2. Opening
• This topic is really hard to explain but I’ll keep it as simple
as possible.
• Ordinary people, non-technical investors, tech bloggers
or journalists, engineers, computer scientists… no matter
who you are.
• I don’t expect everyone to understand everything. But I
assure you, you just need this presentation to learn it.
4. What is Bitcoin
• Let’s start with bitcoin. What is Bitcoin literally?
• Simply Bitcoin is a digital money. You can buy goods,
transfer your digital money to anyone in the network.
• So it’s money. Nothing else. Just not tangible. It’s
something digital lives on the internet.
• I use Bitcoin as name of the system and bitcoin as
money/currency.
5. Satoshi Nakamoto
• Bitcoin was invented by an unknown person under the
name Satoshi Nakamoto as open source in 2009.
• He published a paper on bitcoin.org which titled Bitcoin:
A Peer-to-Peer Electronic Cash System
6. The Paper
• What he claims in the paper? Those words are from his
paper:
• Completely non-reversible transactions are not really
possible, since financial institutions cannot avoid
mediating disputes.
• The cost of mediation increases transaction costs, limiting
the minimum practical transaction size and cutting off the
possibility for small casual transactions, and there is a
broader cost in the loss of ability to make non-reversible
payments for non-reversible services.
7. The Problem
• Because it’s useless for small amount of transactions
Satoshi wanted to get rid of disputes and mediation.
• Imagine you want to transfer 50¢ to someone else. No
one does that over the banking system. And imagine the
receiving party disputes it with the bank 1 week later. The
cost of transferring 50¢ is not cheap for a bank.
• And it’s not efficient. It’s just 50¢, you even don’t wanna
talk about it. That’s what Satoshi means by saying non-
reversible. We need efficiency not justice while we are
dealing with small amount of transactions.
8. Difference
• What are the differences between bitcoin and other online
payment systems such as PayPal? Or physical banks?
• Bitcoin is Decentralized, it means there is no trusted
mediation party between peers. It’s peer to peer.
• Bitcoin is Pseudonymous, it means that the money is
not tied to real world people or e-mail addresses. Be
careful! It’s not 100% anonymous!!!
9. Features
• There is no government behind bitcoin that supply money
to the market. States cannot interfere the value of the
money directly.
• Transactions happen peer to peer and irreversible. You
can’t dispute a bitcoin transaction like a bank transfer.
• There is no ‘trust’ in the network. Everything works based
on the cryptographic proof. You don’t need trusted 3rd
parties. Trust math.
10. Others
• Bitcoin is not the only cryptocurrency. There are vast
amount of cryptographic currencies available.
• Their networks are completely different and independent.
But the underlying protocol is similar. Some of them are
bitcoin clones. Bitcoin, Ethereum, Litecoin, Bitcoin cash,
Ripple, Dash…
• Cryptocurrency is broader name. Bitcoin is a brand name
of a certain cryptocurrency.
11. Let’s Design It
From scratch
We are Nakamoto and trying
to design Bitcoin as
Nakamoto described.
This picture comes with the template. It’s not about Bitcoin. I just liked it.
12. IDs
• First of all we need to verify IDs on the network. How we
can trust people we don’t know? Of course no trust.There
should be a way to prove the authenticity of a message.
• Bitcoin uses public key/private key (asymmetric
encryption) for this purpose. It’s explained in next slides.
• Only I can make a transaction with my private key and
others can verify the transaction by using my public key.
13. Money
• Ok, we’re ready, we have our IDs. But where is the
money? We don’t have money in the system yet. What is
the source of money?
• Don’t tell me “we can buy bitcoin online”. Where they get
the money from? Or let’s imagine we are first users in the
system.
14. Miners
• Bitcoin protocol uses chain of blocks to keep record of
transactions. You can imagine blocks like pages of a big
ledger book. Multiple transactions on each page.
• Block building is computationally costly. Miners compete
to build next block. Whichever first builds the next block,
the system rewards it with coins.
• So, miners get coins from the system in return. That’s the
source of money.
15. Transactions
• Ok, now we have money in the system but not in our
hands since we are not miners. How is the money being
distributed across the network?
• Miners, like normal users, sell their coins to other users.
That’s how others get the money. And users exchange
coins.
16. Hierarchy
• Bitcoin network is flat and peer-to-peer. There is no super
users or small users. It’s democratic and open to
everyone. You just need an ID to join network. You can
generate your ID freely. (Believe me, fraud is almost
impossible)
• So who are miners? Actually everyone can mine as
everyone is equal. But when someone joins the race to
build next block he wears ‘miner’ hat. It’s a choice not
superiority.
17. Account Number
• There is no account and balance management in Bitcoin.
It’s because it’s decentralized and doesn’t want to
maintain a database like PayPal.
• To receive money, you should send your Bitcoin address
to the sender.
• Bitcoin addresses are calculated from public keys. There
is no sending address. While you are sending bitcoin you
need the receiving address.
• Addresses are used only once.
18. Signatures
• While sending money you must sign the transaction order.
You can sign your transaction with your private key. It’s
simply like signing a physical cheque.
• Others can verify it belongs to you because only you can
use your private, others cannot.
• And you can’t claim you didn’t sign the transaction.
• Well, there is no any authority to dispute. We all trust
math.
19. Balance
• We only have block chains that keep records of
transactions. So how Bitcoin protocol decides whether a
user has a sufficient balance or not?
• User should provide the source of money -as a
transaction- for each transaction. It’s called UTXO.
• When you are sending bitcoin, you should refer to
transactions that you received coins. And that coins
should not be spent.
• Let’s imagine below real world example:
20. Balance
• You don’t have a bank account that you can collect
money into. You don’t send money from your bank
account. Instead, you say something like this: “I am
sending you $5 from the money my dad sent me”. People
check if your dad really sent you money.
• Your dad said something like this while sending you: “I am
sending you $5 from the money my boss sent me”.
• So, that goes back to Satoshi’s first transaction.
21. Changes
• UTXO is indivisible just like a coin that cannot be cut in
half. So when your unspent money is bigger than amount
of the transaction, your wallet does two transactions: 1-
to receiver(s) 2- back to yourself
• Let’s say you have 5 coins and transferred 3 coins. 2
coins doesn’t stay in your sending account because there
is no account. You (actually your wallet in behalf of you)
create another receiving address for you and transfer 2
coins to yourself as changes.
• So everything is transaction. No database.
22. Flow of Transactions
Bob Alice
5 BTC 3 BTC
David
Alice
2 BTC
Sue Alice
• Alice must refer to Bob’s unspent transaction to send 3 BTC to David.
• Since Alice only wants to send 3 BTC, remaining 2 BTC from Bob’s
transaction should be recorded as a transaction. So she transfers 2
BTC to herself. To send 9 BTC to John, Alice should refer to Sue’s and
her own transactions. We had to use 2 inputs for John’s transaction.
John
9 BTC
7 BTC
23. Wallets
• Wallets keep your digital signatures. It’s free to produce new
keys. You can use more than one key. Wallets manage all your
keys. There are hardware wallets as well as software wallets
available in the market.
• Wallet can collect all your unspent transactions and calculate
your balance etc…
• If you lose your keys, you cannot reach your coins. Not only
you, nobody can use your coins. Simply they stay orphaned in
the network. (*)
(*) James Howells famously lost 7,500 Bitcoins in 2013 when he accidentally threw out
an old hard disk containing his private key.
24. Public Ledger
• An open public ledger system keeps records of all
transactions. Anyone can see who did which transaction
to whom starting from 2009 to today.
• But remember, bitcoin is a pseudonymous network. So
you will only see public digital signatures instead of real
world identities.
• The ledger is distributed across the network. Nodes hold
a copy of it. This makes bitcoin decentralized.
27. Blocks vs Transactions
Block N Block N+1 Block N+2 . . .
Transaction 1
Transaction 2
Transaction M
.
.
.
Transaction 1
Transaction 2
.
.
.
Transaction P
Transaction 1
Transaction 2
.
.
.
Transaction R
28. Block and Transactions
• Every 10 minutes the system creates a new block. So
depth of chain -actually it’s called height- increases.
• Number of transactions can be different in each blocks.
• Winner miners pick transactions to add to the block.
• Sometimes for technical reasons some transactions
cannot be processed in the current block so they stay in a
queue for the next block.
29. Block Header
• A block header contains below header meta data:
Version
hashPrevBlock
hashMarkleRoot
Time
Bits
Nonce
• Note that, block body holds transactions.
30. Block Integrity
• As you can see each block has the hash value of previous
block. That ties all blocks to each other. So it creates
chain of blocks. How?
• No one can change any block in the network. Although
transactions are public, nobody can change it. Because a
simple change, even a dot, can cause the change of the
hash value completely. Since each block has previous
block’s hash value even other blocks become
inconsistent.
• Each block is sticked to one another.
31. Blocks vs Transactions
• Don’t confuse. Rewards are for block creations not for
transactions. Approx. every 10 minutes 1 block is being
created. The system needs blocks to record transactions.
• Each block has a list of transactions happened last 10
minutes and couldn’t be processed with the previous
blocks.
• A transaction is incomplete until it becomes part of the
global distributed ledger, the blockchain.
32. Transactions
• Transactions have a defined structure.
• The most important parts of a transaction are inputs and
outputs.
• Inputs represent the sources of money.
• Outputs represent the receivers.
33. Coinbase
• The coinbase transaction is a special type of transaction
that pays the miner his block reward. Every block must
have a coinbase transaction as its first transaction, other
transactions are optional.
• The coinbase's output is used to send the block reward
plus transaction fees, to the miner's address.
• The coinbase transactions have no input as coins comes
from the system instead of nodes. Remember, coinbases
are the source of money.
34. Mining
• Finding a new block is called as mining.
• The system requires miners to solve a math problem.
Who first solves the problem she earns the reward. That’s
called proof-of-work.
• Why we need proof-of-work? It’s because:
• To regulate bitcoin production
• To discourage dishonest nodes from abusing the
system
35. Mining
• Thousands of miners join in a global race to find the next
block. That requires quadrillions of hashing operations per
second across the entire bitcoin network.
• Miners repeatedly hashes the header of the block and a
random number (nonce) with the SHA256 cryptographic
algorithm until they find a hash value less than the
predetermined target hash. The first miner to find such a
solution wins the round of competition and publishes that
block into the blockchain.
• That race happens every 10 minutes and each time the
problem changes.
36. Coin Production
• Bitcoin protocol regulates coin production. This is why we
call it ‘the controlled supply’.
• The protocol ideally wants to create 1 block every 10
minutes. If miners increase the computational power, the
system increases the difficulty level of the problem and
keeps the production always at the same level. That’s the
first limitation of coin production.
• Coins are rewards for the newly founded blocks. That
rewards decrease geometrically with a %50 reduction every
4 year (precisely every 210.000 blocks). That’s another
factor affects on the amount of coins.
37. Total # of Coins
• In 2140, the latest halving period starts and the reward
reduces to 0. It means no more coins will be producing.
Because the only way to produce coin is to find the new
block and get the reward from the system.
• The system was initiated with 50 BTC reward in 2009. It
was decreased to 25 BTC in 2013 (it is the first halving
period, 4 years later). And now it’s 12.5 in 2017. The
second halving period.
• Total number of bitcoin will be 21 million in 2140.
40. Symmetric Encryption
Msg Encryption
key
cypher Decryption Msg
key
D(E(Msg, key)) => Msg
D: Decryption function
E: Encryption function
Msg: Original message
key: Shared key
Bob Alice
Bob and Alice
shares the same
key
41. Asymmetric Encryption
Msg Encryption
Alice’s public key
cypher Decryption Msg
Alice’s private key
D(E(Msg, A’s public key), A’s private key) => Msg
D: Decryption function
E: Encryption function
Msg: Original message
Bob Alice
Bob uses Alice’s
public key to
encrypt message
42. Bitcoin ID
• Bitcoin doesn’t use the real world identity.
• Every user in the network has a public/private key pairs.
Public keys are like your nicknames.
• Users use public keys to verify IDs. Private keys have
been using to create signatures. And only the owner can
access or transfer her coins with a private key.
• Not that, if you buy coins from a provider with your real
money (USD) they may ask you your real world identity.
It’s not about the bitcoin network.
43. Hash
• Hash functions are functions that take an input of indeterminate
length and generate a fixed-length value, also known as a
”digest”.
• MD5, SHA-1, SHA-2 are well-known hash functions.
• A simple change in the input produces completely different hash.
Hi Alice.
MD5: bc886a91672b718f0efccce0494ada37
Hi Alice,
MD5: bbc0d3f172a9960cec60ca526f35c417
44. Hash
y = Hash(x)
• We can easily calculate y for a given x, but the inversion is
computationally infeasible. Finding a specific input x that
produces a desired hash y is almost impossible without
trying every possible combinations.
• So, the miners should waste the required time. They
cannot cheat the network.
• Bitcoin uses SHA-256 hash function to force miners to
spend computational power to find a desired target hash.
45. Nonce
• The system requires miners to find an x input that
produces a hash under the target hash.
• Block header includes an interesting field called nonce.
Since the block header is constant, it’s not possible to
produce the target hash with it. We need a variable field.
• Miners are constantly changing nonce then calculating
the hash value and checks if the value is under the target.
46. Difficulty
• Target is defined by difficulty. System requires miners to
find a hash that has a certain number of leading zero in its
binary format.
000000000000000000000000011111110101010101010…
• The number of leading zero is the difficulty. The smaller
target (it means has more leading zero) the harder to
solve. Because of smaller addressable space, chance of
fitting in the space decreases.
47. Target Hash
• Bits in the header is used to calculate the target hash
value from a predefined formula.
• Let’s say it’s 0x73829012 (hexadecimal). It’s little-endian.
So we have to reverse bytes. 0x12908273
The first byte is the “exponent”, e = 0x12
The next 3 bytes are the “coefficient”,
c = 0x908273, formula for target = c * 2**(8*(e - 3))
48. Fork
• Imagine two miners Joe from USA and Chen from China
find the next block almost simultaneously. Both of them
broadcast the solution. Nodes in America and Europe first
got Joe’s broadcast while Asia and Africa Chen’s
broadcast.
• At a time nodes may have different perspective of the
blockchain.
49. Fork
• So Asian nodes build the next block based on Chen’s
block while Europeans Joe’s block.
Block 1 Block N. . .
Joe
Chen Block N+2
Block N+1
Block N+1
50. Fork
• So whenever Block N+2 is created, nodes work on Joe’s
block just stop working and start to find N+3 from Chen’s
fork.
• As miners want to earn reward it’s useless to work on
Joe’s block anymore. Since everyone knows N+3 is
solved, no one will work on Joe’s block as it’s shorter than
Chen’s. Because Joe’s N+3 will be late and invalidated by
the system since as Chen’s is available.
• So honest nodes always would work on the longest chain.
51. Last Words
• Please follow me on Twitter and Medium with @bsimsekb
handle.
• After you read this presentation go and read my medium
blog for my latest entry. It includes personal thoughts
about Bitcoin’s feature and including some objections.
• Feel free to ask me questions.