Part I introduced some of the challenges in the way of the public understanding of how Bitcoin works, and summarized the strategic roles of the open source software model, peer-to-peer networking, and digital signatures. Part II concludes by discussing hashing and the essential roles it plays in the technical structure of Bitcoin, as well how the system has been designed to be self-financing right from the beginning into the indefinite future.
Making a hash of it
Hashing plays a role quite different from digital signatures. It proves that a message has not been altered. Running a hash of the same message always produces the same result. If a hash does not match a previous one, it is a warning that the current version of the message does not match the original.
To illustrate, here is a message from Murray Rothbard. He wrote in Man, Economy, and State that:
“It must be reiterated here that value scales do not exist in a void apart from the concrete choices of action.” —Murray Rothbard, 1962
And here is the SHA256 digest of this message and attribution (the same algorithm that Bitcoin uses):
Any message of any size can go into a hash function. The algorithm breaks it down, mixes the parts, and otherwise “digests” it, until it produces a fixed-length result called “a digest,” which for SHA256 takes the above form, but is in each case different in content.
There are some critical properties of a good hash algorithm. First, the same message always produces the same digest. Second, it only works in one direction. Nothing about the message that went in can be reconstructed from the digest that came out. Even the tiniest change produces a completely different digest, with no relationship between the change in input and the change in output. This is called “the avalanche effect.” Third, the chances of producing the same digest from an altered message are miniscule. This is called “collision resistance.” It is impossible to craft an altered message that produces the same digest as the original unaltered message.
To demonstrate, here is the same quote without the two quotation marks.
It must be reiterated here that value scales do not exist in a void apart from the concrete choices of action. —Murray Rothbard, 1962
Which produces this digest:
Compare it with the previous digest:
The tiniest change in the message, removing the two quotation marks, produced a completely different digest that has no relationship whatsoever to the previous digest. In sum, a digest gives a quick yes or no answer to a single question: Is the message still exactly the same as it was before? If the message differs, the digest cannot indicate how or by how much, only that it either has changed at all or has not.
How could such a seemingly blunt instrument be useful? Bitcoin is one application in which hashing has proven very useful indeed. In Bitcoin, hashing is used in the lynchpin role of making it impossible to alter transactions and records once they have been recorded. Once the hashes are hashed together within the blockchain, record forgery anywhere is impossible.
Transactions and how miners compete to discover blocks
Wallet software is used to create transactions. These include the amount to be sent, sending and receiving addresses, and some other information, which is all hashed together. This hash is signed with any required signing keys to create a unique digital signature valid only for this transaction and no other. All of this is broadcast to the network as unencrypted, public information. What makes this possible is that the signature and the verification key do not reveal the signing key.
To keep someone from trying to spend the same unit twice and commit a kind of fraud called double-spending, nodes check new transactions against the blockchain and against other new transactions to make sure the same units are not being referenced more than once.
Each miner collects valid new transactions and incorporates them into a candidate in the competition to publish the next recognized block on the chain. Each miner hashes all the new transactions together. This produces a single hash (“mrkl_root”) that makes the records of every other transaction in a block interdependent.
Each hash for any candidate block differs from every other candidate block, not least because the miner includes his own unique mining address so he can collect the rewards if his candidate block does happen to become recognized as next in the chain.
Whose candidate block becomes the winner?
For the competing miners to recognize a block as the next valid one, the winning miner has to generate a certain hash of his candidate block’s header that meets a stringent condition. All of the other miners can immediately check this answer and recognize it as being correct or not.
However, even though it is a correct solution, it works only for the miner who found it for his own block. No one else can just take another’s correct answer and use it to promote his own candidate block as the real winner instead. This is why the correct answer can be freely published without being misappropriated by others. This unique qualifying hash is called a “proof of work.”
The nature and uses of message digests are counter-intuitive at first, but they are indispensable elements in what makes Bitcoin possible.
An example of a mined block
Here is an example of some key data from an actual block.
The top line (“hash”) was the actual successful block header hash for this block. It starts with a large number of zeros because a winning hash has to be below the value set in the current difficulty level. The only way to find a winner is to keep trying over and over again.
This process is often described in the popular press as “solving a complex math problem,” but this is somewhat misleading. It is rather an extremely simple and brutally stupid task, one only computers could tolerate. The hash function must simply be run over and over millions and billions of times until a qualifying answer happens to finally be found somewhere on the network. The chances of a given miner finding such a hash for his own candidate block on any given try are miniscule, but somewhere in the network, one is found at a target average of about every 10 minutes. The winner collects the block reward—currently 25 new bitcoins—and any fees for included transactions.
How is the reward collected?
The candidate blocks are already set up in advance so that rewards are controlled by the winning miner’s own unique mining address. This is possible because the miner already included this address in his own unique candidate block before it became a winner. The reward address was already incorporated in the block data to begin with. Altering the reward address in any way would invalidate the winning hash and with it that entire candidate block.
In addition, a miner can only spend rewards from blocks that actually become part of the main chain, because only those blocks can be referenced in future transactions. This design fully specifies the initial control of all first appropriations of new bitcoins. Exactly who wins each next block is random. To raise the probability of winning, a miner can only try to contribute a greater share of the current total network hashing capacity in competition with all of the others trying to do the same.
As shown above with the Rothbard quote, a completely different hash comes out even after the slightest change to the message. This is why the protocol includes a place for a number that is started at zero and changed by one for each new hash try (“nonce”). Only this tiny alteration, even if the rest of the candidate block data is unchanged, generates a completely different hash each time in search of a winner. In the example above, it looks like this miner found a winning hash for this block at some point after the three billionth attempt (“nonce”:3013750715), and this was just for that one miner or mining pool, not including the similar parallel but unsuccessful attempts of all the other miners, and all this just for the competition for this one block.
The key point to understand is that finding a hash under the difficulty level is extremely competitive and difficult, but verifying afterwards that one has been found is trivial. The rest of the miners do so and move right along. They use the newly discovered hash of the previous block header (“prev_block”) as one of the inputs for their next crop of block candidates (which assures the vertical integrity of the single chain of blocks) and the race continues based on the remaining pool of unconfirmed transactions.
A powerful, self-financing, verification network
The Bitcoin mining network is, as of late September 2014, running at about 250 petahashes per second and rising at a logarithmic pace that will soon make this figure look small (rate tracked here). This means that about 250 quadrillion hashes are currently being tried across the network every second all the time. This is the world’s most powerful distributed computing network, by far, and has already been steadily extending this lead for quite some time.
Block rewards and transaction fees help promote the production and maintenance of this entire network in a decentralized way. Since block generation is random and distributed on average in proportion to hashing power contribution, it helps incentivize all contributors all the time. Many miners participate in cooperative mining pools so that at least some rewards arrive on a fairly regular basis.
The network is designed to be entirely self-financed by participants from the beginning indefinitely into the future. Early on, new coin rewards are larger and transaction-fee revenue smaller. Finally, only transaction-fee revenue is to remain, with a long and gradual transition phase built in.
If Bitcoin does remain successful over the longer term, by the time transaction-fee revenue predominates, there would likely be many orders of magnitude more transactions per block by which to multiply the average competitive fee per transaction.
This has been a summary look at a few of the key technical elements of Bitcoin. Hashing algorithms and digital signatures are especially counter-intuitive and relatively new inventions, but knowing what they make possible is essential for understanding how Bitcoin works. Each of Bitcoin’s major elements contribute to the central functions of verification, unforgeable record-keeping, and fraud prevention. These technical underpinnings and the functions they support sound about as far from the systematic deceptions of a fraud such as a Ponzi scheme as it would be possible to get.
About the Author
Konrad S. Graf (@KonradSGraf) writes on Bitcoin and monetary theory. This work so far is collected at konradsgraf.com/bitcoin-theory. He appeared on panel discussions on Bitcoin and economic theory and monetary history at the Bitcoin 2014 conference in Amsterdam, and in 2013, he presented on Bitcoin and social theory at the Mises Seminar Australia in Brisbane and via pre-recorded interview at the Bitcoin Singapore conference. He is currently focusing on additional research and writing in this area.
Please send Konrad a tip: 174YDzQuMdUgNbd9sQspPdNjZwg7UxQNVi