[NOTE: If my memory is right, two or three years ago Chris Brunner encouraged me to write an article on Bitcoin since it was getting popular. I started an article, intending Chris and Silas Barta to be co-authors, since both of them had expertise in certain areas (Chris from a network / commercial point of view, Silas from an individual miner's perspective) and I really needed to understand the mechanics of Bitcoin before I could pontificate on its economic and political ramifications. I did a bunch of research and had a few phone calls with Chris, and started an article that began with an elaborate analogy to explain the nuts and bolts of Bitcoin without using any scary mathematical or cryptography terms. Silas Barta worked with me on refining the analogy, but then the article stayed buried in my hard drive until a few days ago. With the recent, renewed interest in Bitcoin, I hoisted the article out of its dusty folder, and Silas and I finished just the first section. This is what I am now running as Part I in a series on Bitcoin. Silas is currently writing up the main draft of Part II, which will deal with mining. Eventually we will get around to discussing the economics--does Bitcoin violate the regression theorem? is it a fiat currency? etc.--and the implications for liberty activists.----RPM]
by Robert P. Murphy and Silas Barta
One of the hottest topics lately in Austro-libertarian circles is Bitcoin, which its official website describes as a “peer-to-peer virtual currency.” Supporters claim that Bitcoin is the ultimate free-market money of the computer age, because its scarcity is mathematically guaranteed and is virtually impervious to government counterfeiting efforts. Detractors argue that it is a fad, and that only a physical commodity can last as a true money.
In the present article we’ll try to explain what Bitcoin is, and how it works. The topic is tricky because Bitcoin’s implementation relies on distributed computational procedures (carried out by a network of different machines) and encryption. So in this first article of a series, we will simply try to give an analogy for the big-picture understanding of how Bitcoin actually works, where we hope to strike a balance between accuracy and comprehension for those not familiar with “mathematical trapdoor functions” and “public/private key protocols.” In future articles, we’ll talk more about its implications, and how it relates to commodity monies like gold in an Austro-libertarian framework.
How Bitcoin Works: An Analogy
The first thing we want to stress is that—contrary to the impression one might have gotten—all of Bitcoin’s “bookkeeping” is done in full public view. Far from being encrypted, every Bitcoin transaction is out in the open, subject to independent auditing by anyone who downloads the software. In fact, that’s the very strength of Bitcoin, and why its proponents say that it relies on no central authority: Precisely because no single organization is “in charge” of Bitcoin, it will be extremely difficult to stamp it out of existence if Bitcoin should ever become a commonly accepted currency. Friedrich Hayek talked of privately-issued fiat currencies, but his vision still involved management of each (competing) currency by a particular issuer. In contrast, no single group manages Bitcoin; this is the sense in which it is “decentralized.” (However, it’s true that a commodity money like gold is also decentralized in the same sense.)
To gain a full appreciation of how Bitcoin works, it’s necessary to go into the mechanics of public key cryptography, which one of us has done (in a very accessible way) here and here. In the present article, we’ll keep it as painless as possible by using an analogy, which we hope will get across the essence of Bitcoin without losing too many readers in the technicalities.
Imagine a community where the people don’t use tangible money: there are no gold coins, but not any green dollar bills, either. Instead, the money in this community is based on the 21 million integers running from 1, 2, 3, …, 20,999,999, and finally up through 21,000,000. At any given time, one person “owns” the number 8, while somebody else “owns” the number 34,323, and so on. To speak this way doesn’t mean that people have to pay for the privilege of engaging in arithmetic with these numbers. (In other words, this isn’t some weird thought experiment about Intellectual Property taken to the extreme.) Rather, we simply mean that when commercial transactions do occur, the medium of exchange is the community’s notion of “ownership” or “assignment” of these 21 million integers to specific individuals.
For example, suppose Bill wants to buy a car from Sally, and the price sticker on the car reads, “Two numbers.” Bill happens to be in possession of the numbers 18 and 112. So Bill trades the two numbers—18 and 112—over to Sally, and Sally gives Bill the car. The community recognizes that the title to the car has transferred from Sally to Bill, and it also recognizes that Sally is now the owner of the numbers 18 and 112.
Now we come to the really interesting part. With the car, the title was a piece of paper; when she sells the car, Sally has to sign over the title to Bill. In principle this piece of paper could be destroyed, stolen and altered, or fraudulently produced. But with the numbers, things are different; the mechanism through which Bill transfers his ownership of 18 and 112 to Sally is complex. What happens is that the community keeps track of ownership through an industry of thousands of accountants. They each keep enormous ledgers (in Excel files or giant pieces of paper if you like), with 21 million columns running across the top from left to right—one for each number.
So the columns run across the top, from 1 to 21 million. At the same time, the rows of the ledgers record every transfer of a particular number. For example, when Bill bought the car from Sally, the accountants who were in earshot the of the deal wrote down (or entered into their Excel file), “Now in possession of Sally” in the next available row, in the column for 18 and also the column for 112. In these ledgers, if we looked one row above, we would see, “Now in the possession of Bill” for these two numbers, because they were originally owned by Bill before he transferred them to Sally.
Besides documenting any transactions that happen to be in earshot, the accountants also periodically check their own ledgers against those of their neighbors. If they ever discover that their neighbors have recorded transactions for other numbers (regarding deals for which the accountant in question was not in earshot), then the accountant fills in those missing row entries in the column for that number.
Given this arrangement, at any given time there are thousands of accountants, each of whom has a virtually complete history of all 21 million numbers, from the first owner up through the present owner. The only reason the ledgers might differ from one accountant to another, is if one of them had recorded a relatively recent exchange, which had not had time to propagate (through the copying process) throughout the entire community. But any commercial transaction that is at least a few hours old (let’s say), has had time to be copied by every accountant, and so all of the ledgers in the community will have a record of the sale.
Now in this hypothetical world, if someone asks, “Who keeps track of the money?” the answer would be, “The accountants.” But if even half of the accountants and their ledgers were killed in a giant explosion, the financial system would remain intact, because all of those records were massively duplicated across the whole industry of accountants. The only things that might be lost would be sales that had occurred only an hour or two before the explosion, because these might not have had time to propagate over to the accountants who end up surviving the explosion.
Explaining the Relevance to Bitcoin, So Far
Let’s pause in our analogy to make sure the reader understands why we’ve constructed it this way. When all of the Bitcoins have been “mined”—which will happen in the year 2140—there will be 21 million of them in existence. That is a mathematically guaranteed, fixed quantity of them. (To facilitate trade, each Bitcoin can be divided into 100 million sub-components, representing up to eight decimal places. In other words, people have the technical ability to transfer ownership of 0.00000001 of one of their Bitcoins, but that is the smallest “unit” possible within the Bitcoin protocol. In this sense, there will actually be—in the year 2140 when all Bitcoins have been mined—a grand total of 2.1 quadrillion fundamental units of the currency.)
In our analogy above, we aren’t dealing with the complicated issue of “mining” Bitcoins. Instead, we are focusing on the steady-state where all of the 21 million Bitcoins have been mined, and the community functions economically just by transferring ownership of the forever-fixed quantity of these mathematical objects.
So in the real world, people transfer their ownership of a certain amount of Bitcoin to other people, in exchange for goods and services. This transfer is effected by the network of computers performing computations and thereby changing the “public key” to which the “sold” Bitcoins are assigned.
In our analogy, we captured this aspect of things by saying the accountants entered the new owner of a particular number in the next-available row in that number’s column. In the real world, the entire Bitcoin network has an entire history of each Bitcoin’s “life cycle,” from the moment it was mined, through every owner it ever had, down to the current owner. In our analogy, we captured this aspect by saying that you could look at the number 18, for example, and see its first owner in row 2, its second owner in row 3, etc. (We assume the first row is reserved for listing the integers themselves.)
Where Does Encryption Come In? The Problem of Anonymous Owners
Now in our fictitious world, there is still one glaring problem we need to address: How do the accountants verify the identity of the people who try to buy things with numbers? In our example, Bill wanted to sell 18 and 112 to Sally for her car.
Now Bill really is the owner of the numbers 18 and 112; he can afford Sally’s car, because she’s asking “Two numbers” for it. (And by the way, in this community when people quote a price in terms of “numbers” everybody knows it means “between 1 and 21 million,” because any integer outside this range is not considered legitimate money.) The accountants will verify, if asked, that Bill is the owner of those numbers; it says “Bill” in the last row which has an entry in it, under the “18” column and the “112” column in all of their ledgers.
But here’s the problem: When the nearby accountants see Bill trying to buy the car from Sally, how do they know that that human being actually IS the “Bill” listed in their ledgers? There needs to be some way that the real Bill can demonstrate to all of the accountants that he is in fact the same guy referred to in their ledgers. To prevent fraudulent spending of one’s money by an unauthorized party, this mechanism must be such that only the real Bill will be able to convince the accountants that he’s the guy.
In the real world, this is where all of the complicated public/private key encryption stuff comes in. Again, if you are feeling up to the challenge, read these more technical posts (here and here) for an explanation of the computational mechanics behind Bitcoin transfers. But for our article here, we’ll try to water it down to give the essence of what’s happening, without scary mathematical terms.
Unfortunately, at this point our story gets a little silly, which just means we haven’t been able to come up with a good analogy for this aspect of the Bitcoin process. But without further ado, suppose the following is how the people in our fictitious world deal with the problem of matching the names in the ledgers with real-world human beings:
Each time one of the numbers is transferred in a sale, the new owner has to invent a riddle that only he or she can solve. The thing is, the people in the community are clever enough to recognize the correct answer to the riddle when they hear it, but they are not nearly creative enough to discover the answer on their own.
For example, when Bill himself received the numbers 18 and 112 from his employer—Bill gets paid “two numbers” every month in salary—the accountants said to Bill:
“OK, to protect your ownership of these two numbers, invent a riddle that we will associate with them. We will embed the riddle inside the same cell in our ledger as the name “Bill,” in the columns under 18 and 112. Then, when you want to spend these two numbers, you tell us the answer to your riddle. We will only release these numbers to a new owner, if the person claiming to be “Bill” can answer the riddle. Keep in mind, Bill, that you might be on the other side of town, surrounded by accountants you have never seen before, when you want to spend these numbers. That’s why our seeing you right now, isn’t good enough. We need to put down a riddle in our ledgers, which will also be copied thousands of times as the information pertaining to this sale reverberates throughout the community, so that every accountant will eventually have “Bill” and your riddle, embedded in the correct cell in his or her ledger.”
Bill thinks for a moment and then has an ingenious riddle. He tells the accountants, “When is a door not a door?” They dutifully write down the riddle, which then gets propagated throughout the community.
A few days later, some villain tries to impersonate Bill. He wants to buy a necklace that has a price tag of “one number.” So the villain says to the accountants in earshot, “I’m Bill. I am the owner of 112, as everyone can see; these spreadsheets are public information. So I transfer my ownership of 112 to this jeweler, in exchange for the necklace.”
The accountants say, “OK Bill, just verify your identity. What is the solution to your riddle? Tell us, ‘When is a door not a door?’”
The villain thinks and thinks, but can’t come up with anything. He says, “When the door isn’t a door!” The accountants look at each other, scratch their heads, and agree, “No, that’s a dumb answer. That didn’t solve the riddle.” So they deny the sale; the villain is not given the necklace.
Now, a few weeks later, we are up to the point at which our story originally began, at the beginning of this article. The real Bill wants to buy Sally’s car for “two numbers.” He announces to the nearby accountants, “I am the owner of 18 and 112. I verify this by solving my riddle: A door is not a door when it’s ajar.”
The accountants all beam with delight! Aha! That is a good answer to the riddle. They agree this must be the real Bill, and allow the sale to go through. They write down “Sally” in the next-available rows in columns 18 and 112, and then ask Sally to give them a new riddle, to which only Sally would know the answer.
Explaining the Relevance to Bitcoin, Once Again
Even though we had to strain the story a bit—since in reality, it would be pretty easy for someone to guess the solution to Bill’s riddle—we think this is a decent analogy to how Bitcoin actually works. Without getting into the details, there is a way that the actual owner can perform an operation mathematically, which can only be reversed with possession of a specific number. This special number is the “private key.” In our story, the private key would be analogous to Bill’s mental ability to solve his own riddle, and the actual solution to the riddle would be his “signature.” In the real world, once given a “signature” that can only be generated by someone with the private key, the computers in the Bitcoin network can recognize that the owner is legitimate, but it would take thousands of years of computing power (with current technology) for an outsider to guess the private key and hence produce a “valid” signature. Even the CIA with its supercomputers thus couldn’t transfer someone else’s Bitcoins.
One final twist of realism: In the real world, people don’t need to use their actual names such as “Bill” to identify themselves as the owner of a particular Bitcoin. Instead, they can use any old identifier. This identifier is the “public key,” which all can see. In our analogy, it would be as if Bill told the accountants, “Call me ‘CoolKat’ in your ledgers.” Then, to prove that he was in fact “CoolKat,” Bill would have to answer the riddle, just as before.
The reason libertarians are so excited about this aspect, is that Bill can disguise how many numbers he possesses. He can slap the label “CoolKat” on 18 and 112, but he can throw “JamesBondFan” on his other numbers 45 and 974. So Bill owns four numbers total, but nobody else in the community—not even the accountants—would know this. As far as the records indicate, 18 and 112 are owned by “CoolKat,” while “JamesBondFan” owns 45 and 974. Nobody but Bill realizes that these point to the same human being.
This wraps up our present post. We hope we’ve given an intuitive, yet accurate, explanation of the basic mechanics of Bitcoin. In future posts we will address Bitcoin’s relevance to Austro-libertarians.