November 10, 2010
This article was contributed by Nathan Willis
The
Bitcoin
virtual currency
system was launched in 2009, but has gained increased exposure in recent
months as a few businesses and entities announced that they would support
transactions in Bitcoins (abbreviated "BTC"). Bitcoin is not the first
attempt to create an entirely virtual currency, but it supports some very
interesting features, including anonymity and a decentralized, peer-to-peer
network structure that verifies Bitcoin transactions cryptographically.
One of Bitcoin's advantages over other currency systems is that it does
not rely on a central authority or bank. Instead, the entire network
keeps track of — and validates — transactions. It also
separates "accounts" from identities, so transactions are, for all
practical purposes, anonymous. Two users can make a Bitcoin exchange
without knowing each others' real identities or locations. Because
Bitcoin does not rely on brick-and-mortar banks and because the Bitcoin
currency is divisible down to eight decimal places, it is seen by
proponents as a potential micropayment system that works better than the
fee-based, currency-backed banking systems of today.
Bitcoin 101
The Bitcoin project was devised and created by Satoshi Nakamoto. There is an RFC-style draft specification available on the project's wiki, although it is not an IETF project. The
current specification
is numbered 0.0.1, and outlines a Bitcoin transaction message. Considerably more detail is required to explain how the system works in practice, however. The two key ideas are Bitcoin
addresses
and
blocks
.
Actual Bitcoins do not exist as independent objects anywhere in the Bitcoin network. Instead, the P2P network of Bitcoin clients keep track of all Bitcoin transactions — including the transfer of Bitcoins from one Bitcoin address to another, and the creation of new Bitcoins, which is a tightly controlled process.
A
Bitcoin
address
is a hash of the public key of an
Elliptic Curve
Digital Signature Algorithm
(ECDSA) public/private key pair. Whenever
a new user starts up the Bitcoin client, it generates a new Bitcoin address
that is initially associated with zero Bitcoins. But the address is not tied to the identity of the user in any way; in fact clients can generate multiple Bitcoin addresses to easily isolate or categorize transactions. A user's keys are stored locally in a
wallet.dat
file; losing or erasing the file means that all Bitcoins associated with the addresses inside are effectively lost.
Sending Bitcoins from one address to another is done by publishing a
transaction
to the network, listing both the source and destination address along with the amount, signed by the source address's private key. The transaction is propagated to all of the active clients on the network. These transactions are collected into the other Bitcoin primitive, the
block
. Active clients periodically publish new blocks, which serve as the permanent record of all of the transactions that have taken place since the last block was published.
Unlike signing and verifying recent transactions, publishing a block is
not a trivial affair. It is, instead, a cryptographic problem that a
client must solve with a reward offered for doing so. The Bitcoin network
is designed so that block
publishing is a difficult task, and the reward will encourage users to run
the
client software, which in turn validates and records the ongoing
transactions.
The Bitcoin network is currently in currency-issuing mode; during this
phase, whenever a client solves and publishes the network's next block, the
client is credited with 50 freshly-created Bitcoins. That provides the
incentive for clients to contribute CPU (or GPU) cycles to the process.
The block-solving reward amount is scheduled to drop on a regular basis;
eventually dropping to zero. At that point,
transaction
fees
will replace Bitcoin-generation as an incentive for clients to participate.
The problem that constitutes "solving" a block is novel. Clients
perform SHA-256
hash
calculations
on a data set consisting of the recent transactions, the
previous block's hash value, and a nonce. Each hash is then compared to a
published threshold value; if the hash is below the threshold, the client
has solved the block. If not, the client generates a new nonce and tries
again. The threshold value is chosen to be artificially low, so that the
hashes (which are pseudo-random) have a very small chance of being below it. Thus it takes many CPU cycles to stumble across a hash that solves the block, but it is trivial for all other clients on the network to check that the hash is genuine.
Bitcoining in practice
As of November 9, there have been just under 91,000 blocks published, and there are about 4.5 million BTC in circulation. The project says that approximately six blocks are solved and published per hour, and according to the reward-reduction schedule, the eventual total circulation will be just short of 21 million BTC. The threshold value is periodically adjusted to keep the rate of new blocks predictable — presumably to provide some level of guarantee that transactions are validated and recorded in a timely fashion.
The project has an official, MIT/X11-licensed Bitcoin client application available for
download
. The current release is numbered 0.3.14. OS X, Windows, and Linux builds (both 32-bit and 64-bit) are provided in addition to the source code. The client serves two purposes; it allows the user to keep track of his or her wallet and its associated Bitcoin addresses, and it runs a background process to solve blocks. There is a command-line version of the client available in addition to the GUI, for use on headless machines.
The GUI client's interface is simple: there is a transaction log, balance count, and Bitcoin "address book." From the address book, you can generate new Bitcoin addresses at will. The block-solving functionality is activated or deactivated from the "Settings" menu. The Options configuration dialog allows you to limit the number of processors on which to run (by default Bitcoin uses all available CPUs). The client communicates to Bitcoin peers over TCP port 8333, and for the moment is IPv4-compatible only.
At the moment, of course, running the fastest client possible is the key to grabbing as many fresh Bitcoins as you can. In addition to the official Bitcoin client, there are several
third-party variants
that tailor the block-solving routine for different processor architectures — including
OpenCL
and
CUDA
-capable 3-D graphics cards. The official client runs its solver with the lowest possible priority, so keeping it running constantly should not severely impact performance — third-party clients may or may not offer such a guarantee.
SHA-256
is generally
considered to be strongly pseudo-random, so your odds of solving the
current block on any given try do not increase the longer you run the
client. However, all of the active Bitcoin clients "mine" — try to
solve the current block — simultaneously, so dedicating more or faster cores increase your chances of solving the current block
now
, before someone else does and everyone starts over on a new block.
Criticisms and questions
Despite a design in which all clients supposedly have an equal chance of solving the next block and earning the reward, some Bitcoin users on the project's official forum seem to think that the current system is
driving away casual users
, because users with fast GPUs can check hashes ten- or twenty-times faster than a typical CPU. Several of the users that have written custom GPU-mining clients do not make their code publicly available, and thus generate significantly more Bitcoins than the average participant — including one individual who is alleged to represent 25% of the block-solving power of the network at any one time.
An
online
calculator
allows you to put in the current hashes-per-second count
reported by the client and estimate how long it would take on average to
solve a block at that speed. I tested Bitcoin 0.3.14 on an (apparently
modest) Athlon X2 system that is predicted to average one block solve every
94 days. That does seem like a discouragingly-low-payoff for keeping two
CPU cores running 24 hours a day.
The system does seem to score high on privacy and fraud-prevention, though. All transactions between clients are conducted in the clear, but because Bitcoin addresses rely on public-key cryptographic signatures, an attacker cannot forge a transaction outright. The system has other safeguards in place to prevent attacks on the block-solving system. That is why, for example, each block includes the hash of the previous solved block — this creates a "
block chain
" that clients can trace backwards all the way to Bitcoin's first "
genesis block
" for verification purposes.
The distributed network design offers its own set of challenges. For
example, if a rogue client simultaneously (or nearly simultaneously)
broadcasts two transactions to different parts of the network that total
more BTC than the client actually has, both transactions could temporarily
be validated if two different clients simultaneously solve the current
block. In that case, however, one of the two competing blocks will be
invalidated by the
next
block solved, and all of the transactions
in the invalidated block returned to the general queue. Thus the duplicate
transaction will eventually be merged back into the same block chain as the
original, and the insufficient funds will be noticed.
Some of Bitcoin's security relies on all of the participating clients knowing and agreeing on the rules of the game. For example, a rogue client could attempt to award itself 100 BTC upon solving a block, but the illegal amount would be caught and flagged by honest clients.
Nevertheless, there does not seem to have been a serious examination of
Bitcoin's security by outside professional researchers. Beyond the basic
transaction framework, there are numerous features in the system that might
make for a plausible attack vector. For example, the system includes a way for senders to
script
transactions, so that they are only triggered after a set of conditions has been met.
Some of the adaptive measures in the system use arbitrary time frames that seem geared towards human convenience, rather than pro-active prevention of attacks — such as re-evaluating and adjusting the difficulty of the block-solving threshold only every 2,016 blocks. It is also possible to send Bitcoin payments
directly
to an IP address instead of to a Bitcoin address; in some sense, a "buyer beware" caution is advised, but it is also possible that there are exploits yet undiscovered.
Economics
The bigger open questions about Bitcoin are about its viability as a currency system. For the moment, the majority of the "businesses" that accept BTC as a payment method are online casinos, but a few less-shady establishments (such as the
Electronic Frontier Foundation
) have recently decided to accept Bitcoin transactions.
There is a dedicated
economics
forum on the Bitcoin project Web site; there debates circulate about the strengths and weaknesses of the Bitcoin system, specifically whether it has any value as a "real" currency, but also on more technical points, such as the arbitrary limit on the number of Bitcoins to be minted, and the decision to limit each Bitcoin's divisibility (a Bitcoin can be divided down to eight decimal places to spend in transactions).
Another wrinkle is that Bitcoins are effectively "virtual cash" — which makes them untraceable. Although the anonymity is important to some early-adopters, some are concerned that if the system were ever to catch on in widespread usage, governments would intervene to ban or block it because of the relative ease of tax evasion or money laundering.
Although BTC can be exchanged for other currencies, Bitcoin is different from electronic payment systems like Paypal that are really just computerized interfaces to traditional banks. There have been virtual cash systems in the past, such as David Chaum's digital-signature-based
ecash
, which in the late 1990s was redeemable at several banks, and more recently the Linden Dollars used and created inside
Second Life
.
Because Bitcoins are not tied to gold or to any other traded property,
their value is determined solely by how much others are willing to exchange
for them. Those who have had more economics than I will probably explain
that this is true of all currency systems, but at the moment, there are
several online BTC exchanges, such as BitcoinMarket.com, where one can
observe the actual price of BTC-to-USD (or other currency) transactions.
Whether those prices represent any real value seems to be entirely in the
eye of the beholder. The rate on November 9 was 0.27 USD to 1 BTC. For comparison's sake, 94 days of dual-CPU processing power on Amazon's
EC2 cloud service
would cost $389.91. That is a for-profit example, of course, but the question remains: are the CPU cycles you spend "mining" for Bitcoins worth the value of the Bitcoins you receive? Does the abstract notion of "supporting the Bitcoin network" make up the difference? There is just no objective answer.
Some pundits think that Bitcoin is a viable prospect for a long-term virtual currency, but as always seems to be the case with economists, others disagree, citing
government intervention
and susceptibility to destruction by electromagnetic
solar storms
as risks to a digital-only currency system not backed by any physical monetary system.
The peculiarity of the idea itself seems to be waning in the face of recent global economic conditions, though, conditions which to Bitcoin proponents demonstrate how little "traditional" currencies offer over new, entirely virtual monetary systems. The Bitcoin network's current rate of BTC generation is scheduled to continue issuing new Bitcoins until 2140. If it lasts even a fraction of that amount of time, it will have outlasted the other purely-virtual currency systems, which is certainly worth ... something.
(
Log in
to post comments)