Although it’s relatively easy to start using Bitcoin, understanding it can take some time. Many beginning and intermediate users struggle because they fail to find an appropriate way to think about Bitcoin. This problem isn’t just theoretical - using the wrong mental model can cost you money. On the positive side, a solid mental model offers a much clearer picture of Bitcoin’s current potential and future opportunities.
This article presents a simple and powerful way of thinking about Bitcoin that will help you master Bitcoin’s complexities.
Beware of Preconceptions
Years of using electronic payment systems have conditioned merchants and consumers alike to think about electronic payments in the same narrow way. Bitcoin works on completely different principles with little relationship to electronic banking or credit cards.
For the moment, set aside any ideas you may have that Bitcoin works like the electronic payment systems you may have used before.
Although Bitcoin has little in common with credit cards and online banking, it’s closely related to an older form of money: cash. Satoshi Nakamoto himself used the phrase “electronic cash system” to describe Bitcoin in the title of his white paper. Bitcoin’s close kinship to cash defines many of its key strengths and limitations. To understand Bitcoin, begin by thinking back to your personal experiences with cash.
Cash systems use tradable tokens as a medium of exchange. From everyday experience, we know these tokens as metal coins and paper banknotes. Cash tokens have four important properties:
- Fixed face value
- Security features to prevent copying
- Limited supply
- Payments don’t require trusted mediators
As we’ll see, the digital tokens used by Bitcoin share these and many other properties with with metal coins and banknotes.
Coin of the Digital Realm
Bitcoin is built on the concept of a digital coin. Think of a coin as the digital equivalent of a metal coin.
The meanings of the terms “coin” and “bitcoin” are sometimes confusing. A “coin” is a digital token used in Bitcoin. In contrast, “bitcoin” is the coin’s unit of face value. For example, a U.S. quarter dollar is a physical token with a face value of 25 cents. “Cent” is not the name of the token itself, but the unit in which the token’s face value is denominated. Similarly, “bitcoin” is not the name of the digital token itself, but rather the unit in which the token’s face value is denominated.
The high cost of mass-producing metal coins like quarter dollars restricts the number of denominations - one cent, five cents, ten cents, and so on.
With no material processing costs or transportation overhead, digital coins can, in contrast, be minted with arbitrary face values. For example, one digital coin might be marked with a face value of 1.344455 bitcoin. Another coin might be marked with a face value of exactly 1.00 bitcoin. A third coin’s face value might be 0.00001431 bitcoin, and so on.
The idea that a coin composed purely of digital data could play the same role as a metal coin or paper banknote might seem far-fetched. Governments spend a lot of time and effort to ensure currency can’t easily be counterfeited. How can Bitcoin ever work given the ease of copying digital data?
Security through Cryptography
A cash payment occurs when the owner of a token gives it to a payee. For example, you might hand a banknote to a merchant as payment for a product. The merchant can examine the banknote for signs of forgery before accepting it. Bitcoin uses transactions to represent the same process of transferring an unforgeable digital token.
A transaction is a secure message that reassigns ownership of a coin. For the moment, think of a transaction as a specially-formatted digital document in which a payer transfers coin ownership.
Transactions are secured through a system called public key cryptography. This system solves three important problems in trading digital tokens: (1) identifying parties; (2) preventing forgery; and (3) authenticating payers. Public key cryptography is a deep and complex topic. Fortunately, understanding the details is not necessary. Those interested in learning more can read about Elliptic Curve Cryptography.
For the moment, assume that public key cryptography enables every Bitcoin user to do three things:
- Sign any digital document with an unforgeable digital signature using a private key.
- Generate a unique identifier (public key) to which all signatures are linked.
- Verify any signature given the original document and a public key.
Imagine that Alice owns one digital coin with a face value of two bitcoin (฿2) that she wants to give Bob. She starts by asking for Bob’s public key. On receiving it, Alice prepares a transaction identifying Bob as the coin’s recipient and herself as the owner through their respective public keys. Alice then signs the transaction using her private key and forwards it to Bob.
When creating a transaction, payers use a derivation of the public key called an address to identify payees. Real-world identities are not used, but it can be convenient to think of transactions as transferring coins from one person to another, as is done here. If Alice and Bob know each other, then each can infer the real-world identity of the other.
Bob uses Alice’s public key to verify the signature on her transaction. A valid signature is proof that Alice signed, because only Alice knows the private key needed to create a valid signature. Using the same procedure, anyone else can check Alice’s signature.
Although Alice has announced the transfer of her coin to Bob, she still hasn’t proven that she’s the owner in the first place. For example, Alice might not own a coin. Or perhaps she’s trying to spend someone else’s coin.
Bob and the rest of Bitcoin’s users need a way to know that Alice does in fact own the coin she’s giving to Bob. Alice can do this by providing a chain of ownership.
Chain of Ownership
Everyday experience with physical cash teaches that banknotes and metal coins pass from person to person as payments are made. A coin in one pocket today will end up in the pocket of a payee tomorrow, and so on. Recording every payment made with a given coin would produce a chain of ownership extending all the way back to a government mint. Although such detailed accounting is impractical with physical tokens, digital tokens have no such limitation.
We can create a chain of coin ownership by linking transactions together. Each transaction spending a coin references the previous transaction in which it was received. That previous transaction references the previous transaction, and so on. Payees can follow this chain of signed transactions, back to the transaction creating the coin. The authenticity of any coin can be verified by stepping through its chain of ownership.
To make this chain of ownership idea work, each transaction needs a unique ID. By referencing the ID of a previous transaction, a payee can prove ownership of every coin being spent.
Transaction IDs can be created without a central authority by using a hash function. A hash function accepts digital message and returns a fixed number of bits as output. This output can be expressed as binary or a decimal integer. The same message always generates the same hash. Changing the message, even slightly, changes the hash. Two isolated computers using the same hash function will generate identical hashes for the same message.
Alice can use the ID of the transaction in which she received a coin to prove to Bob her ownership of it. Imagine that Carol gave Alice a coin with a face value of ฿2. In her transaction to Bob, Alice includes the ID of Carol’s previous transaction. Bob can then verify Carol’s signature using her public key, and so on down the chain of ownership.
Types of Transactions
Up to this point, only the simple case of one coin being passed from payer to payee has been considered. This system works if the face value of the coin exactly matches the value of the item for sale. However, this system fails if the face value of the coin exceeds the value of the goods or services for sale. The system also fails when multiple coins are needed to arrive at the payment amount.
Everyday experience with banknotes suggests the need for combining and splitting a coin’s face value. For example, multiple banknotes with small face values can be combined to make a larger payment. Likewise, a single large banknote can be broken into banknotes of smaller value to make a smaller payment.
In the same way, Bitcoin transactions can split and combine the value of digital coins. The outgoing, or output side, may produce one or many coins. Each of these coins is given a unique index for future reference. The schematics shown here use a letter index starting at “A”.
The incoming, or input side of the transaction references not just the transaction ID, but the index of a specific coin on the previous transaction’s output side. Multiple coins are combined in a single transaction by digitally signing each one.
Splitting the face value of a coin enables a payee to receive change. Imagine that Alice wants to pay Bob ฿1, but only owns one coin with a face value of ฿2. Alice can receive change with a transaction that splits the value of her ฿2 coin into two coins valued at ฿1 apiece. The first coin would be transferred to Bob and the second to herself. Alice could later spend the change by signing a transaction referencing this second coin.
A coin’s face value be combined and split in the same transaction. For example, Alice might want to pay Bob ฿5, but only owns three coins with a face value of ฿2 each. She can combine these coins into a ฿6 payment and create a new coin representing the change.
It’s often necessary to combine coins from multiple previous transactions to make a payment. Referencing the transaction ID together with the coin index allows coins from multiple sources to be spent in a single transaction.
The system described so far enables parties to exchange value by exchanging digital tokens. Each token contains a chain of ownership together with cryptographic signatures to establish its authenticity and lineage. This is essentially the same system used by Bitcoin, although Bitcoin does a lot more - as the next section reveals.
It may not seem as if there’s much to be gained by thinking about Bitcoin in this way. After all, what practical advantage comes from understanding transactions and coins at this level of detail? Here are some points to consider:
- Change Addresses. Bitcoin transactions commonly return change. Although wallet software often hides this fact, sometimes transaction internals poke through. Being unaware of this leaky abstraction can lead to loss of money. For more, see Five Ways to Lose Money with Bitcoin Change Addresses
- Transaction Fees. In contrast to credit card companies, which charge fees based on the amount of money sent, Bitcoin charges fees based on the amount of data sent. The two main factors affecting fees are the number of coins spent (inputs) and the number of coins created (outputs). Transaction fees only make sense in the context of the electronic cash model. For more, see Making Sense of Bitcoin Transaction Fees.
- Irreversible Payments. Bitcoin transactions are by design irreversible, just like physical cash transfers. Trusted third parties can mediate disputes, but they are optional.
- Privacy. Bitcoin’s privacy model (pseudonymity) arises directly from the need for payees to be able to trace the full chain of coin ownership. The fact that transactions are publicly (and permanently) recorded comes as a surprise to many who think of Bitcoin as a system based on accounts and balances.
- Asset Ledger. Bitcoin transactions are usually interpreted in monetary terms, but parties may assign a number of other meanings as well. For example, a coin could represent the title to a car or a share of a company. Ownership of a coin might grant permission to unlock a movie for viewing online. Work is underway to make these and many other forms of asset exchanges possible. Colored Coins is one of the best known examples.
Systems like the one described here were used before Bitcoin. If so, why was Bitcoin created and what makes it so different from what came before?
To understand the answer, we first need to think like a criminal.
The Double Spending Problem
Although a chain of coin ownership protects a payee from receiving nonexistent coins, it can’t protect a payee from receiving a coin that has already been spent. This problem, called double spending, is unique to electronic cash systems.
Although double spending can arise through accounting errors or malfunctioning software, the most common form results from fraud. The double spender profits by using the same coin in two different payments. This type of fraud succeeds because payees only know about previous transactions in their own chains coin of ownership.
A related problem arises in physical cash systems when a payer copies a metal coin or banknote. The copies and original are then used to make payments. Despite this apparent similarity, the problem faced by electronic cash systems is unique. Physical tokens can never be exactly replicated, but the same digital coin can be spent many times without calling the chain of ownership into question. Double spending doesn’t enable de novo creation of coins, but it does permit an existing coin to be duplicated repeatedly.
Double spending erodes the buying power of all coins by allowing any party owning one coin to duplicate it at will. This same problem has faced every electronic cash system prior to Bitcoin. The obvious solution is to introduce a centralized authority to oversee transactions. Although eliminating double spending, this solution introduces an even bigger problem. All transactions are routed through a central authority, which acts just like a bank. Failure of the central authority due to government regulation, incompetence, fraud, or security breech risks collapse of the entire system.
Bitcoin represents the first decentralized solution to the double spending problem. The difficulty of this problem, the value of a solution, and the significance of Bitcoin’s unique approach can only be understood using the electronic cash mental model.
Physical cash systems offer many useful features that are well-understood from everyday experience. However, the need to manufacture, transport, and safely store paper banknotes and metal tokens limits the utility of physical cash. Bitcoin combines cash’s benefits with the flexibility and efficiency of digital communication. Viewing Bitcoin as a form of electronic cash provides a solid framework for understanding the technology and its future potential.