Jan Møller Co-founder, CTO Chainalysis

HowDoesBitcoinActuallyWork?

•  Thistalkisnotaboutthepoli:caloreconomicalimpactofBitcoin.

•  Thistalkisnotabouthowtobuy,sell,spend,orsecureyourbitcoins.

•  ThistalkisabouthowBitcoinactuallyworks.…youknow…nerdystuff!

HowitStarted

•  WhitepaperpublishedNovember2008bySatoshiNakamoto

“Bitcoin:APeer-to-PeerElectronicCashSystem”

“I'vebeenworkingonanewelectroniccashsystemthat’sfullypeer-to-peer,withnotrustedthirdparty.”

•  Workingimplementa:onpublished3monthslaterasan

opensourceproject.

ABrief[FUN]History•  FirstBitcoinTransac:on January2009

•  2Pizzas10.000BTC May2010

•  1BTCSuprassesUSD1 February2011

•  1CessnaAircra[10.000BTC June2011•  1BTCSurpassesUSD100 April2013

•  1BTCSurpassesUSD200 April2013

•  1BTCSurpassesUSD1000 November2013

•  1BTCDowntoUSD245 June2015

Today1bitcoinisaboutUSD750

WhatisBitcoin?

•  Bitcoinisthenameofap2pprotocolAllowsanetworkofcomputerstogovernalltherulesofBitcoin

•  BitcoinisaunitofaccountLikeEuro,AustralianDollar,orWoWgoldcoins

•  BitcoinisapaymentSystemYoucansendvaluebetweenaccountsintheBitcoinnetwork

Proper:esofCommonDigitalPaymentSystems

•  NoCounterfei:ngYOUcan'tincreasemoneysupplyatwill

•  NoDoubleSpendingYOUcan'tspendthesamevaluemorethanonce

•  Transac:onirreversibilityYOUcan'tundoatransac:on

Proper:esofBitcoin

•  NoCounterfei:ngNOBODYcanincreasemoneysupplyatwill

•  Transac:onirreversibilityNOBODYcanundoatransac:on

•  NoDoubleSpendingNOBODYcanspendthesamevaluemorethanonce

BitcoinSolvesTwoThings

•  EliminatestrustinacentralauthorityYoutrusttherulesofaprotocolenforcedbymathema:csandcryptography

•  Distribu:onoffundsHowtodistributevaluewhenyoucreateanewcurrency?

Distribu:onofFunds

•  Every10minutessinceincep:ona“random”nodeintheBitcoinnetworkreceivesareward.

•  Therewardstartedat50bitcoins,andhalvesevery4years

TheBlockchain•  Thebiginven:onthatmakesBitcoinwork

•  Theblockchainisadatabasecontaininghistoricalrecordsofallthetransac:onsthateveroccurredinthenetwork.

•  Everyfullnodeinthenetworkhasacopythattheykeepuptodateandverify.

•  Somenodesextendtheblockchain,theyarecalledminers.

Block0

GenesisBlock

Block1

...

BlockN-1

BlockN

Thinkofitasabigaccoun:ngbook.Everyblockisapageinthebook.

Anyonecantrytoaddapagetothebooktogetareward…butitiscomputa:onallyhardtodoso

Problem:Wewantanewblocktoappearevery10minutesonaverage.

IntroducingSHA-256

•  Cryptographicallysecureone-wayhashfunc:on.

•  Takesanyinputandproducesa32byteoutput.

•  Flippingonebitintheinputgivesadifferentrandomlydistributedoutput.

Sha256(“YOW”) = 990d7204316fe2907f55cb22d7b66fe9 e1f7e26dca2b61041cc3d3eec303d6a7

Sha256(“WOY”) = cab9db6bcb5b96f48fb3e5f11cc43008

a9eee6b168127ee7422f7218877751ff

Block0

GenesisBlock

Block1

...

BlockN-1

BlockN

VersionPreviousBlockHashMerkleRootTimeStampBitsNonce

80byteheaderBlockHash=Sha256(Sha256(Header))Butthereisacatch…

BlockHeader

Transac:onsPayload Variablesize

Howtocreateanewblock?

VersionPreviousBlockHashMerkleRootTimeStampBitsNonce

1createheader2makenoncerandom3calculateblockhash4isitbelowthetarget?5Jwearedone6Lgoto2Transac:ons

Blockhashmustbebelowthetargetdifficulty

0000000000000000038cc0f7bcdbb451ad34a458e2d535764f835fdeb896f29b

Block#440000~2,000,000,000GH/s

TheDifficultyAdapts

BlockPropaga:on

...

BlockN-2

BlockN-1

ForksareNormal(1)

BlockN’’

BlockN’

...

BlockN-2

BlockN-1

ForksareNormal(2)

BlockN’’

BlockN’ BlockN+1

Thelongestchainwins!

Distribu:onofFundsSummary

•  Fundsaredistributedbysolvingblocks

•  Difficultyadaptsover:me

•  Thelongestchainwins

BitcoinPublic/PrivateKeys

•  ABitcoinusesEllip:cCurvecryptography•  Aprivatekeyis32randombytes•  Apublickeyiscomputedfromaprivatekey•  Thereisnoencryp:oninBitcoin,onlysigning

BitcoinAddresses

•  ABitcoinaddressesisabitlikeabankaccount.1Kk18SN6WRPTEXbXBm3dZSzEw7NdbChyc9

•  Calculatedfromapublickey RIPEMD-160(Sha256(publickey))

•  Nobodyknowswhoownswhichaddresses

•  Valueismovedbetweenaddressesusingtransac:ons.

Transac:ons(simplified)

•  ABitcointransac:onsendsvaluefromonesetofaddressestoanother

InputsOutputs

5BTC

3BTC

4BTC

10BTC

2BTCTransac:onHash=Sha256(Sha256(Transac:onData))

InputsOutputs

10BTC

Transac:on

Crea:ngaTransac:on(1/7)

InputsOutputs

10BTC

Transac:on

InputsOutputs

1BTC

5BTC

InputsOutputs

4BTC

2BTC

InputsOutputs

7BTC

3BTC

Crea:ngaTransac:on(2/7)

InputsOutputs

10BTC

2BTC

Transac:on

InputsOutputs

1BTC

5BTC

InputsOutputs

4BTC

2BTC

InputsOutputs

7BTC

3BTC

Crea:ngaTransac:on(4/7)

InputsOutputs

10BTC

1.9999BTC

Transac:on

InputsOutputs

1BTC

5BTC

InputsOutputs

4BTC

2BTC

InputsOutputs

7BTC

3BTC Transac:onFee=0.0001BTC

Crea:ngaTransac:on(4/7)

InputsOutputs

10BTC

1.9999BTC

Transac:on

InputsOutputs

1BTC

5BTC

InputsOutputs

4BTC

2BTC

InputsOutputs

7BTC

3BTC Transac:onFee=0.0001BTC

Crea:ngaTransac:on(5/7)

InputsOutputs

10BTC

1.9999BTC

Transac:on

InputsOutputs

1BTC

5BTC

InputsOutputs

4BTC

2BTC

InputsOutputs

7BTC

3BTC Transac:onFee=0.0001BTC

Crea:ngaTransac:on(6/7)

InputsOutputs

10BTC

1.9999BTC

Transac:on

InputsOutputs

1BTC

5BTC

InputsOutputs

4BTC

2BTC

InputsOutputs

7BTC

3BTC

Crea:ngaTransac:on(7/7)

BitcoinNetwork

Transac:onRelaying

•  Receivetransac:onfrompeer

•  Verifica:on(simplified):– Verifythatthesignaturesaresound– Verifythattheinputsareunspent– Verifythatthesumofoutputs<=sumofinputs

•  Relaytransac:ontootherpeers

Block0

GenesisBlock

Block1

...

BlockN-1

BlockN

UnconfirmedTransac:ons

placeholderVersionPreviousBlockHashMerkleRootTimeStampBitsNonce

BlockN+1

Transac:ons

...

BlockN-2

BlockN-1

Transac:onsinForks(1)

BlockN’’

BlockN’

MyTransac:on

MyTransac:on

...

BlockN-2

BlockN-1

Transac:onsinForks(2.1)

BlockN’’

BlockN’

MyTransac:on

...

BlockN-2

BlockN-1

Transac:onsinForks(2.2)

BlockN’’

BlockN’ BlockN+1

Thelongestchainwins!

MyTransac:on

Proper:esofBitcoin(1/3)

NoCounterfei:ng“NOBODY”canincreasemoneysupplyatwill

Youarecompe:ngwiththebiggestdistributedcomputertheworldhasseen.Ifyoucanbeatit,itjustgetsharder.

Block0

GenesisBlock

Block1

...

BlockN-1

BlockN

Proper:esofBitcoin(2/3)

Transac:onirreversibility“NOBODY”canundoatransac:on

Requiresa51%avack

...

BlockN-2

BlockN-1

BlockN’’

BlockN’ BlockN+1

OriginalTransac:on

ReversedTransac:on

Proper:esofBitcoin(3/3)

NoDoubleSpendingNOBODYcanspendthesamevaluemorethanonce

...

BlockN-2

BlockN-1

BlockN

Twotransac:onsspendingthesameoutputs

BlockchainTechisNew

Trustlessdecentralizedorderingofevents

•  DecentralizedDNSwithNamecoin–  Adecentralizedopensourceinforma:onregistra:onandtransfersystem.

•  DecentralizedStockExchange–  Coloredcoins.orgisoneofseveralsolu:onsthatallowyoutoissueandtrackdigitalassetsontopoftheBitcoinblockchain.

Wecandostuffthatwasn’tpossiblebefore

WanttoKnowMore?

Jan Møller Co-founder, CTO Chainalysis