This unit is Part 2 of the Annotated Princeton Bitcoin Video Course.

Centralization vs. Decentralization (4 minutes)

Scrooge is a central point of failure. Can we de-Scroogify Scroogecoin?

Bitcoin was the first system to succeed in doing this. The solution introduces a combination of incentives to be discussed in this module.

Before beginning, it’s important to understand that decentralization is a continuum. For example, email is a decentralized system based on an open protocol. However, most email users access the system through centralized providers such as Google.

Removing Scrooge requires answers to five key decentralization questions:

1. Who maintains the ledger?
2. Who has authority over transaction validity?
3. Who creates new coins?
4. Who determines how the rules change?
5. How do coins acquire exchange value?

Distributed Consensus (17 minutes)

The technical term for de-Scroogifying Scroogecoin is distributed consensus. Distributed consensus is the branch of computer science that deals with how to ensure that networked computers record the same information consistently. For example, a social network service such as Twitter might deploy dozens of servers around the world to collect tweets. To succeed, Twitter needs to ensure that any new tweet gets recorded by all of its servers or none of them. Otherwise, users would see different streams depending on which server they connected to.

A general solution to this problem would make it possible to disintermediate a variety of important services, including email, stock trades, domain name lookup, and many others.

To move forward, we need a technical definition of a distributed consensus protocol. Given a distributed system with some number of nodes, the goal is for all nodes to arrive at the same state. State is a general concept that could mean different things in different contexts. There are only two requirements:

1. The protocol must conclude with all nodes deciding on the same state.
2. The ending state must have been proposed by some node.

In Bitcoin, state is the set of transactions that have been accepted and their order. The goal of the Bitcoin protocol is to ensure that all nodes produce the same transaction log.

It might be tempting to introduce a notion of global time. This wouldn’t work for a number of reasons, including network latency and the impossibility of synchronizing system clocks without a central authority.

Bitcoin solves this problem by bending the rules in two ways.

Consensus without Identity: the Blockchain (17 minutes)

Given the technical definition of consensus, Bitcoin needs a way for one specific node to propose the next block, and for the rest of the nodes to approve or reject it. We can’t introduce trust by using real-world identities, and we must make the system difficult to game.

A lottery offers one way to choose a winner. This is an ongoing lottery that picks a winning node at random points in time. Each winner publishes a block containing a list of transactions and the unique ID (hash value) of the parent block.

Most of the time, a given block will be extended by only one block. Sometimes, however, multiple blocks will claim the same parent. Bitcoin needs a way to choose the winning block. To do so, nodes follow a simple rule: extend the valid block that was seen first.

To evaluate the security of such a system, consider the attacks against it. A malicious node could try to:

1. steal coins. This wouldn’t work because public key cryptography ensures that signatures can’t be forged.
2. censor transactions. This would succeed, but only temporarily. Eventually, another node would propose a block with the censored transaction.
3. respend a coin. This attack would succeed, but only under certain conditions.

Of these attacks, double spending is the most important to understand.

Incentives and Proof of Work (19 minutes)

Given that nodes will always be incentivized to double spend, how can this behavior be discouraged? Two options are to penalize dishonesty and incentivize honesty. Here “honesty” describes a node that follows the Bitcoin protocol, specifically the rule that in the case of a sibling blocks claiming the same parent, the winner will be the one that was seen first.

Bitcoin uses two economic incentives to encourage honest behavior: block rewards and fees. A node claims the incentive with a special transaction in a generated block. The video incorrectly states that block rewards will be depleted in 2040.

Note that the incentive payment is only valid if the block is accepted by the rest of the network. This will only happen if it’s valid and is consistent with the first-seen rule.

Two problems remain:

1. a random node must be picked to generate the next block; and
2. the rate of new block generation needs to be controlled.

The solution to these problems comes in the form of proof-of-work (PoW). PoW requires a participant to hash a message until the resulting value falls within a predetermined range. The solution is easy to verify but difficult to find. In fact, the only way to produce is PoW is trial and error.

PoW has the useful property that the speed of finding a solution is proportional to the hash power applied. This makes it possible for our lottery to assign a winner based on the relative hash power of participants. It also makes it possible to regulate the rate of block generation by making the PoW more or less difficult to find.

Introducing PoW allows us to formulate a new security assumption: double spending attacks are infeasible when a majority network hash power follows the protocol.

Why ten minute blocks? The video touches on the answer, without explaining completely. The shorter we make block time, the more likely it becomes that two nodes will generate a block at the same time. When this happens, the network must pick a winner. If this happens many times in a row, it’s possible, that the winning sibling block may not be resolved for many rounds. Bitcoin minimizes this problem by setting block time long enough that simultaneous block generation becomes very unlikely. In practice, Bitcoin nodes produce sibling blocks at a rate of fewer than one per month.

Putting it All Together (18 minutes)

This lesson mostly highlights the main points in the unit.

The discussion around bootstrapping is useful to keep in mind. Specifically, any new cryptocurrency requires three properties to succeed:

1. security of the block chain
2. well-aligned mining incentives
3. sufficiently high currency valuation

Deficiency in any of these properties can lead to deficiencies in the others, and ultimately failure of the system. Weakness are most pronounced in the early phases where currency valuations are low. Miners have little incentive to mine and therefore security against majority hash rate attacks is low.

Remarkably, Bitcoin made it through the bootstrapping phase. Its continued success depends on well-aligned mining incentives to provide continued block chain security.

Next Up: Mechanics of Bitcoin