Mining Incentives and Strategies (23 minutes)

Many thousands of articles have been written purporting to explain Bitcoin, the online, peer-to-peer currency. Most of those articles mining Incentives and Strategies (23 minutes) a hand-wavy account of the underlying cryptographic protocol, omitting many details.

Even those articles which delve deeper often gloss over crucial points. My aim in this post is to explain the major ideas behind the Bitcoin protocol in a clear, easily comprehensible way. Understanding the protocol in this detailed way is hard work. It is tempting instead to take Bitcoin as given, and to engage in speculation about how to get rich with Bitcoin, whether Bitcoin is a bubble, whether Bitcoin might one day mean the end of taxation, and so on.

When can I invest in a cryptocurrency?

That’s fun, but severely limits your understanding. Understanding the details of the Bitcoin protocol opens up otherwise inaccessible vistas. I’ll describe Bitcoin scripting and concepts such as smart contracts in future posts. This post concentrates on explaining the nuts-and-bolts of the Bitcoin protocol. To understand the post, you need to be comfortable with public key cryptography, and with the closely related idea of digital signatures.

Mining Incentives and Strategies (23 minutes)

It may seem surprising that Bitcoin’s basis is cryptography. Isn’t Bitcoin a currency, not a way of sending secret messages? In fact, the problems Bitcoin needs to solve are largely about securing transactions — making sure people can’t steal from one another, or impersonate one another, and so on. In the world of atoms we achieve security with devices such as locks, safes, signatures, and bank vaults. In the world of bits we achieve this kind of security with cryptography.

My strategy in the post is to build Bitcoin up in stages. I’ll begin by explaining a very simple digital currency, based on ideas that are almost obvious. We’ll call that currency Infocoin, to distinguish it from Bitcoin. Of course, our first version of Infocoin will have many deficiencies, and so we’ll go through several iterations of Infocoin, with each iteration introducing just one or two simple new ideas. After several such iterations, we’ll arrive at the full Bitcoin protocol. This strategy is slower than if I explained the entire Bitcoin protocol in one shot. But while you can understand the mechanics of Bitcoin through such a one-shot explanation, it would be difficult to understand why Bitcoin is designed the way it is.

The advantage of the slower iterative explanation is that it gives us a much sharper understanding of each element of Bitcoin. Finally, I should mention that I’m a relative newcomer to Bitcoin. So I’d certainly appreciate corrections of any misapprehensions on my part. First steps: a signed letter of intent So how can we design a digital currency? On the face of it, a digital currency sounds impossible. If Alice can use a string of bits as money, how can we prevent her from using the same bit string over and over, thus minting an infinite supply of money?

Family rescued safely after house fire in Riverside

Or, if we can somehow solve that problem, how can we prevent someone else forging such a string of bits, and using that to steal from Alice? These are just two of the many problems that must be overcome in order to use information as money. Suppose Alice wants to give another person, Bob, an infocoin. She then digitally signs the message using a private cryptographic key, and announces the signed string of bits to the entire world. A similar useage is common, though not universal, in the Bitcoin world.

This isn’t terribly impressive as a prototype digital currency! But it does have some virtues. So the protocol establishes that Alice truly intends to give Bob one infocoin. To make this explicit: it’s just the message itself, i.

Later protocols will be similar, in that all our forms of digital money will be just more and more elaborate messages . Using serial numbers to make coins uniquely identifiable A problem with the first version of Infocoin is that Alice could keep sending Bob the same signed message over and over. Does that mean Alice sent Bob ten different infocoins? What we’d like is a way of making infocoins unique. They need a label or serial number.

To make this scheme work we need a trusted source of serial numbers for the infocoins. One way to create such a source is to introduce a bank. The bank reduces her account balance by one infocoin, and assigns her a new, never-before used serial number, let’s say 1234567. But Bob doesn’t just accept the infocoin. Making everyone collectively the bank This last solution looks pretty promising. However, it turns out that we can do something much more ambitious. We can eliminate the bank entirely from the protocol.

Buy a gift card for use at Panda Buffet »

This changes the nature of the currency considerably. It means that there is no longer any single organization in charge of the currency. In particular, we’ll assume that everyone using Infocoin keeps a complete record of which infocoins belong to which person. You can think of this as a shared public ledger showing all Infocoin transactions. We’ll call this ledger the block chain, since that’s what the complete record will be called in Bitcoin, once we get to it. Now, suppose Alice wants to transfer an infocoin to Bob.

Bob can use his copy of the block chain to check that, indeed, the infocoin is Alice’s to give. If that checks out then he broadcasts both Alice’s message and his acceptance of the transaction to the entire network, and everyone updates their copy of the block chain. I will defer it to later, in the discussion of Bitcoin. A more challenging problem is that this protocol allows Alice to cheat by double spending her infocoin. At first glance double spending seems difficult for Alice to pull off. Once that has happened, Charlie would no longer be fooled by Alice. So there is most likely only a brief period of time in which Alice can double spend.

Litecoin Mining Hardware

However, it’s obviously undesirable to have any such a period of time. How can we address the problem of double spending? The obvious solution is that when Alice sends Bob an infocoin, Bob shouldn’t try to verify the transaction alone. Rather, he should broadcast the possible transaction to the entire network of Infocoin users, and ask them to help determine whether the transaction is legitimate. If they collectively decide that the transaction is okay, then Bob can accept the infocoin, and everyone will update their block chain. In more detail, let’s suppose Alice wants to give Bob an infocoin. Also as before, Bob does a sanity check, using his copy of the block chain to check that, indeed, the coin currently belongs to Alice.

But at that point the protocol is modified. Bob doesn’t just go ahead and accept the transaction. This protocol has many imprecise elements at present. It can’t mean everyone in the network, since we don’t a priori know who is on the Infocoin network. For the same reason, it can’t mean some fixed fraction of users in the network. We won’t try to make these ideas precise right now. Proof-of-work Suppose Alice wants to double spend in the network-based protocol I just described.

She could do this by taking over the Infocoin network. Let’s suppose she uses an automated system to set up a large number of separate identities, let’s say a billion, on the Infocoin network. As before, she tries to double spend the same infocoin with both Bob and Charlie. There’s a clever way of avoiding this problem, using an idea known as proof-of-work.

Bitcoin money back

But to really understand proof-of-work, we need to go through the details. As other people on the network hear that message, each adds it to a queue of pending transactions that they’ve been told about, but which haven’t yet been approved by the network. I, Tom, am giving Sue one infocoin, with serial number 1201174. I, Sydney, am giving Cynthia one infocoin, with serial number 1295618. I, Alice, am giving Bob one infocoin, with serial number 1234567. David checks his copy of the block chain, and can see that each transaction is valid.

Alice in Wonderland, an Art Deco Suite of Stained & Leaded Glass Doors & Windows

He would like to help out by broadcasting news of that validity to the entire network. Without the solution to that puzzle, the rest of the network won’t accept his validation of the transaction. What puzzle does David need to solve? Bitcoin uses the well-known SHA-256 hash function, but any cryptographically secure hash function will do. This will be enough to solve a simple proof-of-work puzzle, but not enough to solve a more difficult proof-of-work puzzle. What makes this puzzle hard to solve is the fact that the output from a cryptographic hash function behaves like a random number: change the input even a tiny bit and the output from the hash function changes completely, in a way that’s hard to predict.

Obviously, it’s possible to make this puzzle more or less difficult to solve by requiring more or fewer zeroes in the output from the hash function. In fact, the Bitcoin protocol gets quite a fine level of control over the difficulty of the puzzle, by using a slight variation on the proof-of-work puzzle described above. It’s straightforward to modify the Bitcoin protocol so that the time to validation is much more sharply peaked around ten minutes. Alright, let’s suppose David is lucky and finds a suitable nonce, . He broadcasts the block of transactions he’s approving to the network, together with the value for .

For the proof-of-work idea to have any chance of succeeding, network users need an incentive to help validate transactions. Without such an incentive, they have no reason to expend valuable computational power, merely to help validate other people’s transactions. And if network users are not willing to expend that power, then the whole system won’t work. The solution to this problem is to reward people who help validate transactions. In the Bitcoin protocol, this validation process is called mining. For each block of transactions validated, the successful miner receives a bitcoin reward. Initially, this was set to be a 50 bitcoin reward.

This has happened just once, to date, and so the current reward for mining a block is 25 bitcoins. This halving in the rate will continue every four years until the year 2140 CE. You can think of proof-of-work as a competition to approve transactions. Each entry in the competition costs a little bit of computing power.

chevron-right–small

So, for instance, if a miner controls one percent of the computing power being used to validate Bitcoin transactions, then they have roughly a one percent chance of winning the competition. Of course, while it’s encouraging that a dishonest party has only a relatively small chance to corrupt the block chain, that’s not enough to give us confidence in the currency. In particular, we haven’t yet conclusively addressed the issue of double spending. Before doing that, I want to fill in an important detail in the description of Infocoin.

We’d ideally like the Infocoin network to agree upon the order in which transactions have occurred. If we don’t have such an ordering then at any given moment it may not be clear who owns which infocoins. Occasionally, a fork will appear in the block chain. Fortunately, there’s a simple idea that can be used to remove any forks. The rule is this: if a fork occurs, people on the network keep track of both forks. But at any given time, miners only work to extend whichever fork is longest in their copy of the block chain.

ใช้เวลานานแค่ไหนที่จะถึง Ripple Made จาก Policlinico Casilino, Roma โดย รถบัส?

Suppose, for example, that we have a fork in which some miners receive block A first, and some miners receive block B first. Those miners who receive block A first will continue mining along that fork, while the others will mine along fork B. After they receive news that this has happened, the miners working on fork A will notice that fork B is now longer, and will switch to working on that fork. Presto, in short order work on fork A will cease, and everyone will be working on the same linear chain, and block A can be ignored. Of course, any still-pending transactions in A will still be pending in the queues of the miners working on fork B, and so all transactions will eventually be validated. Likewise, it may be that the miners working on fork A are the first to extend their fork.

In that case work on fork B will quickly cease, and again we have a single linear chain. No matter what the outcome, this process ensures that the block chain has an agreed-upon time ordering of the blocks. 5 blocks follow it in the longest fork. This gives the network time to come to an agreed-upon the ordering of the blocks.