Via Quartz, an interesting look at mining bitcoins:
New bitcoins are created roughly every 10 minutes in batches of 25 coins, with each coin worth around $730 at current rates. Your computer—in collaboration with those of everyone else reading this post who clicked the button above—is racing thousands of others to unlock and claim the next batch.
For as long as that counter above keeps climbing, your computer will keep running a bitcoin mining script and trying to get a piece of the action. (But don’t worry: It’s designed to shut off after 10 minutes if you are on a phone or a tablet, so your battery doesn’t drain).
So what is that script doing, exactly?
Let’s start with what it’s not doing. Your computer is not blasting through the cavernous depths of the internet in search of digital ore that can be fashioned into bitcoin bullion. There is no ore, and bitcoin mining doesn’t involve extracting or smelting anything. It’s called mining only because the people who do it are the ones who get new bitcoins, and because bitcoin is a finite resource liberated in small amounts over time, like gold, or anything else that is mined. (The size of each batch of coins drops by half roughly every four years, and around 2140, it will be cut to zero, capping the total number of bitcoins in circulation at 21 million.) But the analogy ends there.
What bitcoin miners actually do could be better described as competitive bookkeeping. Miners build and maintain a gigantic public ledger containing a record of every bitcoin transaction in history. Every time somebody wants to send bitcoins to somebody else, the transfer has to be validated by miners: They check the ledger to make sure the sender isn’t transferring money she doesn’t have. If the transfer checks out, miners add it to the ledger. Finally, to protect that ledger from getting hacked, miners seal it behind layers and layers of computational work—too much for a would-be fraudster to possibly complete.
And for this service, they are rewarded in bitcoins.
Or rather, some miners are rewarded. Miners are all competing with each other to be first to approve a new batch of transactions and finish the computational work required to seal those transactions in the ledger. With each fresh batch, winner takes all.
It’s the computational work that really takes time, and that’s mostly what your computer is doing right now. It’s trying to solve a kind of cryptographic problem that involves guessing and checking billions of times until it finds an answer.
If this all seems pretty heady, that’s because mining is an elaborate solution to a tough problem that plagues every currency—double spending.
Double spending and a public ledger
As the name implies, double spending is when somebody spends money more than once. It’s a risk with any currency. Traditional currencies avoid it through a combination of hard-to-mimic physical cash and trusted third parties—banks, credit-card providers, and services like PayPal—that process transactions and update account balances accordingly.
But bitcoin is completely digital, and it has no third parties. The idea of an overseeing body runs completely counter to its ethos. So if you tell me you have 25 bitcoins, how do I know you’re telling the truth? The solution is that public ledger with records of all transactions, known as the block chain. (We’ll get to why it’s called that shortly.) If all of your bitcoins can be traced back to when they were created, you can’t get away with lying about how many you have.
So every time somebody transfers bitcoins to somebody else, miners consult the ledger to make sure the sender isn’t double-spending. If she indeed has the right to send that money, the transfer gets approved and entered into the ledger. Simple, right?
Well, not really. Using a public ledger comes with some problems. The first is privacy. How can you make every bitcoin exchange completely transparent while keeping all bitcoin users completely anonymous? The second is security. If the ledger is totally public, how do you prevent people from fudging it for their own gain?
There is no such thing as a bitcoin account
Bitcoin’s ledger deals with the privacy issue through a bit of accounting trickery. The ledger only keeps track of bitcoin transfers, not account balances. In a very real sense, there is no such thing as a bitcoin account. And that keeps users anonymous.
Here’s how it works: Say Alice wants to transfer one bitcoin to Bob. First Bob sets up a digital address for Alice to send the money to, along with a key allowing him to access the money once it’s there. It works sort-of like an email account and password, except that Bob sets up a new address and key for every incoming transaction (he doesn’t have to do this, but it’s highly recommended).
When Alice clicks a button to send the money to Bob, the transfer is encoded in a chunk of text that includes the amount and Bob’s address. Here’s what that text actually look like:
And here’s a more digestible diagram of it:
That transaction record is sent to every bitcoin miner—i.e., every computer on the internet that is running mining software—and if it’s legit, it gets added to the ledger. Let’s assume it goes through.
Now, say Bob wants to pay Carol one bitcoin. Carol of course sets up an address and a key. And then Bob essentially takes the bitcoin Alice gave him and uses his address and key from that transfer to sign the bitcoin over to Carol:
This transaction gets sent out to all of the miners, and they will check (using the reference number from Alice’s transfer to Bob) to make sure that Bob hasn’t already transferred that bitcoin to somebody else. No double spending. After validating the transfer, each miner will then send a message to all of the other miners, giving her blessing.
If Bob’s transfer to Carol passes muster, then it, too, will be added to the ledger.
That’s all transactions are—people signing bitcoins (or fractions of bitcoins) over to each other. The ledger tracks the coins, but it does not track people, at least not explicitly. Assuming Bob creates a new address and key for each transaction, the ledger won’t be able to reveal who he is, or which addresses are his, or how many bitcoins he has in all. It’s just a record of money moving between anonymous hands.
There is no master document
Now for the trickier problem: keeping the ledger secure.
The first thing that bitcoin does to secure the ledger is decentralize it. There is no huge spreadsheet being stored on a server somewhere. There is no master document at all.
Instead, the ledger is broken up into blocks: discrete transaction logs that contain 10 minutes worth of bitcoin activity apiece. Every block includes a reference to the block that came before it, and you can follow the links backward from the most recent block to the very first block, when bitcoin creator Satoshi Nakamoto conjured the first bitcoins into existence.
This lineage of blocks is the block chain, and it constitutes bitcoin’s public ledger. Every 10 minutes miners add a new block, growing the chain like an expanding pearl necklace.
Generally speaking, every bitcoin miner has a copy of the entire block chain on her computer. If she shuts her computer down and stops mining for a while, when she starts back up, her machine will send a message to other miners requesting the blocks that were created in her absence. No one person or computer has responsibility for these block chain updates; no miner has special status. The updates, like the authentication of new blocks, are provided by the network of bitcoin miners at large.
Proof of work
Dividing the ledger up into distributed blocks isn’t enough on its own to protect the ledger from fraud. Bitcoin also relies on cryptography.
To add a new block to the chain, a miner has to finish what’s called a cryptographic proof-of-work problem. Such problems are impossible to solve without applying a ton of brute computing force, so if you have a solution in hand, it’s proof that you’ve done a certain quantity of computational work. The computational problem is different for every block in the chain, and it involves a particular kind of algorithm called a hash function.
Like any function, a cryptographic hash function takes an input—a string of numbers and letters—and produces an output. But there are three things that set cryptographic hash functions apart:
1. The output is a predetermined length, regardless of the input.
The hash function that bitcoin relies on—called SHA-256, and developed by the US National Security Agency—always produces a string that is 64 characters long. (The one at the top of this page is much longer, but we’ll explain why further on.) For example:
7f83b1657ff1fc53b92dc18148a1d65dfc2d4b1fa3d677284addd200126d9069
You could run your name through that hash function, or the entire King James Bible. In either case, you’ll get 64 characters out the other end. And, for a given input, you’ll always get the same output.
2. It’s impossible to make a cryptographic hash function work in reverse.
If you have the output of a cryptographic hash function (called a hash for short), there’s no way of knowing what the input was. It’s a one-way street. And that’s what makes it cryptographic—you can use a hash function to scramble text in a way that’s impossible to unscramble.
Think of it like mixing paint. It’s easy to mix pink paint, blue paint, and grey paint. But it’s hard to take the resulting purple and unmix it.
3. Changing the input even a little bit changes the output dramatically
Paint mixing is a good way to think about the one-way nature of hash functions, but it doesn’t capture their unpredictability. If you substitute light pink paint for regular pink paint in the example above, the result is still going to be pretty much the same purple, just a little lighter. But with hashes, a slight variation in the input results in a completely different output:
The proof-of-work problem that miners have to solve involves taking a hash of the contents of the block that they are working on—all of the transactions, some meta-data (like a timestamp), and the reference to the previous block—plus a random number called a nonce.
Their goal is to find a hash that has at least a certain number of leading zeroes. Something like this:
000009ff7ff1fc53b92dc18148a1d65dfc2d4b1fa3d677284addd200126d9069
That constraint is what makes the problem more or less difficult. More leading zeroes means fewer possible solutions, and more time required to solve the problem. Every 2,016 blocks (roughly two weeks), that difficulty is reset. If it took miners less than 10 minutes on average to solve those 2,016 blocks, then the difficulty is automatically increased. If it took longer, then the difficulty is decreased.
Miners search for an acceptable hash by choosing a nonce, running the hash function, and checking. If the hash doesn’t have the right number of leading zeroes, they change the nonce, run the hash function, and check again.
Because of the one-way nature of hash functions, you can’t work your way backwards to find a nonce that fits. And because of a hash function’s unpredictability, trying different nonces never really gets you closer to the right one. It’s all a process of elimination.
When a miner is finally lucky enough to find a nonce that works, and wins the block, that nonce gets appended to the end of the block, along with the resulting hash.
The whole block then gets sent out to every other miner in the network, each of whom can then run the hash function with the winner’s nonce, and verify that it works. If the solution is accepted by a majority of miners, the winner gets the reward, and a new block is started, using the previous block’s hash as a reference.
So how does this protect bitcoin from fraud?
Let’s say a hacker wanted to change a transaction that happened 60 minutes, or six blocks, ago—maybe to remove evidence that she had spent some bitcoins, so she could spend them again. Her first step would be to go in and change the record for that transaction. Then, because she had modified the block, she would have to solve a new proof-of-work problem—find a new nonce—and do all of that computational work, all over again. (Again, due to the unpredictable nature of hash functions, making the slightest change to the original block means starting the proof of work from scratch.) From there, she’d have to start building an alternative chain going forward, solving a new proof-of-work problem for each block until she caught up with the present.
But unless the hacker has more computing power at her disposal than all other bitcoin miners combined, she could never catch up. She would always be at least six blocks behind, and her alternative chain would obviously be a counterfeit.
1
The key is that if somebody modifies an accepted block—one that already has a proof-of-work solution pinned to the end of it—she can’t reuse that same solution. She has to find a new one. And that’s why proof of work is needed—to guarantee that she can’t just surreptitiously modify a block and thus corrupt the ledger.
Mining is competitive, not cooperative
The code that makes bitcoin mining possible is completely open-source, and developed by volunteers. But the force that really makes the entire machine go is pure capitalistic competition. Every miner right now is racing to solve the same block simultaneously, but only the winner will get the prize. In a sense, everybody else was just burning electricity. Yet their presence in the network is critical.
Mining’s ultimate purpose is to prevent people from double-spending bitcoins. But it also solves another problem. It distributes new bitcoins in a relatively fair way—only those people who dedicate some effort to making bitcoin work get to enjoy the coins as they are created.
But because mining is a competitive enterprise, miners have come up with ways to gain an edge. One obvious way is by pooling resources.
Your machine, right now, is actually working as part of a bitcoin mining collective that shares out the computational load. This is why the hash you are trying to find is much longer than 64 characters, and instead looks something like this:
00000002fb9d67c60afc45f67f1ba882722f8f9ca55f55073470ebaf000000040000000040e18ac0bde30874a8dea2df58afd05e99fde87c5f330f2e36691cfda208173f52ad20941904ba6e00000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000080020000
The reasons are complicated, but suffice it to say, your computer is not trying to find the hash that will win the block—at least not immediately. It is working on solving a smaller proof-of-work problem. The solution, if you find one, can be combined with other such solutions found by other miners in the collective to provide a proof-of-work for the block overall.
What are the chances you’ll actually win?
You’ve no doubt been waiting very patiently to find out one thing: is there a chance you’ll actually win some bitcoins?
Nope. Not at all. If you did find a solution, then your bounty would go to Quartz, not you. This whole time you have been mining for us!
But the chances that you find a solution and we profit from the computing power you’ve contributed are essentially zero. The Quartz bitcoin mining collective just isn’t big enough. We’re not trying to take advantage of you. We just wanted to make the strange and complex world of bitcoin a little easier to understand