Bitcoin transaction since the very first one is entered into a public ledger called the block chain. So I can’t pretend to have more money than I have.
- I can send a certain amount of Bitcoin to a recipient, and I can’t cheat while doing that, because the transaction is publicly broadcast to all nodes in the network.
- I could simultaneously send out more Bitcoins than I have, but the network decides through a process that is a bit like voting (and in reality involves solving a complex math problem) called mining, which transactions are valid and which ones aren’t.
- The transactions that are chosen as valid are entered into the block chain, the public ledger, and become final. And once I’ve depleted my verifiable amount of Bitcoins, I can’t spend more than I have (or double-spending), because everybody knows that I’ve got nothing.
The two key elements in the Bitcoin process are the public ledger, the block chain and the “voting” process called mining, which is actually carried out by the computers forming the nodes of the network in form of solving a complex mathematical problem. Mining was discussed in the previous blog post, which can be found here. Let’s now look at the “public ledger”, the block chain.
The Block Chain
As mentioned previously, the block chain is a public ledger with all Bitcoin transactions that have ever taken place since the very first one, the so-called Genesis Block. Every active node in the Bitcoin network has a copy of the block chain. And every time a new “block” is discovered via mining, it is appended to the block chain, as the name suggests. In other words, the block chain is a big list of Bitcoin transactions.
Roughly speaking, and translated from crypto-geek speak into plain English, a block consists of the following main elements (plus a few others, which are technical details):
- A timestamp
- A reference to the previous block — thus the name chain
- The transactions that are being confirmed in this block and thus being finalized and publicly broadcast
- A statement of a new complex mathematical problem to be solved for the miners
The block chain can be publicly accessed via a local API, that is, a Bitcoin client, or searched via the web-based API with a web-browser at https://blockchain.info/en, shown below.
What you see in the web-based API, is the block height, which is nothing else but the block number, the age of the block (corresponding to the timestamp), the number and total value of the transactions in this block, the name of the computer (or mining pool) that managed to solve the mathematical problem (discover the block while mining) and the storage size of the block. Below this list is a list of the latest transactions on the left as well as a search box on the right, where you can search for transactions, and a news-feed.
When you click on a particular block (the number in the column “block height”), detailed information about the block and the transactions in that block is displayed, as illustrated below (click to enlarge). If you click on the map, you can even see where these transactions came from, obviously to be interpreted with care, since a lot of BTC users use VPNs to mask their true location, partly, because the legal status of Bitcoin is not entirely settled in most countries and not necessarily, because they use it for money laundering, but that happens, too.
When you scroll further down, you get to a list of transactions, as shown below. Each transaction is also numbered with a funny numbering value, called a hash, more on that below. The first transaction “647b…” shows the reward for mining this particular block, in this case 25 BTC. You can see that this is the mining reward, because there is no transaction input, which means, the coins are mined.
The other transactions show inputs and outputs and the amount of BTC that are transacted. The inputs and outputs are labeled with Bitcoin addresses, also encoded as hashes. Bitcoin addresses generally start with a “1”, in some cases with a “3”. The addresses serve basically the same function as a common bank account number, however, there are significant differences to bank account numbers, which generally do not change between transactions. Before I can explain the rest of the elements of the block chain in detail, I have to answer the following question:
How are these funny addresses obtained, and what is a hash?
Hash functions have nothing to do with potatoes and cooking. If you are not mathematically inclined, no worries, you do not have to run for the hills, I will try to keep the explanation in plain English. A hash or hash value is the result of a hash function. Mathematically speaking, hash functions take an alphanumeric input, perform some computational magic, and spit out another alphanumeric value of a predetermined length.
Suppose you took the well-known phrase “To be, or not to be” of Shakespeare’s Hamlet and input it into a specific hash function called SHA-1, you obtain the output
Suppose Shakespeare and his editor are having a disagreement about punctuation, and the latter inputs “To be or not to be” without the comma into SHA-1. The result he gets is
Now, suppose Shakespeare is transported in time to the 21st century and texts “2B~not2B“. The output of SHA-1 now gives
As you can see above, all the messages have hashes of the exact same length, regardless of the length of the input. In addition, all the messages have hashes that are entirely different from each other, even though they have the exact same meaning, and even if two of them only differ in one comma.
In summary, hash functions have the following properties:
- A given input has a precisely predictable output of a specified length, usually, but not necessarily much shorter than the input.
- Even if the input is only slightly changed, the output differs dramatically.
- If the hash function is of the cryptographic variety, it is very difficult, if not practically impossible, to infer the original input, given only the output. The degree of difficulty/impossibility depends on the strength of the encryption used.
The astute reader will have noticed that if the input is much longer than the fixed-length output, but consists of the same (alphanumeric) characters, then there is the possibility that several different inputs give the same output, since it’s a many-to-one mapping. This is called a collision. In the example above, SHA-1 is an algorithm with 160 bits, i.e. with 160 positions that can be either 0 or 1. So, there are 2^160 or more than 10^48 (that’s a 1 with 48 zeroes) different values. Without going into all the gory mathematical details, it suffices to say that for most of the algorithms used today a collision is extremely unlikely.
Going back to the block chain transaction example shown above, a Bitcoin address hash is nothing more than a way to label the sender and the recipient of each transaction. However, since everybody can publicly access the public ledger, everybody can also see who sent whom how much money, from where to where, and at what time. If this sounds too Orwellian 1984-ish for you, no worries, Bitcoin has a certain pseudonymity, if not anonymity built in. Before I can explain how Bitcoin addresses are actually created, however, I have to explain another cryptographic concept.
Public Key Cryptography or The Return of the Byzantine Generals
Yes, the Byzantine generals of part 1 are back by popular demand in this attempt to explain public key cryptography. I borrowed (and slightly modified) the following excellent explanation from Panayotis Vryonis, because I could not come up with a better non-mathematical analogy myself.
Suppose there is a Byzantine general, who communicates with his lieutenants via a secret mailbox. Now, since this is taking place in the olden days, said secret mailbox is a physical mailbox with a physical lock. But not just any lock, a very special lock with 3 positions, A, B, and C, as illustrated below. In positions A and C, the mailbox is locked, in position B, the mailbox can be opened.
The general has some very special keys for this lock. A set of (identical) keys that he distributes among his lieutenants, which can only be turned counterclockwise, from C to B to A. We’ll call them public keys. And a special, unique key that he keeps for himself, which can only be turned clockwise, from A to B to C, his private key.
If the general now wants to leave a message for his lieutenants, he writes it on some parchment and locks it into the mailbox with his (private) key, turning the lock clockwise all the way to C, the second locked position. The next lieutenant who happens to come along uses his (public) key to open the mailbox, turning the lock counterclockwise to position B to open the mailbox and read the message. It just so happens, that this lieutenant is plotting to overthrow the general. As part of his evil plan he puts his own message into the mailbox, pretending to come from the general, and turns the key counterclockwise, such that the lock ends up in position A, because that is the only direction his (public) key will turn. However, thanks to the fiendish cleverness of the general, the only person who can open the lock now is the general himself with his private key, since this is the only key that turns clockwise. This way, the only person who can put messages into the box that can be read by anyone with the public key is the general himself, thus ensuring the authenticity of the messages to his lieutenants.
This is precisely how public key cryptography works, except the keys are created digitally and not made of bronze. The computerized equivalent of the above procedure is called a digital signature, where the asymmetry between private and public keys ensures the authenticity of the signature.
Again, to summarize the process of public key cryptography in bullet points:
- A unique pair of a public and a private key is created.
- The public key is broadcast to all recipients.
- The private key is kept secret.
- All messages or (in the case of Bitcoin) transactions are encrypted with the private key, the equivalent of locking them into the mailbox above.
- The message is then sent to the recipient(s).
- The message (or transaction) can be authenticated and decrypted by anyone with the public key.
- It is (next to) impossible to fake messages (or transactions) without knowledge of the private key. Impostors are out of luck. (Of course, with enough computing power, any currently known encryption can be cracked. For the commonly used algorithms, however, enough computing power means more computing power than currently exists on the entire planet, unless somebody finally manages to construct a functioning large-scale quantum computer.)
Warning: Since Bitcoin transactions involve private keys, whatever you do, do NOT give out your private key. Furthermore, if you lose your private key, you’re out of luck as well! Any transactions made with that private key will be forever lost.
The Block Chain Revisited
Let’s look again at a few transactions:
Every transaction involves Bitcoin addresses in form of hashes, which are basically derived from public keys. Thus, every address is linked to a private key that is owned by somebody and generally stored in a so-called wallet. For every private key, you can generate an essentially unlimited supply of public addresses, if you want to, a separate address for every single transaction you make. The key point here is that you don’t have a Bitcoin address; you have a private key that is associated with a large number of public addresses. Since every transaction is public, along with the address, it is recommended to not use the same address for every transaction.
Let’s look at the second transaction, “7cdb…” in the picture above. Here, address “1M4sn…” sends 1.2 BTC to address “1A83Re…”. What about the 28.79999671 BTC that are shown as being sent to address “18TLH…” in the same transaction? This is the BTC equivalent of getting change back. Before you get too confused, I need to explain that Bitcoins are NOT stored as coins, in units of BTC, or even Satoshis (0.00000001 BTC, or one hundred millionth of a BTC, the smallest BTC fraction the algorithm can currently deal with). Bitcoins are in fact not stored anywhere, the only thing that’s being stored are transactions, via the block chain. The transactions can be looked up by anybody, as we just did above. Let’s look at this particular transaction in more detail, which you can do by clicking on the hash identifier of the transaction. The result is shown below.
Suppose you are new to Bitcoin and start from scratch. You get yourself a wallet (I’ll explain how to do that in part 4 of the series), set up your private key and generate one or more receiving addresses. A (very) kind soul sends you 30 BTC. Now, you have 30 BTC in your wallet. You want to send 1.2 BTC to somebody, in this case, address “1A83Re…”. So you set up the transaction, but the Bitcoin algorithm only works with whole transactions, so the algorithm gobbles up the entire 30 BTC that you have, sends 1.2 BTC to “1A83Re…” and sends the change of 28.8 BTC minus the mining fee of 0.00000329 BTC, that is, 28.79999671 BTC back to you, thereby creating a new address “18TLH…” for you. Think of the 30 BTC as a (large) banknote. Let’s say you have 30 Dollars in your real-life wallet, in form of a fictitious 30 Dollar bill. If you want to give somebody 1.2 Dollars, you don’t tear off 4% of the paper bill and give it to the person, you give them the whole bill and they give you change back. The same happens with BTC. You hand over the entire “bill”, and get a “bill” worth 28.79999671 BTC back, and the whole thing is recorded in the block chain.
You can now use the address “18TLH…” to send those 28.79999671 BTC or a fraction thereof to somebody else, or you can create a completely new address to send these coins. The proof that you actually own those BTC or essentially, that the transaction is yours — remember, you don’t actually own Bitcoins, you own the equivalent of transaction receipts — is performed with the address, which only you can create with your private key, and a digital signature in the transaction, which also only you can create, and both of whose ownership can be verified by everybody else via the public key that goes along with your private key.
The Bitcoin developers recommend using a new address for every transaction for the sake of anonymity, but that’s totally up to you. Remember, all transactions ever made since the very first Genesis transaction are publicly accessible on the block chain, just like the ones we looked at above. There are completely legitimate reasons that you may want to stay somewhat anonymous, even if you don’t launder money or are involved in dubious transactions. I don’t have a problem that everybody knows that I just bought a pile of broccoli at the grocery store, but hypothetically speaking, perhaps I wouldn’t like to announce to the world, and especially not to a nearby bike thief, that I just bought a new racing bike.
If your head is spinning after parts 1, 2, and 3, it’s really not that complicated. Yes, the practical implementation is complicated, which includes hash functions and cryptography, but the basic idea still is to provide the world with digital money with the equivalent simplicity of cash while preventing evil forces to steal everybody’s money. This involves a public “voting” system called mining, verification of ownership via public key cryptography, and some form of anonymity via cryptographic hash functions.
In the next installment, I’ll discuss how to actually get a wallet, and how to actually send and receive Bitcoins, which is really quite simple. However, as mentioned previously, in some places cryptocurrencies are illegal, and in some places (such as California) the legal situation is in constant flux, so nothing you read here can be construed as legal or financial advice, simply because I’ve already got a full-time job and several intensive part-time hobbies, and trying to keep up with the legal situation in regards to cryptocurrencies is a full-time job in its own right.