Part 2: Understanding the Blockchain

How to make decentralized, digital cash.

(Part 1 was A brief history of decentralization: about E-gold, Napster, and BitTorrent. What follows is part 2 of a 5 article series for the curious, non-technical reader.)

As a technology, cash is pretty impressive. It’s easy to verify and difficult to forge. When you pay for a coffee with cash, a third party is not required to verify and process that transaction — it’s peer-to-peer and decentralized. Most likely, the only personal information revealed was your physical appearance. If digital cash is to be adopted, then it should, at a minimum, behave similar to physical cash from the perspective of the individuals involved. This article will explain how to create digital cash that is 1) hard to forge and 2) transferrable without requiring a third-party (aka: decentralized).

Long before the days of e-gold (link back to previous post), people knew how to make something digital that was hard to forge. It’s called the digital signature.

A digital signature is a mathematical scheme to authenticate digital messages. The content of the message doesn’t matter — anything digital can be signed. Digital signatures employ cryptography. Most schemes have three parts:

  1. The generation of a private key and a corresponding public key.
  2. A signing algorithm that, given a message and a private key, produces a signature.
  3. A signature verifying algorithm that, given the message, public key and signature, either accepts or rejects the message’s claim to authenticity.

For some time, I struggled with how to explain digital signatures to people unfamiliar with cryptography. Then I realized the Chinese seal might be an interesting analog:

Chinese seals are typically made of natural materials (stone, wood, ivory, … ). Official documents are stamped with an individual or company’s seal instead of a handwritten signature. This has some advantages. Each seal is unique and difficult to duplicate because the surface details of the organic material cause detectable variations when the stamp is used. By fanning the pages, a stamp can be applied over multi-page documents such that it is easy to detect if a page is missing or changed. Some Asian governments and financial institutions keep stamps on record for fast, precise verification of documents.

Here’s how you would authenticate a digital document:

For example: An individual has a private key (seal) that represents ownership of their account and is used to produce a digital signature (stamp a document) that authorizes transactions in their name. Another party could view the public key (read the characters on the seal) and quickly verify their digital signature (against public government records) to accept or reject the claim to authenticity of the transaction.

We can create digital “coins” as signed digital messages. These will be very difficult to forge, which satisfies the first part of the solution. But if it’s possible to send the same digital coin to two or more people, AKA “double-spending”, then we have an incomplete solution. This “double-spending” problem, by the way, is far trickier than it might first appear. It stumped all previous attempts to decentralize digital money.

To understand how Satoshi Nakamoto, the creator of Bitcoin, resolved doubling spending, it helps to consider a smaller, simplified example first. Three people — Alice, Bob, and Carol — want to transact using digital coins. Everyone starts with one digital coin, and they agree upon some rules:

  1. New transactions are digitally signed and shared with everyone.
  2. Each person records new balances in their own sheet (spreadsheet).
  3. If a transaction spends the same coin twice, the first transfer is recorded in the sheet and the second is ignored.
  4. Once per day, everyone compares sheets. If the majority (two of three in our example) of the sheets are the same, the corresponding balances are accepted as “correct.”

Initially, things would look like this:

Sheet 1 (Account Balances)

 Account Balance  
--------- ---------
Alice 1
Bob 1
Carol 1

Then Bob sends his coin to Alice and Carol transfers her coin to Bob. They each record the new balances in their sheets, and at the end of the day, the majority agree on the following sheet:

Sheet 2 (Account Balances)

 Account Balance 
--------- ---------
Alice 2
Bob 1
Carol 0

You could see how this process would continue. Each day settlement happens, and a new sheet is added. Consensus is reached among Alice, Bob, and Carol through a simple majority. The process is nicely decentralized and peer-to-peer.

Yet there’s an obvious problem: Bob and Carol could collude against Alice. They could get together and agree to reverse each other’s transactions — effectively changing their account balances. Again, “correct” is whatever the majority agrees upon.

One way to reduce the effectiveness of colluding is to randomly pick one participant’s sheet and accept that sheet as “correct”. This works when people are known, yet, when we switch to computers talking to one another, we still have a problem. Someone with more computers would have a disproportionate chance of his or her sheet being selected. This is where a “proof-of-work” system is needed. A proof-of-work is a computational puzzle that is costly or time-consuming to produce but easy for others to verify. One way to think of a proof-of-work problem is like solving a Sudoku puzzle. The goal of Sudoku is to complete a partially filled in 9×9 grid with digits such that each column, row, and 3×3 section contains the all the numbers between 1 to 9 once and only once. Although solving a Sudoku puzzles requires a lot of time and effort, anyone with a knowledge of the rules can immediately verify a correct solution without having to solve the puzzle themselves.

We can use a proof-of-work puzzle, related to the account balances in a given day, to make it expensive to connect many computers and keep them computing the puzzles. Let’s modify our sheets to also include the solution to the new and previous puzzle. (You will see why we need the previous puzzle shortly.)

Here are the updated rules:

  1. New transactions are digitally signed and shared with everyone.
  2. Each person records new balances in their own sheet (spreadsheet).
  3. If a transaction spends the same coin twice, the first transfer is recorded in the sheet and the second is ignored.
  4. Once per day, everyone works to solve the proof-of-work puzzle for their sheet.
  5. When a person solves the puzzle, they record it in their sheet and share it with everyone.
  6. People express their acceptance of the sheet by working on creating the next sheet in the chain, using the puzzle from the accepted sheet.

In effect, we have “chained” our sheets together such that making a change to any single sheet requires redoing the puzzle — not just for that specific sheet — but for all the sheets thereafter. Why? Because once a proof-of-work is created for a given set of balances, it cannot be reused for different balances without redoing the work. As later sheets are chained after it, the work to change the sheet would include redoing all the sheets after it.

I hope it’s obvious to the reader that my sheets are blocks and the chaining forms the “blockchain”. (Even though it’s more of a mouthful — I prefer calling it “proof-of-work” chain). The very astute reader might realize it’s possible that two people could share a block at the same time. (These blocks would differ because their puzzles are digitally signed and are thus different.) In this case, the tie would be broken when the next proof-of-work is found and one of the branches in the chain becomes longer. A rule is that participants must work on the longest chain.

This concept of a blockchain becoming a “trusted” record secured through proof-of-work really is fantastic and original. It makes it possible to transfer digital money directly from one party to another without an intermediary. But there is something even more subtle and deeper that involves the incentives that emerge while the system is running. And this, in my opinion, is where Satoshi’s genius shines through the most. It’s how the system combines a proof-of-work chain with incentives to help participants stay honest.

By convention, the first transaction in a Bitcoin block is special. It creates new bitcoins owned by the participant that solved the proof-of-work for the block. This is a clever way to initially distribute coins into circulation without requiring a central authority to issue them. Yet it’s far more than that. The reward of new bitcoin adds an incentive to support and secure the network. If a greedy participant could assemble a lot of puzzle-solving power, he would have to choose between using that power to defraud people through reversing their own payments or using it to generate new coins. Clearly, it should be more profitable to play by the rules and win more coins than anyone else combined, rather than working to undermine the very system that is required to transact in the first place!

And there you have it.

Continue with part 3: Why did the creator of Bitcoin want decentralized, digital cash?

By Sean Moss-Pultz on January 21, 2017.