mirror of
https://github.com/bitcoinbook/bitcoinbook
synced 2025-04-17 23:59:09 +00:00
534 lines
34 KiB
Plaintext
534 lines
34 KiB
Plaintext
[[ch02_bitcoin_overview]]
|
||
== Come funziona Bitcoin
|
||
|
||
Bitcoin, a differenza dei tradizionali sistemi bancari e di pagamento, non richiede di riporre fiducia in terze parti. Invece di dover fare affidamento su un’autorità centrale affidabile, con Bitcoin ogni utente può utilizzare un software in esecuzione sul proprio computer per verificare il corretto funzionamento di ogni aspetto del sistema. In questo capitolo esamineremo Bitcoin da un punto di vista generale, seguendo una transazione nel sistema e osservando come viene registrata sulla blockchain, il registro distribuito di tutte le transazioni. Nei capitoli successivi approfondiremo la tecnologia alla base delle transazioni, della rete e((("Bitcoin", "operational overview", id="bitcoin-operational-overview-ch2")))((("blockchain explorers", id="blockchain-explorers"))) del mining.
|
||
|
||
|
||
=== Panoramica di Bitcoin
|
||
|
||
++++
|
||
<p class="fix_tracking">
|
||
Il sistema Bitcoin è composto da utenti dotati di wallet contenenti chiavi, da transazioni che vengono distribuite attraverso la rete e da miner che producono (attraverso un calcolo competitivo) la blockchain di consenso, che rappresenta il registro ufficiale di tutte le transazioni.
|
||
</p>
|
||
|
||
<p class="fix_tracking2">
|
||
Ogni esempio in questo capitolo si basa su una transazione reale effettuata sulla rete Bitcoin, simulando le interazioni tra diversi utenti inviando fondi da un wallet all'altro. Durante il tracciamento di una transazione nella rete Bitcoin sulla blockchain, utilizzeremo un blockchain explorer per visualizzare ogni fase. Un blockchain explorer è un'applicazione web che funziona come un motore di ricerca per Bitcoin, consentendo di cercare indirizzi, transazioni e blocchi, e di osservare le relazioni e i flussi tra di essi.
|
||
</p>
|
||
++++
|
||
|
||
Tra i blockchain explorer più popolari ci sono:
|
||
* https://blockstream.info[Blockstream Explorer]
|
||
* https://mempool.space[Mempool.Space]
|
||
* https://live.blockcypher.com[BlockCypher Explorer]
|
||
|
||
Ognuno di questi strumenti dispone di una funzione di ricerca che consente di inserire un indirizzo Bitcoin, un hash di transazione, un numero di blocco o un hash di blocco per recuperare le informazioni corrispondenti dalla rete Bitcoin. Per ogni esempio di transazione o blocco, forniremo un URL che ti permetterà di visualizzarlo direttamente e studiarlo dettagliatamente.
|
||
|
||
[[block-explorer-privacy]]
|
||
.Block Explorer Privacy Warning
|
||
[WARNING]
|
||
====
|
||
Searching information((("privacy", "blockchain explorers"))) on a block explorer may disclose to its operator
|
||
that you're interested in that information, allowing them to associate
|
||
it with your IP address, browser details, past searches, or other
|
||
identifiable information. If you look up the transactions in this book,
|
||
the operator of the block explorer might guess that you're learning
|
||
about Bitcoin, which shouldn't be a problem. But if you look up your
|
||
own transactions, the operator may be able to guess how many bitcoins
|
||
you've received, spent, and ((("Bitcoin", "operational overview", startref="bitcoin-operational-overview-ch2")))((("blockchain explorers", startref="blockchain-explorers")))currently own.
|
||
====
|
||
|
||
[[spending_bitcoin]]
|
||
=== Comprare da un negozio online
|
||
Alice, (((("transactions", "spending bitcoins", id="transaction-spend")))) (((("bitcoins", "spending", id="bitcoin-spend")))) (((("spending bitcoins", id="spend-bitcoin"))))introdotta nel capitolo precedente, è una nuova utente che ha appena acquistato i suoi primi bitcoin. In <<Comprare_i_tuoi_primi_Bitcoin>>, Alice ha incontrato il suo amico Joe per scambiare del denaro contante con bitcoin. Da allora, ha acquistato altri bitcoin. Ora è pronta a effettuare la sua prima transazione di spesa, acquistando l’accesso a un episodio premium di un podcast dal negozio online di Bob.
|
||
|
||
Il negozio online di Bob ha recentemente iniziato ad accettare pagamenti in bitcoin, aggiungendo questa opzione al proprio sito web. I prezzi nell'e-commerce di Bob sono indicati nella valuta locale (dollari statunitensi), ma al momento del pagamento i clienti possono scegliere se pagare in dollari o in bitcoin.
|
||
|
||
Alice trova l'episodio del podcast che vuole acquistare e procede alla pagina di pagamento. Qui le viene offerta la possibilità di pagare con bitcoin, oltre alle opzioni tradizionali. Il carrello mostra il prezzo sia in dollari sia in bitcoin (BTC), calcolato in base al tasso di cambio corrente di Bitcoin.
|
||
|
||
Il sistema di pagamento dell'e-commerce di Bob genera automaticamente un codice QR (((("invoices")))) (((("QR codes")))) contenente un _ordine di pagamento_ (<<invoice-QR>>).
|
||
|
||
////
|
||
TODO: Replace QR code with test-BTC address
|
||
////
|
||
|
||
[[invoice-QR]]
|
||
.Codice QR di un ordine di pagamento.
|
||
image::images/mbc3_0201.png["payment-request"]
|
||
|
||
A differenza di un codice QR che contiene semplicemente un indirizzo Bitcoin di destinazione, questo ordine di pagamento è un URI codificato in QR che include un indirizzo di destinazione, un importo di pagamento e una descrizione.
|
||
Questo permette all'applicazione del wallet Bitcoin di precompilare le informazioni necessarie per inviare il pagamento, mostrando contemporaneamente una descrizione leggibile dall'utente. Puoi scansionare il codice QR con un'applicazione wallet Bitcoin per vedere ciò che vedrebbe Alice:
|
||
|
||
|
||
[[invoice-URI]]
|
||
.Il codice QR dell'ordine di pagamento codifica il seguente URI, definito in BIP21:
|
||
----
|
||
bitcoin:bc1qk2g6u8p4qm2s2lh3gts5cpt2mrv5skcuu7u3e4?amount=0.01577764&
|
||
label=Bob%27s%20Store&
|
||
message=Purchase%20at%20Bob%27s%20Store
|
||
|
||
Components of the URI
|
||
|
||
A Bitcoin address: "bc1qk2g6u8p4qm2s2lh3gts5cpt2mrv5skcuu7u3e4"
|
||
The payment amount: "0.01577764"
|
||
A label for the recipient address: "Bob's Store"
|
||
A description for the payment: "Purchase at Bob's Store"
|
||
----
|
||
|
||
[TIP]
|
||
====
|
||
Try to scan this with your wallet to see
|
||
the address and amount but DO NOT SEND MONEY.
|
||
====
|
||
|
||
Alice usa il suo smartphone per scansionare il codice a barre visualizzato. Sullo schermo del suo smartphone compare un ordine di pagamento per l'importo corretto destinato a +Bob's Store+ e lei seleziona Invia per autorizzarlo.
|
||
Nel giro di pochi secondi (più o meno lo stesso tempo necessario per l'autorizzazione di una carta di credito), Bob vede la transazione registrata nel sistema.
|
||
|
||
[NOTE]
|
||
====
|
||
The
|
||
Bitcoin network((("bitcoins", "fractional values")))((("fractional values of bitcoins")))((("satoshis")))((("millibitcoins"))) can transact in fractional values, e.g., from
|
||
millibitcoin (1/1000th of a bitcoin) down to 1/100,000,000th of a
|
||
bitcoin, which is known as a satoshi. This book uses the same
|
||
pluralization rules used for dollars and other traditional currencies
|
||
when talking about amounts greater than one bitcoin and when using
|
||
decimal notation, such as "10 bitcoins" or "0.001 bitcoins." The same
|
||
rules also apply to other bitcoin bookkeeping units, such as
|
||
millibitcoins and satoshis.
|
||
====
|
||
|
||
Si può usare un blockchain explorer per esaminare i dati presenti sulla blockcahin, come la((("transactions", "spending bitcoins", startref="transaction-spend")))((("bitcoins", "spending", startref="bitcoin-spend")))((("spending bitcoins", startref="spend-bitcoin"))) https://oreil.ly/hAeyh[transazione] effettuata da Alice.
|
||
|
||
Nei capitoli seguenti, esamineremo questa transazione più nel dettaglio. Vedremo come il wallet di Alice l'ha costruita, come è stata distribuita attraverso la rete, come è stata verificata e, infine, come Bob può spendere quell'importo in transazioni successive.
|
||
|
||
=== Transazioni Bitcoin
|
||
Una transazione(((("transactions", "defined")))((("bitcoins", "transactions", see="transactions")))) comunica alla rete che il proprietario di determinati bitcoin ha autorizzato il trasferimento di quel valore a un altro proprietario. Il nuovo proprietario può ora spendere i bitcoin creando un'altra transazione che autorizza il trasferimento a un altro destinatario, e così via, in una catena di proprietà.
|
||
|
||
==== Input e Output di una Transazione
|
||
|
||
Le transazioni((("transactions", "inputs", id="transaction-input-ch2")))((("transactions", "outputs", id="transaction-output-ch2")))((("inputs", id="input")))((("outputs", id="output"))) possono essere immaginate come delle righe in un registro contabile a partita doppia. Ogni transazione è composta da due parti principali: gli _input_ e gli _output_. Gli input rappresentano i fondi che qualcuno possiede e che intende spendere; in pratica, indicano da dove provengono i soldi utilizzati nella transazione. Gli output, invece, sono i destinatari dei fondi, ovvero coloro che riceveranno i soldi inviati. Di solito, la somma totale degli output è leggermente inferiore alla somma degli input, e questa differenza rappresenta una _commissione_ di transazione implicita(("transaction fees")), cioè un piccolo importo incassato dal miner che include la transazione nella blockchain. Una transazione Bitcoin è rappresentata come una voce del registro contabile nella figura <<partita_doppia_della_transazione>>
|
||
|
||
La transazione contiene anche una prova di proprietà per ciascuna quantità di bitcoin (input) che viene spesa. Questa prova è rappresentata da una firma digitale del proprietario, che chiunque può verificare autonomamente. Nel sistema Bitcoin, spendere significa firmare una transazione che trasferisce valore da una transazione precedente a un nuovo proprietario, identificato da un indirizzo Bitcoin.
|
||
|
||
|
||
[[partita_doppia_della_transazione]]
|
||
.Transaction as double-entry bookkeeping.
|
||
image::images/mbc3_0202.png["Transaction Double-Entry"]
|
||
|
||
==== Catene di Transazioni
|
||
|
||
Il pagamento di Alice al negozio di Bob utilizza come input l'output di una precedente transazione((("transaction chains", id="transaction-chains"))). Nel capitolo precedente, Alice aveva ricevuto dei bitcoin dal suo amico Joe in cambio di contanti. Abbiamo etichettato quella transazione come _Transazione 1_ (Tx1) in <<transaction-chain>>.
|
||
|
||
La transazione Tx1 ha inviato 0,001 bitcoin (100.000 satoshi) verso un output bloccato dalla chiave di Alice. La nuova transazione che Alice invia al negozio di Bob (Tx2) usa proprio quell'output precedente come input. Nell'immagine, questa relazione è mostrata usando una freccia e indicando l'input come "Tx1:0". In una transazione reale, questo riferimento sarebbe l'identificatore della transazione (txid), un valore di 32 byte che identifica la transazione con cui Alice ha ricevuto il denaro da Joe. L'indicazione ":0" indica la posizione precisa dell'output in cui Alice ha ricevuto i bitcoin: in questo caso, si tratta del primo output, che occupa la posizione 0.
|
||
|
||
Come mostrato, nelle transazioni reali di Bitcoin non viene incluso esplicitamente il valore dell'input. Per conoscere questo valore, il software deve utilizzare il riferimento presente nell'input per risalire all'output della transazione precedente che si sta spendendo.
|
||
|
||
La Tx2 di Alice contiene due nuovi output: uno paga 75.000 satoshi per il podcast e l’altro restituisce 20.000 satoshi ad Alice come resto.
|
||
|
||
|
||
////
|
||
@startditaa
|
||
Transaction 1 Tx2 Tx3
|
||
Inputs Outputs In Out In Out
|
||
+-------+---------+ +-------+--------+ +-------+--------+
|
||
| | | | | cDDD | | | |
|
||
<--+ Tx0꞉0 | 100,000 |<--+ Tx1꞉0 | 20,000 | +-+ Tx2꞉1 | 67,000 |
|
||
| | | | | | | | | |
|
||
+-------+---------+ +-------+--------+ | +-------+--------+
|
||
| | cDDD | | | | | | | |
|
||
| | 500,000 | | | 75,000 |<-+ | | |
|
||
| | | | | | | | |
|
||
+-------+---------+ +-------+--------+ +-------+--------+
|
||
Fee꞉ (unknown) Fee꞉ 5,000 Fee꞉ 8,000
|
||
@enddittaa
|
||
////
|
||
|
||
[[transaction-chain]]
|
||
.Una catena di transazioni, in cui l’output di una transazione diventa l’input di quella successiva.
|
||
image::images/mbc3_0203.png["Transaction chain"]
|
||
|
||
[TIP]
|
||
====
|
||
Serialized Bitcoin transactions--the data format that software uses for
|
||
sending transactions--encodes the value to transfer using an integer
|
||
of the smallest defined onchain unit of value. When Bitcoin was first
|
||
created, this unit didn't have a name and some developers simply called
|
||
it the _base unit._ Later many users began calling this unit a
|
||
_satoshi_ (sat) in honor of Bitcoin's creator. In <<transaction-chain>>
|
||
and some other illustrations in this book, we use satoshi values because
|
||
that's what the protocol itself ((("satoshis")))uses.
|
||
====
|
||
|
||
==== Making Change
|
||
|
||
Oltre a uno o più output((("transactions", "change output", id="transaction-change-output")))((("change output", id="change-output")))((("outputs", "change output", id="output-change"))) che pagano il destinatario dei bitcoin, molte transazioni includono anche un output che restituisce bitcoin a chi effettua il pagamento: questo si chiama output di _resto_ (change output).
|
||
|
||
Ciò avviene perché gli input delle transazioni, proprio come le banconote, non possono essere spesi parzialmente. Se in un negozio compri un oggetto da 5 dollari, ma usi una banconota da 20 dollari per pagarlo, ti aspetti di ricevere 15 dollari di resto. Lo stesso concetto si applica agli input delle transazioni Bitcoin. Se acquistassi qualcosa al costo di 5 bitcoin ma avessi a disposizione soltanto un input da 20 bitcoin, invieresti un output da 5 bitcoin al venditore e un output da 15 bitcoin di resto a te stesso (senza contare la commissione della transazione).
|
||
Le transazioni((("transactions", "inputs", id="transaction-input-ch2")))((("transactions", "outputs", id="transaction-output-ch2")))((("inputs", id="input")))((("outputs", id="output"))) possono essere immaginate come delle righe in un registro contabile a partita doppia. Ogni transazione è composta da due parti principali: gli *input* e gli *output*. Gli *input* rappresentano i fondi che qualcuno possiede e che intende spendere; in pratica, indicano da dove provengono i soldi utilizzati nella transazione. Gli *output*, invece, sono i destinatari dei fondi, ovvero coloro che riceveranno i soldi inviati. Di solito, la somma totale degli output è leggermente inferiore alla somma degli input, e questa differenza rappresenta una *commissione di transazione* implicita(("transaction fees")), cioè un piccolo importo incassato dal miner che include la transazione nella blockchain. Una transazione Bitcoin è rappresentata come una voce del registro contabile nella figura <<transaction-double-entry>>.
|
||
|
||
Nel protocollo Bitcoin, non c’è alcuna differenza tra un output di resto (e l’indirizzo a cui viene inviato, definito _indirizzo di resto_, o change address) e un output di pagamento.
|
||
|
||
È importante sottolineare che l’indirizzo di resto (change address) non deve necessariamente coincidere con l’indirizzo di input e, per motivi di privacy, spesso corrisponde a un nuovo indirizzo generato dal wallet del proprietario. In circostanze ideali, i due diversi utilizzi degli output ricorrono entrambi a indirizzi mai visti prima e appaiono identici, impedendo così a terze parti di stabilire quali output siano di resto e quali di pagamento. Tuttavia, a scopo illustrativo, abbiamo aggiunto un’ombreggiatura agli output di resto in <<transaction-chain>>.
|
||
|
||
Not every transaction has a change output. Those that don't are ((("changeless transactions")))((("transactions", "changeless")))called
|
||
_changeless transactions_, and they can have only a single output.
|
||
Changeless transactions are only a practical option if the amount being
|
||
spent is roughly the same as the amount available in the transaction
|
||
inputs minus the anticipated transaction fee. In <<transaction-chain>>,
|
||
we see Bob creating Tx3 as a changeless transaction that spends the
|
||
output he received in Tx2.
|
||
|
||
==== Coin Selection
|
||
|
||
Different wallets((("transactions", "coin selection")))((("coin selection in transactions")))((("selecting", "coins in transactions"))) use different strategies when choosing which
|
||
inputs to use in a payment, called _coin selection_.
|
||
|
||
They might aggregate many small
|
||
inputs, or use one that is equal to or larger than the desired payment.
|
||
Unless the wallet can aggregate inputs in such a way to exactly match
|
||
the desired payment plus transaction fees, the wallet will need to
|
||
generate some change. This is very similar to how people handle cash. If
|
||
you always use the largest bill in your pocket, you will end up with a
|
||
pocket full of loose change. If you only use the loose change, you'll
|
||
often have only big bills. People subconsciously find a balance between
|
||
these two extremes, and Bitcoin wallet developers strive to program this
|
||
balance.
|
||
|
||
==== Common Transaction Forms
|
||
|
||
A very ((("transactions", "common types", id="transaction-common-ch2")))common form of transaction is a simple payment. This type of
|
||
transaction has one input and two outputs and is shown in
|
||
<<transaction-common>>.
|
||
|
||
[[transaction-common]]
|
||
.Most common transaction.
|
||
image::images/mbc3_0204.png["Common Transaction"]
|
||
|
||
Another common form of transaction ((("consolidation transactions")))is a _consolidation transaction_, which spends several inputs
|
||
into a single output (<<transaction-consolidating>>). This represents
|
||
the real-world equivalent of exchanging a pile of coins and currency
|
||
notes for a single larger note. Transactions like these are sometimes
|
||
generated by wallets and businesses to clean up lots of smaller amounts.
|
||
|
||
[[transaction-consolidating]]
|
||
.Consolidation transaction aggregating funds.
|
||
image::images/mbc3_0205.png["Aggregating Transaction"]
|
||
|
||
Finally, another transaction form that is seen often on the
|
||
blockchain ((("payment batching")))is _payment batching_, which pays to multiple outputs
|
||
representing multiple recipients (<<transaction-distributing>>).
|
||
This type of transaction is sometimes used by commercial entities to
|
||
distribute funds, such as when processing payroll payments to multiple employees.
|
||
|
||
[[transaction-distributing]]
|
||
.Batch transaction distributing funds.
|
||
image::images/mbc3_0206.png["Distributing Transaction"]
|
||
|
||
=== Constructing a Transaction
|
||
|
||
Alice's wallet((("transactions", "constructing", id="transaction-construct"))) application contains all
|
||
the logic for selecting inputs and generating outputs to build a
|
||
transaction to Alice's specification. Alice only needs to choose a
|
||
destination, amount, and transaction fee, and the rest happens in the wallet
|
||
application without her seeing the details. Importantly, if a wallet
|
||
already knows what inputs it controls, it can construct transactions
|
||
even if it is completely offline.
|
||
Like writing a check at home and later sending it to the bank in an
|
||
envelope, the transaction does not need to be constructed and signed
|
||
while connected to the Bitcoin network.
|
||
|
||
==== Getting the Right Inputs
|
||
|
||
Alice's wallet
|
||
application ((("inputs", "constructing transactions")))will first have to find inputs that can pay the amount she
|
||
wants to send to Bob. Most wallets keep track of all the available
|
||
outputs belonging to addresses in the wallet. Therefore, Alice's wallet
|
||
would contain a copy of the transaction output from Joe's transaction,
|
||
which was created in exchange for cash (see <<getting_first_bitcoin>>).
|
||
A Bitcoin wallet application that runs on a full node actually
|
||
contains a copy of every confirmed transaction's ((("UTXOs (unspent transaction outputs)")))unspent outputs, called
|
||
_unspent transaction outputs_ (UTXOs).
|
||
However, because full nodes use more resources, many
|
||
user wallets run lightweight clients that track only the user's own
|
||
UTXOs.
|
||
|
||
In this case, this single
|
||
UTXO is sufficient to pay for the podcast. Had this not been the case,
|
||
Alice's wallet application might have to combine several
|
||
smaller UTXOs, like picking coins from a purse, until it could
|
||
find enough to pay for the podcast. In both cases, there might be a need
|
||
to get some change back, which we will see in the next section, as the
|
||
wallet application creates the transaction outputs (payments).
|
||
|
||
|
||
==== Creating the Outputs
|
||
|
||
A transaction output((("outputs", "constructing transactions"))) is
|
||
created with a
|
||
script that says something like, "This output is paid to whoever can
|
||
present a signature from the key corresponding to Bob's public address."
|
||
Because only Bob has the wallet with the keys corresponding to that
|
||
address, only Bob's wallet can present such a signature to later spend this
|
||
output. Alice will therefore _encumber_ the output value with a demand
|
||
for a signature from Bob.
|
||
|
||
This transaction will also include a second output ((("change output")))because Alice's
|
||
funds contain more money than the cost of the
|
||
podcast. Alice's change
|
||
output is created in the very same
|
||
transaction as the payment to Bob. Essentially, Alice's wallet breaks
|
||
her funds into two outputs: one to Bob and one back to herself. She can
|
||
then spend the change output in a subsequent transaction.
|
||
|
||
Finally, for the transaction to be processed by the network in a((("transaction fees"))) timely
|
||
fashion, Alice's wallet application will add a small fee. The fee is not
|
||
explicitly stated in the transaction; it is implied by the difference in value between
|
||
inputs and outputs. This transaction fee is collected by the
|
||
miner as a fee for including the transaction in a block
|
||
that gets recorded on the blockchain.
|
||
|
||
[[transaction-alice-url]]
|
||
[TIP]
|
||
====
|
||
View the https://oreil.ly/GwBq1[transaction from Alice to Bob's Store].
|
||
====
|
||
|
||
==== Adding the Transaction to the Blockchain
|
||
|
||
The ((("transactions", "adding to blockchain", id="transaction-add-blockchain")))((("blockchain", "adding transactions to", id="blockchain-add-transaction")))transaction created by Alice's wallet application
|
||
contains everything necessary to confirm ownership of the funds and
|
||
assign new owners. Now, the transaction must be transmitted to the
|
||
Bitcoin network where it will become part of the blockchain. In the next
|
||
section we will see how a transaction becomes part of a new block and
|
||
how the block is mined. Finally, we will see how the new block, once
|
||
added to the blockchain, is increasingly trusted by the network as more
|
||
blocks are added.
|
||
|
||
===== Transmitting the transaction
|
||
|
||
Because the transaction contains all
|
||
the information necessary for it to be processed, it does not matter how or where it
|
||
is transmitted to the Bitcoin network. The Bitcoin network is a
|
||
peer-to-peer network, with each Bitcoin peer participating by
|
||
connecting to several other Bitcoin peers. The purpose of the Bitcoin
|
||
network is to propagate transactions and blocks to all participants.
|
||
|
||
===== How it propagates
|
||
|
||
|
||
Peers in ((("Bitcoin", "as peer-to-peer network", secondary-sortas="peer-to-peer network")))((("peer-to-peer networks, Bitcoin as")))the Bitcoin peer-to-peer network are programs that have both
|
||
the software logic and the data necessary for them to fully verify the
|
||
correctness of a new transaction. The connections between peers are
|
||
often visualized as edges (lines) in a graph, with the peers themselves
|
||
being the nodes (dots). For that reason, Bitcoin peers are commonly
|
||
called "full verification nodes," ((("full nodes")))or _full nodes_ for short.
|
||
|
||
Alice's wallet application can send the new
|
||
transaction to any Bitcoin node over any type of
|
||
connection: wired, WiFi, mobile, etc. It can also send the transaction
|
||
to another program (such as a block explorer) that will relay it to a
|
||
node. Her Bitcoin wallet does not have
|
||
to be connected to Bob's Bitcoin wallet directly and she does not have
|
||
to use the internet connection offered by Bob, though both those
|
||
options are possible too. Any Bitcoin node that receives a
|
||
valid transaction it has not seen before will forward it to
|
||
all other nodes to which it is connected, a propagation technique known
|
||
((("gossiping")))as _gossiping_. Thus, the transaction rapidly propagates out across the
|
||
peer-to-peer network, reaching a large percentage of the nodes within a
|
||
few seconds.
|
||
|
||
===== Bob's view
|
||
|
||
If Bob's Bitcoin wallet application is directly connected to Alice's
|
||
wallet application, Bob's wallet application might be the first to
|
||
receive the transaction. However, even if Alice's wallet sends the
|
||
transaction through other nodes, it will reach Bob's wallet within a few
|
||
seconds. Bob's wallet will immediately identify Alice's transaction as
|
||
an incoming payment because it contains an output redeemable by Bob's
|
||
keys. Bob's wallet application can also independently verify that the
|
||
transaction is well formed. If Bob is using his own full node, his
|
||
wallet can further verify Alice's transaction only spends((("transactions", "constructing", startref="transaction-construct")))((("transactions", "adding to blockchain", startref="transaction-add-blockchain")))((("blockchain", "adding transactions to", startref="blockchain-add-transaction"))) valid UTXOs.
|
||
|
||
=== Bitcoin Mining
|
||
|
||
Alice's transaction((("mining", "operational overview", id="mining-operational-overview"))) is now propagated on the Bitcoin
|
||
network. It does not become part of the _blockchain_ until it is
|
||
included in a block by a process called _mining_ and that block has been
|
||
validated by full nodes. See
|
||
<<mining>> for a detailed explanation.
|
||
|
||
Bitcoin's system of counterfeit protection is based on computation.
|
||
Transactions are bundled((("transactions", "in blocks", secondary-sortas="blocks")))((("blocks"))) into _blocks_. Blocks have a very small header
|
||
that must be formed in a very specific way, requiring an enormous
|
||
amount of computation to get right--but only a small amount of
|
||
computation to verify as correct.
|
||
The mining process serves two purposes in Bitcoin:
|
||
|
||
[role="less_space pagebreak-before"]
|
||
* Miners can only
|
||
receive honest income from creating blocks that follow all of((("consensus rules"))) Bitcoin's
|
||
_consensus rules_. Therefore, miners are normally incentivized to
|
||
only include valid transactions in their blocks and the blocks they
|
||
build upon. This allows users to optionally make a trust-based
|
||
assumption that any transaction in a block is a valid transaction.
|
||
|
||
* Mining currently creates new bitcoins in each block, almost like a central bank
|
||
printing new money. The amount of bitcoin created per block is limited
|
||
and diminishes with time, following a fixed issuance schedule.
|
||
|
||
|
||
Mining achieves a fine balance between cost and reward. Mining uses
|
||
electricity to solve a computational problem. A successful miner will
|
||
collect ((("rewards")))a _reward_ in the form of new bitcoins and transaction fees.
|
||
However, the reward will only be collected if the miner has only
|
||
included valid transactions, with the Bitcoin protocol's rules for
|
||
_consensus_ determining what is valid. This delicate balance provides
|
||
security for Bitcoin without a central authority.
|
||
|
||
Mining is designed to be a decentralized lottery. Each miner can create
|
||
their own lottery ticket by creating ((("candidate blocks")))a _candidate block_ that includes
|
||
the new transactions they want to mine plus some additional data fields.
|
||
The miner inputs their candidate into a specially designed algorithm that
|
||
scrambles((("hash functions"))) (or "hashes") the data, producing output that looks nothing
|
||
like the input data. This _hash_ function will always produce the same
|
||
output for the same input--but nobody can predict what the output will
|
||
look like for a new input, even if it is only slightly different from a
|
||
previous input. If the output of the hash function matches a template
|
||
determined by the Bitcoin protocol, the miner wins the lottery and
|
||
Bitcoin users will accept the block with its transactions as a
|
||
valid block. If the output doesn't match the template, the miner makes
|
||
a small change to their candidate block and tries again. As of this
|
||
writing, the number of candidate blocks miners need to try before finding
|
||
a winning combination is about 168 billion trillion. That's also how
|
||
many times the hash function needs to be run.
|
||
|
||
However, once a winning combination has been found, anyone can verify
|
||
the block is valid by running the hash function just once. That makes a
|
||
valid block something that requires an incredible amount of work to
|
||
create but only a trivial amount of work to verify. The simple
|
||
verification process is able to probabalistically prove the work was
|
||
done, so the data necessary to generate that proof--in this case, the
|
||
block--is called((("proof-of-work algorithm"))) _proof of work (PoW)_.
|
||
|
||
Transactions are added to the new block, prioritized by the highest fee rate
|
||
transactions first and a few other criteria. Each miner starts the
|
||
process of mining a new candidate block of transactions as soon as they receive the
|
||
previous block from the network, knowing that some other miner won that
|
||
iteration of the lottery. They immediately create a new candidate block
|
||
with a commitment to the previous block, fill it with transactions, and start
|
||
calculating the PoW for the candidate block. Each miner includes a
|
||
special transaction in their candidate blocks, one that pays their own Bitcoin address
|
||
the block reward plus the sum of
|
||
transaction fees from all the transactions included in the candidate block. If they
|
||
find a solution that makes the candidate into a valid block, they receive this reward
|
||
after their successful block is added to the global blockchain and the
|
||
reward transaction they included becomes spendable. Miners who participate in a mining pool have set up their
|
||
software to create candidate blocks that assign the reward to a pool address.
|
||
From there, a share of the reward is distributed to members of the pool
|
||
miners in proportion to the amount of work they contributed.
|
||
|
||
Alice's
|
||
transaction was picked up by the network and included in the pool of
|
||
unverified transactions. Once validated by a full node, it was
|
||
included in a candidate block.
|
||
Approximately five minutes after the transaction was first transmitted
|
||
by Alice's wallet, a miner finds a solution for the
|
||
block and announces it to the network. After each other miner
|
||
validates the winning block, they start a new lottery to generate the next
|
||
block.
|
||
|
||
The winning block containing Alice's transaction became part of the
|
||
blockchain. The block containing Alice's transaction is counted as ((("confirmations")))((("clearing transactions")))((("transactions", "clearing")))one
|
||
_confirmation_ of that transaction. After the block containing Alice's
|
||
transaction has propagated through the network, creating an alternative
|
||
block with a different version of Alice's transaction (such as a
|
||
transaction that doesn't pay Bob) would require performing the same
|
||
amount of work as it will take all Bitcoin miners to create an entirely
|
||
new block. When there are multiple alternative blocks to choose from,
|
||
Bitcoin full nodes choose the chain of valid blocks with the most total
|
||
PoW, called the _best blockchain_. For the entire network to
|
||
accept an alternative block, an additional new block would need to be
|
||
mined on top of the alternative.
|
||
|
||
That means miners have a choice. They can work with Alice on an
|
||
alternative to the transaction where she pays Bob, perhaps with
|
||
Alice paying miners a share of the money she previously paid Bob. This
|
||
dishonest behavior will require they expend the effort required to
|
||
create two new blocks. Instead, miners who behave honestly can create a
|
||
single new block and receive all of the fees from the transactions
|
||
they include in it, plus the block subsidy. Normally, the high cost of
|
||
dishonestly creating two blocks for a small additional payment is much
|
||
less profitable than honestly creating a new block, making it unlikely
|
||
that a confirmed transaction will be deliberately changed. For Bob, this
|
||
means that he can begin to believe that the payment from Alice can be
|
||
relied upon.
|
||
|
||
[TIP]
|
||
====
|
||
You can see the block that includes
|
||
https://oreil.ly/7v_lH[Alice's transaction].
|
||
====
|
||
|
||
Approximately 19 minutes
|
||
after the block containing Alice's transaction is broadcast, a new block
|
||
is mined by another miner. Because this
|
||
new block is built on top of the block that contained Alice's
|
||
transaction (giving Alice's transaction two confirmations), Alice's
|
||
transaction can now only be changed if two alternative blocks are
|
||
mined--plus a new block built on top of them--for a total of three
|
||
blocks that would need to be mined for Alice to take back the money she
|
||
sent Bob. Each block mined on top of the one containing Alice's
|
||
transaction counts as an additional confirmation. As the blocks pile on
|
||
top of each other, it becomes harder to reverse the transaction, thereby
|
||
giving Bob more and more confidence that Alice's payment is secure.
|
||
|
||
In <<block-alice1>>, we can see the block that contains Alice's transaction. Below it are
|
||
hundreds of thousands of blocks, linked to each other in a chain of
|
||
blocks (blockchain) all the way back to block #0, known as((("genesis block"))) the _genesis
|
||
block_. Over time, as the "height" of new blocks increases, so does the
|
||
computation difficulty for the chain as a whole.
|
||
By convention, any block with more than six confirmations
|
||
is considered very hard to change, because it would require an immense amount of
|
||
computation to recalculate six blocks (plus one new block). We will examine
|
||
the process of mining and the way it builds confidence in more ((("mining", "operational overview", startref="mining-operational-overview")))detail in
|
||
<<mining>>.
|
||
|
||
[[block-alice1]]
|
||
.Alice's transaction included in a block.
|
||
image::images/mbc3_0207.png["Alice's transaction included in a block"]
|
||
|
||
[role="less_space pagebreak-before"]
|
||
=== Spending the Transaction
|
||
|
||
Now((("transactions", "spending bitcoins", id="transaction-spend2")))((("bitcoins", "spending", id="bitcoin-spend2")))((("spending bitcoins", id="spend-bitcoin2"))) that Alice's
|
||
transaction has been embedded in the blockchain as part of a block, it
|
||
is visible to all Bitcoin
|
||
applications. Each Bitcoin full node can independently verify the
|
||
transaction as valid and spendable. Full nodes validate every transfer
|
||
of the funds from the moment the bitcoins were first generated in
|
||
a block through each subsequent transaction until they reach
|
||
Bob's address. Lightweight clients can partially verify payments
|
||
by confirming that the
|
||
transaction is in the blockchain and has several blocks mined after it,
|
||
thus providing assurance that the miners expended significant effort
|
||
committing to it (see <<spv_nodes>>).
|
||
|
||
Bob can now spend the output from this and other transactions. For
|
||
example, Bob can pay a contractor or supplier by transferring value from
|
||
Alice's podcast payment to these new owners.
|
||
As Bob spends the payments received from Alice and other customers, he
|
||
extends the chain of transactions. Let's assume that Bob pays his web
|
||
designer Gopesh
|
||
for a new website page. Now the chain of transactions will
|
||
look like <<block-alice2>>.
|
||
|
||
[[block-alice2]]
|
||
.Alice's transaction as part of a transaction chain from Joe to Gopesh.
|
||
image::images/mbc3_0208.png["Alice's transaction as part of a transaction chain"]
|
||
|
||
In this chapter, we saw how transactions build a chain that moves value
|
||
from owner to owner. We also tracked Alice's transaction from the
|
||
moment it was created in her wallet, through the Bitcoin network, and to
|
||
the miners who recorded it on the blockchain. In the rest of this book,
|
||
we will examine the specific technologies behind wallets, addresses,
|
||
signatures, transactions, the network, and finally, mining.
|