Bitcoin (₿) is a cryptocurrency. It is a decentralized digital currency without a central bank or single administrator that can be sent from user to user on the peer-to-peer bitcoin network without the need for intermediaries.
Transactions are verified by network nodes through cryptography and recorded in a public distributed ledger called a blockchain. Bitcoin was invented by an unknown person or group of people using the name Satoshi Nakamoto and was released as open-source software in 2009. Bitcoins are created as a reward for a process known as mining. They can be exchanged for other currencies, products, and services. Research produced by University of Cambridge estimates that in 2017, there were 2.9 to 5.8 million unique users using a cryptocurrency wallet, most of them using bitcoin.
Bitcoin has been criticized for its use in illegal transactions, its high electricity consumption, price volatility, thefts from exchanges, and by reputable economists stating that “it should have a zero price”. Bitcoin has also been used as an investment, although several regulatory agencies have issued investor alerts about bitcoin.
The unit of account of the bitcoin system is a bitcoin. Ticker symbols used to represent bitcoin are BTC[b] and XBT.[c]:2 Its Unicode character is ₿. Small amounts of bitcoin used as alternative units are millibitcoin (mBTC), and satoshi (sat). Named in homage to bitcoin’s creator, a satoshi is the smallest amount within bitcoin representing 0.00000001 bitcoins, one hundred millionth of a bitcoin. A millibitcoin equals 0.001 bitcoins; one thousandth of a bitcoin or 100,000 satoshis.
Data structure of blocks in the ledger.
Number of bitcoin transactions per month (logarithmic scale)
Number of unspent transaction outputs
For broader coverage of this topic, see Blockchain.
The bitcoin blockchain is a public ledger that records bitcoin transactions. It is implemented as a chain of blocks, each block containing a hash of the previous block up to the genesis block[d] of the chain. A network of communicating nodes running bitcoin software maintains the blockchain.:215–219 Transactions of the form payer X sends Y bitcoins to payee Z are broadcast to this network using readily available software applications.
Network nodes can validate transactions, add them to their copy of the ledger, and then broadcast these ledger additions to other nodes. To achieve independent verification of the chain of ownership each network node stores its own copy of the blockchain. About every 10 minutes, a new group of accepted transactions, called a block, is created, added to the blockchain, and quickly published to all nodes, without requiring central oversight. This allows bitcoin software to determine when a particular bitcoin was spent, which is needed to prevent double-spending. A conventional ledger records the transfers of actual bills or promissory notes that exist apart from it, but the blockchain is the only place that bitcoins can be said to exist in the form of unspent outputs of transactions.
See also: Bitcoin network
Transactions are defined using a Forth-like scripting language. 5 Transactions consist of one or more inputs and one or more outputs. When a user sends bitcoins, the user designates each address and the amount of bitcoin being sent to that address in an output. To prevent double spending, each input must refer to a previous unspent output in the blockchain. The use of multiple inputs corresponds to the use of multiple coins in a cash transaction. Since transactions can have multiple outputs, users can send bitcoins to multiple recipients in one transaction. As in a cash transaction, the sum of inputs (coins used to pay) can exceed the intended sum of payments. In such a case, an additional output is used, returning the change back to the payer. Any input satoshis not accounted for in the transaction outputs become the transaction fee.
Though transaction fees are optional, miners can choose which transactions to process and prioritize those that pay higher fees. Miners may choose transactions based on the fee paid relative to their storage size, not the absolute amount of money paid as a fee. These fees are generally measured in satoshis per byte (sat/b). The size of transactions is dependent on the number of inputs used to create the transaction, and the number of outputs.:ch. 8
Simplified chain of ownership as illustrated in the bitcoin whitepaper. In practice, a transaction can have more than one input and more than one output.
In the blockchain, bitcoins are registered to bitcoin addresses. Creating a bitcoin address requires nothing more than picking a random valid private key and computing the corresponding bitcoin address. This computation can be done in a split second. But the reverse, computing the private key of a given bitcoin address, is mathematically unfeasible. Users can tell others or make public a bitcoin address without compromising its corresponding private key. Moreover, the number of valid private keys is so vast that it is extremely unlikely someone will compute a key-pair that is already in use and has funds. The vast number of valid private keys makes it unfeasible that brute force could be used to compromise a private key. To be able to spend their bitcoins, the owner must know the corresponding private key and digitally sign the transaction. The network verifies the signature using the public key; the private key is never revealed.
If the private key is lost, the bitcoin network will not recognize any other evidence of ownership; the coins are then unusable, and effectively lost. For example, in 2013 one user claimed to have lost 7,500 bitcoins, worth $7.5 million at the time, when he accidentally discarded a hard drive containing his private key. About 20% of all bitcoins are believed to be lost. They would have a market value of about $20 billion at July 2018 prices.
To ensure the security of bitcoins, the private key must be kept secret. 10 If the private key is revealed to a third party, e.g. through a data breach, the third party can use it to steal any associated bitcoins. As of December 2017, around 980,000 bitcoins have been stolen from cryptocurrency exchanges.
Regarding ownership distribution, as of 16 March 2018, 0.5% of bitcoin wallets own 87% of all bitcoins ever mined.
Early bitcoin miners used GPUs for mining, as they were better suited to the proof-of-work algorithm than CPUs.
Later amateurs mined bitcoins with specialized FPGA and ASIC chips. The chips pictured have become obsolete due to increasing difficulty.
Today, bitcoin mining companies dedicate facilities to housing and operating large amounts of high-performance mining hardware.
Semi-log plot of relative mining difficulty
Mining is a record-keeping service done through the use of computer processing power. Miners keep the blockchain consistent, complete, and unalterable by repeatedly grouping newly broadcast transactions into a block, which is then broadcast to the network and verified by recipient nodes. Each block contains a SHA-256 cryptographic hash of the previous block, thus linking it to the previous block and giving the blockchain its name.
To be accepted by the rest of the network, a new block must contain a proof-of-work (PoW). The system used is based on Adam Back’s 1997 anti-spam scheme, Hashcash.[failed verification] The PoW requires miners to find a number called a nonce, such that when the block content is hashed along with the nonce, the result is numerically smaller than the network’s difficulty target. 8 This proof is easy for any node in the network to verify, but extremely time-consuming to generate, as for a secure cryptographic hash, miners must try many different nonce values (usually the sequence of tested values is the ascending natural numbers: 0, 1, 2, 3, … before meeting the difficulty target.
Every 2,016 blocks (approximately 14 days at roughly 10 min per block), the difficulty target is adjusted based on the network’s recent performance, with the aim of keeping the average time between new blocks at ten minutes. In this way the system automatically adapts to the total amount of mining power on the network. 8 Between 1 March 2014 and 1 March 2015, the average number of nonces miners had to try before creating a new block increased from 16.4 quintillion to 200.5 quintillion.
The proof-of-work system, alongside the chaining of blocks, makes modifications of the blockchain extremely hard, as an attacker must modify all subsequent blocks in order for the modifications of one block to be accepted. As new blocks are mined all the time, the difficulty of modifying a block increases as time passes and the number of subsequent blocks (also called confirmations of the given block) increases.
Total bitcoins in circulation.
The successful miner finding the new block is allowed by the rest of the network to reward themselves with newly created bitcoins and transaction fees. As of 9 July 2016, the reward amounted to 12.5 newly created bitcoins per block added to the blockchain, plus any transaction fees from payments processed by the block. To claim the reward, a special transaction called a coinbase is included with the processed payments. 8 All bitcoins in existence have been created in such coinbase transactions.
The bitcoin protocol specifies that the reward for adding a block will be halved every 210,000 blocks (approximately every four years). Eventually, the reward will decrease to zero, and the limit of 21 million bitcoins[g] will be reached c. 2140; the record keeping will then be rewarded solely by transaction fees.
In other words, Nakamoto set a monetary policy based on artificial scarcity at bitcoin’s inception that the total number of bitcoins could never exceed 21 million. New bitcoins are created roughly every ten minutes and the rate at which they are generated drops by half about every four years until all will be in circulation.
For broader coverage of this topic, see Mining pool.
Computing power is often bundled together or “pooled” to reduce variance in miner income. Individual mining rigs often have to wait for long periods to confirm a block of transactions and receive payment. In a pool, all participating miners get paid every time a participating server solves a block. This payment depends on the amount of work an individual miner contributed to help find that block.
For broader coverage of this topic, see Cryptocurrency wallet.
Bitcoin Core, a full client
Electrum, a lightweight client
A wallet stores the information necessary to transact bitcoins. While wallets are often described as a place to hold or store bitcoins, due to the nature of the system, bitcoins are inseparable from the blockchain transaction ledger. A wallet is more correctly defined as something that “stores the digital credentials for your bitcoin holdings” and allows one to access (and spend) them.:ch. 1, glossary Bitcoin uses public-key cryptography, in which two cryptographic keys, one public and one private, are generated. At its most basic, a wallet is a collection of these keys.
There are several modes which wallets can operate in. They have an inverse relationship with regards to trustlessness and computational requirements.
Full clients verify transactions directly by downloading a full copy of the blockchain (over 150 GB As of January 2018). They are the most secure and reliable way of using the network, as trust in external parties is not required. Full clients check the validity of mined blocks, preventing them from transacting on a chain that breaks or alters network rules.:ch. 1 Because of its size and complexity, downloading and verifying the entire blockchain is not suitable for all computing devices.
Lightweight clients consult full clients to send and receive transactions without requiring a local copy of the entire blockchain (see simplified payment verification – SPV). This makes lightweight clients much faster to set up and allows them to be used on low-power, low-bandwidth devices such as smartphones. When using a lightweight wallet, however, the user must trust the server to a certain degree, as it can report faulty values back to the user. Lightweight clients follow the longest blockchain and do not ensure it is valid, requiring trust in miners.
Third-party internet services called online wallets offer similar functionality but may be easier to use. In this case, credentials to access funds are stored with the online wallet provider rather than on the user’s hardware. As a result, the user must have complete trust in the online wallet provider. A malicious provider or a breach in server security may cause entrusted bitcoins to be stolen. An example of such a security breach occurred with Mt. Gox in 2011.
A paper wallet with a banknote-like design. Both the private key and the address are visible in text form and as 2D barcodes.
A paper wallet with the address visible for adding or checking stored funds. The part of the page containing the private key is folded over and sealed.
A brass token with a private key hidden beneath a tamper-evident security hologram. A part of the address is visible through a transparent part of the hologram.
A hardware wallet peripheral which processes bitcoin payments without exposing any credentials to the computer.
Physical wallets store the credentials necessary to spend bitcoins offline and can be as simple as a paper printout of the private key: 10 a paper wallet. A paper wallet is created with a keypair generated on a computer with no internet connection; the private key is written or printed onto the paper and then erased from the computer. The paper wallet can then be stored in a safe physical location for later retrieval. Bitcoins stored using a paper wallet are said to be in cold storage.
In a 2014 interview, QuadrigaCX founder Gerald Cotten explained that the company stored customer funds on paper wallets in safe deposit boxes: “So we just send money to them, we don’t need to go back to the bank every time we want to put money into it. We just send money from our Bitcoin app directly to those paper wallets, and keep it safe that way.”
Cameron and Tyler Winklevoss, the founders of the Gemini Trust Co. exchange, reported that they had cut their paper wallets into pieces and stored them in envelopes distributed to safe deposit boxes across the United States. Through this system, the theft of one envelope would neither allow the thief to steal any bitcoins nor deprive the rightful owners of their access to them.
Physical wallets can also take the form of metal token coins with a private key accessible under a security hologram in a recess struck on the reverse side. The security hologram self-destructs when removed from the token, showing that the private key has been accessed. Originally, these tokens were struck in brass and other base metals, but later used precious metals as bitcoin grew in value and popularity.
Coins with stored face value as high as ₿1000 have been struck in gold.
The British Museum’s coin collection includes four specimens from the earliest series of funded bitcoin tokens; one is currently on display in the museum’s money gallery. In 2013, a Utahn manufacturer of these tokens was ordered by the Financial Crimes Enforcement Network (FinCEN) to register as a money services business before producing any more funded bitcoin tokens.
Another type of physical wallet called a hardware wallet keeps credentials offline while facilitating transactions. The hardware wallet acts as a computer peripheral and signs transactions as requested by the user, who must press a button on the wallet to confirm that they intended to make the transaction. Hardware wallets never expose their private keys, keeping bitcoins in cold storage even when used with computers that may be compromised by malware.