How to explain bitcoin to your mother

How to explain Bitcoin

to your mother? @philippecamacho

Distributed System,

Open Source, Digital

Signatures, Collision-

Resistant Hash

Functions, Broadcast

transactions, Merkle

trees,…

Very interesting…

I can send bitcoin via

email right?

Me My mother

Maybe my

explanation

was not very

clear…

(Let’s do it again)

What is

Bitcoin?

Bitcoin

It’s like gold expect that it’s digital

No central authority controls the coins

Limited number of bitcoins (btc)

You can keep it or transfer it

You don’t have to reveal your identity

Hum… Looks nice,

but how does it work?

Solution 0

Example: Linden Dollars

I control everything.

Fix #1

Bitcoin is a distributed protocol and is open source.

Solution 1

1 BTC

2 BTC 1 BTC

Great!

I can spend my bitcoins as many times as I want !

(double spending)

Fix #2

The network shares a transaction book

Solution 2

Origin Destination Amount

Homer Lisa 1 BTC

Homer Bart 2 BTC

Lisa Bart 1 BTC

… … …

The network checks

that an account is

funded before

allowing a new

transfer.

As every transaction is public,

the identity of user is revealed.

Nobody will want to use such a system!

Fix #3

Replace user id by some random number.

Solution 3

Origin Destination Amount

HHY67J81 JH89HF8M 1 BTC

HHY67J81 LAU4V6UU 2 BTC

JH89HF8M LAU4V6UU 1 BTC

… … …

Note that any user

can create multiple

accounts.

Every account id is public, thus I can transfer money

from an account that is not mine.

Fix #4: Digital Signatures

Private Key Public Key

= Bart’s address

Sign Message

Signature

Signature

Fix #4: Digital Signatures

Accept /

Reject Verify

Fix #4: Digital Signatures

Non-repudiation Unforgeability

(You can’t sign in Bart’s name)

Solution 4

Origin Destination Amount Signature

HHY67J81 JH89HF8M 1 BTC Djsh767

HHY67J81 LAU4V6UU 2 BTC 8988dd

JH89HF8M LAU4V6UU 1 BTC djDhd7n

… … …

Every bitcoin address

corresponds to the

public key.

Message

I can still do very bad things…

What about publishing a wrong history of transactions…

Things get a bit more complicated…

Name: Shafi Goldwasser

Profession: Computer scientist at MIT

Speciality: Cryptography

Other: Turing Award (march 2013)

Your mother

FIX #5: Cryptographic Hash Functions

H

01110001110001110

10001010100010010

00110101010010110

01100111100011100

10000101000101110

11011010110100111

Huge input

Fixed sized output

(e.g. 256 bits)

FIX #5: Cryptographic Hash Functions

Security properties

One-way

Given the output y it’s hard to compute some input x such that H(x) = y

Collision-Resistant

It’s hard to find two different values x,x’ such that

H(x)=H(x’)

Solution 5

H H H

Tx1;

Tx2;

Tx3…

Initial value of

the chain:

coinbase

Tx34;

Tx35;

Tx36…

Tx54;

Tx55;

Tx56…

Block of

transactions

Block chain

…

Who computes the next block?

Proof of work

00000 00001

00010 00011

00100 00101 00110 00111

01000 01001 01010 01011 01100 01101

01110 01111

10000

10001 10010 10011 10100 10101 10110

10111 11000 11001 11010 11011

11100 11101 11110 11111

H 1001101|| x 000||10

Find the nonce x such

that the output starts

with 3 zeros.

The only way (*) to

compute the nonce such

that the ouput starts with 𝒏 zeros is to try with roughly

𝟐𝒏 hash values

(*) If you find a better way you may (1) get rich, (2) be famous (Turing award), or (3) both.

Solution 5

The first node that manages to solve the computational puzzle (nonce) wins the block.

The network extends the chain from the newly computed block

The network always choose the largest chain

Damned!

I need to control 51% of the network….

Nice in theory but why would

people waste their CPU cycles?

The winner of a block is rewarded 25 BTC

by the network

(BTW, this is how bitcoins are created)

This process is called mining.

1 0 -