How exactly to interpret bitcoin is a matter of controversy – as a currency, a store of value, a payment network, an asset class?
Fortunately, leaving the economic debates aside, it's pretty easy to answer what bitcoin actually is – software. Don't be fooled by stock images of shiny coins bearing modified Thai baht symbols. Bitcoin is a purely digital phenomenon, a set of protocols and processes. It is the most successful of hundreds of attempts to create virtual money through the use of cryptography (the science of making and breaking codes), though competition is heating up.
(Check out our new Bitcoin Page for real-time price quotes and news)
Bitcoin is a network that runs on a protocol known as the blockchain. A 2008 paper by a person or people calling themselves Satoshi Nakamoto first described both the blockchain and bitcoin, and for a while the two terms were all but synonymous. The blockchain has since been conceptually divorced from its first application, and thousands of blockchains have been created using similar cryptographic techniques. This history can make the nomenclature confusing. "Blockchain" sometimes refers to the original, bitcoin blockchain; other times it refers to blockchain technology in general, or to any other specific blockchain, such as the one that powers Ethereum.
The basics of blockchain technology are mercifully straightforward. Any given blockchain consists of a single chain of discrete blocks of information, arranged chronologically. In principle this information can be any string of 1s and 0s – emails, contracts, land titles, marriage certificates, bond trades – and this versatility has caught the eye of governments and private corporations. In bitcoin's case, though, the information is mostly transactions.
Bitcoin is really just a list. Person A sent X bitcoin to person B, who sent Y bitcoin to person C, etc. By tallying these transactions up, everyone knows where individual users stand. Another name for a blockchain is a "distributed ledger," which emphasizes the key difference between this technology and a well-kept Word doc. Bitcoin's blockchain is public. Anyone can download it in its entirety or head to any number of sites that parse it. You can see, for example, that 15N3yGu3UFHeyUNdzQ5sS3aRFRzu5Ae7EZ sent 0.01718427 bitcoin to 1JHG2qjdk5Khiq7X5xQrr1wfigepJEK3t on August 14, 2017, between 11:10 and 11:20 a.m. If you were law enforcement or otherwise very sophisticated, you could probably figure out who controlled these addresses (the long strings of numbers and letters). Bitcoin's network is not totally anonymous, in other words, though taking certain precautions can make it very hard to link individuals to transactions.
How to Buy Bitcoin
Despite being absolutely public – or rather because of it – bitcoin is extremely difficult to tamper with. It has no physical presence, so you can't protect your bitcoin by locking it in a safe or burying it in the Canadian wilderness. In theory, all a thief would need to do to take it from you would be to add a line to the ledger, you paid me everything you have. A related worry is double spending. If a bad actor could spend some bitcoin, then spend it again, confidence in the currency's value would quickly evaporate.
To prevent either from happening, you need trust. In this case, the accustomed solution would be to transact through a central, neutral arbiter. A bank. Bitcoin has made that unnecessary, however. (It is probably not a coincidence Satoshi's original description was published in October 2008, when trust in banks was at a multigenerational low.) Rather than having a reliable authority keep the ledger and preside over the network, the bitcoin network is decentralized – everyone keeps an eye on everyone else. No one needs to know or trust anyone; assuming everything is working as intended, the cryptographic protocols ensure that each block of transactions is bolted onto the last in a long, immutable chain.
The process that maintains this trustless, public ledger is known as mining. Undergirding the network of bitcoin users, who trade the cryptocurrency among themselves, is a network of miners, who record these transactions on the blockchain.
Recording a string of transactions is trivial for a modern computer, but mining is difficult, because bitcoin's software makes the process artificially time consuming. Without the added difficulty, someone could spoof a transaction to enrich themselves or bankrupt someone else. They could log it in the blockchain and pile so many trivial transactions on top of it that untangling the fraud would become impossible. By the same token, it would be easy to insert fraudulent transactions into past blocks. The network would become a sprawling, spammy mess of competing ledgers, and bitcoin would be worthless.
Combining "proof of work" with other cryptographic techniques was Satoshi's breakthrough. Bitcoin's software adjusts the difficulty miners face in order to limit the network to one new, 1-megabyte block of transactions every 10 minutes. That way the volume of transactions is digestible. The network has time to vet the new block and the ledger that precedes it, and everyone can reach a consensus about the status quo. In there is a "fork" – the chain splits into divergent versions – the longest chain is considered the most valid, since the most work has gone into it.
Here is a slightly more technical description of how mining works. The network of miners, who are scattered across the globe and not bound to each other by personal or professional ties, receives the latest batch of transaction data. They run the data through a cryptographic algorithm that generates a "hash," a string of numbers and letters that serves to verify the information's validity, but does not reveal the information itself. (In reality this ideal vision of decentralized mining is no longer accurate, with industrial-scale mining farms and powerful mining pools forming an oligopoly – more on that below.)
Given the hash 000000000000000000c2c4d562265f272bd55d64f1a7c22ffeb66e15e826ca30, you cannot know what transactions the relevant block (#480504) contains. You can, however, take a bunch of data purporting to be block #480504 and make sure that it has not been tampered with. If one number were out of place, no matter how insignificant, the data would generate a totally different hash. If you run the declaration of independence through a hash calculator, you get 839f561caa4b466c84e2b4809afe116c76a465ce5da68c3370f5c36bd3f67350. Delete the period after "submitted to a candid world," and you get 800790e4fd445ca4c5e3092f9884cdcd4cf536f735ca958b93f60f82f23f97c4. Which is more than a little different.
This technology allows the bitcoin network to instantly check the validity of a block. It would be incredibly time consuming to comb through the entire ledger to make sure that the person mining the most recent batch of transactions hasn't tried anything funny. Instead the previous block's hash appears within the new block. If the minutest detail had been altered in the previous block, that hash would change. Even if the alteration was 20,000 blocks back in the chain, that block's hash would set off a cascade of new hashes and tip off the network.
Generating a hash is not really work, though. The process is so quick and easy that bad actors could still spam the network and perhaps, given enough computing power, pass off fraudulent transactions a few blocks back in the chain. So the bitcoin protocol requires proof of work. (See also, How Does Bitcoin Mining Work?)
It does so by throwing miners a curve ball – their hash must be below a certain target. That's why block #480504's hash starts with a long string of zeroes – it's tiny. Since every string of data will generate one and only one hash, the quest for a sufficiently small one involves adding nonces ("numbers used once") to the end of the data. So a miner will run [thedata]. The hash is too big, try again. [thedata]1. Too big. [thedata]2. Finally, [thedata]93452 yields a hash beginning with the requisite number of zeroes. The mined block will be broadcast to the network to receive confirmations, which take another hour or so – though occasionally much longer – to process. (Again, this description is simplified. Blocks are not hashed in their entirety, but broken up into more efficient structures called Merkle trees.)
Depending on the kind of traffic the network is receiving, bitcoin's protocol will require a longer or shorter string of zeroes, adjusting the difficulty to hit a rate of one new block every 10 minutes. Current difficulty is around 2.603 trillion, up from 1 in 2009.
Mining is intensive, requiring big, expensive rigs and a lot of electricity to power them. And it's competitive – there's no telling what nonce will work, so the goal is to plow through them as quickly as possible. Miners have begun to form pools, divvying the rewards up among themselves. And the rewards are juicy. Every time a new block is mined, the successful miner receives a bunch of newly created bitcoin – at first it was 50, then it halved to 25, now it is 12.5 ($107,500 at the time of writing). The reward will continue to halve every 210,000 blocks – around four years – until it hits zero, at which point all 21 million bitcoin will have been mined, and miners will depend solely on fees to maintain the network.
That miners have begun to organize themselves into pools worries some. If a pool exceeds 50% of the network's mining power, its members could potentially spend coins, reverse the transactions, and spend them again. They could also block others' transactions. That could spell the end of bitcoin, but even a so-called 51% attack would probably not enable the bad actors to reverse old transactions, because the proof of work requirement makes that process so labor intensive. To go back and alter the blockchain at leisure (a time-consuming process under any circumstances), a pool would need to control such a large majority of the network that it would probably be pointless. When you control the whole currency, who is there to trade with?
A 51% attack is a financially suicidal proposition, from miners' perspective. When Ghash.io, a mining pool, reached half of the network's computing power in 2014, it voluntarily broke itself up in order to maintain confidence in bitcoin's value. Other actors, such as governments, might find such an attack interesting, though.
Another source of concern related to miners is the practical tendency to concentrate in parts of the world where electricity is cheap, such as China – or increasingly, following a Chinese crackdown in early 2018, Quebec.
Keys and Wallets
Bitcoin ownership boils down to two numbers, a public key and a private key. A rough analogy is a username (public key) and a password (private key). A hash of the public key, called an address, is the one displayed on the blockchain (using the hash provides an extra layer of security). For you to receive bitcoin, it's enough for the sender to know your address. The public key is derived from the private key, which you need to send bitcoin to another address. IThe system makes it easy for you to receive money, but requires you to verify your identity to send it.
To access bitcoin, you use a wallet, which is a set of keys. These can take different forms, from third-party web applications offering insurance and debit cards, to QR codes printed on pieces of paper. The most important distinction is between "hot" wallets, which are connected to the internet and therefore vulnerable to hacking, and "cold" wallets, which are not connected to the internet.
Many users opt to use exchanges such as Coinbase, putting the exchange in control of the private keys.