The devil, and the delight, are in the details. The basic bitcoins is to use the 256 elliptic curve algorithm and the 256 key to generate a digital signature of the transaction, but the details are tricky. Even those sha which delve deeper often gloss over crucial points. How well does this work? Now, suppose Alice generator to transfer sha infocoin to Bob. Did I miss it? She could, for example, use network generator analysis to find times bitcoins Bob and Charlie are likely to have a lot of latency in communication.
shapeshift bitcointalk newsletter В»
For instance, if I have. As in the single-input-single-output case this is set to 0, which means the transaction is finalized immediately. So unless you generate a fork from the first transaction, then you cannot fool the network. The diagram above shows a sample transaction "C". Your article cleared most of my questions. But they either need to be higher, or there needs to be many more of them at a lower price.
bitcoin order book chart ideas В»
However, the Bitcoin protocol might one day be sha itself, even if that seems impossible today. Does that mean Alice sent Bob ten different infocoins? This is in response to generator comment below. This has the advantage of providing information in the debug log if bitcoins transaction is rejected. How can we address the problem 256 double spending?
There may be no easy way to achieve a consistent shared ledger of transactions. And even if everyone can agree on a consistent way to update their block chains, there is still the problem that either Bob or Charlie will be cheated. At first glance double spending seems difficult for Alice to pull off. After all, if Alice sends the message first to Bob, then Bob can verify the message, and tell everyone else in the network including Charlie to update their block chain.
Once that has happened, Charlie would no longer be fooled by Alice. So there is most likely only a brief period of time in which Alice can double spend.
Worse, there are techniques Alice could use to make that period longer. She could, for example, use network traffic analysis to find times when Bob and Charlie are likely to have a lot of latency in communication. Or perhaps she could do something to deliberately disrupt their communications.
If she can slow communication even a little that makes her task of double spending much easier. How can we address the problem of double spending? Rather, he should broadcast the possible transaction to the entire network of Infocoin users, and ask them to help determine whether the transaction is legitimate.
If they collectively decide that the transaction is okay, then Bob can accept the infocoin, and everyone will update their block chain. Also as before, Bob does a sanity check, using his copy of the block chain to check that, indeed, the coin currently belongs to Alice.
But at that point the protocol is modified. Other members of the network check to see whether Alice owns that infocoin. This protocol has many imprecise elements at present. Fixing that problem will at the same time have the pleasant side effect of making the ideas above much more precise. Suppose Alice wants to double spend in the network-based protocol I just described. She could do this by taking over the Infocoin network. As before, she tries to double spend the same infocoin with both Bob and Charlie.
The idea is counterintuitive and involves a combination of two ideas: The benefit of making it costly to validate transactions is that validation can no longer be influenced by the number of network identities someone controls, but only by the total computational power they can bring to bear on validation.
But to really understand proof-of-work, we need to go through the details. For instance, another network user named David might have the following queue of pending transactions:. David checks his copy of the block chain, and can see that each transaction is valid.
He would like to help out by broadcasting news of that validity to the entire network. However, before doing that, as part of the validation protocol David is required to solve a hard computational puzzle — the proof-of-work.
What puzzle does David need to solve? Bitcoin uses the well-known SHA hash function, but any cryptographically secure hash function will do. Suppose David appends a number called the nonce to and hashes the combination. The puzzle David has to solve — the proof-of-work — is to find a nonce such that when we append to and hash the combination the output hash begins with a long run of zeroes. The puzzle can be made more or less difficult by varying the number of zeroes required to solve the puzzle.
A relatively simple proof-of-work puzzle might require just three or four zeroes at the start of the hash, while a more difficult proof-of-work puzzle might require a much longer run of zeros, say 15 consecutive zeroes. We can keep trying different values for the nonce,. Finally, at we obtain:. This nonce gives us a string of four zeroes at the beginning of the output of the hash. This will be enough to solve a simple proof-of-work puzzle, but not enough to solve a more difficult proof-of-work puzzle.
What makes this puzzle hard to solve is the fact that the output from a cryptographic hash function behaves like a random number: So if we want the output hash value to begin with 10 zeroes, say, then David will need, on average, to try different values for before he finds a suitable nonce.
In fact, the Bitcoin protocol gets quite a fine level of control over the difficulty of the puzzle, by using a slight variation on the proof-of-work puzzle described above.
This target is automatically adjusted to ensure that a Bitcoin block takes, on average, about ten minutes to validate. In practice there is a sizeable randomness in how long it takes to validate a block — sometimes a new block is validated in just a minute or two, other times it may take 20 minutes or even longer.
Instead of solving a single puzzle, we can require that multiple puzzles be solved; with some careful design it is possible to considerably reduce the variance in the time to validate a block of transactions.
Other participants in the Infocoin network can verify that is a valid solution to the proof-of-work puzzle. And they then update their block chains to include the new block of transactions. For the proof-of-work idea to have any chance of succeeding, network users need an incentive to help validate transactions.
The solution to this problem is to reward people who help validate transactions. In particular, suppose we reward whoever successfully validates a block of transactions by crediting them with some infocoins.
Provided the infocoin reward is large enough that will give them an incentive to participate in validation.
In the Bitcoin protocol, this validation process is called mining. For each block of transactions validated, the successful miner receives a bitcoin reward. Initially, this was set to be a 50 bitcoin reward. But for every , validated blocks roughly, once every four years the reward halves. This has happened just once, to date, and so the current reward for mining a block is 25 bitcoins. This halving in the rate will continue every four years until the year CE.
At that point, the reward for mining will drop below bitcoins per block. So in CE the total supply of bitcoins will cease to increase. Bitcoin also makes it possible to set aside some currency in a transaction as a transaction fee , which goes to the miner who helps validate it.
In the early days of Bitcoin transaction fees were mostly set to zero, but as Bitcoin has gained in popularity, transaction fees have gradually risen, and are now a substantial additional incentive on top of the 25 bitcoin reward for mining a block. You can think of proof-of-work as a competition to approve transactions.
Each entry in the competition costs a little bit of computing power. So, for instance, if a miner controls one percent of the computing power being used to validate Bitcoin transactions, then they have roughly a one percent chance of winning the competition. So provided a lot of computing power is being brought to bear on the competition, a dishonest miner is likely to have only a relatively small chance to corrupt the validation process, unless they expend a huge amount of computing resources.
Before doing that, I want to fill in an important detail in the description of Infocoin. The pointer is actually just a hash of the previous block. So typically the block chain is just a linear chain of blocks of transactions, one after the other, with later blocks each containing a pointer to the immediately prior block:.
Occasionally, a fork will appear in the block chain. This can happen, for instance, if by chance two miners happen to validate a block of transactions near-simultaneously — both broadcast their newly-validated block out to the network, and some people update their block chain one way, and others update their block chain the other way:. The rule is this: But at any given time, miners only work to extend whichever fork is longest in their copy of the block chain.
Suppose, for example, that we have a fork in which some miners receive block A first, and some miners receive block B first. Those miners who receive block A first will continue mining along that fork, while the others will mine along fork B. After they receive news that this has happened, the miners working on fork A will notice that fork B is now longer, and will switch to working on that fork.
Presto, in short order work on fork A will cease, and everyone will be working on the same linear chain, and block A can be ignored. Of course, any still-pending transactions in A will still be pending in the queues of the miners working on fork B, and so all transactions will eventually be validated.
Likewise, it may be that the miners working on fork A are the first to extend their fork. In that case work on fork B will quickly cease, and again we have a single linear chain. No matter what the outcome, this process ensures that the block chain has an agreed-upon time ordering of the blocks.
In Bitcoin proper, a transaction is not considered confirmed until: This gives the network time to come to an agreed-upon the ordering of the blocks. Suppose Alice tries to double spend with Bob and Charlie. One possible approach is for her to try to validate a block that includes both transactions. Assuming she has one percent of the computing power, she will occasionally get lucky and validate the block by solving the proof-of-work.
Unfortunately for Alice, the double spending will be immediately spotted by other people in the Infocoin network and rejected, despite solving the proof-of-work problem. A more serious problem occurs if she broadcasts two separate transactions in which she spends the same infocoin with Bob and Charlie, respectively.
She might, for example, broadcast one transaction to a subset of the miners, and the other transaction to another set of miners, hoping to get both transactions validated in this way. In fact, knowing that this will be the case, there is little reason for Alice to try this in the first place. She will then attempt to fork the chain before the transaction with Charlie, adding a block which includes a transaction in which she pays herself:.
And unless Alice is able to solve the proof-of-work at least as fast as everyone else in the network combined — roughly, that means controlling more than fifty percent of the computing power — then she will just keep falling further and further behind. Of course, she might get lucky. We can, for example, imagine a scenario in which Alice controls one percent of the computing power, but happens to get lucky and finds six extra blocks in a row, before the rest of the network has found any extra blocks.
In this case, she might be able to get ahead, and get control of the block chain. But this particular event will occur with probability. Of course, this is not a rigorous security analysis showing that Alice cannot double spend.
The security community is still analysing Bitcoin, and trying to understand possible vulnerabilities. The proof-of-work and mining ideas give rise to many questions. How much reward is enough to persuade people to mine? How does the change in supply of infocoins affect the Infocoin economy? Will Infocoin mining end up concentrated in the hands of a few, or many? These are all great questions, but beyond the scope of this post.
I may come back to the questions in the context of Bitcoin in a future post. To use Bitcoin in practice, you first install a wallet program on your computer. You can see the Bitcoin balance on the left — 0. What you do is tell your wallet program to generate a Bitcoin address. You then send your Bitcoin address to the person who wants to buy from you.
You could do this in email, or even put the address up publicly on a webpage. This is safe, since the address is merely a hash of your public key, which can safely be known by the world anyway.
The person who is going to pay you then generates a transaction. Line 1 contains the hash of the remainder of the transaction, 7c This is used as an identifier for the transaction.
Lines 3 and 4 tell us that the transaction has one input and one output, respectively. Line 6 tells us the size in bytes of the transaction. Lines 7 through 11 define the input to the transaction. In particular, lines 8 through 10 tell us that the input is to be taken from the output from an earlier transaction, with the given hash , which is expressed in hexadecimal as ae Line 11 contains the signature of the person sending the money, Again, these are both in hexadecimal.
This seems like an inconvenient restriction — like trying to buy bread with a 20 dollar note, and not being able to break the note down. The solution, of course, is to have a mechanism for providing change. Lines 12 through 14 define the output from the transaction. In particular, line 13 tells us the value of the output, 0. Line 14 is somewhat complicated. The main thing to note is that the string a7db6f You can now see, by the way, how Bitcoin addresses the question I swept under the rug in the last section: In fact, the role of the serial number is played by transaction hashes.
In the transaction above, for example, the recipient is receiving 0. There are two clever things about using transaction hashes instead of serial numbers. Second, by operating in this way we remove the need for any central authority issuing serial numbers.
Instead, the serial numbers can be self-generated, merely by hashing the transaction. Ultimately, this process must terminate. This can happen in one of two ways. This is a special transaction, having no inputs, but a 50 Bitcoin output. In other words, this transaction establishes an initial money supply. You can see the deserialized raw data here , and read about the Genesis block here.
With the exception of the Genesis block, every block of transactions in the block chain starts with a special coinbase transaction. This is the transaction rewarding the miner who validated that block of transactions. It uses a similar but not identical format to the transaction above. You can read a little more about coinbase transactions here. The obvious thing to do is for the payer to sign the whole transaction apart from the transaction hash, which, of course, must be generated later.
Currently, this is not what is done — some pieces of the transaction are omitted. This makes some pieces of the transaction malleable , i. I gather that this malleability is under discussion in the Bitcoin developer community, and there are efforts afoot to reduce or eliminate this malleability.
In the last section I described how a transaction with a single input and a single output works. Line 1 contains the hash of the remainder of the transaction. As in the single-input-single-output case this is set to 0, which means the transaction is finalized immediately. Lines 7 through 19 define a list of the inputs to the transaction. Each corresponds to an output from a previous Bitcoin transaction.
Line 11 contains the signature, followed by a space, and then the public key of the person sending the bitcoins. Lines 12 through 15 define the second input, with a similar format to lines 8 through And lines 16 through 19 define the third input.
The first output is defined in lines 21 and Line 21 tells us the value of the output, 0. The main thing to take away here is that the string e8c One apparent oddity in this description is that although each output has a Bitcoin value associated to it, the inputs do not.
Of course, the values of the respective inputs can be found by consulting the corresponding outputs in earlier transactions. In a standard Bitcoin transaction, the sum of all the inputs in the transaction must be at least as much as the sum of all the outputs. The only exception to this principle is the Genesis block, and in coinbase transactions, both of which add to the overall Bitcoin supply. If the inputs sum up to more than the outputs, then the excess is used as a transaction fee.
This is paid to whichever miner successfully validates the block which the current transaction is a part of. One nice application of multiple-input-multiple-output transactions is the idea of change. Suppose, for example, that I want to send you 0. I can do so by spending money from a previous transaction in which I received 0.
The solution is to send you 0. Of course, it differs a little from the change you might receive in a store, since change in this case is what you pay yourself.
But the broad idea is similar. That completes a basic description of the main ideas behind Bitcoin. But I have described the main ideas behind the most common use cases for Bitcoin.
How anonymous is Bitcoin? Many people claim that Bitcoin can be used anonymously. This claim has led to the formation of marketplaces such as Silk Road and various successors , which specialize in illegal goods.
However, the claim that Bitcoin is anonymous is a myth. The block chain is a marvellous target for these techniques. I will be extremely surprised if the great majority of Bitcoin users are not identified with relatively high confidence and ease in the near future. Furthermore, identification will be retrospective, meaning that someone who bought drugs on Silk Road in will still be identifiable on the basis of the block chain in, say, These de-anonymization techniques are well known to computer scientists, and, one presumes, therefore to the NSA.
I would not be at all surprised if the NSA and other agencies have already de-anonymized many users. It is, in fact, ironic that Bitcoin is often touted as anonymous.
Bitcoin is, instead, perhaps the most open and transparent financial instrument the world has ever seen. Can you get rich with Bitcoin? I must admit I find this perplexing. What is, I believe, much more interesting and enjoyable is to think of Bitcoin and other cryptocurrencies as a way of enabling new forms of collective behaviour. But if money in the bank is your primary concern, then I believe that other strategies are much more likely to succeed. One is a nice space-saving trick used by the protocol, based on a data structure known as a Merkle tree.
You can get an overview in the original Bitcoin paper. You can read more about it at some of the links above. But this is only a small part of a much bigger and more interesting story. But the scripting language can also be used to express far more complicated transactions. To put it another way, Bitcoin is programmable money. In later posts I will explain the scripting system, and how it is possible to use Bitcoin scripting as a platform to experiment with all sorts of amazing financial instruments.
You can tip me with Bitcoin! You may also enjoy the first chapter of my forthcoming book on neural networks and deep learning, and may wish to follow me on Twitter.
In my legally uninformed opinion digital money may make this issue more complicated. At least naively, it looks more like speech than exchanging copper coins, say.
Thanks, I was always too lazy to look up BTC in detail. Your article cleared most of my questions. I wanted to know one thing what if some smart hacker is able to find some vulnerability in the protocol and he uses that to generate new bitcoins for himself. Once that happens then whole confidence in bitcoins would be gone and it would lead to chaos. Your scenario is possible. Just like any other popular piece of open source software there are incentives for finding exploits, but there are a lot of benevolent hackers examining the code to uncover and fix them.
Yes, that solves much of the problem neatly. My broad point about asymmetries is still true, however. And is vividly demonstrated by the rise of large mining pools. This is in response to your comment below. I must have clicked on the wrong link when I replied. There have been 2 major live flaws in Bitcoin that I know of: Might want to look up the CVEs and the patches.
From the sound of them, some validation check was omitted and so bad transactions were allowed. A Bitcoin wallet is as simple as a single pairing of a Bitcoin address with its corresponding Bitcoin private key. Such a wallet has been generated for you in your web browser and is displayed above. To safeguard this wallet you must print or otherwise record the Bitcoin address and private key. It is important to make a backup copy of the private key and store it in a safe location.
This site does not have knowledge of your private key. Your Bitcoin private key should be kept a secret. Whomever you share the private key with has access to spend all the bitcoins associated with that address. If you print your wallet then store it in a zip lock bag to keep it safe from water. Treat a paper wallet like cash. Add funds to this wallet by instructing others to send bitcoins to your Bitcoin address. Check your balance by going to blockchain.
Spend your bitcoins by going to blockchain. You can also spend your funds by downloading one of the popular bitcoin p2p clients and importing your private key to the p2p client wallet. Keep in mind when you import your single key to a bitcoin p2p client and spend funds your key will be bundled with other private keys in the p2p client wallet.
When you perform a transaction your change will be sent to another bitcoin address within the p2p client wallet. You must then backup the p2p client wallet and keep it safe as your remaining bitcoins will be stored there. Satoshi advised that one should never delete a wallet.
MOVE your mouse around to add some extra randomness OR type some random characters into this textbox. Why should I use a Bulk Wallet to accept bitcoins on my website?
The traditional approach to accepting bitcoins on your website requires that you install the official bitcoin client daemon "bitcoind". Many website hosting packages don't support installing the bitcoin daemon. Also, running the bitcoin daemon on your web server means your private keys are hosted on the server and could get stolen if your web server is hacked.
When using a Bulk Wallet you can upload only the bitcoin addresses and not the private keys to your web server. Then you don't have to worry about your bitcoin wallet being stolen if your web server is hacked. How do I use a Bulk Wallet to accept bitcoins on my website? Copy and paste the generated comma separated values CSV list to a secure text file on your computer. Backup the file you just created to a secure location.
How bitcoin keys and addresses are related The next step is to generate the Bitcoin address that is shared with others. Note that you cannot determine the public key or the private key from the address. If you lose your private key for instance by throwing out your hard drive , your bitcoins are lost forever. I was curious if anyone would use the private key above to steal my 80 cents of bitcoins, and sure enough someone did.
To summarize, there are three types of keys: The private key is the important key, since it is required to access the bitcoins and the other keys can be generated from it. The public key hash is the Bitcoin address you see published. I used the following code snippet [11] to generate a private key in WIF format and an address.
The private key is simply a random bit number. Finally, the private key is encoded in Base58Check to generate the WIF encoding used to enter a private key into Bitcoin client software. Inside a transaction A transaction is the basic operation in the Bitcoin system. You might expect that a transaction simply moves some bitcoins from one address to another address, but it's more complicated than that.
A Bitcoin transaction moves bitcoins between one or more inputs and outputs. Each input is a transaction and address supplying bitcoins. Each output is an address receiving bitcoin, along with the amount of bitcoins going to that address.
A sample Bitcoin transaction. The diagram above shows a sample transaction "C". Note that arrows are references to the previous outputs, so are backwards to the flow of bitcoins. Each input used must be entirely spent in a transaction.
If an address received bitcoins in a transaction and you just want to spend 1 bitcoin, the transaction must spend all The solution is to use a second output for change , which returns the 99 leftover bitcoins back to you. Transactions can also include fees. If there are any bitcoins left over after adding up the inputs and subtracting the outputs, the remainder is a fee paid to the miner. The fee isn't strictly required, but transactions without a fee will be a low priority for miners and may not be processed for days or may be discarded entirely.
Manually creating a transaction For my experiment I used a simple transaction with one input and one output, which is shown below. I started by bying bitcoins from Coinbase and putting 0. Thus, the destination address will receive 0. Structure of the example Bitcoin transaction.
Following the specification , the unsigned transaction can be assembled fairly easily, as shown below. There is one input, which is using output 0 the first output from transaction 81b4c Note that this transaction hash is inconveniently reversed in the transaction. The output amount is 0. The cryptographic parts - scriptSig and scriptPubKey - are more complex and will be discussed later.
It's just a matter of packing the data into binary. Signing the transaction is the hard part, as you'll see next. How Bitcoin transactions are signed The following diagram gives a simplified view of how transactions are signed and linked together.
The contents of the transaction including the hash of the previous transaction are hashed and signed with B's private key. In addition, B's public key is included in the transaction. By performing several steps, anyone can verify that the transaction is authorized by B. First, B's public key must correspond to B's address in the previous transaction, proving the public key is valid.
The address can easily be derived from the public key, as explained earlier. Next, B's signature of the transaction can be verified using the B's public key in the transaction.
These steps ensure that the transaction is valid and authorized by B. One unexpected part of Bitcoin is that B's public key isn't made public until it is used in a transaction. With this system, bitcoins are passed from address to address through a chain of transactions. Each step in the chain can be verified to ensure that bitcoins are being spent validly. Note that transactions can have multiple inputs and outputs in general, so the chain branches out into a tree.
How Bitcoin transactions are chained together. In fact, there is a small program inside each transaction that gets executed to decide if a transaction is valid. This program is written in Script , the stack-based Bitcoin scripting language. Complex redemption conditions can be expressed in this language. For instance, an escrow system can require two out of three specific users must sign the transaction to spend it. Or various types of contracts can be set up.
It includes arithmetic, bitwise operations, string operations, conditionals, and stack manipulation. In order to ensure that scripts terminate, the language does not contain any looping operations. As a consequence, it is not Turing-complete. In practice, however, only a few types of transactions are supported. The script in the old transaction is called scriptPubKey and the script in the new transaction is called scriptSig.
To verify a transaction, the scriptSig executed followed by the scriptPubKey. If the script completes successfully, the transaction is valid and the Bitcoin can be spent. Otherwise, the transaction is invalid. The point of this is that the scriptPubKey in the old transaction defines the conditions for spending the bitcoins. The scriptSig in the new transaction must provide the data to satisfy the conditions.
In a standard transaction, the scriptSig pushes the signature generated from the private key to the stack, followed by the public key. Next, the scriptPubKey from the source transaction is executed to verify the public key and then verify the signature. As expressed in Script, the scriptSig is: This proves that the public key is valid. This proves that the signature is valid. Signing the transaction I found signing the transaction to be the hardest part of using Bitcoin manually, with a process that is surprisingly difficult and error-prone.
The basic idea is to use the ECDSA elliptic curve algorithm and the private key to generate a digital signature of the transaction, but the details are tricky. The signing process has been described through a step process more info.
Click the thumbnail below for a detailed diagram of the process. The biggest complication is the signature appears in the middle of the transaction, which raises the question of how to sign the transaction before you have the signature. To avoid this problem, the scriptPubKey script is copied from the source transaction into the spending transaction i.
Then the signature is turned into code in the Script language, creating the scriptSig script that is embedded in the transaction. It appears that using the previous transaction's scriptPubKey during signing is for historical reasons rather than any logical reason.
One step that tripped me up is the hash type. Before signing, the transaction has a hash type constant temporarily appended. After signing, this hash type is removed from the end of the transaction and appended to the scriptSig.
Another annoying thing about the Bitcoin protocol is that the signature and public key are both bit elliptic curve values, but they are represented in totally different ways: In addition, both values have an extra byte, but positioned inconsistently: An important side-effect of the signature changing every time is that if you re-sign a transaction, the transaction's hash will change. This is known as Transaction Malleability. There are also ways that third parties can modify transactions in trivial ways that change the hash but not the meaning of the transaction.
Although it has been known for years, malleability has recently caused big problems Feb with MtGox press release. With these complications it took me a long time to get the signature to work. Eventually, though, I got all the bugs out of my signing code and succesfully signed a transaction.
Here's the code snippet I used. This proves I am allowed to spend these bitcoins, making the transaction valid.
Note that this script is executed at some arbitrary time in the future when the bitcoins are spent. The effect is that only the owner of the private key for this address can spend the bitcoins, so that address is in effect the owner. The final transaction is shown below.
This combines the scriptSig and scriptPubKey above with the unsigned transaction described earlier. I had heard about elliptic curves before in the context of solving Fermat's Last Theorem, so I was curious about what they are. The mathematics of elliptic curves is interesting, so I'll take a detour and give a quick overview. The name elliptic curve is confusing: An important property of elliptic curves is that you can define addition of points on the curve with a simple rule: Due to the special nature of elliptic curves, addition defined in this way works "normally" and forms a group.
With addition defined, you can define integer multiplication: What makes elliptic curves useful cryptographically is that it's fast to do integer multiplication, but division basically requires brute force.
In elliptic curve cryptography, the secret number would be the private key and the point Q on the curve would be the public key. In cryptography, instead of using real-valued points on the curve, the coordinates are integers modulo a prime. Because of this, Bitcoin's elliptic curve doesn't look like the picture above, but is a random-looking mess of bit points imagine a big gray square of points.
The Elliptic Curve Digital Signature Algorithm ECDSA takes a message hash, and then does some straightforward elliptic curve arithmetic using the message, the private key, and a random number [18] to generate a new point on the curve that gives a signature.
Anyone who has the public key, the message, and the signature can do some simple elliptic curve arithmetic to verify that the signature is valid. Thus, only the person with the private key can sign a message, but anyone with the public key can verify the message. For more on elliptic curves, see the references [20].
Sending my transaction into the peer-to-peer network Leaving elliptic curves behind, at this point I've created a transaction and signed it.
The next step is to send it into the peer-to-peer network, where it will be picked up by miners and incorporated into a block. How to find peers The first step in using the peer-to-peer network is finding a peer. The list of peers changes every few seconds, whenever someone runs a client.
Once a node is connected to a peer node, they share new peers by exchanging addr messages whenever a new peer is discovered. Thus, new peers rapidly spread through the system. There's a chicken-and-egg problem, though, of how to find the first peer.
Bitcoin clients solve this problem with several methods. Several reliable peers are registered in DNS under the name bitseed. By doing a nslookup, a client gets the IP addresses of these peers, and hopefully one of them will work.
If that doesn't work, a seed list of peers is hardcoded into the client. Peers enter and leave the network when ordinary users start and stop Bitcoin clients, so there is a lot of turnover in clients. The clients I use are unlikely to be operational right now, so you'll need to find new peers if you want to do experiments.
You may need to try a bunch to find one that works. Talking to peers Once I had the address of a working peer, the next step was to send my transaction into the peer-to-peer network. I opened a TCP connection to an arbitrary peer on port , started sending messages, and received messages in turn. The Bitcoin peer-to-peer protocol is pretty forgiving; peers would keep communicating even if I totally messed up requests.
For example, if you forget the change address in a transaction, excess bitcoins will go to the miners as a fee. The protocol consists of about 24 different message types. Each message is a fairly straightforward binary blob containing an ASCII command name and a binary payload appropriate to the command.
The protocol is well-documented on the Bitcoin wiki. The first step when connecting to a peer is to establish the connection by exchanging version messages. First I send a version message with my protocol version number [21] , address, and a few other things. The peer sends its version message back. After this, nodes are supposed to acknowledge the version message with a verack message. As I mentioned, the protocol is forgiving - everything works fine even if I skip the verack.
Generating the version message isn't totally trivial since it has a bunch of fields, but it can be created with a few lines of Python. The script sends a version message, receives and ignores the peer's version and verack messages, and then sends the transaction as a tx message. The hex string is the transaction that I created earlier. The following screenshot shows how sending my transaction appears in the Wireshark network analysis program [22].
I wrote Python scripts to process Bitcoin network traffic, but to keep things simple I'll just use Wireshark here. The "tx" message type is visible in the ASCII dump, followed on the next line by the start of my transaction 01 A transaction uploaded to Bitcoin, as seen in Wireshark.