Bitcoin is a cryptocurrency and worldwide payment system. It is the first decentralized digital currency, as the system works without a central bank or single administrator. The network is peer-to-peer and transactions take place between users directly, without an intermediary. These transactions are verified by network nodes through the use of cryptography and recorded in a public distributed ledger called a blockchain. Bitcoin was invented by an unknown person or group of people under the name Satoshi Nakamoto and released as open-source software in 2009.
Bitcoins are created as a reward for a process known as mining. They can be exchanged for other currencies, products, and services. As of February 2015, over 100,000 merchants and vendors accepted bitcoin as payment. Research produced by the University of Cambridge estimates that in 2017, there were 2.9 to 5.8 million unique users using a cryptocurrency wallet, most of them using bitcoin.
The word bitcoin first occurred and was defined in the white paper that was published on 31 October 2008. It is a compound of the words bit and coin. The white paper frequently uses the shorter coin.
There is no uniform convention for bitcoin capitalization. Some sources use Bitcoin, capitalized, to refer to the technology and network and bitcoin, lowercase, to refer to the unit of account. The Wall Street Journal, The Chronicle of Higher Education, and the Oxford English Dictionary advocate use of lowercase bitcoin in all cases, a convention followed throughout this article.
The unit of account of the bitcoin system is bitcoin. Ticker symbols used to represent bitcoin are BTC and XBT. Its Unicode character is ?. Small amounts of bitcoin used as alternative units are millibitcoin (mBTC), bit (b) and satoshi (sat). Named in homage to bitcoin's creator, a satoshi is the smallest amount within bitcoin representing 0.00000001 bitcoins, one hundred millionth of a bitcoin. A bit equals 0.000001 bitcoins, one millionth of a bitcoin or 100 satoshis. A millibitcoin equals 0.001 bitcoins, one thousandth of a bitcoin or 100,000 satoshis.
On 18 August 2008, the domain name "bitcoin.org" was registered. In November that year, a link to a paper authored by Satoshi Nakamoto titled Bitcoin: A Peer-to-Peer Electronic Cash System was posted to a cryptography mailing list. Nakamoto implemented the bitcoin software as open source code and released it in January 2009 on SourceForge. The identity of Nakamoto remains unknown.
In January 2009, the bitcoin network came into existence after Satoshi Nakamoto mined the first ever block on the chain, known as the genesis block. Embedded in the coinbase of this block was the following text:
The Times 03/Jan/2009 Chancellor on brink of second bailout for banks.
This note has been interpreted as both a timestamp of the genesis date and a derisive comment on the instability caused by fractional-reserve banking.
The receiver of the first bitcoin transaction was cypherpunk Hal Finney, who created the first reusable proof-of-work system (RPOW) in 2004. Finney downloaded the bitcoin software the day it was released, and received 10 bitcoins from Nakamoto
Other early cypherpunk supporters were Wei Dai, creator of bitcoin predecessor b-money, and Nick Szabo, creator of bitcoin predecessor bit gold.
In the early days, Nakamoto is estimated to have mined 1 million bitcoins. In 2010, Nakamoto handed the network alert key and control of the Bitcoin Core code repository over to Gavin Andresen, who later became lead developer at the Bitcoin Foundation. Nakamoto subsequently disappeared from any involvement in bitcoin. Andresen stated he then sought to decentralize control, saying: "As soon as Satoshi stepped back and threw the project onto my shoulders, one of the first things I did was try to decentralize that. So, if I get hit by a bus, it would be clear that the project would go on." This left opportunity for controversy to develop over the future development path of bitcoin.
On 1 August 2017, a hard fork of bitcoin was created, known as Bitcoin Cash. Bitcoin Cash has a larger block size limit and had an identical blockchain at the time of fork. On 12 November another hard fork, Bitcoin Gold, was created. Bitcoin Gold changes the proof-of-work algorithm used in mining.
The blockchain is a public ledger that records bitcoin transactions. A novel solution accomplishes this without any trusted central authority: the maintenance of the blockchain is performed by a network of communicating nodes running bitcoin software. Transactions of the form payer X sends Y bitcoins to payee Z are broadcast to this network using readily available software applications. Network nodes can validate transactions, add them to their copy of the ledger, and then broadcast these ledger additions to other nodes. The blockchain is a distributed database – to achieve independent verification of the chain of ownership of any and every bitcoin amount, each network node stores its own copy of the blockchain. Approximately six times per hour, a new group of accepted transactions, a block, is created, added to the blockchain, and quickly published to all nodes. This allows bitcoin software to determine when a particular bitcoin amount has been spent, which is necessary in order to prevent double-spending in an environment without central oversight. Whereas a conventional ledger records the transfers of actual bills or promissory notes that exist apart from it, the blockchain is the only place that bitcoins can be said to exist in the form of unspent outputs of transactions.
Transactions are defined using a Forth-like scripting language. Transactions consist of one or more inputs and one or more outputs. When a user sends bitcoins, the user designates each address and the amount of bitcoin being sent to that address in an output. To prevent double spending, each input must refer to a previous unspent output in the blockchain. The use of multiple inputs corresponds to the use of multiple coins in a cash transaction. Since transactions can have multiple outputs, users can send bitcoins to multiple recipients in one transaction. As in a cash transaction, the sum of inputs (coins used to pay) can exceed the intended sum of payments. In such a case, an additional output is used, returning the change back to the payer. Any input satoshis not accounted for in the transaction outputs become the transaction fee.
Paying a transaction fee is optional. Miners can choose which transactions to process, and they are incentivised to prioritize those that pay higher fees.
Because the size of mined blocks is capped by the network, miners choose transactions based on the fee paid relative to their storage size, not the absolute amount of money paid as a fee. Thus, fees are generally measured in satoshis per byte, or sat/b. The size of transactions is dependent on the number of inputs used to create the transaction, and the number of outputs.
In the blockchain, bitcoins are registered to bitcoin addresses. Creating a bitcoin address is nothing more than picking a random valid private key and computing the corresponding bitcoin address. This computation can be done in a split second. But the reverse (computing the private key of a given bitcoin address) is mathematically unfeasible and so users can tell others and make public a bitcoin address without compromising its corresponding private key. Moreover, the number of valid private keys is so vast that it is extremely unlikely someone will compute a key-pair that is already in use and has funds. The vast number of valid private keys makes it unfeasible that brute force could be used for that. To be able to spend the bitcoins, the owner must know the corresponding private key and digitally sign the transaction. The network verifies the signature using the public key.
If the private key is lost, the bitcoin network will not recognize any other evidence of ownership; the coins are then unusable, and effectively lost. For example, in 2013 one user claimed to have lost 7,500 bitcoins, worth $7.5 million at the time, when he accidentally discarded a hard drive containing his private key. A backup of his key(s) would have prevented this.
Mining is a record-keeping service done through the use of computer processing power. Miners keep the blockchain consistent, complete, and unalterable by repeatedly grouping newly broadcast transactions into a block, which is then broadcast to the network and verified by recipient nodes. Each block contains a SHA-256 cryptographic hash of the previous block, thus linking it to the previous block and giving the blockchain its name.
To be accepted by the rest of the network, a new block must contain a so-called proof-of-work. The system used is based on Adam Back's 1997 anti-spam scheme, Hashcash. The PoW requires miners to find a number called a nonce, such that when the block content is hashed along with the nonce, the result is numerically smaller than the network's difficulty target. This proof is easy for any node in the network to verify, but extremely time-consuming to generate, as for a secure cryptographic hash, miners must try many different nonce values (usually the sequence of tested values is the ascending natural numbers: 0, 1, 2, 3, ... before meeting the difficulty target.
Every 2,016 blocks (approximately 14 days at roughly 10 min per block), the difficulty target is adjusted based on the network's recent performance, with the aim of keeping the average time between new blocks at ten minutes. In this way the system automatically adapts to the total amount of mining power on the network. Between 1 March 2014 and 1 March 2015, the average number of nonces miners had to try before creating a new block increased from 16.4 quintillion to 200.5 quintillion.
The proof-of-work system, alongside the chaining of blocks, makes modifications of the blockchain extremely hard, as an attacker must modify all subsequent blocks in order for the modifications of one block to be accepted. As new blocks are mined all the time, the difficulty of modifying a block increases as time passes and the number of subsequent blocks (also called confirmations of the given block) increases.
Computing power is often bundled together or "pooled" to reduce variance in miner income. Individual mining rigs often have to wait for long periods to confirm a block of transactions and receive payment. In a pool, all participating miners get paid every time a participating server solves a block. This payment depends on the amount of work an individual miner contributed to help find that block.
The successful miner finding the new block is rewarded with newly created bitcoins and transaction fees. As of 9 July 2016, the reward amounted to 12.5 newly created bitcoins per block added to the blockchain. To claim the reward, a special transaction called a coinbase is included with the processed payments. All bitcoins in existence have been created in such coinbase transactions. The bitcoin protocol specifies that the reward for adding a block will be halved every 210,000 blocks (approximately every four years). Eventually, the reward will decrease to zero, and the limit of 21 million bitcoins will be reached 2140; the record keeping will then be rewarded by transaction fees solely.
other words, bitcoin's inventor Nakamoto set a monetary policy based on artificial scarcity at bitcoin's inception that there would only ever be 21 million bitcoins in total. Their numbers are being released roughly every ten minutes and the rate at which they are generated would drop by half every four years until all were in circulation.
A wallet stores the information necessary to transact bitcoins. While wallets are often described as a place to hold or store bitcoins, due to the nature of the system, bitcoins are inseparable from the blockchain transaction ledger. A better way to describe a wallet is something that "stores the digital credentials for your bitcoin holdings" and allows one to access (and spend) them. Bitcoin uses public-key cryptography, in which two cryptographic keys, one public and one private, are generated. At its most basic, a wallet is a collection of these keys.
There are three modes which wallets can operate in. They have an inverse relationship with regards to trustlessness and computational requirements.
Third-party internet services called online wallets offer similar functionality but may be easier to use. In this case, credentials to access funds are stored with the online wallet provider rather than on the user's hardware. As a result, the user must have complete trust in the wallet provider. A malicious provider or a breach in server security may cause entrusted bitcoins to be stolen. An example of such a security breach occurred with Mt. Gox in 2011. This has led to the often-repeated meme "Not your keys, not your bitcoin".
Physical wallets store offline the credentials necessary to spend bitcoins. One notable example was a novelty coin with these credentials printed on the reverse side. Paper wallets are simply paper printouts.
Another type of wallet called a hardware wallet keeps credentials offline while facilitating transactions.
The first wallet program – simply named "Bitcoin" – was released in 2009 by Satoshi Nakamoto as open-source code. In version 0.5 the client moved from the wxWidgets user interface toolkit to Qt, and the whole bundle was referred to as "Bitcoin-Qt". After the release of version 0.9, the software bundle was renamed "Bitcoin Core" to distinguish itself from the underlying network. It is sometimes referred to as the "Satoshi client".
While a decentralized system cannot have an "official" implementation, Bitcoin Core is considered to be bitcoin's reference client. As such, it serves to define the bitcoin protocol and acts as a standard for other implementations. Today, other alternative clients (forks of Bitcoin Core) exist, such as Bitcoin XT, Bitcoin Unlimited and Parity Bitcoin.
Bitcoin was designed not to need a central authority and the bitcoin network is considered to be decentralized. However, researchers have pointed out a visible "trend towards centralization" by the means of miners joining large mining pools to minimise the variance of their income. According to researchers, other parts of the ecosystem are also "controlled by a small set of entities", notably online wallets and simplified payment verification (SPV) clients.
Because transactions on the network are confirmed by miners, decentralization of the network requires that no single miner or mining pool obtains 51% of the hashing power, which would allow them to double-spend coins, prevent certain transactions from being verified and prevent other miners from earning income. As of 2013 just six mining pools controlled 75% of overall bitcoin hashing power.
In 2014 mining pool Ghash.io obtained 51% hashing power which raised significant controversies about the safety of the network. The pool has voluntarily capped their hashing power at 39.99% and requested other pools to act responsibly for the benefit of the whole network.
Bitcoin is pseudonymous, meaning that funds are not tied to real-world entities but rather bitcoin addresses. Owners of bitcoin addresses are not explicitly identified, but all transactions on the blockchain are public. In addition, transactions can be linked to individuals and companies through "idioms of use" (e.g., transactions that spend coins from multiple inputs indicate that the inputs may have a common owner) and corroborating public transaction data with known information on owners of certain addresses. Additionally, bitcoin exchanges, where bitcoins are traded for traditional currencies, may be required by law to collect personal information.
To heighten financial privacy, a new bitcoin address can be generated for each transaction. For example, hierarchical deterministic wallets generate pseudorandom "rolling addresses" for every transaction from a single seed, while only requiring a single passphrase to be remembered to recover all corresponding private keys. Researchers at Stanford University and Concordia University have also shown that bitcoin exchanges and other entities can prove assets, liabilities, and solvency without revealing their addresses using zero-knowledge proofs. "Bulletproofs," a version of Confidential Transactions proposed by Greg Maxwell, have been tested by Professor Dan Boneh of Stanford. Other solutions such Merkelized Abstract Syntax Trees (MAST), pay-to-script-hash (P2SH) with MERKLE-BRANCH-VERIFY, and "Tail Call Execution Semantics, have also been proposed to support private smart contracts.
Wallets and similar software technically handle all bitcoins as equivalent, establishing the basic level of fungibility. Researchers have pointed out that the history of each bitcoin is registered and publicly available in the blockchain ledger, and that some users may refuse to accept bitcoins coming from controversial transactions, which would harm bitcoin's fungibility. Projects such as CryptoNote, Zerocoin, and Dark Wallet aim to address these privacy and fungibility issues.
The blocks in the blockchain were not limited originally. The block size limit of one megabyte was introduced by Satoshi Nakamoto in 2010, as an anti-spam measure. Eventually the block size limit of one megabyte created problems for transaction processing, such as increasing transaction fees and delayed processing of transactions that cannot be fit into a block.
On 24 August 2017 (at block 481,824), Segregated Witness (SegWit) went live, introducing a new transaction format where signature data is separated and known as the witness. The upgrade replaced the block size limit with a limit on a new measure called block weight, which counts non-witness data four times as much as witness data, and allows a maximum weight of 4 megabytes. Thus, per computer scientist Jochen Hoenicke, the actual block capacity depends on the ratio of SegWit transactions in the block, and on the ratio of signature data. Based on his estimate, if the ratio of SegWit transactions is 50%, the block capacity may be 1.25 megabytes. According to Hoenicke, if native SegWit addresses from Bitcoin Core version 0.16.0 are used, and SegWit adoption reaches 90 to 95%, a block size of up to 1.8 megabytes is possible.