You’ve probably heard of bitcoin, the decentralised digital currency that is being reported increasingly more in the media recently. In this post I will talk about what they are, what makes them secure, and how to get them.
Bitcoin’s value is influenced by many things such as their usefulness as a currency, the cost of hardware & electricity to mine them, and by speculative investors who are buying them to turn a profit on their price volatility. If people had doubts about the security of bitcoin, then all of these influencing factors would be irrelevant and they would likely be worth nothing.
So what makes bitcoin secure? There is no central authority or server that handles bitcoin wallets and the transactions between them. This is handled by a peer to peer network of all computers running the bitcoin client. You might think that this might make them insecure as a member of the P2P network could manipulate the network and lie about transactions. However, I will explain why this is not feasible. In essence, as long as the majority of CPU power in the network is honest, then the network cannot be attacked. The original research paper proposing the system published anonymously under the pseudonym Satoshi Nakamoto can be viewed here.
Every bitcoin has its own hexadecimal code to identify it. When a transaction occurs, an announcement is made to the P2P network saying a specific bitcoin is being transferred from Wallet A to Wallet B. The details of every single transaction, since the beginning of bitcoin is downloaded from the network to every computer running the bitcoin client. The transactions are stored in blocks of a few hundred transactions. This file is becoming larger and larger by the day, making it rather unpractical to run the client on personal computers. At the time of writing, there are 274495 blocks in the block chain, and this number increases every few minutes/hours.
The security that is fundamental to bitcoin’s security is based on hashing. This is essentially a mathematical algorithm that can be applied to a set of data, to make a unique number. This number can not be reverse-engineered into the original data, and changing the original data just a tiny bit (e.g. swapping a single character) will completely change the hash. Also, the hash can not be predicted without running the hashing algorithm, which can be computationally expensive.
Bitcoins use the SHA-256 algorithm, which was developed by the NSA in 2001. It uses a combination of mathematical and logical operators to manipulate data into a hash code. It is an unbroken hashing algorithm, and is what makes credit card transactions secure online, keeps encrypted data files secure, and facilitates secret messaging using PGP.
Each block in the block chain has a header that contains, amongst other information, the hash code of the previous block header, and the hash of all the transactions in the current block. In theory, somebody on the network could lie about the transactions in the current block, hash the block themselves and submit it to the network. However, performing the hashing algorithm is so computationally expensive that it could take them months or even years on their own by which time, there would be hundreds or thousands of additional blocks in the block chain. This is where bitcoin mining comes in.
Bitcoins have a fixed number of coins that will ever be in the economy (21 million), but they must be mined before they come into circulation. Bitcoin mining is using the computing power of a machine to perform the hashing algorithm on the blocks, in exchange for 25 brand new bitcoins for every block hashed (this reward halves every ~4 years. In addition to the aforementioned hash codes in the block header, there is also a 32 bit number (starting at 0) called a Nonce. This number affects the hash, as a small change in the data results in a huge change in the hash code. Bitcoin mining is a race to find out which number results in a hash code below a particular value. By adding this number into the hash, it makes the number of hash calculations needed much higher (billions). This is what makes it not feasible for an individual to crack the hash of the block, which also makes it very difficult for malicious activity to be pushed into the block chain.
Bitcoin mining guilds exist to allow large groups of people to collectively mine, and then share the winnings. The rate at which bitcoins are released into circulation is monitored, and the difficulty rating is adjusted each week to maintain control over the inflation. This difficulty rating essentially makes it harder or more difficult to mine for bitcoins, and is dependent on the collective computing power of the bitcoin network.
Bitcoins are stored in a bitcoin address, which can be managed in wallet software such as MultiBit, or the website blockchain.info. Since all bitcoin transactions are public and viewable on the block chain, the contents of each address can also be viewed by anyone. This might seem contrary to the ‘anonymity’ that bitcoin is often reported as having. It is anonymous in the sense that you can have an address without anybody knowing who it belonged to. However, if you advertise your address then its contents can be associated with you, and is therefore no longer anonymous.
Bitcoin addresses are 27-34 alphanumeric characters long, and begin with a 1 or a 3. Addresses consist of two keys. The public key and the private key. The public key can be advertised to anyone safely, and people can use this to send you bitcoins. The private key is needed to make any transactions from the account, and should be written down and kept private (as the name suggests).
Here’s my public key, to show you what it looks like.
Bitcoin public keys are also often displayed in the format of a QR code. This can be scanned by a device and can be easier than typing out the long key. Mine looks like this:
If you don’t have the computing power, or the patience for bitcoin mining, there are various bitcoin exchanges that allow for easy trading of bitcoins for other currencies. The most popular is Mt.Gox, although there are many alternatives that are considered better, such as bitstamp. Coinbase is also a popular bitcoin company that allows for merchants to implement bitcoins as a payment method for their business. As smallest denomination of a bitcoin is called a Satoshi, and represents 0.00000001 bitcoins. Some marketplaces have started to represent trades in terms of mBTC (micro bitcoins), as the value of 1 bitcoin is becoming larger and larger.
In the next post, I will explain how to get a custom bitcoin address that contains your name (or any other word) in the public key.