Note: These lecture notes were slightly modified from the ones posted on the 6.824 course website from Spring 2015.
- an electronic currency system
- has a technical side and a financial, economic, social side
- maybe the 1st thing to ask: is it trying to do something better? is there a problem it solves for us?
- online payments use credit cards, why not just use them?
- Pluses:
- They work online
- Hard for people to steal my credit card (there are laws about how credit card companies work so that if your number is stolen, you are protected)
- Good/Bad:
- Customer service # on the back allows you to reverse charges
- this can prevent or create fraud
- tied to some country's currency
- Customer service # on the back allows you to reverse charges
- Minuses
- No way for me as a customer or a merchant to independently verify anything
about a credit card transaction: do you have money, is the CC # valid?
- it can be good if you don't want people finding out how much money you have
- relies on 3rd parties: great way to charge fees on everything
- 3% fees
- settling time is quite long (merchants are not sure they are getting their money until after one month)
- pretty hard to become a credit card merchant
- credit card companies take a lot of risk by sending money to merchants who might not send products to customers, resulting in the credit card company having to refund customers
- No way for me as a customer or a merchant to independently verify anything
about a credit card transaction: do you have money, is the CC # valid?
- Pluses:
- For Bitcoin:
- no 3rd parties are needed (well, not really true anymore)
- fees are much smaller than 3%
- the settling time is maybe 10 minutes
- anyone can become a merchant
- Bitcoin makes the sequence of transactions verifiable by everyone and agree
on it
=>
no need to rely on 3rd parties
- simple electronic money system
- it has one server called OneBank
- each user owns some coins
Design:
OneBank server
- onebit xction:
- public key of new owner
- a hash of the last transfer record of this coin
- a signature done over this record by the private key of last owner
- bank keeps the list of transactions for each coin
x
transfer the coin toy
[T7: from=x, to=y; hash=h(prev tx); sig_x(this)]
y
transfers the coin toz
, gets a hamburger from McDonalds[T8: from y, to=z; hash=h(T7); sig_y(this)]
- what can go wrong?
- if someone transfers a coin to
z
it seems very unlikely that anyone else other thanz
can spend that coin: because no one else can sign a new transaction with that coin since they don't havez
's private key
- if someone transfers a coin to
- we have to trust one bank to not let users double spend money
y
can also buy a milkshake from Burger King with that same coin if the bank helps him[T8': from y, to=q'; hash=h(T7); sig_y(this)]
- the bank can show T8 to McDonalds and T8' to Burget King
- (I love free food!)
- as long as McDonalds and Burger King don't talk to each other and verify the transaction chain, they won't detect it
- bitcoin has a single block chain
- many server: more or less replicas, have copy of entire block chain
- each block in the block chain looks like this:
- hash of previous block
- set of transactions
- nonce
- current time
- xactions have two stages
- first it is created and sent out to the network
- then the transaction is incorporated into the block chain
All of the peers in the bitcoin network try to create the next block:
- each peer takes all transactions that have arrived since the previous block was created and try to append a new block with them
- the rules say that a hash of a block has to be less than a certain number (i.e. it has a # of leading of zeros, making it hard to find)
- each of the bitcoin peers adjust the
nonce
field in the block until they get a hash with a certain # of leading zeros - the point of this is to make it expensive to create new blocks
- for a single computer it might take months to find such a nonce
- the # of leading zeros is adjusted so that on average it takes 10 minutes for
a new block to be added
- clients monitor the
currentTime
field in the last 5 transactions or so and if they took to little time, they add another zero to # of target zeros- everyone obeys the protocol because if they don't the others will either reject their block (say if it has the wrong # of zeros or a wrong timestamp)
- clients monitor the
- "In the beginning there was nothing, and then Satoshi created the first block."
- "And then people started mining additional blocks, with no transactions."
- "And then they got mining reward for each mined block."
- "And that's how users got Bitcoins."
- "And then they started doing transactions."
- "And then there was light."
If a tx is in the block chain, can the system double spend its coins?
- forking the block chain is the only way to do this
- can the forks be hidden for long?
- if forks happens, miners will pick either one and continue mining
- when a fork gets longer, everyone switches to it
- if they stay on the shorter fork, they are likely to be outmined by the others and waste work, so they will have incentive to go on the longer one
- the tx's on the shorter fork get incorporated in the longer one
- committed tx's can get undone => people usually wait for a few extra blocks to be created after a tx's block
- this is where the 51% rule comes in: if 51% of the computing power is honest the protocol works correctly
- if more than 51% are dishonest, then they'll likely succeed in mining anything they want
- probably the most clever thing about bitcoin: as long as you believe than more than half the computing power is not cheating, you can be sure there's no double spending
- (+) publicly verifiable log
- (-) tied to a new currency and it is very volatile
- lots of people don't use it for this reason
- (+/-) mining-decentralized trust
Hard to say what will happen:
- we could be all using it in 30 years
- or, banks could catch up, and come up with their own verifiable log design