# Bitcoin Explained (VI)

By | 2012-09-18

This is the final part, part VI in my â€œBitcoin Explainedâ€ series.

Details then. Not necessarily relevant for understanding.

Bitcoinâ€™s transactions are a little more sophisticated than the paper analogy reveals. Each transaction is itself uniquely identified, and acts as a hub for transferring from any number of arbitrary sources to any number of arbitrary destinations. As long as the sum of (signed) inputs is less than or equal to the sum of outputs, the network will consider the transaction valid.

``````TX#5000:out#1 = ...
TX#5000:out#2 = ...
TX#5000:out#3 =  50 BTC -
\
...                \
TX#5001:out#3 = ...        \             /-- 80 BTC -> PUBKEY#9292
TX#5001:out#5 = 150 BTC ----+- TX#5004 -+
TX#5001:out#6 = ...        /  (155 BTC)  \-- 70 BTC -> PUBKEY#8755
/
TX#5002:out#1 = ...      /
TX#5002:out#2 =   5 BTC -
...``````

There is an awful lot contained in this diagram. First think of TX#5004, not primarily as a transaction, but as a claim. It is claiming one output each from TX#5000, TX#5001, and TX#5002 â€“ and that claim is validated because the owner of TX#5004 will own the private keys matching the public keys in the outputs of those funding transactions, and proves it by signing TX#5004 with those keys. Similarly, the outputs from `TX#5004` are not to another transaction (how can they be, the transaction that uses them doesnâ€™t exist when `TX#5004` is being created?), rather they are being sent to particular public keys. These are the public keys of the identities `TX#5004` wants to pay (they need not be the same identity).

Notice that the inputs total 155 BTC, and do not equal the outputs, which total 150 BTC. Whichever miner includes this transaction in a block is allowed to claim the overpayment for themselves as a transaction fee. It is intended that these transaction fees will eventually replace the block reward as the miner incentive.

Summary:

• One transaction can claim outputs from multiple earlier transactions.
• One transaction can have multiple outputs.
• Payments are claimed using a private key and a reference to a preceding transactionâ€¦
• â€¦ that preceding transaction being an output to the claimantâ€™s public key.
• Any difference between the sum of outputs and sum of inputs will be claimed by the miner.

We have seen how public keys are used as the destination for transactions. That means for you to receive money you need to have a public key (and matching private key if you ever want to be able to spend it) to give the person paying you. For reasons that we neednâ€™t cover here, public keys in Bitcoin arenâ€™t actually keys. They are the type, hash and checksum of a key, and this representation is referred to as a Bitcoin address. They are still numbers, but so that they take up less horizontal space when typed, they are represented as base58 numbers with ASCII characters used for the additional 48 symbols needed for the digits. You neednâ€™t concern yourself other than to know that your Bitcoin client will display your public key in this form, and it is that that you must give to the person wanting to pay you; but really this address is just more convenient mask for a public key.

The block reward for miners is not fixed at 50 BTC. It will reduce over time. It â€œreducesâ€ in the sense that the Bitcoin client is programmed to reject any generated block that doesnâ€™t follow the generation rule, which is that the reward halves every 210,000 blocks (approximately four years). Since the block reward is the only method by which bitcoins can enter the system, that ever-decreasing value means that the total number bitcoins created will be approximately 21 million 1.

Mining is designed to be close-to-break-even. Consider that the network is constantly compensating for increases in computing power, therefore the rate of reward is fixed at 50 coins every ten minutes. The network compensation means that those 50 coins are spread around according to computational power contributed. That computational power has a cost, both in electricity and capital expenditure. If the current exchange rate for bitcoins is such that the proportional block reward a miner receives is smaller than their proportional costs, then the miner will simply stop mining. That will reduce the network power, lowering the difficulty, until miners are covering their costs and hence stop switching their machines off. This is a classic negative feedback control system, and will result in cost-of-mining equalling reward-from-mining. Itâ€™s possibly not quite as simple as this, because there is an element of price speculative behaviour on the part of miners, so there is likely to be a little bit of oscillation; but the end point is inevitable â€“ there will always be just enough miners to support the current price.

For any block of interest (say one that pays you money), the more blocks that have been constructed on top of that block, the harder it is for your block to be undone by an attacker. The number of blocks on top of a block-of-interest is called the confirmation number; received wisdom is that six confirmations is as close to undoable as any practical use would need. In reality, block chain reorganisations are rare, and double spend attempts are so expensive for the attacker, that small transactions can probably be considered safe with one or two confirmations.

It takes, it is estimated, about 10 seconds for a new transaction to propagate through the network. It takes, typically, 10 minutes for a new transaction to make it in to a block. It takes, typically, one hour for six confirmation blocks to be built on top of that; at which point the transaction is, for all practical purposes, written in stone. To use the nomenclature of the banking system, it is â€œclearedâ€ and spendable.

For really trivial amounts, like buying penny sweets in a newsagent, the merchant might consider the risk so low, and the loss if the risk is realised so minuscule that they accept on zero transactions â€“ merely seeing the transaction on the network will be enough. This attitude will certainly be justified, since the cost of a double spend attack is so high that it wouldnâ€™t be financially viable to use it to steal penny sweets.

A merchant can listen for that first broadcast, and assuming a low value item (i.e.Â one that it isnâ€™t worth purchasing a computer more powerful than the top 500 supercomputers combined to subvert), they can release the goods within that ten seconds. Ferrari sellers should probably wait the full hour.

Yesterday I was asked some good questions about Bitcoin. They werenâ€™t really technical questions, they were economic and political; but they are as important for Bitcoin as the technical stuff in the previous articles.

I thought I would try and answer those questions (and some others) here to finish off.

Given the price volatility of bitcoins, what makes it a safe currency?

The answer is â€œnothingâ€. They are worth only what someone will pay you for them. Over the last year the exchange rate has fluctuated from less than a dollar, to above thirty dollars, to two dollars. The price seems to be creeping up again at the moment, towards twelve dollars.

Holding bitcoins is risky. They could be worth nothing tomorrow. That is actually unlikely, they are volatile, but not that volatile. Moves of 50% in a day are not unheard of though. The solution to that is that you donâ€™t hold them. There are already companies appearing that offer a straight-to-fiat conversion service for merchants; bitcoins sent to a dedicated account are instantly converted back to dollars, and so are completely immune to currency fluctuation.

Over time, if bitcoin becomes successful, the non-speculative part of the bitcoin economy will become bigger; so much so that the money needed to move the price will not be practically available to anyone. This is exactly the same effect that protects dollars, pounds or any other currency (the FOREX market moves about four trillion a day â€“ thatâ€™s why dollars donâ€™t change value by 50% in a day).

Who issues the coins?

Being decentralised, there is no one issuer. Nor are they issued â€œbackedâ€. That is to say, nobody says â€œI will feed \$300 dollars in at the moment that I create 50 coinsâ€. Bitcoins are issued by the algorithms run by each node in the network; you canâ€™t give yourself an arbitrary amount, because the other nodes will not recognise that transaction. You would have to persuade everybody else that you should get special treatment and get more reward than they can getâ€¦ i.e.Â itâ€™s not going to happen.

In this respect bitcoins are (at present) highly inflationary. Itâ€™s the equivalent of a government printing more money on a daily basis. The difference with Bitcoin is that all the participants know that this is happening, know that the inflation is dispersed to the participants rather than accruing to a central authority, know exactly what that rate of inflation is, that that rate reduces daily, and know that it eventually (2033) will come to an end.

Those rules are hard coded into the Bitcoin software, and it would take a majority of bitcoin nodes agreement to change those rules. Since it would not be to the majorityâ€™s advantage to change those rules, they wonâ€™t agree. Think about it like this: if our fiat-issuing governments gave us, who hold the currency and pay for the products, the ability to veto their money printing; what would we do?

Bitcoin will fail because itâ€™s not backed by anything, like gold.

What is gold backed by?

Gold is valuable because of some key properties it holds that make it useful as a store of value.

Bitcoins are valuable because of some key properties they hold that make them useful as a store of value.

Bitcoins, like every commodity, are valuable because of their utility. That utility comes from the Bitcoin network, which enables near frictionless international, instantaneous transfer of value. As more merchants accept bitcoins, that utility will only grow, making them more valuable at the same time.

Dollars/pounds/euros are backed by â€˜full faith and creditâ€™ of a government

It is entirely at your option what value you put in that â€œfull faith and creditâ€ of a government. Make sure you know that since the end of the gold standard (and quite a bit before as well, if weâ€™re honest) governments have consistently debased their currencies at the expense of the citizens who hold that currency.

Then have a think about the euro-crisis. That is the result of misusing the â€œcreditâ€ of a government.

Fiat currencies have utility too, just like bitcoins. After all, no one is suggesting that the little bits of printed paper are physically worth their nominal value. They have value because their utility lies in the fact that governments accept them as payment for taxes. Thatâ€™s, pretty much, the only thing fiat has going for it.

Bitcoins are a bubble

Bitcoin value can be a bubble; and arguably over the last year a bubble has been inflated (to \$30) and deflated (to \$2). But, as with the famous tulip bubble, bubbles are a human construction, not a commodity construction. Tulips existed before the bubble, during the bubble, and after the bubble. As will bitcoins. They may be temporarily over valued â€“ but thatâ€™s the marketâ€™s problem, not the currencyâ€™s problem.

Gold and silver have both experienced bubbles. They are both still around, and both still have value.

Arenâ€™t bitcoins a Ponzi scheme? Ponzi schemes are bad.

This one turned up a lot when the price of bitcoins was shooting up. Not so much when it wasnâ€™t. The argument goes that that early adopters are rewarded at the expense of the later adopters. The same is true of any speculation. The defining characteristic of a Ponzi scheme is that it requires there to be more investors next week than there were this week. Bitcoins donâ€™t require that, and therefore arenâ€™t a Ponzi.

There is also no gatekeeper creaming off a profit.

And hereâ€™s the killer response: Ponzi schemes donâ€™t bounce. Bitcoin exchange rates hit a bottom of \$2 and started increasing again â€“ thatâ€™s impossible with a Ponzi scheme.

Bitcoins are deflationary, and deflationary spirals are deadly; hence bitcoin will never succeed

I admit to finding this the most bizarre argument against bitcoins. The only way bitcoins will be deflationary is if they are a success. The deflationary spiral means that people anticipate that next week they will be worth more than this week, and so refuse to spend. Refusing to spend will shrink the economy making them worth less next week. i.e.Â there are two market forces both pushing against each other.

This argument also ignores the fact that all spending, regardless of inflation or deflation, is driven by desire for the item being purchased. At some point the perceived benefit from ownership outweighs the net present value of the currency. At that point, a purchase is made.

As with all things left to freedom, the market will sort it out.

There, Iâ€™m done for now. Iâ€™ve covered as much as I can. Hope it helps someone somewhere.

1. That 21 million comes as the result of the sum of a geometric series, where the first element is

$50Ã—210,000$

and the constant ratio is

$\frac{1}{2}$