Where do we start? There are so many cryptocurrencies, each working differently with different rules and mechanisms, that is it not particularly easy to make accurate generalisations: however you describe cryptocurrencies, there are bound to be exceptions. For example, Bitcoin uses a mechanism called ‘proof-of-work’ to ensure that anyone (in theory, at least) can add blocks to the blockchain at a certain cadence without a central actor coordinating access or providing permission. Proof-of-work creates a fair competition between block adders who compete to add blocks. This competition consumes electricity—a lot of it75—which is one reason some people describe Bitcoin as wasteful. However not all cryptocurrencies, and certainly not all blockchain technologies, work this way. So it is inaccurate and therefore unhelpful to generalise and say ‘cryptocurrencies’ or ‘blockchains’ are energy intensive. Just because Bitcoin works in a certain way, it doesn’t mean everything else does.
Bearing this in mind, we will nevertheless start by getting a good grounding in how Bitcoin works, and then later describe some of the differences between Bitcoin and other cryptocurrencies and their respective blockchain protocols (all to be explained—do not fear!).
People refer to Bitcoin as a digital currency, virtual currency, or cryptocurrency, but it may be easier to think of it as an electronic asset. The word currency often side-tracks people when they are trying to understand Bitcoin. They get caught up trying to understand aspects of conventional currencies which do not apply to Bitcoin, for example, what backs it (nothing) and who sets the interest rate (there is none). Bitcoin is also sometimes described as a digital token, and in some respects that is accurate; but, alas, the term token is now also used to mean something more specific, which we will cover later, so the ambiguity of this term too is best avoided.
Bitcoins are digital assets (‘coins’) whose ownership is recorded on an electronic ledger that is updated (almost) simultaneously on about 10,000 independently operated computers around the world that connect and gossip with each other76. This ledger is called Bitcoin’s blockchain. Transactions that record transfer of ownership of those coins are created and validated according to a protocol—a list of rules that define how things work and which therefore govern updates to the ledger. The protocol is implemented by software—an app—that participants run on their computers. The machines running the apps are called ‘nodes’ of the network. Each node independently validates all pending transactions wherever they arise, and updates its own record of the ledger with validated blocks of confirmed transactions. Specialist nodes, called miners, bundle together valid transactions into blocks and distribute those blocks to nodes across the network.
Anyone can buy bitcoins, own them, and send them to other people. Every Bitcoin transaction is recorded and shared publicly in plain text on Bitcoin’s blockchain. Contrary to many media articles, Bitcoin’s blockchain is not encrypted. By design, everyone sees all details of all transactions. Anyone can, in theory, create bitcoins for themselves too. This is part of the block creation process, called mining, and is described later.
The purpose of Bitcoin is described in its whitepaper—a short document written by a pseudonymous Satoshi Nakamoto, published in October 2008. It describes why Bitcoin exists and how it should work. It is worth reading the whitepaper in full. It is only nine pages long and available online77. The abstract says:
A purely peer-to-peer version of electronic cash would allow online payments to be sent directly from one party to another without going through a financial institution. Digital signatures provide part of the solution, but the main benefits are lost if a trusted third party is still required to prevent double spending. We propose a solution to the double spending problem using a peer-to-peer network. The network timestamps transactions by hashing them into an ongoing chain of hash-based proof-of-work, forming a record that cannot be changed without redoing the proof-of-work. The longest chain not only serves as proof of the sequence of events witnessed, but proof that it came from the largest pool of CPU power. As long as a majority of CPU power is controlled by nodes that are not cooperating to attack the network, they’ll generate the longest chain and outpace attackers. The network itself requires minimal structure. Messages are broadcast on a best effort basis, and nodes can leave and rejoin the network at will, accepting the longest proof-of-work chain as proof of what happened while they were gone.
That first sentence says it all. It sets out the purpose of Bitcoin, and how Bitcoin derives both value and utility. For the first time in history, we have a system that can send value from A to B, without the physical movement of items or using specific third-party intermediaries. It is difficult to overstate how important a milestone this is in the evolution of payments. I get shivers down my spine every time I think of Bitcoin like this78. As popularised by cryptocurrency industry commentator Tim Swanson79, Bitcoin is designed as censorship resistant digital cash.
There is no mention of a blockchain or ‘block chain’ at all in the original Bitcoin whitepaper, even though we are constantly reminded by the media that Bitcoin is built on blockchain or that blockchain is the underlying technology of Bitcoin. A chain of blocks was not the purpose of Bitcoin, it is just the design that was developed to achieve the objective—the solution to the business problem.
The Bitcoin blockchain is managed by software running on computers that communicate with each other forming a network. Although multiple compatible software implementations exist, the most commonly used software is called ‘Bitcoin Core’ and source code to this software is published on GitHub80. This software contains the full range of functionalities needed for the network to exist. It has the ability to perform the following tasks which will be explained in this section:
•Connect with other participants in the Bitcoin network
•Download the blockchain from other participants
•Store the blockchain
•Listen for new transactions
•Validate those transactions
•Store those transactions
•Relay valid transactions to other nodes
•Listen for new blocks
•Validate those blocks
•Store those blocks as part of its blockchain
•Relay valid blocks
•Create new blocks
•‘Mine’ new blocks
•Manage addresses
•Create and send transactions
However, in practice, the software is usually only used for its bookkeeping function, which will be explained in depth in this section.
To understand how Bitcoin works, and why it works the way it does, it is important to keep in mind the objective: to create an electronic payment system that cannot be censored, and to allow anyone the ability to send payments ‘directly from one party to another without going through a financial institution’.
Such a system cannot have a central administrator managing the ledger, as that administrator would be the financial institution that Bitcoin is set up to avoid. The system therefore needs to be able to be operated by anyone, without any need to identify themselves or gain permission from a gatekeeper. The moment that parties need to identify themselves, they lose privacy and are vulnerable to interference, coercion, prison, or worse. This goes for both administrators of the system and users themselves. So every single part of the solution needs to work with these constraints in mind.
How did Satoshi go about designing the solution? Let’s start with a classic centralised model and then try to decentralise it. In this way, we can build up the design of Bitcoin step by step.
Classic Centralised Model
Let’s start with a ledger which keeps tracks of balances, managed by an administrator. You can think of it as a list with two columns: Account, Balance81.
Classic centralized model
The administrator assigns account numbers to customers, and customers make payments by instructing the administrator. There is an authentication process where the customer proves that they are the account holder before the administrator will carry out the payment instruction. So each customer is named and, for security, has a password linked to their account.
Account mapping
The administrator maintains the central record of balances and makes all payments. They are responsible for ensuring that no one spends money they don’t have or spends the same money more than once, the ‘double spend’.
But if we want resistance to control and censorship, and to allow anyone to be able to transact with anyone else, we need to remove the administrator.
First, let’s remove the administrator from the account opening process, so that anyone can open an account without needing permission from the administrator.
Problem: Accounts Need Permission
Someone has to set up an account and assign it to you. It is the administrator’s job to assign you an unused account number then set you up with some sort of username (which may be your own name) and password so that when you ask the administrator to make a payment on your behalf, the administrator knows it is really you making the request. In setting up your account the administrator has granted permission for you to open the account, and may, equally, choose to refuse that permission. Any time you have an entity that can approve or deny something, you have a point of third party control. We are trying to eliminate third party control.
Is there a way you can open an account without having to ask permission? Well, cryptography provides a solution.
Solution: Use Public Keys as Account Numbers
Instead of names or account numbers and passwords, why not use public keys as the account number, and digital signatures instead of passwords?
By using public keys as account numbers, anyone can create their own accounts with their own computer without having to ask an administrator for an account number. Remember, a public key is derived from a private key, which is a number picked at random. So you create an account by picking a random number (your private key) and doing some maths on it to get your public key. In Bitcoin and most other cryptocurrencies, account numbers are mathematically derived from public keys (not public keys themselves), and are called addresses.
Using user-generated addresses instead of accounts
You can tell the world this Bitcoin address to allow people to pay to it82. No one can spend anything from it unless they have the private key, which only you have. You can also create as many addresses as you want and your wallet software will manage all of them for you.
Could someone else already be using an address that you randomly picked? Possible, but unlikely. We saw in the cryptography section that Bitcoin’s scheme uses a random number between 0 and 115,792,089,237,316,195,423,570,985,008,687,907,853,269,984,665,640,564,039,457,584,007,913,129,639,935 as a private key. There are so many private keys available that the possibility of stumbling across someone else’s account is virtually nil. As one commentator put it, ‘Go back to bed and don’t worry about this ever happening’. 83
Public/private keypairs also solve the authentication problem. You don’t have to log in to prove that you are the account holder. When sending a payment instruction you digitally sign the transaction with your private key, and this signature proves to the administrator that the instruction is indeed coming from you, the account holder. You can create and sign the transaction offline without being connected to any network. When you broadcast the signed transaction to the administrator, all the administrator has to do is check that the digital signature is valid for the respective account number, rather than maintain a list of usernames and passwords for you and all transacting parties.
Problem: Single Central Bookkeeper
We have now eliminated the role of the third-party administrator in creating accounts. But we still have the third-party administrator in the role of central bookkeeper—the coordinator who maintains the list of transactions and balances and who both validates and orders the transactions you request against some business and technical rules. This single point of control ultimately decides what is reflected in your account, whether your transaction goes through or not. As a single point of control, it is classified as a financial institution, and has the regulatory burden of having to identify you and all other customers, a process known as Know Your Customer or KYC. It can also be coerced to censor transactions.
So, for a digital cash system resistant to third party influence, including control and censorship, we need to remove that single point of control84.
Solution: Replicate the Books
The more people you have sharing a secure system and its information, the less vulnerable that information is to manipulation. However, a group of ‘trusted bookkeepers’ would inevitably require their own gatekeeper, so we would be back to the central point of control problem again. The solution is for anyone anywhere to be able to be a bookkeeper without asking permission from anyone else and without hierarchy. And all bookkeepers, wherever they are, maintain the same complete books of record and are peers of equal seniority, with checks and balances such that if any single bookkeeper were forced to try to censor a transaction or manipulate the database, the others would ignore or exclude them.
As long as all bookkeepers maintain identical records of which transactions are included and which excluded, we have a more resilient system. If any individual bookkeeper is forced to stop work, the others can continue. Anyone is able to join this network of bookkeepers without needing permission from anyone else. So the network is resilient to anyone joining or leaving at any time.
In Bitcoin, any individual with a computer, adequate storage, and access to internet bandwidth can download some software (or write their own), connect to a few neighbours, and become a bookkeeper.
New transactions are broadcast to all bookkeepers via a gossip network, and each bookkeeper relays new transactions to as many others as they are connected to. This ensures eventual propagation of transactions to all bookkeepers.
Problem: Transaction Ordering
How do multiple bookkeepers stay in sync with each other? Every bookkeeper will have a different idea of the order of transactions. Given that there could be hundreds of transactions being created anywhere in the world, and given that it takes some time for these to fully propagate across the network, if every bookkeeper tried to put these transactions in order, there would be many conflicting versions of the ‘correct’ order of transactions. What happens if a bookkeeper in China receives transaction A then transaction B, whereas a bookkeeper in the USA receives transaction B first, then A?
Geography, technology, connectivity, internet traffic, servers, and bandwidth all influence the speed and order in which transactions originating anywhere in the world manifest themselves everywhere else. Your ordered list of transactions as manifest, say, in London is going to be very different from someone else’s list, even next door, let alone in, say, Lagos, New York, Auckland, or Nairobi.
How do we get an agreed ordering of transactions?
Solution: Blocks
We can’t control how many transactions can be created per second, but we can control the data entry into the ledgers. We can do this by recording transactions in batches, page by page instead of transaction by transaction. Individual transactions, validated as ‘pending’ transactions, can be passed around the network, then entered into the books in less frequent batches. We call these batches blocks!
Blocks are created much less frequently than transactions, so it is more likely that a block reaches all bookkeepers in the network before another one is created. This means that a bookkeeper now performs two functions:
1.Validating and propagating ‘pending’ transactions
2.Validating, storing, and propagating blocks of transactions
By slowing down the ‘data entry’ process of the bookkeeping system, bookkeepers around the world have more time to agree on the ordering of blocks of transactions. So rather than all bookkeepers needing to agree on the order of transactions, they need to agree on the order of blocks which are generated less frequently. Because there is more time to agree on the order of blocks, there are fewer differences in opinion about block ordering, and so a greater chance of network-wide consensus. Later we will see how the network deals with conflicting blocks.
Once your transaction is bundled along with other transactions into a valid block, and that block is passed around the network, the transaction is said to be ‘confirmed’ with one confirmation. When the next block is added, on top of the block with your transaction, your transaction is confirmed with two confirmations. As new blocks arrive on top of the initial block, your transaction is deeper in the ledger and becomes more and more confirmed. This is important because there are situations where the very top of the chain, i.e., the newest blocks, may be replaced by other blocks, kicking out transactions which looked like they have already been confirmed85. We will look into the ‘longest chain rule’ later.
There is a trade-off between the ease with which bookkeepers can agree on the ordering of transactions and the speed at which valid transactions are written into the blockchain. Having blocks created, say, once per day would make it very easy for all bookkeepers to agree on the ordering of those blocks, but this is longer than people want to wait for their transactions to be confirmed.
In Bitcoin, blocks are created every 10 minutes on average. Different cryptocurrencies have different block creation target times.
Problem: Who Can Create Blocks, and How Often?
We have seen that it makes sense to batch pending transactions into blocks that are propagated around the network. Bookkeepers add those blocks to their own ledgers. As we will see later, if there are discrepancies or competing blocks, they use the ‘longest chain rule’ to decide which block wins.
Firstly, we need to manage the creation and frequency of blocks. How can we do this? If one party gathers up all the pending transactions, puts them into blocks, and sends the blocks to all the bookkeepers then we are back to a single, centralised control point, which we have set out to avoid.
So anyone, without permission, needs to be able to create blocks and send them around the network. But then how do we control the speed at which blocks are created? How do we get a bunch of anonymous block-creators to take it in turns and ensure that they don’t create blocks too quickly or too slowly?
Could the bookkeepers themselves have a rule to accept blocks only a minimum ten minutes after the last block they saw, to make it pointless for someone to try to create blocks at more frequent intervals? Due to the latency of the internet, this may create some unfair advantages (we don’t know the precise time when any individual bookkeeper received the latest block, and we can’t trust timestamps on blocks because these can be easily faked), and we also can’t trust the individual bookkeepers who might alter this rule, or their computer’s clock, and accept their own blocks sooner than 10 minutes.
Perhaps, we could have a conductor, an entity whose job is to randomly assign the next block-creator, who allows the next block to be created only 10 minutes after the previous one? No, that would not work either, as the conductor would be a central point of control over the network, and we don’t want a central point of control.
So perhaps each block-creator could be randomly assigned, like rolling some virtual dice so whoever gets a ‘double six’ is the next block maker. But that wouldn’t work—how could anyone prove they have or haven’t cheated? Who would roll the dice? How do we randomise the next block-creator and ensure that everyone agrees that it was a fair process?
Solution: Proof-of-Work
The solution is extremely elegant. The solution is that all block-creators have to play and win at a game of chance, a game that in aggregate, over the whole network, takes some specific amount of time to play (say 10 minutes on average).
The game must give all block-creators an equal chance of winning. The game must not have a barrier to entry, else the gatekeeper would be a central point of control. The game must not have shortcuts, and the game needs to have a publicly displayable proof so that the winner can prove they have won. The game must not be cheatable.
The prize? Being allowed to create the next block.
The game of chance that Bitcoin uses is called ‘proof-of-work’. Each block-creator takes a bunch of transactions that they know about, but which have not yet been included in any previous blocks, and builds a block out of them, in a specific format. The creator then calculates a cryptographic hash from the block’s data86. Remember that a hash is just a number. The rule of Bitcoin’s proof-of-work game of chance says, if the hash of the block is smaller than a target number, then this block is considered a valid block which all bookkeepers should accept87.
What if the hash of the block is bigger than this number? Does the specific block-creator bow out for this turn? No. The block-creator needs to alter the data going in to the hash function and try hashing the block again. They could do this by removing a transaction from the block, or adding a new transaction, or changing the order of transactions in the block, but these are not elegant and eventually you might run out of permutations. You don’t really want to mess around with the transactions in a block.
The solution in Bitcoin is that in every Bitcoin block there is a special part of the block that block-creators can populate with an arbitrary number. Its only purpose is to allow block-creators to fill it with a number, and change the number if the hash block doesn’t meet the ‘hash is smaller than a target number’ rule. So, if the first hash attempt doesn’t result in a winning hash, then they can just change the number in this part of the block. This number is called the ‘nonce’ (number once) and is completely separate from the financial transactions in the block. Its only job is to change the input data for the hash function.
So each block-creator puts together a block and fills the nonce field with the number and hashes the block. If the result meets the ‘hash is less than a target number’ rule for valid blocks, then they have created a valid block, and can send it to the bookkeepers, and get to work on the next block. If the result doesn’t fit the rule, then they change the nonce (e.g., by adding 1) and hash again. They do this repeatedly until they find a valid block. This is a process known as mining.
This is elegantly described as a scratch-off puzzle in a paper by Miller et al entitled “Nonoutsourceable Scratch-Off Puzzles to Discourage Bitcoin Mining Coalitions”88. Like scratch-off lottery cards, each miner has to expend a bit of effort scratching off a puzzle to see if they have a winning ticket.
So the authority to create a valid block is not given by a third party but is self-assigned by repeating some tedious mathematical algorithms, which all computers can do89. Note that mining is a tedious, repetitive job. Take some transactions with the nonce, hash it, see if the hash is smaller than a certain number, and if not, repeat with a different nonce. It is not ‘solving complex mathematical problems’ as is widely described in the media. Hashing is easy but boring! You can even do it by hand using pencil and paper if you have the patience, though you would be unlikely to win a block with only these tools to power you. Ken Shiriff did a round of hashing by hand with pencil and paper without a calculator, and you can watch him do it on his blog90.
In this way, anyone can be a block-creator and create valid blocks. They then send the valid blocks to the bookkeepers. The only thing that the bookkeepers have to do is to take the block, including the nonce, and hash it once to verify for themselves that the hash of the block is less than the target number.
Proof-of-work also avoids another kind of attack, a Sybil attack. A Sybil91 attack is when a network is overwhelmed by multiple forged identities all under the control of a single actor. Think Facebook or Twitter bots… loads of usernames but all under control of a small number of bad actors.
In Bitcoin, your chance of winning a block is proportional to how much hashing power you control. In the Bitcoin whitepaper this described as ‘one-CPU-one-vote’. If Bitcoin had given each node (each block-adder) an equal chance of winning a block (one node, one vote), the Sybil attack would be to create unlimited numbers of block adders and try to win all the blocks. Creating multiple identities is very cheap for attackers to do. So proof-of-work works well as a solution to this kind of Sybil attack because proof-of-work is computationally expensive, and this in turn means expensive in terms of electricity and hardware (i.e., cash), which means it is expensive to try to overwhelm the network with hashing power, which in turn increases the attack costs to a bad actor. If you have all of this hashing power available, you might as well put it to work finding blocks and making money (well, bitcoins) instead of trying to subvert the network, so the theory goes.
Problem: Incentivising Block-Creators
But all of this tedious hashing needs resources: computers, electricity, bandwidth… and this all costs money. Why should anyone bother creating blocks? What’s in it for them? How can we incentivise the block-creators to create blocks and keep the system running?
Solution: Transaction Fees
The solution is to pay the block-creators for their time and resources! But who is going to pay them and in what currency? An external payment or incentivisation mechanism, i.e., a third party paying the block-creators, would centralise and gate the process, defeating the purpose of censorship resistance, so that will not work. US dollars or any fiat currency would not work either, as fiat is held in bank accounts and banks can be instructed to freeze accounts.
An internal or intrinsic incentivisation scheme avoids third party control. This is implemented as a per transaction fee, so the block-creator gets a commission, a small amount of value, from each transaction. This could be specified as a percentage or a flat rate for all transactions and encoded into the rules of the system—a bit like the ‘10 minutes per block’ rule. But it is difficult to establish the right fee. Bitcoin’s solution is a market-based approach where people creating transactions add their own voluntary transaction fees, and the block-creators can prioritise those transactions with higher fees over those with lower fees.
When Alice creates her Bitcoin transaction she can optionally add a fee that is collected by the lucky miner who mines her transaction92. This fee allows miners to prioritise her transaction over others, who are all competing to get in a block. Blocks are limited by network rules, as to how much data can squeeze into a block. In Bitcoin, this limit is nominally 1 MB93. Fees tend to go up in times where there are many transactions queuing up to get into blocks, and down again in times with fewer transactions.
Problem: How to Bootstrap?
How were block-creators incentivised to keep creating blocks in the early days or, indeed, now during slack periods when there may be periods where there are no transactions for some hours? The hashing work consumes electricity and costs miners’ money.
Solution: Block Rewards
The second, and currently much larger, incentive for block-creators to create blocks is the ‘block reward’. In effect, the block-creator can write a cheque to themselves once per block, for up to a certain amount. The idea is that block rewards can kick start the system, and then be phased out gradually, with transaction fees to replace them.
The very first transaction in a block is called the coinbase transaction94. This coinbase transaction is special because it is the only transaction that creates bitcoins. All other transactions move bitcoins between addresses. The block-creator can create a transaction that pays any address (usually themselves) any number of bitcoins, up to a limit specified by the Bitcoin protocol. This limit was 50 BTC per block in 2009 and reduces by half every 210,000 blocks, which at 10 minutes per block, is about every 4 years. Currently (mid-2018) the maximum block reward is 12.5 BTC, with the next reduction to occur on block 630,000, estimated to occur in May 202095. These block rewards have created around 17 million bitcoins to date, and owing to the repeated halving of the block reward, the maximum number of bitcoins created ever will be a sliver under 21 million, the last of which should be created a little before the year 2140. Unless the rules change.
This block reward is the mechanism that keeps block-creators creating blocks. They receive valuable BTC in return for spending resources doing the tedious hashing to create valid blocks. Note that block-creators are under no obligation to include any transactions in their blocks, but they choose to because the transactions themselves contain transaction fees and these also accrue to the block-creator.
The beauty of this system is that the payment for creating blocks comes from the protocol itself rather than from an external third party.
Problem: More Hashing, Faster Blocks, More Monetary Supply
If anyone can create valid blocks by finding the nonce that makes the hash of the block meet a certain criterion and get paid for it, then surely by throwing more computers at the hashing they can create valid blocks more quickly and get paid more! By doubling the amount of hashing power, they can, on average, double the speed at which they can create valid blocks.
But this, unchecked, would cause havoc. With more people throwing more hashing power (i.e., computers) at the block creation process, blocks would be created faster and faster. Remember, we want blocks to be created slowly, so that the bookkeepers have a better chance of staying in consensus. And BTC would be created faster and faster, creating a huge supply and possibly decreasing the value of each unit.
Solution: Difficulty
The network needs to self-correct and slow down if blocks are created more quickly than the target of one block every ten minutes. The answer lies in changing the target number for the hash calculation. Variations in this target number can make it easier or harder for the network, in aggregate, to find hashes that fall below this number. As an analogy, if you have to roll two dice and get a sum total below eight, that is quite easy, but if you have to get a sum total below four then that will take you more rolls. So making the target number smaller slows down the rate at which valid blocks are created.
In Bitcoin, the target number is mathematically calculated from a number called the ‘difficulty’. The difficulty changes every 2016 blocks (which takes about two weeks at ten minutes per block), according to a formula that uses the elapsed time it took to mine the previous 2016 blocks. The faster the previous 2016 blocks were created, the more the difficulty increased. The difficulty and the hashing target number are inversely related, so as difficulty increases, the target number becomes smaller, making it harder and therefore slower to find valid blocks.
The network is beautifully self-balancing. If more hashing or mining power is added, then blocks get created faster for a period of time until the next difficulty change, after which it becomes harder to find valid blocks, slowing block creation down. If mining power leaves the network, then blocks take longer to be found, until the next time the difficulty changes, then difficulty decreases, and blocks become easier to find. And this is all done without a central coordinator.
Problem: Block Ordering
Transactions are bundled into blocks which are like pages in a ledger. These blocks are passed around the network at a slower rate than individual pending transactions would be. But how do you know what order the blocks should be? In a book, each page has a unique page number, and you know that the pages follow in ascending order. If the pages fall out, you can put the book back together again in the right order.
Could the same be done for blocks where each block gets a unique ‘block number’? In principle, yes, but remember that block-creators are competing to mine blocks by hashing their contents and seeing if the hash is smaller than a target number determined by the current difficulty. Imagine that the block 1,000 has just been mined and passed to all the nodes. The miners start mining block 1,001. Someone super sneaky might get to work mining block 1,002 and to try to get ahead of competitors, so that as soon as someone else has found block 1,001, they can submit block 1,002 and claim the block reward. Remember, the miner doesn’t need to populate any transactions in the block, they can just hash an empty block 1,002 that refers to block 1,001 with a coinbase reward transaction and no other transactions. Hmm, that wouldn’t be a good idea, there’d be all sorts of gamesmanship.
What restricts miners to ensure they mine only the very next block? How is ‘mining ahead’ prevented?
Solution: A Block Chain!
Instead of having each block have a ‘block number,’ each block refers to the previous block by its hash. Miners must include the previous block’s hash in the block they are creating.
This means that to mine block 1,002, miners need to know the hash of block 1,001. Until 1,001 has been mined, 1,002 can’t be mined. This forces miners to focus on block 1,001, which in turn includes the hash of block 1,000, and no miner can skip ahead. Thus a chain of blocks is created, held together not by block numbers (which can be predicted) but by block hashes (which can’t). Each block refers to a previous block by the previous block’s hash, rather than by a number that goes up sequentially.
This is the chain of blocks, or blockchain.
A block chain96 where each block includes the hash of the previous block, rather than a sequential block number.
An additional benefit of blocks linking through their hashes is that of internal consistency, sometimes described as immutability. Let’s say the latest block that has been passed around the network is block 1,000. If a rogue bookkeeper attempts to tamper with a previous block, say, block 990, and attempts to republish that block to other bookkeepers, they could:
1.Publish block 990 with new data but using the old hash; or
2.publish block 990 with new data and a new valid hash (i.e., ‘re-mine’ the block).
In the first case, the block will be considered invalid by all other bookkeepers, because it is internally inconsistent (the block’s hash doesn’t match the data inside it), and in the second case, the hash of block 990 won’t match the reference found in block 991. Thus, it is very hard to get away with tampering with any records that already form part of the blockchain—it will be immediately obvious to anyone who you try to convince. This is what is meant when blockchains are described as immutable. Of course, nothing is immutable (can’t be changed), but blockchains are tamper-evident—that is, it is easy for others to tell if data has been modified, accidentally or otherwise.
Problem: Block Clashes / Consensus
There is still a chance that blocks are created by different block-creators at the same time, due to the random process of hashing. If a bookkeeper receives two valid blocks from two different block-creators (miners) and they both reference the hash of the same previous block, how does the bookkeeper know which one to use and which one to throw away? How does the network come to consensus about which block to use? And if a miner receives two valid but competing blocks, how do they know which block to build the next block on?
Solution: Longest Chain Rule
There is another protocol rule called the longest chain rule97. If a miner sees two valid blocks at the same block height then they can mine on either block (usually the first seen) and would keep the other one ‘in mind’. Others will also make their decisions and eventually one of the blocks will have another block mined on it, then another, and another. So the rule is that the longest chain is the chain that should be considered the chain of record, and the block that is discarded is called an orphan.
What happens to the transactions in the orphaned block? They are considered as if they have never been part of a valid block and therefore are ‘unconfirmed’. They will just be included in later blocks along with other unconfirmed transactions, assuming they don’t conflict with the transactions that have already been confirmed in the blockchain.
Problem: Double Spend
Although the longest chain rule seems sensible, it can be used to create mischief in a deliberate double spend. Here is how you could do it:
1.Create two transactions using the same bitcoins: one payment to an online retailer, the other to yourself (i.e., to another address you control).
2.Only broadcast the transaction that is the payment to the retailer.
3.When the payment gets added in an ‘honest’ block the retailer sees this and sends you goods.
4.Secretly create a longer chain of blocks which excludes the payment to the retailer, and replaces it with the payment to yourself.
5.Publish the longer chain. If the other nodes are playing by the ‘longest chain rule,’ then they will reorganise their blockchains, discarding the honest block containing the payment to the retailer, replacing it with the longer chain you published. The honest block is said to be ‘orphaned’ and, to all intents and purposes, does not exist.
6.The original payment to the retailer will be deemed invalid by the honest nodes because those bitcoins have already been spent in your longer, substituted, chain. You will have received your goods but the payment to the retailer will be rejected by the network.
How to double spend.
Solution: Wait About Six Blocks
Therefore, common advice for people receiving bitcoins is to wait for the transaction to be a few blocks deep (i.e., to have a few blocks mined on top of it). This gives comfort that the transaction is settled and can’t easily be unwound98. At this point the amount of mining that has to be done to create a competing chain longer than the existing chain is enormous,99 so rational miners would prefer to dedicate their hash power towards creating legitimate blocks, receiving the block reward and transaction fees, rather than trying to subvert the network.
To put it another way, it is deliberately hard to generate a valid block. Therefore, if someone wants to replace blocks, they have to create blocks quickly and overtake the rest of the (presumably honest) network. This is another reason why people say Bitcoin’s blockchain is immutable and cannot be changed. However, if more than 50% of the total hash power of the network is used to re-write blocks, then it will be able to do so, because it will create blocks faster than the other, less powerful, half. This is called a 51% attack. Smaller amounts of hash power can also be used to re-write the blockchain, but with a lower probability of success100. 51% attacks have been successfully performed on unpopular coins with few miners.
Which Coins?
Earlier, I used the phrase ‘using the same bitcoins’. What does this mean? With physical cash, each coin or banknote is a unique object. You can’t pay the same coin or banknote to two people. However, digital money doesn’t work that way. In a traditional bank account, all your money is mixed up or co-mingled in a ‘total balance’ figure. Your income goes into the bank account and is immediately jumbled up with all the other money that is in there, like adding water to a half-full bath. When you make a payment your total balance is reduced, like removing water from the bath. You cannot specify which dollar you are spending. For example, when you pay $8 for a coffee, you don’t say, ‘Use $8 from my salary payment that came in on 25 Jan,’ you just say, ‘Use $8 from the pool of money that is my account balance’. This non-specificity promotes the fungibility of digital money, that is, one dollar in an account is exactly the same as another.
Bitcoin is digital, but it works more like physical cash. With cash you open your wallet and take this specific $10 note which you received earlier and pay $8 for your coffee and expect $2 change. Bitcoin is similar: for every payment you make, you have to specify exactly which coins you are spending—that is, which specific bitcoins that you received earlier. You refer to these received bitcoins by the transaction hash101 that sent the coins to you. In the same way that blocks build on each other by referring to the previous block’s hash, transactions also refer to each other using a previous transaction’s hash. When you make a Bitcoin payment, you say, ‘Take this bundle of money that came in to my account in this transaction, and pay some of it to this account and return the change to me’.
Here is a Bitcoin transaction102. You can see that it takes 1.427 bitcoins from address 17tVxts…QM and sends 0.5999 bitcoins into 1Ce2Qzz…wK and returns 0.827 bitcoins back to 17tVxts…QM. But wait… The two payments add up to less than the amount spent. 0.5999 + 0.8270 = 1.4269 which is less than the 1.427 spent. The 0.0001 Bitcoin difference is the mining fee. The miner can add that 0.0001 to the coinbase transaction in the block and pay it to themselves.
If we look at the block the transaction is included in,103 we can see that the miner paid themselves 12.52723951 bitcoins in the coinbase transaction, which is the 12.5 BTC block reward plus the sum of the transaction fees from the transactions in the block:
Hence all bitcoins are traceable. You can see the exact composition of every lump of Bitcoin that comes into your account—what it is composed of and where it came from—and you can trace every part of that money via the previous accounts, all the way back to when it was first created in a coinbase transaction.
I say each ‘lump of money’ specifically, rather than ‘each Bitcoin,’ because you don’t send bitcoins coin by coin, you just send a total amount. Let’s see how this works with an example.
Let’s start with an empty address and assume that you are friends with a Bitcoin miner who has just created a ‘lump’ of 12.5 BTC in a coinbase transaction when they successfully mined a block. The 12.5 BTC is like a single banknote in a physical wallet and needs to be spent in its entirety. The miner takes pity on you because you have no bitcoins and wants to give you 1 BTC. So the miner creates a transaction spending those 12.5 BTC to two recipients: 1 BTC to you, and 11.5 BTC back to herself. You now have a 1 BTC ‘lump’ in your account.
Now it is your lucky day and a few other people give you BTC. In further separate transactions, you receive ‘lumps’ of 2 BTC and 3 BTC. So now you have 6 BTC in your wallet, in three lumps: 1 BTC, 2 BTC, and 3 BTC.
If you want to give 1.5 BTC to another friend, how would you do that? You could do it in a few different ways:
Option 1: Spend the 2 BTC lump
You’d create a transaction that looks like this:
Spend: 2 BTC lump
Pay: 1.5 BTC to your friend, 0.5 BTC lump as change back to yourself
Option 2: Spend the 3 BTC lump
You’d create a transaction that looks like this:
Spend: 3 BTC lump
Pay: 1.5 BTC to your friend, 1.5 BTC lump as change back to yourself
Option 3: Spend the 1 BTC and 2 BTC lumps
You’d create a transaction that looks like this:
Spend: 1 BTC and 2 BTC lumps
Pay: 1.5 BTC to your friend, 1.5 BTC lump as change back to yourself
Option 4: Spend the 1 BTC and 3 BTC lumps
You’d create a transaction that looks like this:
Spend: 1 BTC and 3 BTC lumps
Pay: 1.5 BTC to your friend, 2.5 BTC lump as change back to yourself
Option 5: Spend the 1 BTC and 2 BTC and 3 BTC lumps
You’d create a transaction that looks like this:
Spend: 1 BTC and 2 BTC and 3 BTC lumps
Pay: 1.5 BTC to your friend, 4.5 BTC lump as change back to yourself
Although Option 1 feels like the most obvious and is probably what you would do if you were spending banknotes in a physical wallet, you could in theory choose any of those options. These are all different transactions but all achieve the same thing. The lumps of money that sit in your account are called ‘UTXO’s which stands for Unspent Transaction Outputs. Most people think in terms of ‘account balances’ (i.e., my account goes up and down) whereas Bitcoin ‘thinks’ in transactions (the transaction spends this money and puts it there). The lumps are the result or output of a transaction, and they are unspent because you haven’t spent them yet. Bitcoin would describe Option 1 as follows:
Option 1: Spend the 2 BTC lump
Transaction inputs: (this is money that is being spent)
1.2 BTC lump
Transaction outputs: (this is money that is not yet spent)
1.1.5 BTC to your friend
2.0.5 BTC lump as change back to yourself
This whole transaction is hashed, giving it a Transaction ID which can then be used by future transactions. If you later want to spend the 0.5 BTC you returned to yourself, you would say ‘take output (2) from this transaction, and spend it like this…’
Now, assuming you did Option 1 described above, what is left in your account? You started with lumps of 1, 2, and 3 BTC. You spent the 2 BTC lump and got 0.5 BTC back. So you’re left with three lumps: 1 BTC, 3 BTC, and the new 0.5 BTC lump. The blockchain records that the 0.5 BTC lump came from yourself, so anyone can trace the 0.5 BTC lump back to its original 2 BTC lump, and then further trace it to the account which it came from originally.
What next?
The transaction is created and signed by the sender using their private keys. This signed transaction is then sent to a node (bookkeeper) who validates it according to business rules (e.g., Does this UTXO exist? Has it been spent before?) and technical rules (e.g., How much data does the transaction contain? Is the digital signature valid?), and if found to be valid, the bookkeeper keeps this transaction in a pool of ‘unconfirmed transactions’ that they have heard about, called a mempool or memory pool. They then propagate this transaction to their neighbours in the network. Each neighbour follows the same process. Eventually a miner or block-creator picks up this transaction and decides whether they want to pack it into a block, and if so, they start mining the block. If the miner is successful in mining the block, they propagate the block to other miners and bookkeepers and each node records this transaction as confirmed in a block.
Peer-to-Peer
When people say Bitcoin is ‘peer-to-peer’ what do they mean?
Firstly, data is sent between bookkeepers in a peer-to-peer way, i.e., directly and not via a central server. Transactions and blocks are sent between bookkeepers who are each as important in status as each other—that is, they are peers. They use the internet to send data between themselves, instead of a 3rd party infrastructure like the SWIFT network used by major banks.
Second, Bitcoin payments are often described as peer-to-peer (i.e., with no middle man). But is this really true? Up to a point. A physical cash transaction is definitely peer-to-peer as there are no other actors other than the payer and the recipient. But Bitcoin also has intermediaries such as miners and bookkeepers. The difference between Bitcoin payments and bank payments is that, with Bitcoin payments, the intermediaries are non-specific and can act in lieu of each other, whereas traditional banks and centralised payment services are specific intermediaries. For example, if you have an account with HSBC you can’t instruct another bank such as Citibank to move your money, but in Bitcoin any miner can add your transaction to a block they are mining.
Peer-to-peer models of data distribution are like a gossip network where each peer shares updates. Peer-to-peer is in many ways less efficient than client-server, as data is replicated and validated many times, once per machine, and each change to the data creates a lot of noisy gossip. However, each peer is independent and the network can continue operating if some nodes temporarily lose connectivity. And because there is no central server that can be controlled, peer-to-peer networks are more robust and resistant to shutdown, whether accidental or deliberate.
In anonymous, and therefore untrusted, peer-to-peer networks, each peer needs to operate on the basis that any other peer could be a bad actor. So every peer needs to do their own homework and validate transactions and blocks, rather than trusting other peers. The network as a whole acts honestly, if populated by a majority of honest nodes. Next, we examine the limits of bad behaviour and the related costs and incentives.
Miscreants
What can and can’t miscreants do?
The impact of a malicious bookkeeper is very limited. They can withhold transactions and refuse to pass them to other bookkeepers, or they can present a false view of the state of the blockchain to anyone asking them. A quick check with other bookkeepers will reveal any discrepancies.
Malicious miners can cause a little more impact. They can:
•Attempt to create blocks that include or exclude specific transactions of their choosing.
•Create a double spend by attempting to create a ‘longer chain’ of blocks that make previously accepted blocks become ‘orphans’ and not part of the main chain. They can realistically only do this if they command a significant proportion of the entire network’s hashing power.
But they can’t:
•Steal bitcoins from your account, because they can’t fake your digital signatures.
•Create bitcoins out of thin air, because no other miners or bookkeepers would accept this transaction.
So the impact of a malicious miner is also actually quite limited. Furthermore, a miner discovered to be enabling double spends could quickly find themselves cut off from the rest of the network if the rest of the network informally agrees to take action. Honest miners might agree not to build on blocks generated by a malicious miner.
Summary
Transactions are payment instructions of specific amounts of Bitcoin (UTXOs) from one user-generated account (address) to another. The transactions are created using wallet software, authenticated with unique digital signatures, then sent to bookkeepers (nodes) who individually validate them according to some well-known business and technical rules. The bookkeepers then add valid transactions to their mempool and distribute them to other bookkeepers that they are connected to.
Miners gather these individual transactions into blocks and compete with each other to mine their blocks by tweaking the block contents, specifically the nonce field, until the hash of the block is smaller than some target number. The target number is based on the difficulty setting at the time, which is derived from the time taken to mine the previous set of blocks to achieve a network-wide target frequency of one new mined block every 10 minutes. Miners receive a financial incentive in the form of new BTC and transaction fees which they may credit themselves, to compensate for spending resources to perform the competitive, repetitive hashing needed to create valid blocks.
The blocks link to each other in a unique sequence to form a ledger, the Bitcoin blockchain, that is recorded identically almost simultaneously on thousands of computers around the world that run Bitcoin software. If a Bitcoin transaction is not recorded on this blockchain, it is not a Bitcoin transaction. It doesn’t exist. A Bitcoin transaction recorded outside this file does not form part of the ledger.
There is no central authority who controls the ledger or who can censor specific transactions.
Different blockchain platforms or systems work differently. If you relax or change the aims or constraints, the design of the solution can also change. The solution may be simpler, as we will see later with private blockchains where censorship resistance is not a critical factor.
Putting this all together, we can see that the Bitcoin ecosystem consists of parties who perform different roles. Miners and bookkeepers focus on building and maintaining the blockchain itself. Wallets make it easy for people to use cryptocurrencies. Exchanges and cryptocurrency payment processors bridge between the fiat and crypto worlds.
While the theory sounds good, Bitcoin in practice is not as decentralised as people might have you believe. By some metrics it is not performing as well as some proponents might lead you to believe.
Bookkeeping Nodes
While there are around 10,000 nodes who perform bookkeeping tasks and who relay transactions and blocks, they are mostly running the same software written, and therefore controlled, by a very small number of people. They are known as the ‘Bitcoin Core’ developers and the software is known as ‘Bitcoin Core’.
Source: coin.dance104
The various versions, or implementations, that are not Bitcoin Core all have slightly different rules but are not different enough to create incompatibilities. Some, for example, may have additional flags to signal that the bookkeepers would be prepared to adopt a rule change if enough participants also signal the same intention.
Mining
Although anyone can mine, the process has become so intensive that new hardware and chips are created which are designed to be exceedingly efficient at performing the SHA-256 hashing. ASICs (Application Specific Integrated Chips) became the norm for mining in 2014 and outcompete all other forms of hardware in terms of energy efficiency for Bitcoin mining. Dave Hudson explores the effects of ASICs in his excellent blog Hashing It105. In the popular media, the computational power of these specially designed chips is often compared to the computational power of supercomputers, but ASICs cannot operate as general-purpose computers, so comparisons with supercomputers are meaningless. Only a few entities can mine profitably, usually using special purpose ‘mining farms’ clustered in areas of cheap electricity. The chart below shows miners and what proportion of blocks they have recently mined. The proportion of blocks they have mined is roughly equivalent to their hashing power as a proportion of the total hashing power of the network.
Bitcoin mining is not that decentralised! Source: blockchain.info106
Some of these are single mining entities. Others are syndicates that anyone can join, contribute hash power, and receive rewards in proportion to their contributions. At an estimate, around 80% of the hash power is controlled by Chinese entities. BTC.com, Antpool, BTC.TOP, F2Pool, viaBTC are all Chinese groups107, and a company called Bitmain owns both BTC.com and Antpool. Hence, if only the top three mining pools collaborate, they can reorganise blocks and arrange double spends, and no one would be able to stop them as they represent more than 50% of the total hashing power. So this is not a well-decentralised system.
It is often argued that miners wouldn’t do this because it would cause a loss of confidence in Bitcoin and thus cause the price to fall, and their stock of bitcoins would be worth less. However, an enterprising group of miners who carried this out could build a temporary large short trading position just before executing a double spend and profit on the fall in price of BTC.
Mining Hardware
As discussed, miners use special purpose chips called ASICs that are specifically designed and built to be efficient at SHA256 hashing. Commercial chip manufacturers have been slow to design chips that are specifically built to be efficient at SHA256 hashing, so demand has created an alternative specialised industry for supplying Bitcoin ASICs. The main provider of this is Bitmain, the same Chinese company who controls the top two mining pools. It has been estimated that Bitmain produces hardware that mines 70-80% of the total blocks in Bitcoin108. Bitcoin hardware manufacturing is not well decentralised.
BTC ownership
The ownership of BTC too shows a concentration in a small number of hands:
Source: bitinfocharts.com109
According to this analysis, almost 90% of value is owned by fewer than 0.7% of the addresses. Of course, we have to treat this kind of analysis with some caution. Some large wallets are controlled by exchanges who take custody of coins on behalf of a large number of users. So the table might be overstating the centralisation of Bitcoin ownership. Against that, some people might spread out their bitcoins across a large number of wallets in order to not attract attention. This is very easy to do. So the table might be understating the centralisation of Bitcoin ownership. However, it remains highly likely that, just as in the non-crypto world, very few people probably own the vast proportion of the value. Now, there’s a surprise.
Upgrades to the Bitcoin Protocol
Upgrades to the Bitcoin network and protocols are also fairly centralised. Changes are suggested in ‘Bitcoin Improvement Proposals’ (BIPs). These are documents that anyone may write but, but they all end up on a single website: https://github.com/bitcoin/bips. If it gets written into the Bitcoin Core software on Github, https://github.com/bitcoin/Bitcoin, it forms part of an upgrade, the next version of ‘Bitcoin Core’ which is the most commonly used software, or ‘reference implementation,’ of the protocol. As we have seen, this is run by the vast majority of participants.
Transaction Fees
In theory, the transaction fees collected per block is meant to compensate for the decrease in block reward as the network gets more popular over time. The reality is that this doesn’t seem to be working out.
Source: tradeblock.com110
The chart shows that except for a brief spike at the end of 2017, the total transaction fees have stayed stubbornly low at approximately 200 BTC per week. Compare this with the new 12,600 BTC generated from coinbase rewards per week (12.5 BTC per block x 6 blocks/hour x 24 hours/day x 7 days/week = 12,600 BTC, a figure which reduced by half in 2016, and is estimated to half again in 2020). Without significant increase in transaction fees to compensate, clearly the economics of Bitcoin mining will change.
Bitcoin, like most innovative innovations, was not created in a vacuum. Bitcoin was built by drawing from previous experiences and piecing together various tried-and-tested concepts in an innovative way to come up with new characteristics for decentralised digital cash.
Below are some technologies and ideas that may have directly or indirectly inspired Bitcoin:
Digicash
It is hard to overstate the impact that David Chaum had on the movement towards electronic cash, by which he meant a privacy preserving digital asset that could settle financial obligations. Chaum, an early cypherpunk, described this concept in 1983 in a paper entitled ‘Blind signatures for untraceable payments’ in the journal Advances in Cryptology Proceedings. He wanted a bank to be able to create digitally signed digital lumps of cash for their customers. The customers could spend the digital cash at shops, who would then redeem the digital cash with the bank. When the merchant redeemed the digital cash, the bank would see that the digital cash was good, but it did not know which of its customers the digital cash had originally been assigned to. The individual transactions were therefore anonymous as far as the bank was concerned. Digicash was the Amsterdam based company incorporated to commercialise this technology. The system was called eCash, sometimes Chaumian eCash, with the tokens themselves called CyberBucks. Although a few banks did some trials with CyberBucks, Digitcash filed for bankruptcy in 1998, unable to secure a deal to keep it afloat.
b-money
In November 1998, Wei Dai, an American-educated cryptography researcher and cypherpunk, published a short paper111 describing b-money under two protocols. b-money would operate on an untraceable network where senders and receivers would be identified only by digital pseudonyms (i.e., public keys). Every message would be signed by its sender and encrypted to its receiver. Transactions would be broadcast to a network of servers who would keep track of account balances and update them when they received signed transaction messages. Money creation would be agreed by the participants in a periodic auction.
Hashcash
In 1992, Cynthia Dwork and Moni Naor described a technique for reducing spam (junk email) in their paper,112 ‘Pricing via Processing or Combatting Junk Mail,’ by creating a hoop that email senders would have to jump through before sending emails. Email senders would have to attach a kind of proof or receipt to their outbound emails demonstrating that they had incurred a very small ‘cost’. Recipients would reject inbound emails without these receipts. The ‘costs’ incurred by the senders would be tiny at normal email volumes, but add up and discourage spammers who send out millions of emails. The ‘cost’ wasn’t a payment to a third party, but it would be incurred as ‘work’ in the form of repeated calculations that had to be made, to ensure an email would be accepted. So the receipt would be a ‘proof’ that repeated calculations, or ‘work’ had been done, leading to the phrase ‘proof-of-work’.
In 1997, Adam Back proposed a similar idea113 and described a ‘partial hash collision-based postage scheme’ which he named ‘Hashcash’. Bitcoin mining uses this concept of forcing someone to do some work, and proving they have done it, before allowing them access to a resource. He followed up in 2002 with a paper,114 ‘Hashcash—A Denial of Service Counter-Measure,’ describing improvements and applications of proof-of-work, including hashcash as a minting mechanism for Wei Dai’s b-money electronic cash proposal.
e-gold
E-gold was a website opened in 1996 and operated by Gold & Silver Reserve Inc. (G&SR) under the name ‘e-gold Ltd’ that allowed customers to open accounts and trade units of gold between each other. The digital units were backed by gold stored in a bank safe deposit box in Florida, USA. E-gold didn’t ask users to prove their identity, and this made it attractive for the underworld. It became very successful. It was reported to have up to 3.5 million accounts in 165 countries in 2005 with 1,000 new accounts opening every day115, but the website was eventually shut down due to fraud and allegations of facilitation of crime116. Unlike Bitcoin, it had a centralised ledger.
Liberty Reserve
Like e-gold, Liberty Reserve, based in Costa Rica, allowed customers to open accounts with few personal details, nothing more than a name, email address, and birth date. Liberty Reserve made no attempts to verify these, even for obviously false accounts named ‘Mickey Mouse’ and so on. During an investigation117, a US agent opened a functional account with a username ‘ToStealEverything’ in the name of ‘Joe Bogus’ who lived at ‘123 Fake Main Street’ in ‘Completely Made Up City, New York’ and wrote that it would be used for ‘shady things’. As a result of its relaxed controls, Liberty Reserve was used extensively for money laundering and other criminal proceeds, more than $6 billion according to ABC News118. It served over 1 million customers before it was shut down in 2013 by the US Government under the Patriot Act.
Napster
Napster was a peer-to-peer filesharing system that was live between 1999 and 2001. It was created by Shawn Fanning and Sean Parker, and was popular with people who liked to share music, particularly in mp3 format, and who didn’t like to pay for it. The idea was to allow anyone to copy and share content saved on users’ hard drives. At its peak the service had about 80 million registered users. It was eventually shut down because its relaxed approach to the sharing of copyright material wasn’t appreciated by those with interests vested in that material.
Napster’s technical weakness was that it had central servers. When a user searched for a song, their machine would send the search request to Napster’s central servers, which would return a list of computers storing that song and would allow the user to connect to one of them (this is the peer-to-peer bit) to download the song. Although Napster itself didn’t host the material, it made it easy for users to discover others who did. Centralised services and entities running those services are easy to shut down, and so it was, to have its role replaced by BitTorrent, a decentralised peer-to-peer file sharing system.
Mojo Nation
According to CEO Jim McCoy, Mojo Nation was an open source project that was a cross between Napster and eBay. Launched in or around 2000119, it combined filesharing with microtransactions of a token called Mojo, so that file sharers could be compensated for sharing content. It split files into encrypted chunks and distributed them such that no single computer would host an entire file. Mojo Nation failed to gain traction, but Zooko Wilcox-O’Hearn, who worked on Mojo Nation later founded Zcash, a cryptocurrency focused on transaction privacy.
BitTorrent
BitTorrent is a successful peer-to-peer filesharing protocol that is still in wide use today. It was developed by BitTorrent Inc, a company cofounded by Bram Cohen who worked on Mojo Nation. BitTorrent is popular with those sharing music and movies, users who may once have used Napster. It is decentralised: each search request is made from user to user rather than via a central search server. As there is no central point of administration, it is hard to censor and shut down.
As a theme, whether we consider money (e-Gold, Liberty Reserve, Bitcoin etc), or data (Napster, BitTorrent, etc), the evidence shows that decentralised protocols are more resilient to being shut down than services with a central point of control or failure. I expect the trend of decentralisation to continue in the future, driven in part by concerns that authorities are overextending their reach into private social matters.
Bitcoin’s history is colourful, more colourful than some received wisdom might have it. Some Bitcoin proponents say ‘Bitcoin (the protocol) has never been hacked,’ but they are wrong. Bitcoin has been hacked. Here is a selection of events from historyofBitcoin.org120 and the Bitcoin Wiki121 with my personal comments about these events.
2007
A pseudonymous Satoshi Nakamoto began working on Bitcoin.
18 Aug 2008
The website bitcoin.org was registered using anonymousspeech.com, a broker that registers domains on behalf of customers who can choose to remain anonymous. This shows how important privacy was to the person or group involved in Bitcoin.
31 Oct 2008
The Bitcoin whitepaper, written under the pseudonym Satoshi Nakamoto, was released on an obscure but fascinating mailing list metzdowd.com that is much loved by cypherpunks. Wikipedia has this to say about cypherpunks:
A cypherpunk is any activist advocating widespread use of strong cryptography and privacy-enhancing technologies as a route to social and political change. Originally communicating through the cypherpunks electronic mailing list, informal groups aimed to achieve privacy and security through proactive use of cryptography. Cypherpunks have been engaged in an active movement since the late 1980s.
This short whitepaper is regarded by Bitcoin believers as sort of bible.
3 Jan 2009
The genesis (first) block was mined. At that moment, the first bitcoins, fifty of them, were created out of thin air and recorded on Bitcoin’s blockchain in the first block—block zero. The transaction that contains the mining reward, the so called ‘coinbase’ transaction, contains the text:
‘The Times 03/Jan/2009 Chancellor on brink of second bailout for banks’
The text refers to a headline of the UK newspaper The Times. This is regarded as proof that the block cannot have been mined significantly earlier than that date, and the headline was presumably chosen deliberately for its implication: When banks fail, their losses are socialized; here is Bitcoin—it doesn’t need banks.
Source: thrivemovement.com122
So beware of people who say they were ‘in Bitcoin’ before 2009! I have been on a number of panels where other panellists try to establish credibility by saying just how early they were involved in Bitcoin. Sometimes, in their enthusiasm, they try to convince eager listeners that they were there before 2009…
An interesting aside: The 50 BTC mined in the first block are unspendable. They sit in address 1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa, but the account holder, presumably Satoshi, whoever he, she, or they may be, is unable to transfer them to anyone else due to some quirk in the code.
9 Jan 2009
Version 0.1 of the Bitcoin software was released by Satoshi Nakamoto, along with its source code. This allowed people to review the code, and download and run the software, becoming both bookkeepers and miners. Bitcoin was thus accessible to anyone who wanted to download and use it. Developers were able to scrutinise the code and build on it if they wanted to contribute.
12 Jan 2009
The first Bitcoin payment was made from Satoshi’s address to Hal Finney’s address in block 170123, the first recorded movement of bitcoins. Hal Finney was a cryptographer, cypherpunk, and coder, and some people believe he was partly behind the Satoshi pseudonym.
6 Feb 2010
The first Bitcoin exchange, ‘The Bitcoin Market,’ was created by bitcointalk.org forum user ‘dwdollar’124.
Previously, people traded bitcoins, but in a relatively unstructured way in chat rooms and message boards. An exchange is the first step towards making it easier for people to buy or sell bitcoins and increasing price transparency.
22 May 2010
Pizza day! This was the first documented time bitcoins were used to pay for something in the real world. Laszlo Hanyecz, a programmer in Florida, USA, offered to pay 10,000 BTC for a pizza on the bitcointalk forum125.
Another developer Jeremy Sturdivant (‘jercos’) took up the offer and called Domino’s Pizza (not Papa Johns as frequently reported) and had two pizzas delivered to Laszlo. He received 10,000 BTC126 from Laszlo.
Here is the transaction127:
Laszlo kept the offer open and, over the next month, received a number of pizzas for 10,000 BTC each time, before cancelling the offer:
This is the first transaction where bitcoins were used for economic activity other than a straight buy or sell.
17 Jul 2010
Jed McCaleb (who has more recently founded Stellar, a cryptocurrency platform based on Ripple), converted his card trading exchange into a Bitcoin trading exchange. ‘Mt Gox,’ usually pronounced ‘mount gox,’ stands for ‘Magic: The Gathering Online eXchange’. Magic: The Gathering is a collectable card game, and the website was used initially to trade cards before it was converted to a Bitcoin exchange. Initially, you could fund your Mt Gox account using PayPal, but in October, they switched to Liberty Reserve. Mt Gox would eventually collapse in Nov 2013–Feb 2014, but in its heyday, it was the largest and most well-known and well-used exchange.
15 Aug 2010
Bitcoin’s protocol got hacked. Beware the popular narrative that says, ‘Bitcoin itself has never been hacked’. A potential vulnerability was discovered, and someone exploited this vulnerability in block 74,638 to create 184 billion bitcoins for themselves. This strange transaction was quickly discovered and, with the consent of the majority of the community, the whole blockchain was ‘forked,’ reverting it to a previous state (we will discuss forks later).
So much for the immutability of Bitcoin’s blockchain: there are always exceptions.
The bug was fixed. Bruno Skvorc has written a good explanation of how it happened on his blog bitfalls.com128, and the bitcointalk forum has a thread129 where key developers discussed the bug.
If anyone says Bitcoin hasn’t been hacked, ask them ‘What about the integer overflow bug in August 2010 where someone sent themselves 184 billion bitcoins?’
18 Sep 2010
The first mining pool, Slush’s pool, mined its first block. A mining pool is an organisation where multiple participants combine their hash power to give themselves a better chance of winning a block. The participants split the rewards between them in proportion to their hash power contributions, a bit like a lottery syndicate. Mining pools have grown in significance over time.
7 Jan 2011
12 BTC were exchanged for $300,000,000,000,000. This is probably the highest exchange rate Bitcoin has ever achieved. The dollars in question, however, were Zimbabwean dollars. The Zimbabwean dollar is a good example of what can go wrong in a failing economy, and a reminder that fiat currencies need to be well managed.
9 Feb 2011
On the Mt Gox Bitcoin exchange, Bitcoin reached parity with the US dollar (1 BTC = 1 USD).
6 Mar 2011
Jed McCaleb sold the Mt Gox website and exchange to a French entrepreneur Mark Karpeles who was living in Tokyo. Jed sold it on the premise that Mark would do a better job expanding it. Alas Mark did not live up to these hopes. Mt Gox filed for bankruptcy in 2014 and Mark eventually landed up in jail.
27 Apr 2011
VirWoX, a website that allowed customers to convert between fiat currencies and Linden Dollars (the virtual currency for use within the computer game Second Life), integrated Bitcoin. People could now exchange directly between bitcoins and Linden Dollars. This was possibly the first virtual currency to virtual currency exchange.
1 Jun 2011
WIRED magazine published a famous article, ‘Underground website lets you buy any drug imaginable,’130 written by Adrian Chen. It described a website called The Silk Road, launched in Feb 2011 and run by twenty-seven-year old Ross William Ulbricht under the nickname ‘Dread Pirate Roberts,’131. The Silk Road was described as a kind of ‘eBay for drugs’—a darknet market, only accessible through the special browser Tor132, which matched buyers and sellers of drugs and other illegal or questionable paraphernalia. Bitcoins were used as the payment mechanism.
Source: stopad.io133.
Here is how the article describes Bitcoin:
As for transactions, Silk Road doesn’t accept credit cards, PayPal or any other form of payment that can be traced or blocked. The only money good here is Bitcoins.
Bitcoins have been called a ‘cryptocurrency,’ the online equivalent of a brown paper bag of cash. Bitcoins are a peer-to-peer currency, not issued by banks or governments, but created and regulated by a network of other Bitcoin holders’ computers. (The name ‘Bitcoin’ is derived from the pioneering file sharing technology BitTorrent.) They are purportedly untraceable and have been championed by cyberpunks, libertarians and anarchists who dream of a distributed digital economy outside the law, one where money flows across borders as free as bits.
To purchase something on Silk Road, you need first to buy some bitcoins using a service like Mt. Gox Bitcoin Exchange. Then, create an account on Silk Road, deposit some bitcoins, and start buying drugs. One Bitcoin is worth about $8.67, though the exchange rate fluctuates wildly every day.
This was the first time Bitcoin came to the attention of a wide audience. The Silk Road was eventually taken down by US authorities in October 2013, though many copycats have taken its place.
14 Jun 2011
Wikileaks and other organisations began to accept bitcoins for donations. Bitcoin is attractive for these organisations owing to its censorship resistance. While it is relatively easy for a government to lean on traditional payment systems (banks, PayPal, etc) to monitor transactions, block assets and freeze accounts, cryptocurrencies provide an alternative funding mechanism. Whether this is good or bad, of course, is a matter of opinion…
20 Jun 2011
Possibly the first documented evidence134 of a physical brick-and-mortar merchant accepting Bitcoin as a means of payment. Room 77, a restaurant based in Berlin, Germany sold fast food for bitcoins.
2 Sep 2011
Mike Caldwell started creating physical bitcoins which he called Casacius coins. They are physical discs of metal, each with a unique private key embedded behind a hologram sticker. Each coin’s private key is linked to an address that is funded with a specified amount of bitcoins, as depicted on the coin.
Source: Bitcoin wiki135.
These Casascius coins are the physical representations used in many stock photos used for media articles about bitcoins. They are also prized as collector’s items and cost much more than the value of the bitcoins contained in them, especially the first edition, which had a spelling mistake.
8 May 2012
Satoshi Dice was a gambling website launched on 24 April 2012. Users could send bitcoins to specific addresses with a chance of winning up to 64,000 times their original stake. Each address had a different payout and a different chance of winning. On 8 May, it became responsible for over half the transaction volume on the Bitcoin blockchain. Satoshi Dice was created by libertarian Eric Voorhees and was extremely popular. Early adopters seemed to have a penchant for gambling, and there wasn’t much else they could do with their bitcoins.
It was an interesting gambling system. Unlike other online casinos where users have to trust that the house is not cheating, Satoshi Dice was provably fair, using deterministic cryptographic hashes as the random number generators. Of course, the house had an edge, but the edge was small, known (1.9%), and was demonstrably adhered to.
This development started the debate about what ‘spamming’ a network with transactions means when there are no terms of service. It also started the community thinking about what fair transaction fees should be.
28 Nov 2012
Bitcoin’s first block reward halving day: On block 210,000 the block reward halved from 50 BTC to 25 BTC, slowing the rate of generation of bitcoins. Transaction fees then were insignificant, so this halving day reduced by half each block’s financial reward for miners.
2 May 2013
The first two-way Bitcoin ATM was launched in San Diego, California. This was a machine where you could buy bitcoins or sell your bitcoins for cash. This sparked a wave of one-way Bitcoin vending machines (cash in, BTC out) and two-way Bitcoin ATMs being installed around the world. Many were found to be unprofitable, as demand didn’t meet expectations. At some stage in Singapore there were more than twenty machines, but there are very few in evidence today.
Jul 2013
The first Bitcoin ETF (Exchange Traded Fund) proposal was filed with the United States Securities and Exchange Commission. Tyler and Cameron Winklevoss, twins made famous in the film The Social Network about Facebook, were responsible for this filing. An ETF could make investment into Bitcoin more accessible to the public, as many funds are allowed to buy ETFs but not bitcoins directly. A number of other Bitcoin ETFs, have been filed for approval but as of mid-2018, I am not aware of any Bitcoin ETF anywhere in the world136. Other instruments exist that trade on traditional financial exchanges and provide exposure to the price of Bitcoin.
6 Aug 2013
Bitcoin was classified as a currency by a judge in Texas, USA. This was one of many arguments and determinations of what Bitcoin is: Currency? Property? A security? Some other financial asset? A New Thing? There is still no global definition, and there may never be a globally consistent one.
Bitcoin’s categorisation has tax and other implications that differ by jurisdiction. The classification of bitcoins and cryptocurrencies may mean the difference between zero or punitive tax rates in any given tax regime, and therefore may have an impact on its potential adoption and usage (see below, 20 Aug 2013).
9 Aug 2013
Bitcoin’s price became searchable through Bloomberg software, which is popular with traders in traditional financial markets. Bloomberg used the ticker ‘XBT’ to represent Bitcoin, consistent with ISO currency code standards. With ISO currency codes (e.g., USD, GBP, etc), the first two letters denote the country and the third letter denotes the currency unit. The symbol ‘BTC,’ if adopted, would indicate a currency of Bhutan137. Precious metals such as gold (XAU), silver (XAG), palladium (XPD), and platinum (XPT) are also considered a ‘currency’ but start with X as they are not associated with a country. Bitcoin follows the currency standard for precious metals.
20 Aug 2013
Bitcoins were ruled as private money in Germany138, with tax exemptions if held for more than a year. The tax treatment of bitcoins and cryptocurrencies is a major point of contention, especially in the USA where the buying and selling of bitcoins attracts capital gains. If you bought a Bitcoin at $100, then, after its price had risen to say $1,000, you exchanged it for Ether, another cryptocurrency, then you would have to record that as a capital gain of $900 and pay tax on that capital gain, even though your assets were still in cryptocurrency and you hadn’t realised that gain in USD. So, depending on jurisdiction, tax authorities may well consider the exchange of cryptocurrencies as selling and buying with fiat currency and want to see those transactions taxed.
22 Nov 2013
Richard Branson, owner of Virgin Galactic, announced he would accept bitcoins as payment for a flight to space. Bitcoins and space travel—what a great time to be alive!
28 Feb 2014
After a long saga of hacks, glitches, poor management practices, lost coins, suspended withdrawals, failed banking transactions, and other incompetence, Mt Gox finally filed for bankruptcy protection in Japan in Feb 2014. The company said it had lost almost 750,000 of its customers’ bitcoins and around 100,000 of its own bitcoins, together worth around $473 million near the time of the filing. There are numerous theories as to what happened, the most compelling being a combination of hackers draining the Mt Gox hot wallets and management incompetence. The whole escapade, including the bankruptcy proceedings, was in such shambles and even the full creditor list (containing full names and amounts claimed) was leaked. The story of Mt Gox deserves its own book, but for a summary it is worth reading the Wikipedia entry139 about this sorry story.
After Mt Gox’s implosion, Bitfinex became the world’s largest exchange for a while.
Creditors to the bankrupt estate have not yet been compensated, and if they ever will be, it will be in Japanese yen at a rate that roughly equates to $400 per Bitcoin—less than a tenth of Bitcoin’s value at time of writing.
Like gold or oil or any other asset, bitcoins have a value that can be priced in USD or any other currency. This means there are people who are willing to exchange BTC with USD, usually using cryptocurrency exchanges, marketplaces which attract buyers and sellers. On exchanges you can see indications of supply and demand for cryptocurrencies at any price level (more on these later). You can also buy and sell bitcoins with anyone in the world, physically on the streets or over the internet, or using brokers who mediate between buyers and sellers, or who trade on their own behalf. To trade BTC, you simply need the ability to send or receive BTC and the ability to receive or send the other asset, usually a local currency.
Like any other market-traded asset, the price of Bitcoin fluctuates with supply and demand. At any point in time, people trade at prices that they are comfortable buying or selling at. If there is more buying pressure and people want to buy more bitcoins, prices will increase. If there is selling pressure and people want to sell more bitcoins for fiat currencies, then the price at which the bitcoins change hands will drop. Later we will go into more detail about how cryptocurrencies and tokens can be priced, but here we will look at specifically Bitcoin’s price.
Bitcoin’s Price History
Bitcoin’s price has been a wild ride. A recent price rise to almost $20,000 USD per Bitcoin and subsequent fall the $6,000 levels has caught the media’s attention:
2018: $20,000 per Bitcoin and a 60% crash? That is nuts!
But this is not the first time Bitcoin has been this volatile. Bitcoin appears to be cyclically volatile, with each cycle as dizzy as the previous.
Here is the 2013/14 bubble in detail:
2013/14: $1,200 per Bitcoin and an 80% crash? That is also nuts!
The peak price on Mt Gox was almost $1,200 per Bitcoin, and then crashed to below $200, rebounded and then traded lower and lower over to the $200-300 range during the ‘Bitcoin winter’ of 2014. These were painful times for holders of Bitcoin, if good times for far-sighted buyers. There are different theories for the cause of this bubble including the activities of trading bots—programs that automatically buy and sell—and the fact that you couldn’t withdraw fiat from Mt Gox. Anyone wanting to make withdrawals from Mt Gox had to buy bitcoins (pushing the price up) and withdraw bitcoins. The Chinese government then announced that they were going to ban Bitcoin trading and the price crashed.
But this was by no means the first bubble. Here is early 2013, close up, when in April the price rose from $15 to a peak of $266 before crashing to around $50:
Early 2013: $266 per Bitcoin and an 80% crash? That is nuts again!
A common theory about this was that people in Cyprus were buying bitcoins. At the time, there was financial chaos in Cyprus. Some bank accounts were frozen, some ATMs were empty, and one-off taxes were applied to large bank account balances. Another theory was that some large institutional funds were buying bitcoins to build a position, buying up available supply. I am not sure how likely these theories are to have directly affected prices, but all it takes to move markets is for people to believe stories.
This bubble may seem quaint as the numbers are smaller than the range we are used to today, but an 80% drop is an 80% drop, as stressful then as it would be today.
Further back in time, we have the June 2011 bubble:
2011: $31 per Bitcoin and an 80% crash? That is more nuts!
Articles published in tech-focused online magazines WIRED and Gawker helped to generate interest in Bitcoin, pushing the price from about $3 to a high of about $31. Over the next 6 months the price slowly fell to below $5, more than 80% down.
And here is the first bubble in July 2010:
2010: $0.09 per Bitcoin and a 40% crash? Even that is nuts!
An article about a new version of the Bitcoin software was published in a popular technical magazine Slashdot140 and interest was generated, pushing the price on the Bitcoin Market up from less than 1 cent per Bitcoin to almost 10 cents. The price then fell 40% and traded sideways at about 6 cents per Bitcoin for a few months before increasing again.
You may hear that bitcoins are stored in wallets. If this were true, then if you copied your wallet you’d own double the number of bitcoins. Clearly you couldn’t have digital money that works this way. So no, bitcoins are not stored in wallets.
So where are bitcoins stored? Well, ownership of bitcoins is recorded on Bitcoin’s blockchain, which is, as we have seen, the database replicated on over 10,000 computers around the world containing every Bitcoin transaction ever. So you can look at that database and see that at this time, a specific address has a specific number of bitcoins associated with it. For example, the blockchain would store the fact that the address 1Jco97X5FbCkev7ksVDpRtjNNi4zX6Wy4r had had 0.5 BTC sent to it, and that those 0.5 BTC have not yet been sent elsewhere. Bitcoin’s blockchain doesn’t store balances of accounts (it is not a list of account numbers and corresponding BTC balances), it stores transactions. So to get the current balance of any account, you need to look at all the inbound and outbound transactions through that account.
Bitcoin wallets store private keys (not bitcoins!) and their software makes it easy for the user of the wallet to see how many coins they control and to make payments. If you cloned your wallet, you would be cloning your private keys, not doubling your bitcoins.
Bitcoin wallets are apps that can at least:
•Create new Bitcoin addresses and store the corresponding private keys
•Display your addresses to someone who wants to send you a payment
•Display how many bitcoins are in your addresses
•Make Bitcoin payments
Let’s explore each of these capabilities.
Address Creation
Creating new Bitcoin addresses is an offline operation and involves creating a public and private key pair. You can do this, if you like, using dice141. This is different from any other account creation process where you have to ask a third party to create an account for you, for example asking your bank or Facebook to assign you an account.
•Step 1: Generate some randomness and use it to pick a number from 1 to 2256-1. This is your private key.
•Step 2: Do some maths on it to generate a public key.
•Step 3: Hash your public key twice to create your Bitcoin address.
•Step 4: Save the private key and its corresponding address.142
So you assign yourself an address without asking or checking with anyone to see if it already taken. This sounds scary. What if someone else has already chosen your private key? The short answer is that this is extremely unlikely. 2256 is a big number, 78 digits long, and you can pick any number up to that. Your chance of winning the UK lottery is 1 in 13,983,816—which only has eight digits. A number with seventy-eight digits is astronomically large. In theory someone could deliberately generate millions or billions of accounts per second and check them for coins to steal, but the number of valid accounts is so humongous that they’d be doing it forever before finding a single account that has been used before. In practice, however, weaknesses can exist, and they rely on exploiting flaws in the random number generation for the private keys. If there is a flaw in the randomness when generating your private key, this flaw could be exploited to reduce the search space for a thief143.
Address Display
When someone wants to send you bitcoins, you need to tell them your address—like telling someone your bank account number so they can send you money. There are a few ways to do this. One popular way is by showing it as a QR code.
Example Bitcoin address: 1LfSBaySpe6UBw4NoH9VLSGmnPvujmhFXV
Equivalent QR code:
QR codes are not magic. They are just text, encoded in a visual way that makes it easy for QR code scanners to read the code and convert it back into text.
Another way is just to copy and paste the address itself:
Account Balance
The wallet needs to access an up to date version of the blockchain in order to be aware of all the transactions going in and out of the addresses it is keeping tabs on. The wallet, software can do this by either storing the entire blockchain and keeping it up to date (this is called a full node wallet) or by connecting to a node elsewhere which does the heavy lifting (this is called a lightweight wallet).
A full node wallet would contain over a hundred gigabytes of data and would need to be constantly connected over the internet to other Bitcoin nodes. So in many cases, especially on mobile phones, this is not practical so the wallet software is lightweight and connects to a server which hosts the blockchain. The wallet software on the phone asks the server ‘What’s the balance of address x?’ and ‘Please give me all the transactions related to address y’.
Bitcoin Payments
As well as reading the account balances, the wallet needs to be able to make payments. To make a Bitcoin payment, the wallet generates a bundle of data called a ‘transaction,’ which includes references to the coins that are going to be spent (transaction inputs consisting of unspent outputs of previous transactions), and which accounts the coins will be sent to (new outputs). We saw this in an earlier section. This transaction is then digitally signed using the relevant private keys of the addresses holding the coins. Once signed, the transaction is sent to neighbouring nodes, via its server node if it is a lightweight wallet, or directly to other peers if it is a full node wallet. The transactions eventually find their way to miners who add them to blocks.
Other Features
Good wallet software has more functionality, including the ability to back up private keys (encrypted with a passphrase) either to a user’s hard drive or to a cloud storage server somewhere, to generate one-time use addresses for privacy, to hold addresses and private keys for multiple cryptocurrencies. Some are even integrated with exchanges to allow users to convert between one cryptocurrency and another directly from within the wallet software.
Often wallets will allow you to split keys or set up addresses that require multiple digital signatures to spend from.
You can split a private key into several parts so that a certain threshold number of parts are needed to create the original private key. This is a process known as ‘sharding’ or ‘splitting’ a private key and a common example is 2-of-3 sharding where a private key is split into 3 parts, any 2 of which can be combined to regenerate the original key. Similarly you can have 2-of-4 or 3-of-4 or any combination of parts and total shards, generically m-of-n. One algorithm to do this is using Shamir’s secret sharing144. This lets you split a key and store parts of it separately in different places, but with some resiliency in that, if you lose one or more pieces, it may not be catastrophic.
You can also create addresses that require multiple digital signatures to make payments from them. These are known as ‘multi-sig’ addresses145. Again, you can have 1-of-3, 2-of-3, 3-of-3, or generically m-of-n. This has a similar effect as sharding a single private key, but with slightly better security properties. This lets you create a transaction, sign it, send it over the internet in the clear, and let someone else sign it before it is considered a valid transaction (key splitting on the other hand only results in one signature). These addresses let you create systems where multiple people need to sign or approve a transaction, like some corporate cheques that need two signatures.
Software Wallet Examples
Examples of popular Bitcoin software wallets:
•Blockchain.info
•Electrum
•Jaxx
•Breadwallet
Note that I do not endorse these, and others are available. They could have bugs, and you must do your own research before picking a wallet to use. Most wallet software is open source, so you can investigate the code and see that there are no backdoors or vulnerabilities in the code, before you use them.
Sometimes Bitcoin wallets can have a hardware component. Private keys are stored in chips on small handheld devices. Two popular hardware wallets are called ‘Trezor’ and ‘Ledger Nano,’ but there are others.
A Trezor
A Ledger Nano
These devices are specifically designed to store private keys securely and only respond to certain pre-programmed requests, for example, ‘Please sign this transaction,’ and not, ‘Show me the private key you are storing’. Because the private key is stored on hardware that is not connected to the internet and can communicate with the outside world only via a limited set of pre-programmed interfaces, it is much harder for a hacker to gain access to the private keys.
The user interface software is run on an online machine. When it comes to the critical part of the transaction (the signing), the unsigned transaction is sent to the hardware wallet, which returns the signed transaction without revealing the private key.
Hardware wallets are more secure than software-only wallets, but nothing is infallible.
Cold Storage
The phrase ‘keeping coins in cold storage’ was popular in 2013-17 before hardware wallets became widely available. Remember, you don’t store bitcoins, you store private keys. ‘Cold storage’ is keeping a note of those private keys on offline media, such as a piece of paper or a computer not connected to the internet. As private keys are just strings of characters like:
‘KyVR7Y8xManWXf5hBj9s1iFD56E8ds2Em71vxvN73zhT99ANYCxf’
There are many ways of storing them. You can memorise keys if you have a good memory, you can print them out on bits of paper, you can even engrave them on a ring that you wear, like Charlie Shrem did according to WIRED Magazine146. You could store them on an offline computer which, for increased security, should not have a modem or network card. You could write them down and put them in a bank’s locked deposit box. These are all methods of storing your private keys offline.
If you do keep private keys on a device or printed out, you wouldn’t want someone else to be able to see it and use it to steal your bitcoins. So one way of increasing security is to first encrypt the private key with a passphrase that you can remember and then store or print out the encrypted result. Passphrases are a lot easier to remember than private keys! This means that even if someone gets hold of the device or print out, they’d need to decrypt it with your passphrase before the private key is revealed. You can split keys or use multi-sig addresses for further security. This means if one part is found by a thief, it is useless without another part, and also means if one part is lost, the other two will still work. Remember, you are trying to simultaneously guard against two things: Loss of keys and theft of keys.
Hot Wallets
A hot wallet is a wallet that can sign and broadcast transactions without manual intervention. Exchanges, who control many bitcoins need to manage lots of Bitcoin payments, as we will see later. They often have a ‘hot wallet’ that controls a small proportion of their total bitcoins. Customers of exchanges like to withdraw bitcoins from the exchanges by clicking a button, causing an automated process to run to make and sign a Bitcoin transaction moving bitcoins from the exchange’s hot wallet to the user’s personal wallet. This means that somewhere, a private key belonging to the exchange must be stored on a ‘hot’ machine connected to the internet. There is a trade-off between security and convenience. Online machines are easier to hack than offline machines, but can automate the process of creating and broadcasting Bitcoin transactions. Due to this trade-off, exchanges keep only a small fraction of BTC in hot wallets, enough to satisfy customer demand, similar to banks that keep a small amount of cash in tellers’ tills at branches.
You can buy bitcoins from anyone who has them. Likewise you can sell bitcoins to anyone who wants them. Fortunately, there are various places where you are likely to find a group of people willing to trade at competitive prices—exchanges.
Just like stock exchanges, Bitcoin or cryptocurrency exchanges are places (usually websites) that attract traders. However, you don’t buy bitcoins from the exchange itself. Just like a stock exchange, where you buy shares from another user of the exchange rather than from the exchange itself, a cryptocurrency exchange is the website that allows people to buy and sell between themselves. The exchange itself is just the location that brings together buyers and sellers, and people go there because they know they are likely to get the best prices there.
In financial services jargon, the exchange is an order matching engine. It matches buyers and sellers. It also acts as the central clearing counterparty. All matched trades appear to be against the exchange rather than between the customers directly, providing anonymity for customers. Finally, the exchange is the cash and asset custodian. It controls customers’ fiat money in its bank account and cryptocurrencies in its wallet.
How Do Cryptocurrency Exchanges Work?
Exchanges are based in different countries and support different fiat currencies and different cryptocurrencies. They all work roughly the same way using the same four steps:
1.Create account
2.Deposit
3.Trade
4.Withdraw
Create Account
To use an exchange, just like a bank, you need to open an account. Exchanges are coming under increasing regulatory scrutiny due to the fact that they process large amounts of money. The top cryptocurrency exchanges match billions of dollars of buys and sells per day. Most legitimate exchanges follow a similar account opening procedure to banks, where new customers submit details and evidence of their identity, for example passport and utility bills147. The documentation needed may become more onerous in proportion to the value of fiat or cryptocurrencies you plan to transact, in a progressive risk-based approach. Exchanges are now big business and take these processes seriously.
Once the exchange is satisfied, your account is created. Then you can log in and the next step is to deposit.
Deposit
Before you can attempt to buy or sell anything on an exchange, you need to fund your account. This is like funding an account with a traditional broker before being allowed to buy traditional financial assets.
Exchanges have bank accounts and cryptocurrency wallets. In order to fund your account you click on ‘Deposit,’ then follow the instructions. If you are funding your account with fiat currency (presumably in order to buy cryptocurrency), then the exchange will display a bank account for you to make a fiat currency transfer to. If you are funding your account with cryptocurrency, (presumably to sell for fiat currency or trade for a different cryptocurrency) then the exchange will display a cryptocurrency address for you to make a cryptocurrency transfer to.
Once exchange has detected the transfer to their bank account or cryptocurrency address, the balance will be reflected in your ‘account balance’ on the exchange’s website, and you are ready to trade.
Trade
You can now trade up to the amounts you have deposited. For example, if you have deposited USD 10,000, then you can buy up to $10,000 worth of cryptocurrency. If you have deposited 3 BTC then you can sell up to 3 BTC for fiat or other cryptocurrency that is available at that exchange.
Prices are expressed in pairs that look something like this: BTC/USD or BTCUSD with a number such as 8,000. The way to read this is, ‘One unit of BTC costs 8,000 USD’. Not all currencies can be traded for each other—it is really up to the exchange as to which pairs they enable. For example you may see BTCUSD and BTCEUR as trading pairs, meaning that you can trade BTC with USD and trade BTC with EUR, but you may not trade USD with EUR directly if you don’t see EURUSD. In that case, to convert USD into EUR, you’d need to sell USD for BTC then use the BTC to buy EUR.
You will see a screen of other people’s bids and offers. These are the prices at which they are willing to trade, and how much they are willing to trade at that price. You can decide either to match their prices, which will result in a matched trade, or submit your own orders which will rest in the order book until someone matches your price (if they ever do).
This is a financial market—this means that the larger amounts you want to buy or sell, the worse the prices will be. This is unlike a supermarket where you get a discount for buying in bulk. This is confusing for some people initially, but it is easily explained. When you buy something on an exchange, the exchange will naturally match you off with the person who is selling it at the cheapest price. When you’ve bought all that they have to offer, you have to find the next best price, which will be slightly higher. Selling uses the same logic: when you sell something, the exchange will match you with the person who is willing to pay the highest price for it. When you have sold as much to them as they want to buy, you will have to go to the next highest price which will be slightly lower.
Here is an example screenshot of Bitfinex, a typical exchange:
On the left-hand side is information about your balances in each currency (not shown here as this is a demonstration account). The main part of the screen shows a price and volume chart—Bitcoin’s price and how many bitcoins have been traded. And the bottom third shows your open trades, i.e. your orders that haven’t been matched yet, and the full order book, i.e. everyone’s orders to buy and sell bitcoins and their amounts and price levels. A ticker is shown on the bottom right which streams the prices and amounts of matched trades in real-time.
Withdraw
Finally, you will want to withdraw fiat currency or cryptocurrency. To do so you have to instruct the exchange where you want it to go. If you are withdrawing fiat, you will need to tell the exchange your bank account details for them to make the transfer to you. If are withdrawing cryptocurrency, you need to tell the exchange your cryptocurrency address so that they can make the cryptocurrency transaction. Usually cryptocurrency withdrawals are faster for the exchange to process than fiat withdrawals because most exchanges have ‘hot wallets,’ as described earlier, which automate the process of sending small amounts of cryptocurrency back to users.
How Do Exchanges Make Money?
Exchanges make money by charging fees, just like your stock broker. Different exchanges charge different fees in different ways. Some charge withdrawal fees (e.g., if you withdraw $10,000, then they might send you $9,950, and you would receive even less than this because of bank fees). Others charge by taking a small fraction of every trade you do, usually by reducing the amount of whatever you are receiving. For example, if you have $8,000 in your exchange account and use it to buy BTC at a price of $8,000 per BTC, then you will receive slightly less than 1 BTC, say 0.995 BTC. Trading fees are usually determined by how much trading you do, so if you trade more, the fee rate decreases according to a published fee schedule.
Pricing On Different Exchanges
The price of any asset at a cryptocurrency exchange depends on the participants using the exchange. Different exchanges can have different prices for each cryptocurrency, because of the different participants using the exchange and the different levels of supply and demand on those exchanges. Usually the prices are within a few percent of each other. If they get too out of line, arbitrageurs step in and buy the bitcoins from the exchange where they are cheap and sell them where they are trading at a premium.
The extent to which arbitrageurs can keep doing this profitably affects how aligned the prices will ever become. To complete the circle of a successful arbitrage you need to move the fiat, and sometimes this will have costs and time delays. To buy bitcoins on the cheap exchange, you need to move fiat currency there, buy bitcoins, withdraw the bitcoins and send them to the more expensive exchange, then sell them, withdraw the fiat, and repeat the cycle. Each step has a financial cost and may not be instant. Some countries have currency controls, which hinder cross border exchange arbitrage. This is why there can be price differentials between exchanges for some time.
In late 2013-14, the exchange Mt Gox traded at a premium to its competitor Bitstamp, because people found they couldn’t withdraw fiat from Mt Gox, so instead they had to buy bitcoins and withdraw the bitcoins instead. This created artificial demand for bitcoins on Mt Gox, and the arbitrage of buying cheap bitcoins on Bitstamp and selling them on Mt Gox didn’t work because you couldn’t get your fiat out of Mt Gox!
Regulation
Cryptocurrency exchanges perform activities that may be regulated in their operational jurisdictions. The fact that the instruments involved are cryptocurrencies does not necessarily mean that the exchanges escape local trading and tax disclosure requirements. However, depending on how the legislation is written, and owing to regulatory uncertainty, the classification of cryptocurrencies, exchanges currently operate in a legal grey area, especially crypto-only exchanges who allow trades between cryptocurrencies but not fiat.
Over the Counter (OTC) Brokers
When you buy on an exchange, you are buying from another customer of the exchange in quantities and prices agreed between you and the other customer. The exchange is only involved with the deal insofar as it acts as an escrow agent and has custody of your money and the other person’s bitcoins, until they become your bitcoins and the other person’s money. Every trade is shown to all other participants, and the order book moves in real time in response to the trading activity. One characteristic of exchange trading that a large trader may wish to avoid is that transparency. Sometimes you want to trade large amounts without other traders knowing, or without moving the market.
Enter the brokers. These are people or companies with whom you establish a relationship. Instead of showing a transparent order book of customer orders (as the exchanges do), the brokers will buy and sell directly with you, negotiating a price for the full amount that you want to transact, in what are known as ‘block trades’. Trade details are not published to the public. They are private transactions in bulk and there is nothing illegal about this—this also happens in the traditional financial markets. Legitimate brokers also apply know-your-customer processes to establish your identity and may be bound by local disclosure requirements.
When you trade with a broker, there are two modes: the broker could act as principal to the trade, or as agent.
When the broker acts as principal, the deal is just between you and the broker. They are the counterparty to your trade. You tell them what you want to do (buy or sell) and in what amount, and they will tell you their best price and you can say yes or no. It is like a large wholesale trade, and the broker needs to have enough money or cryptocurrency to complete the deal. In accounting jargon, the trade is on the broker’s balance sheet because the broker itself is trading with you. This is the case, for example, when you buy foreign currencies at an exchange desk at an airport.
When the broker acts as agent, the deal is between you and someone else with whom the broker is in touch. The broker acts as an intermediary who serves to provide anonymity to both parties. In accounting jargon, this is off the broker’s balance sheet—it’s not their money, they are just matching buyers and sellers. Generally the way this works is that you contact the broker and tell them what you want to do, then the broker will try to find another customer who wants to do the opposite to you (the other side of the trade). The broker will communicate price and amount information to both sides until the deal is agreed. The broker takes a fee from one or both customers for providing this service.
Due to the large amount of manual overhead and small margins, brokers usually have a minimum trade size below which, they won’t pick up the phone. This can be anything from $10,000 to $100,000 per trade and seems to be increasing as the market matures.
What if you don’t want to go to an exchange or use a broker or provide any sort of identification? There is a website, localbitcoins.com, which acts a bit like eBay for people wanting to buy and sell cryptocurrencies. People post prices at which they are willing to buy and sell bitcoins. You can browse the list to find someone nearby, and you then agree to send them money in return for bitcoins, either by meeting physically with fistfuls of banknotes, or by making bank transfers to their bank account. It is a bit like a bulletin board or eBay, and there is a reputation system with ratings and feedback comments. It also has an escrow function for the temporary custody of cryptocurrency.
We now come to the question, who is Satoshi Nakamoto and why does it matter?
Satoshi was the author of the Bitcoin whitepaper and was active on cypherpunk mailing lists where like-minded people discuss ways of reclaiming personal privacy in the electronic age. After publishing the original whitepaper, Satoshi continued to participate on Bitcoin forums until December 2013, and then vanished.
Satoshi also owns or controls a significant number of bitcoins, estimated in 2013 by cryptocurrency security consultant Sergio Lerner148 at 1 million bitcoins. This represents just under 5% of the total 21m bitcoins that will ever be created, if the protocol rules don’t change. At 2018, prices of around $10,000 per Bitcoin, this puts the nominal value of the bitcoins controlled by Satoshi at $10bn. If Satoshi ever moves any bitcoins thought to be associated with him/her, the community would immediately find out. The transactions would be visible on the blockchain and addresses thought to be associated with Satoshi are monitored. This would almost certainly affect the price of Bitcoin149.
Satoshi’s real-world identity matters because, if the real person or group of people were discovered, their views and voice could dominate the future of Bitcoin. However, this centralisation is what they are trying to avoid. They would also have extremely high personal security risk. It is never a good idea for people to know (or even believe) that you have significant amounts of wealth, especially in cryptocurrency.
We have seen a number of high profile cryptocurrency owners publicly state that they have sold all their cryptocurrencies. In Jan 2018, Charlee Lee, founder of Litecoin (LTC) publicly stated that he sold or donated all his LTC150. In the same month, Steve Wozniak, founder of Apple, also stated that he had sold all of his Bitcoin151. Although they have their reasons, I suspect that the high personal risk of being known owners of high valued cryptocurrencies also feeds into this. I have had conversations with lucky Bitcoin owners who do not disclose their cryptocurrency wealth for precisely this reason.
There have been a number of high profile attempts at exposing Satoshi’s identity. These are known in the industry as ‘doxxings’: the public revelation of an internet nickname’s real-world identity. It is however highly unlikely that the real truth about Satoshi’s identity is among these doxxings.
On 14 March 2014, a cover article for Newsweek magazine claimed that Satoshi was a sixty-four-year-old Japanese gentleman named Dorian Nakamoto (birth name Satoshi Nakamoto) living in California.
The article printed the suburb where Dorian lived and included a photograph of his house. This led to repeated harassment of Dorian and his family over the course of the next few weeks. Of course, Dorian was not Satoshi. To think that the privacy loving cypherpunk creator of a revolutionary unstoppable anonymous digital currency would use his own name as his pseudonym is so far-fetched as to be ludicrous. To identify his home address is unethical. Nevertheless, and despite the best efforts of the journalist concerned, anecdotal evidence suggests that after a period of great distress, Dorian is now enjoying, and I hope monetising, his newfound fame as the real fake Satoshi.
In December 2015, an article in WIRED Magazine152 suggested that Dr Craig Wright, an Australian computer scientist, could be the mastermind behind Bitcoin. In March 2016, in interviews with GQ magazine153, the BBC,154 and The Economist newspaper,155 Craig claimed to be the leader of the Satoshi team. He even published his own blog post, now taken offline, with these claims. Craig suggested that he didn’t want to self-doxx, and that there may have been external pressures on him to do so. In June 2016, the London Review of Books published a long form article156 where the journalist, Andrew O’Hagan, was able to spend an extended amount of time with Craig Wright. This is well worth a read in full, and my favourite part is:
Weeks later, I was in the kitchen of the house Wright was renting in London drinking tea with him when I noticed a book on the worktop called Visions of Virtue in Tokugawa Japan. I’d done some mugging up by then and was keen to nail the name thing.
‘So that’s where you say you got the Nakamoto part?’ I asked. ‘From the eighteenth-century iconoclast who criticised all the beliefs of his time?’
‘Yes’.
‘What about Satoshi?’
‘It means “Ash,” ’ he said. ‘The philosophy of Nakamoto is the neutral central path in trade. Our current system needs to be burned down and remade. That is what cryptocurrency does—it is the phoenix …’
‘So, Satoshi is the ash from which the phoenix …’
‘Yes. And Ash is also the name of a silly Pokémon character. The guy with Pikachu’. Wright smiled. ‘In Japan the name of Ash is Satoshi,’ he said.
‘So, basically, you named the father of Bitcoin after Pikachu’s chum?’
‘Yes,’ he said. ‘That’ll annoy the buggery out of a few people’. This was something he often said, as if annoying people was an art.
Alas, the cryptographic proofs and demonstrations that Dr Wright performed on and off camera were not watertight, and the community is still undecided as to the veracity of his claims.
A few other Satoshi suspects have been cypherpunk and PGP developer Hal Finney, smart contract and Bit gold inventor Nick Szabo, cryptographer and creator of b-money Wei Dai, e-donkey, Mt Gox, and Stellar creator Jed McCaleb, and Dave Kleiman. Coindesk has a more extensive list157 of those suspected to be Satoshi.
My bet is that Satoshi Nakamoto is not an individual but a pseudonym for a group of people who have similar political views and who wish to remain anonymous. Craig Wright may have been part of that team. The team may not even know each other’s real-world identities. Some of the team may have died since Bitcoin’s popularisation. We may get another clue in 2020 when the roughly 1 million BTC locked in the Tulip Trust will be accessible. The Tulip Trust is a trust fund supposedly created by Dave Kleiman, an associate of Satoshi. It contains early bitcoins potentially owned by Satoshi.
If you decide to do some sleuthing, there are a few things to remember that people seem to have forgotten: A digital signature proves possession and use of a private key, but private keys can be shared among multiple people. So you cannot guarantee the mapping of private key to an individual. Private keys can also be lost. An email address can be shared. A whitepaper can be written collaboratively, so grammatical clues simply reveal the habits of the editor, not necessarily those of the author. It is very hard to tie the identity of an individual to the author of a paper.
On the other hand, it may be better if Satoshi is not found.
The vision of Ethereum is to create an unstoppable, censorship resistant, self-sustaining, decentralised, world computer. To achieve this, Ethereum builds on the concepts we saw with Bitcoin. If you consider Bitcoin as trustless validation and distributed storage of (transaction) data, Ethereum is trustless validation and distributed storage and processing of data and logic.
Ethereum has a public blockchain running on 15,000 computers158 and the token on the blockchain is called Ether, currently the second most popular cryptocurrency.
Like Bitcoin, Ethereum is also a bunch of protocols written out as code which is run as Ethereum software which creates Ethereum transactions containing data about Ether coins (ETH) recorded on Ethereum’s blockchain. In contrast with Bitcoin, Ethereum transactions can contain more than just payment data, and the nodes in Ethereum are capable of validating and processing much more than simple payments.
On Ethereum, you can submit transactions that create smart contracts—small bits of general purpose logic that are stored on Ethereum’s blockchain on all of the Ethereum nodes. These smart contracts can be invoked by sending Ether to them. This is a bit like deploying a juke machine, then putting coins in to play music. When a smart contract is invoked, all the Ethereum nodes run the code and update their ledgers with the results. These transactions and smart contracts are run by all participants using a sort of operating system called a ‘Ethereum Virtual Machine’.
Ethereum’s blockchain can be interrogated using websites like etherscan.io. As with Bitcoin, there are also forks of the main Ethereum, such as Ethereum Classic, which is also a public blockchain. Each fork has a separate coin (Ethereum’s coin is denoted ETH whereas Ethereum Classic’s coin is denoted ETC). The forks have a shared history with Ethereum up to a certain point in time, after which the blockchains differ (we will discuss forks later).
Ethereum’s code can also be run as a private network, starting a new blockchain with limited participants.
How Do You Run Ethereum?
To participate in the Ethereum network, you can download some software called an Ethereum client, or you can write some yourself if you have the patience. Just like BitTorrent or Bitcoin, the Ethereum client will connect over the internet to other people’s computers running similar client software and start downloading the Ethereum blockchain from them to catch up with the latest state of the blockchain. It will also independently validate that each block conforms to the Ethereum protocol rules.
What does the Ethereum client software do? You can use it to:
•Connect to the Ethereum network
•Validate transactions and blocks
•Create new transactions and smart contracts
•Run smart contracts
•Mine for new blocks
Your computer becomes a ‘node’ on the network, running an Ethereum Virtual Machine, and behaves equivalently to all the other nodes. Remember in a peer-to-peer network there is no ‘master’ server and each computer is equivalent in status to any other.
How Is Ethereum Similar to Bitcoin?
Ethereum Has an Inbuilt Cryptocurrency
Ethereum’s token is called Ether, shortened to ETH. This is a cryptocurrency that can be traded for other cryptocurrencies or other sovereign currencies, just like BTC. ETH ownership is tracked on the Ethereum blockchain, just like BTC ownership is tracked on Bitcoin’s blockchain.
Ethereum Has a Blockchain
Like Bitcoin, Ethereum has a blockchain, which contains blocks of data (Pure ETH payments as well as smart contracts). The blocks are mined by some participants and distributed to other participants who validate them. You can explore this blockchain on etherscan.io.
Like Bitcoin, Ethereum blocks form a chain by referring to the hash of the previous block.
Ethereum is Public and Permissionless
Like Bitcoin, the main Ethereum network is a public, permissionless network. Anyone can download or write some software to connect to the network and start creating transactions and smart contracts, validating them, and mining blocks without needing to log in or sign up with any other organisation.
When people talk about Ethereum they usually mean the main public permissionless version of the network. However, like Bitcoin, you can take Ethereum software, modify it slightly, and create private networks that are not connected to the main public network. The private tokens and smart contracts won’t be compatible with the public tokens though, just like private Bitcoin networks.
Ethereum Has Proof-of-Work (PoW) Mining
Like Bitcoin, mining participants create valid blocks by spending electricity to find solutions to a mathematical challenge. Ethereum’s PoW maths challenge, called Ethash, works slightly differently from Bitcoin’s, and allows more common hardware to be used. It is deliberately designed to reduce the efficiency edge of specialised chips called ASICs, which are common in Bitcoin mining. Commodity hardware is allowed to compete efficiently, and this allows for a greater decentralisation of miners. In practice though, specialised hardware has been created and so most blocks in Ethereum are created by one of a small group of miners159.
Source: https://www.etherchain.org/charts/topMiners retrieved 16 Apr. 2018
On Ethereum’s roadmap there is a plan to move from electricity-expensive, proof-of-work mining, to a more energy-efficient, proof-of-stake mining protocol called Casper in a future release of the Ethereum software called Serenity. Proof-of-stake is a mining protocol in which your chance of creating a valid block is proportional to the number of coins (ETH) in your mining wallet—contrast this to proof-of-work, where your chance of creating a valid block is proportional to the amount of computational cycles your hardware can crunch through.
How might this impact the community? For starters, this would dramatically reduce the energy footprint of the cryptocurrency. Miners will no longer need to consume electricity competitively in order to win blocks. On the other hand, some people think that proof-of-stake is less democratic, because those who already have accumulated a lot of ETH will have a higher chance of winning more blocks. So, the argument goes, new money will flow towards the wealthy, increasing the Gini coefficient160 of Ethereum holders.
There are flaws in the ‘less democratic’ argument. With proof-of-work the high capital costs and expertise required mean that only a very small minority of people can actually make money mining, so it is not actually that democratic. Whereas with proof-of-stake, every ETH has an identical chance of winning a block, so you can get started with much less capital. Think of it as an interest rate: If you have more money you get more interest, but at least those with small amounts of money can still get interest. I also think that reducing the negative externalities of pollution caused by proof-of-work is a decent and honourable goal.
How Is Ethereum Different from Bitcoin?
This is where it gets more technical, and in many ways more complex.
The Ethereum Virtual Machine can run smart contracts
When you download and run the Ethereum software, it creates and starts a segregated virtual computer on your machine called an ‘Ethereum Virtual Machine’ (EVM). This EVM processes all the Ethereum transactions and blocks, and keeps track of all the account balances and results of the smart contracts. Each node on the Ethereum network runs the same EVM and processes the same data, resulting in them all having the same view of the world. Ethereum can be described as a replicated state machine because all of the nodes running Ethereum are coming to consensus about the state of the Ethereum Virtual Machine.
Compared with Bitcoin’s primitive scripting language, the code that can be deployed in Ethereum and run as smart contracts is more advanced and approachable for developers. We will describe smart contracts in more detail later, but for now you can think of smart contracts as pieces of code run by all the nodes in Ethereum’s Virtual Machine.
Gas
In Bitcoin, you can add a small amount of BTC as a transaction fee that goes to the miner who successfully mines the block. This compensates the miner for checking the validity of the transaction and including it in the block they are mining. Likewise, in Ethereum, you can add a small amount of ETH as a mining fee which goes to the miner who successfully mines the block.
The complication with Ethereum is that there are more types of transactions. Different transaction types have different computational complexities. For example, a transaction performing a simple ETH payment is less complex than a transaction to upload or run a smart contract. Therefore, Ethereum has a concept of ‘gas’ which is a sort of price list, based on the computational complexity of the different types of operation you are instructing the miners to make in your transaction. Operations include searching for data, retrieving it, making calculations, storing data, and making changes to the ledger. Here is the price list from the ethdocs.org website,161 but it can change over time if the majority of the network agrees:
A basic transfer of ETH from one account to another uses 21,000 gas. Uploading and running smart contracts uses more gas depending on their complexity. When you submit an Ethereum transaction, you specify a gas price (how much ETH you are willing to pay per gas used) and a gas limit (the maximum amount of gas you will let the transaction use).
Mining fee (in ETH) = gas price (in ETH per gas) x gas consumed (in gas)
Gas price
The gas price is the amount of ETH you are prepared to pay per unit of gas for the transaction to be processed. As with Bitcoin transaction fees, this is a competitive market, and in general the busier the network the higher the gas price people are willing to pay. In times of great demand gas, prices spike.
Source: https://etherscan.io/chart/gasprice. Peaks are usually related to popular ICOs where many people are attempting to send ETH to ICO smart contracts. The peak in December 2017 is related to the popular CryptoKitties Ethereum game. In 2018, the normal range for gas prices is between 0.000000005 ETH (5 Gwei) and 0.000000020 ETH (20 Gwei) per gas.
Gas limit
The gas limit you set provides a ceiling for how much gas you are prepared for a transaction to consume. This limit protects you from over-spending on mining fees and you know that the maximum mining fee will be gas limit x gas price. This stops you over-paying if you accidentally submitted a very complex transaction that you thought was simple.
Analogy time: Driving your car 10km will use up a certain amount of fuel. If you run out of fuel, your car will stop before reaching the destination. The price of fuel is dependent on market conditions and can go up and down, but the price of fuel bears no relation to how far you may drive your car with it. Gas in Ethereum is similar. When you submit an Ethereum transaction, you specify how much gas you’re prepared to spend on making the transaction ‘work’ (this is the gas limit), and how much ETH you are prepared to pay the miner per unit of gas (this is the gas price). This results in a total amount of ETH you’re prepared to pay for the transaction to be processed.
The miner will execute the transaction and will charge you the amount of gas taken, multiplied by the gas price you specified. As with Bitcoin, the mining fee is up to you, and you need to bear in mind that you’re competing with other transactions which may have set a higher gas price.
For example, a basic transaction of a transfer of ETH from one account to another uses 21,000 gas, so you can set the gas limit for this kind of transaction to 21,000, or higher; but it will only use 21,000 gas. If you set the gas limit below the amount of gas it takes to process the transaction, the transaction will fail and you will not be refunded your mining fee. This is like trying to make a journey with insufficient fuel in your tank; the fuel will be used, but you will not get to your destination.
ETH Units
Just like one dollar can be split into 100 cents, 1 BTC can be split into 100,000,000 Satoshi, and Ethereum too has its own unit naming convention.
The smallest unit is a Wei and there are 1,000,000,000,000,000,000 of them per ETH. There are also some other intermediate names: Finney, Szabo, Shannon, Lovelace, Babbage, Ada—all named after people who made significant contributions to fields related to cryptocurrencies or networks.
Wei and Ether are the two most common denominations. Wei is usually used for gas price (a gas price of 2-50 Giga-Wei per gas is common, where 1 GWei is 1,000,000,000 Wei).
Ethereum’s block time is shorter
In Ethereum the time between blocks is around 14 seconds, compared with Bitcoin’s ~10 minutes. This means that, on average, if you made a Bitcoin transaction and an Ethereum transaction, the Ethereum transaction would be recorded into Ethereum’s blockchain faster than the Bitcoin transaction into Bitcoin’s blockchain. You could say Bitcoin writes to its database roughly every 10 minutes, whereas Ethereum writes to its database roughly every 14 seconds. The history of Ethereum’s block times has been quite interesting, as you can see on bitinfocharts.com:
Source: Bitinfocharts162
Compare this with Bitcoin’s relatively stable block time (note the time scale, as Bitcoin is much older than Ethereum):
Source: Bitinfocharts163
Ethereum has smaller blocks
Currently, Bitcoin’s blocks are a little under 1MB in size whereas most Ethereum blocks are about 15-20kb in size. However, we should not compare blocks by the amount of data in them: While Bitcoin’s maximum block size is specified in bytes, Ethereum’s block size is based on complexity of contracts being run. It is known as a gas limit per block, and the maximum is allowed to vary slightly from block to block. So whereas Bitcoin’s block size limit is based on amount of data, Ethereum’s block size limit is based on computational complexity.
Source: Etherscan164
Currently, the maximum block size in Ethereum is around 8 million gas. Basic transactions, or payments of ETH from one account to another (i.e., uploading or invoking a smart contract), have a complexity of 21,000 gas; so you can fit around 380 of those basic transactions into a block (8,000,000 / 21,000). In Bitcoin, you currently get around 1,500-2,000 basic transactions in a 1MB block.
Uncles: blocks that don’t quite make it
Because Ethereum’s rate of block generation is much higher than Bitcoin’s (250 blocks per hour on Ethereum vs six blocks per hour on Bitcoin), the rate of ‘block clashes’ increases. Multiple valid blocks can get created at almost the same time, but only one of them can make it into the main chain. The other one ‘loses,’ and the data in them is not considered part of the main ledger, even if the transactions are technically valid.
In Bitcoin, these non-mainchain blocks are called orphans, or orphaned blocks, and they do not form part of the main chain in any way and are never referenced again by any subsequent blocks. In Ethereum they are called uncles. Uncles can be referenced by a few of the subsequent blocks and although the data in them is not used, the slightly smaller reward for mining them is still valid.
This achieves two important things:
1.It incentivises miners to mine even though there is a high chance of creating a non-mainchain block (the high speed of block creation results in more orphans or uncles)
2.It increases the security of the blockchain by acknowledging the energy spent creating the uncle blocks
Transactions that end up in orphaned blocks simply end up being re-mined on the main chain. They don’t cost the user any more gas, because the transaction in the orphaned block is treated as if it was never processed.
Accounts
Bitcoin uses the word address to describe accounts. Ethereum uses the word account but technically they are also addresses. The words seem to be more interchangeable with Ethereum. Maybe you can say, ‘What’s the address of your Ethereum account?’ It doesn’t seem to matter165.
There are two types of Ethereum accounts:
1.Accounts that only store ETH
2.Accounts that contain smart contracts
Accounts that only store ETH are similar to Bitcoin addresses and are sometimes known as Externally Owned Accounts. You make payments from these accounts by signing transactions with the appropriate private key. An example of an account that stores ETH is 0x2d7c76202834a11a99576acf2ca95a7e66928ba0166.
Accounts that contain smart contracts are activated by a transaction sending ETH into it. Once the smart contract has been uploaded it sits there at an address, waiting to be used. An example of an account that has a smart contract is 0xcbe1060ee68bc0fed3c00f13d6f110b7eb6434f6167.
ETH token issuance
The issuance of Ether tokens is a bit more complicated than Bitcoin. The number of ETH in existence are: Pre-mine + Block rewards + Uncle rewards.
Source: Etherscan168
Pre-mine
Around 72 million ETH were created for the crowdsale in July/Aug 2014. This is sometimes called a ‘pre-mine’ as they were just written in rather than mined through proof-of-work hashing. These were distributed to initial supporters of the project and to the project team itself. It was decided that after the initial crowdsale, future ETH generation would be capped at 25% of the pre-mine total, i.e., no more than 18m ETH could be mined per year.
Block rewards
Originally, each block mined created five fresh ETH as the block reward. Due to concerns about oversupply, this was reduced to 3 ETH, in a set of changes to the protocol called the Byzantium update, in October 2017 (block 4,370,000).
Source: Etherscan169
Uncle rewards
Some blocks are mined but do not form part of the main blockchain. In Bitcoin, these are called ‘orphans’ and are entirely discarded, and the miner of the orphaned block receives no rewards. In Ethereum, these discarded blocks are called ‘uncles’ and can be referenced by later blocks. If a later block references an uncle, the miner of the uncle gets some ETH. This is called the ‘uncle’ reward. The miner of the later block referencing the uncle also gets an additional small reward called an ‘uncle referencing’ reward.
The uncle reward used to be 4.375 ETH (7/8th of the full 5 ETH reward). It was reduced in the Byzantium upgrade to 0.625-2.625 ETH.
Source: https://etherscan.io/chart/uncles
The biggest difference between ETH and BTC token generation is that BTC generation halves approximately every 4 years and has a planned finite cap, whereas ETH generation continues to be generated at a constant number every year indefinitely. Like any other parameter or rule, however, this rule is subject to ongoing debate and can be changed if the majority of the Ethereum network agrees.
The future of ETH generation
The Ethereum community hasn’t yet come to agreement about what happens to the rate of issue when Ethereum moves from proof-of-work to proof-of-stake. Some argue that perhaps the rate at which ETH is created should decrease, as the value will not have to subsidise competitive electricity usage.
Mining rewards
In Bitcoin, the miner of a block receives the block reward (new BTC), plus transaction fees for transactions mined (existing BTC). In Ethereum, the miner of a block receives the block and uncle referencing rewards (new ETH), plus mining fees (gas amount x gas price) from transactions and contracts that were run during the block.
Other parts to Ethereum: Swarm and Whisper
Computers need to be able to calculate, store data, and communicate. For Ethereum to realise its vision as an unstoppable, censorship resistant, self-sustaining, decentralised, ‘world’ computer, it needs to be able to do those three things in an efficient and robust way. The Ethereum Virtual Machine is just one component of the whole, the element which does the decentralised calculations.
Swarm is another component. This is for peer-to-peer file sharing, similar to BitTorrent, but incentivised with micropayments of ETH. Files are split into chunks, distributed and stored with participating volunteers. These nodes that store and serve the chunks are compensated with ETH from those storing and retrieving the data.
Whisper is an encrypted messaging protocol that allows nodes to send messages directly to each other in a secure way and that also hides the sender and receiver from third party snoopers.
Governance
Although Bitcoin and Ethereum are both open source projects and open, permissionless networks, one of the biggest differences between them is that Bitcoin doesn’t have an active, identified leader, whereas Ethereum does. Vitalik Buterin, the creator of Ethereum is hugely influential, and his opinions count. Although he can’t stop his creation or censor transactions or participants, his vision and commentary have a big impact on the technology. For instance, he championed a hard fork to recover funds stolen in the DAO hack (this is explained later). He also proposes changes to the protocol rules and the network economics. Bitcoin, on the other hand, has a few influential developers, but none with the clout that Vitalik has with Ethereum. Nick Tomaino argues in a blog post170 that the governance of blockchains ‘may prove to be as important as the computer science and economics of blockchains’. Whether a single influencer is good or bad for decentralised cryptocurrency networks is still be determined.
Smart contracts mean different things depending on the blockchain platform. Ethereum smart contracts are short computer programs that are stored on Ethereum’s blockchain, replicated across all the nodes, and are available for anyone to inspect. There are two steps that are performed separately:
1.Uploading the smart contract to Ethereum’s blockchain
2.Making the smart contract run
You upload a smart contract by sending the code to miners in a special transaction. If the transaction is successfully processed, the smart contract will then exist at a specific address on Ethereum’s blockchain171. You may then make it run by creating a transaction that says ‘Please run the smart contract found at address x’.
Here is an example of a basic smart contract. It creates a token called ‘GavCoin’ that initially issues 1 million GavCoins to the creator of the smart contract, and then allows them to send GavCoins to other users172:
For a real example of a smart contract, the smart contract that holds the balances of the Indorse ICO tokens can be found at address 0xf8e386eda857484f5a12e4b5daa9984e06e73705173.
Once a contract has been uploaded, it behaves a bit like a jukebox. When you want to run it, you create a transaction pointing to the contract and supply whatever information the contract expects. You pay gas to the miner to run it. As part of the mining process, each miner will execute the transaction, which involves running the smart contract.
The miner who successfully wins the proof-of-work challenge will publish the winning block to the rest of the network. The other nodes will validate the block, add the block to their own blockchains, and process the transactions, including running the smart contracts. This is how Ethereum’s blockchain gets updated, and how the state of the EVMs on each node’s machine is synchronised.
Ethereum smart contracts are described, ‘Turing complete’. This means that they are fully functional and can perform any computation that can be done in any other programming language.
Smart Contract languages: Solidity / Serpent, LLL (Lisp Like Language)
The most common language that Ethereum smart contracts are written in is Solidity. Serpent and LLL can also be used. Smart contracts written in these languages will all compile and run on Ethereum Virtual Machines.
•Solidity is similar to the language JavaScript. This is currently the most popular and functional smart contract scripting language.
•Serpent is similar to the language Python and was popular in the early history of Ethereum.
•LLL is similar to Lisp and was used mainly in the very early days only. It is probably the hardest to write in.
Ethereum software: geth, eth, pyethapp
The three official Ethereum clients (full node software) are all open source. You can see the code behind them and tweak them to make your own versions. They are:
•geth174 (written in a language called Go)
•eth175 (written in C++)
•pyethapp176 (written in Python)
These are all command-line based programs (think green text on black backgrounds) and so additional software can be used for a nicer graphical interface. Currently, the most popular graphical interface is Mist (https://github.com/Ethereum/mist), which runs on top of geth or eth. So, geth/eth does the background stuff, and Mist is the pretty screen on top.
Currently the most popular Ethereum clients are geth and Parity177. Parity is Ethereum software built by a company called Parity Technologies. It is also open source178 and is developed in the Rust programming language.
Ethereum is a highly successful public blockchain by adoption, mindshare, and the number of developers working on Ethereum smart contracts and decentralised apps. Below is a short history of Ethereum, and some difficult periods in its history that it has managed to overcome.
2013
Vitalik Buterin described Ethereum as a concept in a white paper in late 2013. This concept was developed by Dr Gavin Wood who published a technical yellow paper in April 2014. Since then, the development of Ethereum’s software has been managed by a community of developers.
A crowdsale took place in July and August 2014 to fund development, and Ethereum’s live blockchain was launched on 30 July 2015. You can see the very first block here: https://etherscan.io/block/0
Ethereum crowdsale
The development team was funded by an online sale of ETH tokens during July to August 2014 where people could buy ETH tokens by paying in Bitcoin. Early investors received 2,000 ETH per BTC, and this was gradually reduced to 1,337 ETH179 per BTC over the course of about a month, to encourage investors to invest early.
Crowdsale participants sent bitcoins to a Bitcoin address and received an Ethereum wallet containing the number of ETH bought. Technical details are on Ethereum’s blog180.
A little over 60m ETH was sold this way for more than 31,500 BTC, worth about US$18m at the time. An additional 20% (12m ETH) were created to fund development and the Ethereum Foundation.
Software Release codenames
Frontier, Homestead, Metropolis, and Serenity are friendly names for versions of the core Ethereum software, a little like Apple’s OS X version names such as Mavericks, El Capitan, Sierra.
|
Release name |
Details |
|
Olympic |
Launched May 2015—a testing release where coins are not compatible with ‘real’ ETH. A testnet still runs in parallel to the main live network so that developers can test their code. The testnet operates in the same way as the live network but there is much less mining competition as the coins are not tradeable on exchanges—they are defined has having zero value. |
|
Frontier |
Launched 30 July 2015—an initial live release with a way for people to mine ETH and build and run contracts. |
|
Homestead |
Launched 14 March 2016—some protocol changes, more stability. |
|
Metropolis |
This was designed to prepare Ethereum for a move from proof-of-work to proof-of-stake. Metropolis was split into two upgrades, Byzantium and Constantinople. Byzantium was released in October 2017 at block 4,370,000. It included changes to set the stage for private transactions, sped up transaction processing (important for scalability), and improved some smart contract functionality. The most visually obvious change was reducing the mining reward from 5 ETH per block to 3 ETH. The Constantinople upgrade will be another upgrade to set the stage for the move to proof-of-stake (Casper). |
|
Serenity |
Future launch—moving from proof-of-work to proof-of-stake (Casper). |
The DAO Hack
There is a concept called a ‘Decentralised Autonomous Organisation’. The idea is that an automated company or entity runs itself according to some encoded charter, without human intervention or management. It just does what it says it will do. A common example is a self-driving taxi that makes money by providing a taxi service and can go and get itself repaired or filled with petrol. Call me old fashioned, but this sounds fantastical to me without a human ultimately responsible for the actions of the taxi.
Anyway, some enthusiasts seem to love the idea. In 2016, a team from a German company called Slock-it pivoted from their business model of making smart locks that can be opened using tokens on blockchains and built a sort of automated venture capital (VC) company as a smart contract deployed on Ethereum’s public blockchain. They called it ‘The DAO’ (note the capitalisation). This is a confusing name, it is like calling a bank ‘The Bank’ or a company ‘The Company’. Anyway, The DAO is an example of a DAO.
The idea behind The DAO is that it would be a cryptocurrency fund for funding startups. Investors who want to invest in relevant startups would send money (in the form of ETH) to the smart contract, and the smart contract would issue them DAO tokens in proportion to their investment. The smart contract would be the pot of money used to fund the startups, like a traditional VC fund.
In a normal VC fund, the investors, called Limited Partners, give money to the fund and expect the management of the VC firm to manage the funds and to generate a return by investing in successful ventures. In The DAO, the investors would have a more active role. They would receive DAO tokens in return for their investment, and use them to vote on what startups receive funding. In this way the investors would have direct input into which startups get funding, instead of devolving that responsibility to a management team. The smart contract would govern a voting process, and at the end of a vote, cryptocurrency would be released to the startups that had the most funding votes. That was the theory behind The DAO.
Of course, there was actually human intervention. Someone—a management team—had to curate a list of potential startups that investors could vote on, so in fact it wasn’t much of a DAO after all. All it did was automate the provision of funds. Anyway, none of this really mattered because the DAO failed before it invested in a single startup.
Over a one month funding period in May 2016, The DAO managed to raise the equivalent of over $150m USD in ETH from over 11,000 separate addresses. This suggests a large number of investors, but it is hard to tell, as a single investor may have multiple ETH addresses. ETH was trading between $10 and $20 per ETH and The DAO held about 15% of all ETH in existence.
In June, a hacker managed to find a way to get the DAO to release 3,641,694 ETH, then worth about $50-60m, into another account controlled by the hacker. This sent the price of ETH down almost 50%. When the hack was discovered and investigated, some white-hat (ethical) hackers replicated the attack and drained the rest of the ETH into their own accounts. This is like the goodies stealing money from a broken vault so that the baddy can’t steal it. Now remember, that smart contracts simply do as they promise they will do, and DAOs just do as they have been programmed. The user agreement is right there in the code. If you find a way to get the smart contract to do something that it has been programmed to do, and it does it, is it a hack or is it just behaving according to the rules which you all subscribed to?
Anyway, this was considered a hack and the Ethereum Foundation suggested an update for all Ethereum participants which would in effect freeze the ETH that had been drained by specifying a blacklist which would invalidate any transactions trying to spend money from the theft account. This goes against the vision of a censorship resistant world computer, but this was an emergency, and many early supporters of Ethereum were in danger of having their money stolen. So lost money took precedence over values. The pressure on the Ethereum Foundation to find a way to ‘unwind’ the transaction must have been huge. Just before the proposed implementation of this change, a bug was found with the proposed change, so the blacklist wasn’t adopted. The Ethereum Foundation then made a proposal to unwind the specific transactions related to the theft and allow DAO investors to withdraw their invested ETH.
Again, this transgressed the very principles of a censorship resistant world computer. In cryptocurrencyland, it is apparently fine to cheer for censorship resistance, unless you’ve lost money.
In July 2016, a vote was taken to determine the fate of the stolen Ether, and the result was that the community decided to install an upgrade in what is known as a hard fork, that would move the stolen Ether to a new smart contract and have them returned to the original investors.
This was quite controversial. After all, an unstoppable immutable world computer was stopped and mutated to cater to a small number of people who lost a lot of money to a smart contract which functioned exactly as it specified it would.
Ethereum Classic
A small but vocal part of the community thought that unwinding contradicted the values of Ethereum and continued with the old Ethereum software. This resulted in two Ethereum blockchains, one which returned the stolen funds to the DAO investors, another which didn’t. The one that didn’t became known as Ethereum Classic. Ethereum and Ethereum Classic have a shared history until block 1,920,000 (July 2016) after which point the blockchains diverge. Anyone who owned ETH before the fork, now had an equal amount of ETH (tokens recorded on the Ethereum blockchain) and ETC (tokens recorded on the Ethereum Classic blockchain). This was good for anyone who had ETH before the hard fork as, to all intents and purposes, they received free money in the form of ETC181.
The Parity Bug
Parity is a piece of Ethereum software written by Parity Technologies. It acts as a full node on the Ethereum network, storing the blockchain, running contracts, forwarding transactions, etc. At time of writing, about a third of Ethereum nodes run Parity software.
Source: Ethernodes182
Parity also contains some advanced wallet software that you can use to store ETH. The wallet has had a couple of critical bugs. On 20 July 2017, Parity’s code was updated to fix a bug that had enabled a hacker to steal $32m worth of ETH from Parity multi-signature wallets. However, this update itself contained a bug: A smart contract was deployed which was relied upon for some wallet functionality, but it had a vulnerability. Anyone could convert this smart contract into a multi-signature wallet, take ownership of it, and then suicide it, destroying this particular piece of code on which multi-signature wallets created after 20 July relied, freezing the assets in the wallets.
So, someone with the Github handle devops199 ‘Did just that on 6 Nov 2017183:’
Almost 600 wallets were affected, with a combined balance of over half a million ETH, valued at the time at about $150m. Ironically, Gavin Wood, founder of Parity Technologies, had about 300k ETH in a Parity wallet related to funds raised in an ICO called Polkadot. Those funds are frozen.
The ETH are still there in the wallets, but currently can’t be sent. As of early 2018, developers are still investigating if anything can be done to fix this bug.
Actors in the Ethereum Ecosystem
The Ethereum Foundation
The Ethereum Foundation is a non-profit organisation registered as ‘Stiftung Ethereum’ in Switzerland whose mission is to:
Promote and support Ethereum platform and base layer research, development and education to bring decentralized protocols and tools to the world that empower developers to produce next generation decentralized applications (dapps), and together build a more globally accessible, more free and more trustworthy Internet.184
The Foundation’s job is to manage the funds raised in the Ether pre-sale in any way that furthers Ethereum. Mainly it pays the core development team a salary, but it also offers grants to developers to tackle specific problems. For instance, in March 2018, grants were awarded to fund projects that provided scaling and security solutions to Ethereum185. Vitalik Buterin, known as the creator of Ethereum, sits on the council of the foundation, and the foundation has a great deal of influence into the roadmap of Ethereum. In theory, Ethereum participants (miners, bookkeepers) don’t have to implement any software changes made by the Foundation, but in practice they do.
Ethereum Enterprise Alliance
The Ethereum Enterprise Alliance is a non-profit industry group launched in March 2017 whose goal seems to be to make Ethereum suitable for enterprise use. From their materials, it is hard to understand whether this means businesses using the public Ethereum blockchain, or if it means adapting the Ethereum code to make it suitable for industry use cases.
The website186 says:
The Enterprise Ethereum Alliance connects Fortune 500 enterprises, startups, academics, and technology vendors with Ethereum subject matter experts. Together, we will learn from and build upon the only smart contract supporting blockchain currently running in real world production—Ethereum—to define enterprise-grade software capable of handling the most complex, highly demanding applications at the speed of business.
From the website the vision of the EEA is to:
•Be an open source standard, not a product
•Address enterprise deployment requirements
•Evolve in tandem with advances in public Ethereum
•Leverage existing standards
Unfortunately, I could not find any further detail as to what this means. The mission of the Alliance states:
•EEA is a 501 (c) (6) non-profit corporation.
•A clear roadmap for enterprise features and requirements.
•Robust governance model and accountability, clarity around IP and licensing models for open source technology.
•Resources for businesses to learn about Ethereum and leverage this groundbreaking technology to address specific industry use cases.
Its members are an impressive list of large established companies as well as new startups. The launch members were:
Source: https://entethalliance.org/
Members pay between $3,000 and $25,000 in annual dues for which they get the following benefits:
The EEA website also explains why prospective members should join the EEA:
In early 2018 there were 450 members according to a Coindesk article187.
Like Bitcoin, the price of Ether has also been through ups and downs. Ethereum’s crowdsale was at a price of 2,000 ETH to 1 BTC, and at the time (July-Aug 2014), 1 BTC was worth about $500, making 1 ETH = $0.25. At its peak in early 2018, the price of ETH almost touched $1,500. So, to date, Ether has been a highly successful cryptocurrency in terms of price.
Compared to Bitcoin, Ethereum has an additional use case. Its token ETH is often used in ICOs. A company that runs an ICO will create a smart contract on Ethereum which will automatically create tokens and assign them to Ethereum addresses who have sent Ether to a related smart contract. This means you can run an automated ICO on Ethereum, as long as investors pay in ETH or another token recorded on Ethereum.
What is a cryptocurrency fork? When people use the word fork they can mean two different, but related things:
1.A fork of a codebase
2.A fork of a live blockchain (a chainsplit)
The difference is whether you’re creating an entirely new ledger, which is achieved by forking a codebase (the code behind the node software), or creating a new coin that has a shared history with an existing coin by forking a blockchain. Let’s explore both of these.
A fork of a codebase in general is where you copy the code of a particular program so you can contribute to it or adapt it. This is encouraged in open source software, where code is deliberately shared for anyone to tinker with.
In cryptocurrency, this means that you copy the code behind a popular cryptocurrency node software (e.g., Bitcoin Core), maybe tweak it and change a few parameters, and then run the code to create an entirely new blockchain starting from a blank ledger. You’d say you forked Bitcoin’s code to create a new coin. This is how many alt-coins (alternative coins) were created in 2013-14. Litecoin for example was created using a copy of Bitcoin’s code with some parameters changed, including the speed of block generation and the kind of calculations that the miners had to in the proof-of-work challenge.
The key here is that, when you run the new code, you create a new ‘empty’ blockchain ledger from scratch—with an entirely new Genesis block.
In the popular open source code-sharing platform GitHub, you can easily fork (copy) a project’s code with a few clicks of a mouse. You then have your very own copy which you can edit. These codebase forks are common and encouraged in open source technology development, as they lead to innovation.
A Fork of a Live Blockchain: Chainsplits
A fork of a live blockchain, better described as a chainsplit, is more interesting. Chainsplits can happen by accident or on purpose.
An accidental chainsplit is when there is an uncontentious upgrade to the blockchain software and some proportion of the network omits or forgets to upgrade their software, leading to a number of blocks being produced by them that are incompatible with the rest of the network. According to BitMEX research188, this has happened a few times in Bitcoin’s history, with three identified chainsplits lasting approximately 51, 24, and 6 blocks, in 2010, 2013, and 2015, respectively. So forks can occur even when there is no contention over rule changes, creating some temporary confusion as to the ‘real’ state of the blockchain during the period where there is more than one candidate blockchain.
Accidental chainsplits tend to be resolved quickly with the small proportion of participants upgrading their software and discarding the incompatible blocks.
A deliberate chainsplit occurs when a group of participants of a live network thinks that things should be done a different way from the rest of the participants, and runs some new software with changes to the protocol rules to create a new coin that has a shared history with the old coin. This deliberately splits the chain at a specific block according to a well communicated plan. Deliberate chainsplits can be successful, with both assets continuing to live and develop, or fail, where there is not enough participatory interest and the value of the token drops to zero, and stops being mined.
To execute a successful deliberate chainsplit, you need to publicly rally and persuade a group of miners, bookkeepers, exchanges, and wallets that your new rules are better than the existing rules. They will need to agree to support your new coin, creating a community supporting a new coin that people can buy and sell, store and use. When the chain splits, you have created a new coin with different protocol rules but which has a shared history with the original coin. Anyone with a balance on the blockchain before the split now has a balance in two different coins after the split.
So the determination of whether something is a protocol upgrade, a failed fork, or a successful fork is really about who chooses to adopt the new rules:
•If new protocol rules are adopted by the vast majority of the community, then it is called a protocol upgrade, and those who don’t upgrade have a choice to maintain the old rules as an attempted fork or to join the majority.
•If new protocol rules are adopted by very few participants, you have an unviable fork which may ultimately fail.
•If new protocol rules are adopted by enough participants to maintain a community and interest then it is a successful fork.
What’s the Result of a Deliberate, Successful Fork?
The upshot is that anyone who owned some of the original cryptocurrency continues to have the original cryptocurrency, plus the same number of tokens in new forked cryptocurrency.
Quick analogy: Imagine you usually fly with an airline called CryptoAir where you earn loyalty points, and let’s say you have accumulated 500 points with them. Now imagine that some staff from CryptoAir get upset and leave to create their own separate airline, NewCryptoAir. They take a copy of the customer list with them, including the record of how many loyalty points each customer has. Now you have 500 points with CryptoAir and 500 points with NewCryptoAir. But you can’t spend your NewCryptoAir points with CryptoAir or vice versa. They are incompatible. If you then spend points with one airline, it doesn’t affect your points on the other airline. Your old CryptoAir points continue to have whatever value they had, whereas your new NewCryptoAir points will need to establish their own value. Not a perfect analogy but I think it is helpful.
If coin holders had 100 tokens before a successful cryptocurrency fork, have they ‘doubled their money?’ In one sense, yes, they have doubled the number of tokens they have, as they now have 100 units of the old coin and 100 units of the new coin, and they can spend them independently. In reality, they haven’t doubled their money, as the two coins (original plus new) have different fiat currency values. In practice, the old currency tends to maintain its fiat value, whereas the new one must float on exchanges with a new ticker symbol, and it will usually start trading at a lower value.
How Does a Deliberate Chainsplit Work?
Participants of a fork make changes to the protocol rules and market their philosophy to a wide audience of miners, wallet software providers, exchanges, merchants, and users. They then coordinate to switch over to the new rules at a planned time, determined by a specific block number known as a block height.
At that planned time, two incompatible blocks are mined, one that is valid for the incumbent participants, and the other that is valid for the rebellious participants. The blockchain splits into two, because what is acceptable on one blockchain is not acceptable on the other. Consider the very first transaction that is created that breaks the old rules but conforms to the new rules. This rebellious transaction will be rejected by the old school participants, who will not propagate it, mine it, or add it to their blocks. However, it will be treated as valid by the rebellious validating nodes, and will get mined by a rebellious miner, and the rebellious block will be added to the blockchains of the rebellious participants.
So now there are two blockchains, recording transactions of two different coins which share a common history up to the point of the split. The coins will have different symbols and names to differentiate them, wallets need to be configured to accept the new coin, exchanges need to list the new coin to create a market for it, and merchants and other participants need to accept the new coin.
Forks, or specifically chainsplits, are often described in the media as a ‘stock split’. This is a poor analogy because, in a stock split, more shares are created and assigned to shareholders but the old and the new shares all represent the same thing. This is not the case in a cryptocurrency chainsplit. A ‘spinoff’ is a more accurate analogy because in a spinoff, shareholders of the old company get new shares of a new company. This is similar to a fork where holders of the original coin also get the new coin which has different rules from the old coin.
Sometimes the terms hard and soft fork are used. These terms refer to changes in the rules about what constitutes a valid transaction and block.
A soft fork is a change in the rules that is backwards compatible, meaning that blocks created under the new changed rules will still be considered valid by participants who didn’t upgrade.
A hard fork is a change in the rules that is not backwards compatible, so that if some participants fail to upgrade, there will be a chainsplit.
In practice, if changes to protocol rules are tightened or more constrained, this results in a soft fork, whereas if consensus rules are loosened, then this is a hard fork.
Bitcoin Cash189 is a (currently) successful fork of Bitcoin, created as a hard fork. Bitcoin Cash and Bitcoin (sometimes called Bitcoin Core to reduce confusion) had a shared history until block 478,558 when the chain split.
The philosophy of Bitcoin Cash is to more accurately reflect the vision in the original Satoshi whitepaper of fast, cheap, decentralised, censorship resistant, digital cash, and proponents believe that Bitcoin Core has not been making progress towards this vision.
So far, Bitcoin Cash has been regarded as successful, as it is supported by popular wallet software, merchants accept it, and it trades on popular cryptocurrency exchanges under the ticker symbol BCH.
Case Study 2: Ethereum Classic
Ethereum Classic is a (currently) successful fork of Ethereum. It was created, as we saw earlier, after The DAO was hacked and more than $50m of ETH was drained from it. As we have seen, the Ethereum community deliberated as to what to do and the majority decided to hard fork at block 1,920,000 and restore the hacked ETH to the original holders.
But a minority of the community saw this restoration as revisionist and anti-ethical and refused to hard fork, so they continued on with the original blockchain, theft and all. So in a sense, Ethereum itself is the fork, as it had additional code to neutralise the hack of The DAO, and Ethereum Classic is the original Ethereum. But because Classic was in the minority, it is regarded as the fork.
Ethereum Classic trades on cryptocurrency exchanges under the ticker symbol ETC and is widely supported by wallets.
Forks are trendy. It is easier to take something that is proven to already work than to build something from scratch. And, as cryptocurrencies tend to be open source, it is legal to copy the code, tweak it, and run it. Community building with a forked chain is easier than building a new blockchain too. Anyone who had a balance on the original chain will also have a balance on the new chain, so they are more likely to support a fork where they have a balance, rather than support a new blank blockchain.
People saw that Bitcoin Cash successfully forked and retained some currency value, so this spurred many copycats to try the same. However, there is only so much energy in the cryptocurrency space, and there seems to be some ‘fork fatigue’. Some commentators predict that many future forks will fail.
BitMEX research190 provides a list of forks that have happened since the Bitcoin Cash fork:
