bitcoin

Bitcoin (₿) is a decentralized digital currency, without a central bank or single administrator, that can be sent from user to user on the peer-to-peer bitcoin network without the need for intermediaries.[7] Transactions are verified by network nodes through cryptography and recorded in a public distributed ledger called a blockchain. The cryptocurrency was invented in 2008 by an unknown person or group of people using the name Satoshi Nakamoto.[9] The currency began use in 2009[10] when its implementation was released as open-source software.[6]: ch. 1 

Bitcoins are created as a reward for a process known as mining. They can be exchanged for other currencies, products, and services. Bitcoin has been criticized for its use in illegal transactions, the large amount of electricity (and thus carbon footprint) used by mining, price volatility, and thefts from exchanges. Some investors and economists have characterized it as a speculative bubble at various times. Others have used it as an investment, although several regulatory agencies have issued investor alerts about bitcoin.[11][12][13]

A few local and national governments are officially using Bitcoin in some capacity, with one country, El Salvador, adopting it as a legal tender.

The word bitcoin was defined in a white paper published on 31 October 2008.[4][14] It is a compound of the words bit and coin.[15] No uniform convention for bitcoin capitalization exists; some sources use Bitcoin, capitalized, to refer to the technology and network and bitcoin, lowercase, for the unit of account.[16] The Wall Street Journal,[17] The Chronicle of Higher Education,[18] and the Oxford English Dictionary[15] advocate the use of lowercase bitcoin in all cases.Transactions

See also: Bitcoin network

Transactions are defined using a Forth-like scripting language.[6]: ch. 5  Transactions consist of one or more inputs and one or more outputs. When a user sends bitcoins, the user designates each address and the amount of bitcoin being sent to that address in an output. To prevent double spending, each input must refer to a previous unspent output in the blockchain.[29] The use of multiple inputs corresponds to the use of multiple coins in a cash transaction. Since transactions can have multiple outputs, users can send bitcoins to multiple recipients in one transaction. As in a cash transaction, the sum of inputs (coins used to pay) can exceed the intended sum of payments. In such a case, an additional output is used, returning the change back to the payer.[29] Any input satoshis not accounted for in the transaction outputs become the transaction fee.[29]

Though transaction fees are optional, miners can choose which transactions to process and prioritize those that pay higher fees.[29] Miners may choose transactions based on the fee paid relative to their storage size, not the absolute amount of money paid as a fee. These fees are generally measured in satoshis per byte (sat/b). The size of transactions is dependent on the number of inputs used to create the transaction, and the number of outputs.[6]: ch. 8 

The blocks in the blockchain were originally limited to 32 megabytes in size. The block size limit of one megabyte was introduced by Satoshi Nakamoto in 2010. Eventually the block size limit of one megabyte created problems for transaction processing, such as increasing transaction fees and delayed processing of transactions.[30] Andreas Antonopoulos has stated Lightning Network is a potential scaling solution and referred to lightning as a second-layer routing network.[6]: ch. 8 In the blockchain, bitcoins are registered to bitcoin addresses. Creating a bitcoin address requires nothing more than picking a random valid private key and computing the corresponding bitcoin address. This computation can be done in a split second. But the reverse, computing the private key of a given bitcoin address, is practically unfeasible.[6]: ch. 4  Users can tell others or make public a bitcoin address without compromising its corresponding private key. Moreover, the number of valid private keys is so vast that it is extremely unlikely someone will compute a key-pair that is already in use and has funds. The vast number of valid private keys makes it unfeasible that brute force could be used to compromise a private key. To be able to spend their bitcoins, the owner must know the corresponding private key and digitally sign the transaction.[d] The network verifies the signature using the public key; the private key is never revealed.[6]: ch. 5 

If the private key is lost, the bitcoin network will not recognize any other evidence of ownership;[27] the coins are then unusable, and effectively lost. For example, in 2013 one user claimed to have lost 7,500 bitcoins, worth $7.5 million at the time, when he accidentally discarded a hard drive containing his private key.[33] About 20% of all bitcoins are believed to be lost -they would have had a market value of about $20 billion at July 2018 prices.[34]

To ensure the security of bitcoins, the private key must be kept secret.[6]: ch. 10  If the private key is revealed to a third party, e.g. through a data breach, the third party can use it to steal any associated bitcoins.[35] As of December 2017, around 980,000 bitcoins have been stolen from cryptocurrency exchanges.[36]

Regarding ownership distribution, as of 16 March 2018, 0.5% of bitcoin wallets own 87% of all bitcoins ever mined.[37]Mining is a record-keeping service done through the use of computer processing power.[f] Miners keep the blockchain consistent, complete, and unalterable by repeatedly grouping newly broadcast transactions into a block, which is then broadcast to the network and verified by recipient nodes.[26] Each block contains a SHA-256 cryptographic hash of the previous block,[26] thus linking it to the previous block and giving the blockchain its name.[6]: ch. 7 [26]

To be accepted by the rest of the network, a new block must contain a proof-of-work (PoW).[26][g] The PoW requires miners to find a number called a nonce (number used once), such that when the block content is hashed along with the nonce, the result is numerically smaller than the network's difficulty target.[6]: ch. 8  This proof is easy for any node in the network to verify, but extremely time-consuming to generate, as for a secure cryptographic hash, miners must try many different nonce values (usually the sequence of tested values is the ascending natural numbers: 0, 1, 2, 3, ...) before a result happens to be less than the difficulty target. Because the difficulty target is extremely small compared to a typical SHA-256 hash, block hashes have many leading zeros[6]: ch. 8  as can be seen in this example block hash:

0000000000000000000590fc0f3eba193a278534220b2b37e9849e1a770ca959

By adjusting this difficulty target, the amount of work needed to generate a block can be changed. Every 2,016 blocks (approximately 14 days given roughly 10 minutes per block), nodes deterministically adjust the difficulty target based on the recent rate of block generation, with the aim of keeping the average time between new blocks at ten minutes. In this way the system automatically adapts to the total amount of mining power on the network.[6]: ch. 8  As of April 2022, it takes on average 122 sextillion (122 thousand billion billion) attempts to generate a block hash smaller than the difficulty target.[42] Computations of this magnitude are extremely expensive and utilize specialized hardware.[43]

The proof-of-work system, alongside the chaining of blocks, makes modifications of the blockchain extremely hard, as an attacker must modify all subsequent blocks in order for the modifications of one block to be accepted.[44] As new blocks are mined all the time, the difficulty of modifying a block increases as time passes and the number of subsequent blocks (also called confirmations of the given block) increases.[26]

Computing power is often bundled together by a Mining pool to reduce variance in miner income. Individual mining rigs often have to wait for long periods to confirm a block of transactions and receive payment. In a pool, all participating miners get paid every time a participating server solves a block. This payment depends on the amount of work an individual miner contributed to help find that block.[45]The successful miner finding the new block is allowed by the rest of the network to collect for themselves all transaction fees from transactions they included in the block, as well as a pre-determined reward of newly created bitcoins.[46] As of 11 May 2020, this reward is currently 6.25 newly created bitcoins per block.[47] To claim this reward, a special transaction called a coinbase is included in the block, with the miner as the payee.[6]: ch. 8  All bitcoins in existence have been created through this type of transaction. The bitcoin protocol specifies that the reward for adding a block will be reduced by half every 210,000 blocks (approximately every four years). Eventually, the reward will round down to zero, and the limit of 21 million bitcoins[h] will be reached c. 2140; the record keeping will then be rewarded by transaction fees only.[48]

Decentralization

Bitcoin is decentralized thus:[7]

Bitcoin does not have a central authority.[7]

The bitcoin network is peer-to-peer,[10] without central servers.

The network also has no central storage; the bitcoin ledger is distributed.[49]

The ledger is public; anybody can store it on a computer.[6]: ch. 1 

There is no single administrator;[7] the ledger is maintained by a network of equally privileged miners.[6]: ch. 1 

Anyone can become a miner.[6]: ch. 1 

The additions to the ledger are maintained through competition. Until a new block is added to the ledger, it is not known which miner will create the block.[6]: ch. 1 

The issuance of bitcoins is decentralized. They are issued as a reward for the creation of a new block.[46]

Anybody can create a new bitcoin address (a bitcoin counterpart of a bank account) without needing any approval.[6]: ch. 1 

Anybody can send a transaction to the network without needing any approval; the network merely confirms that the transaction is legitimate.[50]: 32 

Conversely, researchers have pointed out at a "trend towards centralization". Although bitcoin can be sent directly from user to user, in practice intermediaries are widely used.[27]: 220–222  Bitcoin miners join large mining pools to minimize the variance of their income.[27]: 215, 219–222 [51]: 3 [52] Because transactions on the network are confirmed by miners, decentralization of the network requires that no single miner or mining pool obtains 51% of the hashing power, which would allow them to double-spend coins, prevent certain transactions from being verified and prevent other miners from earning income.[53] As of 2013 just six mining pools controlled 75% of overall bitcoin hashing power.[53] In 2014 mining pool Ghash.io obtained 51% hashing power which raised significant controversies about the safety of the network. The pool has voluntarily capped their hashing power at 39.99% and requested other pools to act responsibly for the benefit of the whole network.[54] Around the year 2017, over 70% of the hashing power and 90% of transactions were operating from China.[55]

According to researchers, other parts of the ecosystem are also "controlled by a small set of entities", notably the maintenance of the client software, online wallets and simplified payment verification (SPV) clients.[53]

Privacy and fungibility

Bitcoin is pseudonymous, meaning that funds are not tied to real-world entities but rather bitcoin addresses. Owners of bitcoin addresses are not explicitly identified, but all transactions on the blockchain are public. In addition, transactions can be linked to individuals and companies through "idioms of use" (e.g., transactions that spend coins from multiple inputs indicate that the inputs may have a common owner) and corroborating public transaction data with known information on owners of certain addresses.[56] Additionally, bitcoin exchanges, where bitcoins are traded for traditional currencies, may be required by law to collect personal information.[57] To heighten financial privacy, a new bitcoin address can be generated for each transaction.[58]

Wallets and similar software technically handle all bitcoins as equivalent, establishing the basic level of fungibility. Researchers have pointed out that the history of each bitcoin is registered and publicly available in the blockchain ledger, and that some users may refuse to accept bitcoins coming from controversial transactions, which would harm bitcoin's fungibility.[59] For example, in 2012, Mt. Gox froze accounts of users who deposited bitcoins that were known to have just been stolen.[60]A wallet stores the information necessary to transact bitcoins. While wallets are often described as a place to hold[61] or store bitcoins, due to the nature of the system, bitcoins are inseparable from the blockchain transaction ledger. A wallet is more correctly defined as something that "stores the digital credentials for your bitcoin holdings" and allows one to access (and spend) them.[6]: ch. 1, glossary  Bitcoin uses public-key cryptography, in which two cryptographic keys, one public and one private, are generated.[62] At its most basic, a wallet is a collection of these keys.

Software wallets

The first wallet program, simply named Bitcoin, and sometimes referred to as the Satoshi client, was released in 2009 by Satoshi Nakamoto as open-source software.[10] In version 0.5 the client moved from the wxWidgets user interface toolkit to Qt, and the whole bundle was referred to as Bitcoin-Qt.[63] After the release of version 0.9, the software bundle was renamed Bitcoin Core to distinguish itself from the underlying network.[64][65] Bitcoin Core is, perhaps, the best known implementation or client. Alternative clients (forks of Bitcoin Core) exist, such as Bitcoin XT, Bitcoin Unlimited,[66] and Parity Bitcoin.[67]

There are several modes which wallets can operate in. They have an inverse relationship with regards to trustlessness and computational requirements.

Full clients verify transactions directly by downloading a full copy of the blockchain (over 150 GB as of January 2018).[68] They are the most secure and reliable way of using the network, as trust in external parties is not required. Full clients check the validity of mined blocks, preventing them from transacting on a chain that breaks or alters network rules.[6]: ch. 1  Because of its size and complexity, downloading and verifying the entire blockchain is not suitable for all computing devices.

Lightweight clients consult full nodes to send and receive transactions without requiring a local copy of the entire blockchain (see simplified payment verification – SPV). This makes lightweight clients much faster to set up and allows them to be used on low-power, low-bandwidth devices such as smartphones. When using a lightweight wallet, however, the user must trust full nodes, as it can report faulty values back to the user. Lightweight clients follow the longest blockchain and do not ensure it is valid, requiring trust in full nodes.[69]

Third-party internet services called online wallets or webwallets offer similar functionality but may be easier to use. In this case, credentials to access funds are stored with the online wallet provider rather than on the user's hardware.[70] As a result, the user must have complete trust in the online wallet provider. A malicious provider or a breach in server security may cause entrusted bitcoins to be stolen. An example of such a security breach occurred with Mt. Gox in 2011.[71]