Anyone joining the Bitcoin network can generate his or her own Bitcoin address (generally a string of thirty-four letters and numbers), and a corresponding private key (generally a string of sixty-four characters).
As an example, one actual Bitcoin address is:
16R5PtokaUnXXXjQe4Hg5jZrfW69fNpAtF
The private key for this particular address is:
5JJ5rLKjyMmSxhauoa334cdZNCoVEw6oLfMpfL8H1w9pyDoPMf3
Only the person with this private key can sign off on transactions from that address (the address is empty so don’t bother trying).
Each Bitcoin address has one and only one private key. The relationship between the private key and the address is determined by a series of complex math equations, which makes it essentially impossible to work backward from the public Bitcoin address to find the private key.
A Bitcoin user can generate endless numbers of Bitcoin addresses and private keys. There is no cost for doing so. The length of the addresses and the sheer number of potential addresses ensure that it is all but impossible for the same address to be generated twice.
With a private key, a user, let’s call her Alice again, can send money from her address without ever sharing the private key with anyone else. Rather than sending out her private key, Alice puts her private key into software on her own computer, along with details of her transaction. Without sending this information to the network, the Bitcoin software on Alice’s computer runs the information through a series of complicated math equations that spits out a special code, often referred to as a digital signature. This part of the process can happen even if Alice’s computer is offline. It is this digital signature—a unique product of her private key and the transaction taking place—that Alice sends out to the network along with her transaction, much like a signature on a check.
The computers that get Alice’s digital signature are unable to work backward to get Alice’s private key, thanks to the mathematical innovations involved. But the computers can put Alice’s digital signature and her public Bitcoin address into another series of complicated math equations and verify that the digital signature was, indeed, created by the private key corresponding to the public address. Again, these are very sophisticated mathematical manipulations that happen on both sides of this, on one side to generate the signature and on the other to verify it.
It is necessary for the computers on the network to verify every transaction because there is no central authority to do this work. Once the computers do verify that Alice has the right private key, they then check that Alice’s Bitcoin address has the coins she is trying to send. The computers on the network do this by scanning the record of all previous Bitcoin transactions coming to and from the address Alice is using.
Satoshi saw that it would be problematic if each computer on the network recorded every transaction as it arrived. A transaction might reach one computer before it reached another computer on the network, leading to disagreements about the balance in each address. Bitcoin needed to have one definitive record of when each transaction occurred, and Satoshi came up with a clever way to achieve this through the use of a kind of ongoing contest that any member of the network could compete in.
To win the contest, all the computers on the network would compile recent transactions, as they were sent around the network, into long lists, which were referred to generically as blocks. After compiling the transactions into a block, a computer would then run the block through yet another specialized math equation, known as a hash function, which can take any data—the Gettysburg Address or your name—and turn these data into a unique sixty-four-character digest. The computers taking part in the Bitcoin contest are looking for a block that can be put into a hash function known as SHA 256 and generate a sixty-four-character digest with a specific number of zeroes at the beginning. If, for instance the computers are looking for a digest with five zeroes at the beginning, either of these digests would be a winner:
000006d77563afa1914846b010bd164f395bd34c2102e5e99e0cb9cf173c1d87
Or
000007ac6b77f49380ea90f3544a51ef0bfbfc8304816d1aab73daf77c2099319
Because SHA 256, like other hash functions, is essentially impossible to reverse-engineer, it is impossible to tell what sort of block will lead to a digest with five zeroes at the beginning.
Given that SHA 256 and other hash functions always generate the same digest from any particular input, if every computer put the same transactions into their block, every computer would get the same digest out the other end. In order to differentiate their blocks, in the hope of finding a winning block, each computer would be tasked with adding a random number onto the end of the block. Because of the sensitive nature of hash functions, changing the random number at the end of the block from 20 to 22 could potentially change the digest from a digest with one zero to a digest with ten zeroes at the beginning. If one random number didn’t lead to a digest with the desired number of zeroes, the computer would try the block with another random number attached to see if that worked. All the computers hoping to win would keep trying out new random numbers—and adding incoming transactions—until one computer found a block that led to a digest with the correct number of zeroes. Because finding an answer involved trying out random numbers, this contest was more a game of luck than a game of skill—but the computer that could run guesses through the hash function fastest would increase its chances of winning, just as a person with twenty lottery tickets has a better chance of winning than a person with only one.
The number of zeroes required to win the contest was somewhat inconsequential but made it easy to adjust the difficulty of the contest and ensure that new blocks arrived approximately every ten minutes. If computers were winning more often than every ten minutes, the Bitcoin software could adjust and demand that computers find a digest with more zeroes at the beginning. If computers were not winning frequently enough, the software could adjust and allow winners to have less zeroes. As the contest became harder, it required more high-powered computer hardware to win it.
When a computer did find a winning block, it would send the winning block around the network, so that the other computers could verify that the block did indeed generate a digest with the desired number of zeroes at the beginning. The computers would then add the winning block to the blockchain held on all the computers, thus recording the list of transactions included in the block. That block became the official record of all transactions that occurred since the previous winning block. If the winning block left out a few transactions that were included in the blocks created by other computers, those transactions would not be recorded on the blockchain and would be left out for the next round of blocks. In addition to the transactions and the random number, the blocks also included a reference to the previous block and data on the state of the Bitcoin network, so that all this information would also be recorded on the blockchain.
The creative method for arriving at a single, communally agreed upon record of transactions provided a long-sought solution to a conundrum known as the Byzantine Generals Problem. Before Bitcoin, computer scientists struggled with how to build a reliable network of unrelated people, if some of the people could not be trusted. The method of building a blockchain, with each block coming from just one member of the network, and disagreements being solved by majority rule, solved this problem.
When a computer generated a winning block, it also won a bundle of new coins—50 Bitcoins when the system first began. These coins were created in a clever way. In essence, when computers were generating the list of transactions in a block, they included, in their list of transactions, a transaction granting one of their own Bitcoin addresses 50 Bitcoins out of thin air. When a block won the lottery, and was added to the blockchain, this seemingly fictional transaction was turned into a reality, and the address in question had 50 more Bitcoins attached to it. By making it onto the blockchain the transaction was made real. The transaction that created new Bitcoins would be referred to as the coinbase of each block. If a computer tried to grant itself more than 50 new Bitcoins, the whole block would be rejected by the other computers, even if it generated a digest with the correct number of zeroes.