Bitcoin Explained (III)

By | 2012-09-15

This is part III in my “Bitcoin Explained” series.

The problem we left at the end of part II was that while we had a way of constructing a coherent chain of blocks, and of having them verifiably claim an arbitrary level of difficulty of creation; we had no way of deciding how difficult a block should be.

We have discussed how a block may be given a certain level of difficulty, via it’s target parameter. We want to ensure that the chain we use was not easy to create, in fact, the harder the “real” chain is to create, the more difficult it would be for an attacker to generate a new chain with transactions beneficial to themselves in it. We do that by demanding a particular target in any new block; but target is a number with arbitrary units, what is the right value for to demand?

To answer that we have to spread our thinking a little wider than a single node. Think now of the whole network of Bitcoin nodes, they are all sending blocks between each other, verifying them and adding them to their own local copy of the block chain. We know that to generate a block, the system requires a certain amount of brute-force number crunching be done to find a nonce that creates a block that meets the difficulty set by target. Who is doing that brute-force number crunching though? The answer is the miners.

The miners are special Bitcoin nodes. They are special in that they are dedicating themselves to producing new blocks, rather than simply listening for new blocks. That is to say, they choose a target, write it in their potential block, then start trying different nonce values in that potential block until it results in a hash acceptable to the rest of the network. Once an acceptable block is produced, it is broadcast to all the nodes connected to that miner; they in turn broadcast it to all the nodes connected to them. In this way, new blocks propagate through the network. Since the nodes will only hold the block to be valid and add it to their chains if it meets their validity checks, the miners know that there is no point in broadcasting fake blocks.

Miners are motivated to do this work because there is a reward for finding a valid block (we’ll come to what that reward is later). All the miners are simultaneously trying to win that reward, and be the first to broadcast their solution. It is a reward that you are more likely to win if you have the biggest, fastest computer. Hence there would be (in the absence of any limiting factor) a race to produce as many blocks as possible as fast as possible, probably by purchasing ever increasingly powerful computers.

This isn’t what happens, because in reality there is a limiting factor. That limiting factor is determined by the network picking a target that is harder and harder to achieve as the power of the miners gets faster and faster. How do we know how fast the miners are though? We can’t visit everyone’s computer and measure their CPU speed. The answer is that it is estimated retrospectively from how fast blocks have previously been generated.

Bitcoin nodes pick an acceptable target by aiming for one block to be produced every ten minutes. target is adjusted by examining the previous group of 2016 blocks; and adjusting the new target to be such that that previous group would have taken two weeks to generate. Phew. Sounds complicated, but it’s clearer if we look at each step in detail.

  • Assume stationary network power (i.e. the number of nodes, and the speed of their CPUs is fixed).
  • If one block is generated every 10 minutes, then in the 20,160 minutes that exist in two weeks, there should be 2,016 blocks.
  • Each block has a timestamp in it; subtract the time for the first block in the group of 2,016 from the time for the first block in the next group of 2,016. This gets us the measured interval for those blocks.
  • That interval will be (a) smaller than two weeks; (b) larger than two weeks.
  • If (a) then the target used for those 2,016 blocks was too small; increase the new target in proportion.
  • If (b) then the target used for those 2,016 blocks was too high; decrease the new target in proportion.

If the assumption that the network power hasn’t changed is valid and the nodes will only accept blocks that meet this new difficulty target, then blocks will have to be generated at a difficulty that makes one new block every ten minutes (on average). That assumption isn’t entirely valid, but the power of the network has (so far) not changed significantly enough over 2,016 blocks that the calculation has been wildly wrong.

The phrase “on average” was important in the previous paragraph. There is no way to predict whether any particular nonce will result in an acceptably difficult hash, so it is entirely statistical whether a randomly selected nonce will be “right”. Sometimes a miner will find an acceptable hash on its first attempt (if its really lucky), sometimes no miner will find a solution until well after the ten minute target. These two situations will average out though, resulting in one block approximately every ten minutes.

One final property of the block chain worth noting. The easiest block to replace is the latest one. If you had the same computing power as the current Bitcoin network at your disposal then it’s likely that 50% of the time you would generate the winning block. If you were an attacker then, you could put your own payload in the block and 50% of the time your payload would be accepted by the network (for this reason we want as much computing power in the publicly visible Bitcoin network as possible – currently the Bitcoin network is more powerful than the combined power of the world’s top 500 super computers). However, once another block has been added to the chain, if you want to replace the second to top block, you have to have enough computing power to calculate two blocks before the honest network calculates one. You need two Bitcoin networks worth of power. To replace the third to top block, you need three Bitcoin networks worth of power. And so on, and so on. Thus, the more blocks that have been built on top of a block you are interested in, the more securely that block is fixed in the public record.

We’ve reached a milestone then. We have a network of systems that self regulates the production rate of blocks that are verifiably hard to produce, and verifiably form a chain leading back to a trusted point. This, in fact, is the true achievement of Bitcoin, rather than its financial uses. The creator of Bitcoin called it a peer-to-peer, distributed timestamp server that doesn’t require mutual trust. The payload of each block is included in the hash calculation, so the payload cannot be changed at a later date; plus anyone can validate that payload and check the timestamp written on the block that contains it.

As a simple example of the utility of a timestamping server, let’s say you wrote “Candle in the Wind” in 1952 and Elton John stole it from you, subsequently making a load of cash. You want to sue him, how do you prove you wrote it? If, in 1952 you had taken a photo of you holding the sheet music you wrote, included a JPEG of that photo as the payload in a block chain, then you would have incontrovertible proof that that sheet music existed in 1952 (assuming all those technologies existed at the time).

Let’s say you signed a contract with Microsoft to buy your Web Browser software in 1996. Later Microsoft raided your house, stole your copy, burned their own copy and now deny all knowledge that they owe you anything. Again, you could have taken a photograph of the contract, but this time just stored the hash of the JPEG in the block chain in 1996. Incontrovertible proof is then stored forever of the existence of that contract at that date.

Let’s say you sign a cheque (you can see where I’m going with this can’t you?). Store a hash of a JPEG of the cheque in the block chain. Cheque exists. The person you send the cheque too now doesn’t need the cheque; the evidence of its existence can (with a few additional rules) be used instead of cash.

We’re now at the point where we can talk about Bitcoin transactions. I’ve gone through the above to demonstrate that the transactions are orthogonal to the block chain; the block chain can be used as a timestamped proof of existence of anything you can represent digitally. Bitcoin transactions happen to be one particularly excellent use of the block chain.

We’ll talk about transactions in part IV.

Leave a Reply