So you Wanna Understand Bitcoin… (Part 2)

Note: This blog has moved to https://substack.com/@governology. See my new posts there.

Last post, I went over the basics of Bitcoin. This post goes into newer developments like the Lightning Network, current events, other currencies, and upcoming proposals. IE, beyond the basics. It also mentions some more basic information about wallet types and backing up your bitcoins.

Wallets

A wallet is a piece of software or a device that holds the key to your Bitcoin addresses and allows you to send money and track your transactions. There are a couple types of Bitcoin wallets out there. Each type has its upsides and downsides.

Full node wallets download and verify the entire blockchain, and forward transactions around to the rest of the network (helping support the network). These wallets take at least a few hours to get up and running, because downloading the entire blockchain takes quite a bit of time. But running a full node has the most security and privacy, since you don’t have to rely on any particular 3rd party to send you transactions relevant to your account.

By contrast, Lightweight wallets don’t download and verify the entire blockchain and don’t forward transactions around the network. Lightweight wallets rely on 3rd party servers to tell them when a transaction has sent money to them, and these wallets can use Simple-Payment-Verification to verify that the transaction they have been sent is a valid part of a real block. These wallets don’t need much storage space and require far fewer computing resources to run. Because of this, these kinds of wallets are ideal for use on devices like mobile phones. Lightweight wallets still don’t need to trust any 3rd party with their wallet keys, and the owner is still the only person who can possibly send bitcoins from their lightweight wallet.

The least secure type of wallet is the Web Wallet. These are wallets run by a 3rd party service. That service maintains the keys to that wallet, and gives users access via some kind of (usually proprietary) API or interface (eg usually via a website). By contrast to the full-node and lightweight wallets, users of web wallets do have to fully trust their wallet provider. If the web wallet provider wanted to, they could spend your money without your consent (though there might be legal consequences for doing that).

Hardware wallets are wallets where the keys are held inside a hardware device of some kind. While running a software wallet is pretty secure, an attacker could steal your bitcoins if they find your (encrypted) wallet file *and* your wallet password (which decrypts that wallet file). This isn’t easy for an attacker to do, but it can happen if an attacker runs a key logger and secretly downloads files on your computer. With hardware wallets, the attacker would have to steal your password *and* steal your physical hardware wallet device. This is significantly harder to do, since it can’t be done purely over the internet. Many users who have significant bitcoin holdings are turning to hardware wallets to securely store their money.

To use a hardware wallet, you plug the wallet into your computer and use either a full node wallet or lightweight wallet to interact with the hardware device. Once its set up, all you need to do is plug it in and use your wallet like you would with any other wallet.

Backing Up and Securing your Bitcoins

Backing up your bitcoins is critically important to ensuring your bitcoins are safe. While web wallets should take care of backing up for you, if you have one of the other types of wallets, you’d need to do this yourself.

Most full-node wallets and lightweight wallets create an encrypted wallet file containing your private keys. You should copy this file to multiple locations. This file requires your password to be useful, and can be copied to anything that can store files: other computers, external hard drives, thumb drives, optical disks, even paper. I personally have a copy of my wallet on a thumbdrive on my keychain, on an external hard drive and Blue-Ray Mdisk (rated as lasting 1000 years) that I keep in a fireproof box, and in a file on my phone. If one of those copies is destroyed, you want to have another copy you can recover your wallet from.

Some wallets use “wallet words” as a backup mechanism. This is a list of words that can be used to recover your wallet without any additional password. These aren’t safe to keep unencrypted, so if this is your only back up option, you need to store those wallet words in an encrypted file that only you know the password to. I use EncryptPad to encrypt things like this. Once you have an encrypted file, store that file as you would a wallet file as explained above. Note that your password should be strong, memorable, and never used for anything online (eg never use your bitcoin password on any website). If you have a hardware wallet, you’ll probably need to do something very similar.Here’s a guide on how to create a strong password.

Problems with Bitcoin

Despite having unique benefits over traditional currencies, Bitcoin is still technology in-development and has it’s fair share of problems. Some of these problems have recently caused a lot of controversy and argument within the Bitcoin community.

Volatility

One minor problem is Bitcoin’s volatility. Its not uncommon to see Bitcoin’s value fluctuate by 10% in a week, or 30% in a month. This makes some people nervous and can be a headache for merchants who want to accept bitcoins, but don’t want to hold onto those bitcoins. Bitcoin’s volatility is a function of having a low market capitalization (the total value of all bitcoin). This low market cap means that its easier for a single event or even a single organization to affect the price of the currency.

While its infeasible to know what bitcoin transactions are used for, its widely believed that most bitcoin transactions are for exchanging bitcoin for other currencies for investment purposes and that most Bitcoiners are simply hodling. Because the Bitcoin economy is still in its infancy (the vast majority of merchants aren’t taking bitcoins), the exchange rate is primarily driven by speculators, who tend to lose all rationality when negative-sounding news happens.

As the value of a bitcoin has risen and more people have bought or accept bitcoins, the volatility has decreased. Bitcoin is currently only about 4 or 5 times more volatile as major national currencies like the USD, JPY, and the GBP. If Bitcoin becomes more widely used as a currency to buy goods and services, the volatility will decrease drastically. It should be able to decrease well below the volatility of national currencies because Bitcoin’s equivalent of a monetary policy is crystal clear and basically set in stone, whereas national monetary policies change every year.

Regulations

Another problem with Bitcoin isn’t really bitcoin itself, but treatment of Bitcoin by governments. While Bitcoin is legal in most countries, Ecuador, Colombia, Kyrgyzstan, and Bangladesh either have laws explicitly banning bitcoin, or have stated that prior laws prohibit its use. And Iceland allows ownership of bitcoins, but has banned buying bitcoins with the Króna.

Legality of Bitcoin around the world was in a gray area for a few years, but now most countries have set up various legal treatments of Bitcoin, either as a commodity like the US does, an asset like Norway does, or as a currency like Sweden does. While the legal standing of Bitcoin could change in any given country, it seems like the governments of the world are moving toward accepting it as a normal financial device of some kind. The fears that governments would attempt to crush Bitcoin seem to have played out much less pessimistically.

The Scaling Debate

The problem that has caused the most uproar recently is the scaling debate. As of July 2017, Bitcoin can only handle a sustained rate of 7 transactions per second. Bitcoin has grown so much that it has reached this limit which has caused fees to skyrocket recently as transactions compete for space on the blockchain. Average fees as late as October 2016 were around 20 cents/transaction, whereas currently the average fee has climbed to about $3/transaction.

Bitcoin avg fees.jpg — Source: bitinfocharts.com

Many people (including yours truly) originally jumped on the Bitcoin bandwagon with starry-eyed ideas about a magical currency where you could send 1 cent or $1 million to anyone anywhere for free in an instant. Well reality hit with the weight of a 1000 tons of technical limitations. Many Bitcoiners want Bitcoin to achieve those attributes come hell or high blocksize. But others believe that on-chain scaling (ie things that would drive transactions per second up and transaction fees down by orders of magnitude) isn’t possible without giving away what makes Bitcoin a strong long-term store of value.

But there’s still the promise that technical improvements could allow us to reach something close to that starry-eyed dream.

The Blocksize Debate

Many people have proposed increasing the maximum block size from 1MB to 2MB, 4MB, 8MB, or higher. Doubling the block size would also double the number of transactions/second that can be supported, and would significantly reduce fees (probably back down to 2016 levels for a while). But there are problems with this solution.

Bigger blocks means the size of the blockchain (already more than 120GB) would grow at twice the rate. If Bitcoin were to scale up to the transaction volume Visa has (from Bitcoin’s 300,000 transactions/day to Visa’s 150 million), each block would have to be 250 MB, which would mean the blockchain would grow by over 13 terabytes/year. Even tho Bitcoin transactions won’t fill up that space immediately, the number of Bitcoin transactions has more than doubled every year since 2010 and at that rate would only take 10 years to reach the 150 million transaction/day milestone. This is while the number of GBs of hard drive space you can get for $1 is increasing only at about 15% per year. But maybe everyone will have 1000 terabyte drives in 10 years and that won’t be a problem.

A bigger problem with bigger blocks is the time it takes for the blocks to propagate throughout the network. Double the size of the block, double the transfer time. Why is this a problem, you ask? The problem is that this propagation time eats away at the precious time miners need to mine the next block, and well-connected large miners have an advantage here.

Currently, the majority (50%) of the network will receive new blocks within about 2 seconds. But if we had the 250 MB blocks necessary for Bitcoin to rival Visa, this propagation time would be about 8 and a half minutes long. This means that most of the network couldn’t even begin to mine on top of the right block until an average of less than 20% of their time is left. This would give a huge advantage to large, tightly-connected mining operations.

Many Bitcoiners have decried block-size increases as being a major risk of centralization – ie centralized control over the longest blockchain and therefore also the consensus rules. In fact, a paper written by researchers at Cornell recommended that the maximum block size shouldn’t be increased any higher than 4MB. But here again, technology could save us… after a while. If internet bandwidth significantly increased, this problem would be less pronounced. But average internet speeds in the US are only increasing by 20% per year. At that rate, the size of blocks would quickly outpace internet speeds.

So tl;dr: Some in the Bitcoin community want to keep block sizes relatively small as-they-are, and think the big-blockers are mostly institutional vested-mining-interests who would benefit from the centralization caused by bigger block sizes. Others believe larger block sizes are the answer, since that would allow Bitcoin to scale to any amount of transactions and lower fees substantially, and see the small-blockers as being closed minded idealists who refuse to implement a simple change that can scale Bitcoin in the short term.

As for me, I’m in the camp that believes on-chain scaling will need to be a slow process as storage and network bandwidth becomes cheaper. Significantly large block sizes aren’t safe at the moment, and allowing block sizes to grow slowly is the only way to scale on-chain transactions without putting Bitcoin at risk.

Solutions

A number of different solutions have been proposed, and things are coming to a head this very month.

One of the most well-known and well-understood short-term solutions is Segregated Witness (or segwit for short). It doubles the capacity of Bitcoin and introduces a number of improvements that enable longer-term solutions like the Lightning Network (more on this below). Segwit is by and large non-contentious and those in the community that oppose it do so more because they don’t trust the Bitcoin Core developers, and mostly not because they don’t want Segwit. Update: As of July 21st, Segwit2x signaling reached 95% signaling (15% more than was required) and will lead to Segwit becoming active on August 23rd.

Another proposal is Emergent Consensus, where miners would be able to increase the maximum size of blocks through signaling. This has all the same objections as I mentioned above about larger blocks.

But the most highly anticipated solution is the Lightning Network, which allows users to securely send Bitcoins off-chain and settle to the actual Bitcoin blockchain periodically. The Lightning Network would support a virtually unlimited number of transactions per second with very low fees (below 1 cent per transaction). If this works as advertised, this is what would launch Bitcoin into the realm of real world currency usable for anything from buying a house, to buying a cup of coffee, to buying a mote of lint for 1 satoshi.

So you Want to Understand the Lightning Network…

The Lightning Network (LN) is a payment network built on top of Bitcoin, meaning that it requires Bitcoin to operate and takes advantage of Bitcoin’s security.

There are two major parts of the Lightning Network:

Channels – A construct allowing two people to send unlimited transactions to each other with only two transactions posted to the blockchain.
Multi-channel routing – A protocol for chaining transactions so people can send money to someone that they don’t have an open channel with.

Channels allow two people to make unlimited, free, secure transactions as long as neither party spends more than they committed to the channel. Multi-channel routing allows people to pay anyone in the Lightning network as long as there is a path of channels from the payer to the payee.

understanding-the-lightning-network-part-building-a-bidirectional-payment-channel-76.jpg — (Click here to view full size)

To open a 5-btc/5-btc two-way channel between Alice and Bob:

Either Alice or Bob create a multi-signature address that requires signatures from both Alice and Bob to send from. We’ll call this the opening address AO.
Alice and Bob both create a secret, hash that secret, and send each other their hash.
Alice then creates a special multi-signature address, which we’ll call the “anti-cheat address” AC_Alice1, that can be spent from under two conditions:
1. Alice can spend from AC_Alice1, but she can only spend coins that were sent to AC_Alice1 1000 blocks ago (about 1 week), or
2. Bob can spend from AC_Alice1 if Bob has Alice’s secret.
Bob does #3 for himself, mirroring what Alice did, creating anti-cheat address AC_Bob1.
Alice then creates a half-valid transaction that sends (Alice’s) 5 btc from AO to Alice, and (Bob’s) 5 btc from AO to AC_Bob1. Alice then gives this transaction to Bob. Bob again does the mirror of this. These are called the “commitment transactions“.
Finally, Alice and Bob each send 5 bitcoins to AO.

Once these steps are taken, the channel is open and can be used to securely send up to a net of 5 bitcoins in either direction *without* interacting with the blockchain at all! How is this done, you ask? Well, allow me to explain:

To make a lightning transaction that sends 1 btc from Alice to Bob:

Steps 2-5 (above) are repeated except that in step #5, instead of the transactions sending 5 btc to Alice/AC_Alice1 and 5 btc to Bob/AC_Bob1, 4 btc are sent to Alice/AC_Alice2 and 6 btc are sent to Bob/AC_Bob2. Note that Bob and Alice both create new secrets and hashes.
Alice and Bob give each other the secrets for the previous (now invalid) commitment transaction, which allows Alice to send from AC_Bob1 and Bob to send from AC_Alice1 (both anti-cheat addresses are now out-of-date and should never be sent to by honest actors at this point).

The latest commitment transactions serve as the working ledger between the two parties. In normal situations, these commitment transactions are never sent to the blockchain.

The commitment transactions are the crux of why the lightning network is trustless. In the case that, say, Bob misbehaves and posts an outdated commitment transaction, Alice and AC_Bob1 would both receive 5 btc. Bob could then create a transaction sending AC_Bob1’s bitcoins to himself, but since now Alice has Bob’s original secret, she can also send AC_Bob1’s bitcoins to herself. Since Bob would have to wait a week to send from AC_Bob1 to himself, Alice has time to notice the outdated commitment transaction posted in the blockchain and send AC_Bob’s bitcoins to herself instead.

This means that if either party tries to cheat by posting an outdated commitment transaction to the blockchain, the counterparty can take all the bitcoins in the channel. This provides a strong incentive not to cheat.

This does mean that someone has to be online to watch for cheaters posting outdated commitment transactions. However, this can be delegated to 3rd parties who can watch the blockchain for you and collect a small fee if they post a successful anti-cheat transaction. A wallet does have to be online in order to accept money via the lightning network.

To close the channel, both parties sign a transaction from AO that settles to the same values as the latest commitment transaction. A commitment transaction itself isn’t generally used to close the channel, because they would both have to wait 1 week to see their money.

The last piece is multi-channel routing. I won’t get into the details here, but suffice it to say, there’s similar fancy hash-secret time-locked multi-signature addresses involved that allow a trustless end-to-end transaction no matter how many channel hops a transaction chain requires. And there’s also a nice clean way to find a sufficiently short path to your destination.

The Lightning Network should be able to handle practically unlimited transactions per second, for almost-free, with the equivalent of instant confirmation speed. And because lightning transactions (other than opening and closing transactions) wouldn’t be posted on the public blockchain, and because onion routing will be used, a lightning transaction will be almost entirely private. The Lightning Network is what will bring Bitcoin payments into the mainstream. If you want to read more, here’s another primer on the LN.

Altcoins

As of July 2017, there are over 900 available cryptocurrencies. Any cryptocurrency that isn’t Bitcoin is known as an “altcoin” – an alternative to bitcoin. Most of these currencies aren’t very interesting or are very experimental, and many are outright scams. Its important to do your due diligence if you plan on investing in any cryptocurrency. Make sure you understand why that currency has value and why it will retain that value, before investing.

Ethereum has been getting a ton of press lately. They’ve garnered a lot of support from big business and the value of an ether coin (the currency of Ethereum) has gone up drastically in the last year. The Ethereum system is all about “smart-contracts” where certain things are guaranteed to happen if some other condition is met. The Ethereum scripting language is turing complete (unlike Bitcoin), and therefore has a much greater range of things it can do than Bitcoin. But by the same token, Ethereum isn’t focusing on being a currency. The goal of Ethereum is to enable running “decentralized applications” or Dapps for short. Because of the wider range of things that can be done with Ethereum, its blockchain will likely grow much larger than Bitcoin’s blockchain.

Ether the currency currently runs on basically the same principles as Bitcoin. However, Ethereum is planning on switching from Proof-of-Work to a Proof-of-Stake system called Casper. This is a huge change, and there is a lot of skepticism that such a system can be secure. Its still unclear when that change might happen.

One other thing about Ethereum is that it split into two different coins in 2015. After a bug in an Ethereum smart-contract called the DAO allowed someone to steal millions of dollars worth of Ether from a company controlled by the Ethereum developers, those developers decided to rewrite history to erase the transactions that stole their money. A significant outcry from some in the Ethereum community lead to some of them forking the Ethereum project and start another cryptocurrency that keeps the history as-is. This fork is called Ethereum Classic, and still exists with significant value, tho at about 1/10th the market cap in comparison to normal Ethereum. Many people still distrust the Ethereum core developers on the basis that they rewrote history to protect themselves.

Monero is a still-little-known cryptocurrency that has been getting more attention lately. It’s a currency based on the CryptoNote system, which uses ring signatures to make payments anonymous by default. If you haven’t heard already, Bitcoin is not actually anonymous – if anyone knows your wallet addresses, they can track your payments. Monero transactions have a random set of addresses added in, and no one except the payment receiver can know which address actually sent the payment.

The fact that Monero transactions are private make the money have a property called “fungibility” – which just means that you can’t tell the difference between 1 coin and another. This isn’t true for bitcoins where certain companies are already blacklisting bitcoins that have some transaction in their past those companies don’t want to associate with.

Among the lead developers, Riccardo Spagni, better known as Fluffypony, is one of the most well-respected figures in the cryptocurrency community, tho his sense of humor has recently upset a few people. Monero is one of the only major cryptocurrencies that didn’t have a period of pre-mining (where the developers hoard a significant chunk of the first coins created for a cryptocurrency). And Monero is one of the only altcoins that uses both well-vetted cryptographic techniques (eg ring-signatures) while also providing functionality that is significantly different from Bitcoin (true transaction privacy).

Other Altcoins

There are an enormous number of cryptocurrencies out there. Most are almost identical to Bitcoin. All are experimental. Other big cryptocurrencies out there include:

Litecoin – Basically Bitcoin where mining requires a lot more memory, and so might be easier to mine on non-specialized hardware.
Ripple – A decentralized web-of-trust system for payments, where you can send a transaction of any type (gold, bananas, hugs) to someone as long as there is a chain-of-trust between you and the person you want to pay. So if A trusts B, and B trusts C, C can send to A without A directly trusting C. Ripple also has a currency called XRP (also often called “Ripple”, confusingly), that uses a trust-based consensus protocol to determine which transactions are part of the one-true-ledger. Where in Bitcoin you don’t need to trust anybody, in Ripple you need to specify who it is that you trust. While Ripple is not truly a cryptocurrency, it deserves a mention here because of the interesting currency-related things its doing.
Dogecoin – A joke currency that is basically identical to Bitcoin.
Dash/Darkcoin – A currency that bills itself as private with instant transactions. Unlike Monero, Dash uses a decentralized coin mixing service to provide privacy to transactions that users request be private. Since transactions aren’t private by default, the pool of addresses to mix with is far smaller than with Monero, and the privacy of their coin mixing protocol has been called into question. While the system uses Proof-of-Work mining, like Bitcoin, Dash governance is done in a Proof-of-Stake manner via master nodes. To perform instant send transactions (usually taking a few seconds), “Quorums” of 10 random master nodes are chosen every block (about every 2.5 minutes), which receive any instant-send transactions, lock them via a broadcast declaration, then have the authority to reject any new blocks that contain transactions that double-spend one of the instant send transactions they’ve received.
Zcash/Zerocoin – Another privacy-focused cryptocurrency that uses zero-knowledge-proofs to make transactions private. While in Monero, each transaction has some small number of potential sources (5-21), in Zcash, all coins in the system are potential sources, which makes the privacy 100% untraceable. The problem is that these proofs make for large transactions (25kb vs Monero’s ~2kb and Bitcoin’s ~300 bytes) and are computationally expensive, requiring at least 8GB of ram to create a transaction, making private-by-default infeasible for the time being. Furthermore, zero-knowledge-proofs are a relatively new cryptographic technique and haven’t had time to be well vetted for attack vectors. Beyond this, the system is owned by a private company that has come under fire for taxing 20% of mining revenue for the first 4 years, prompting a group of programmers to fork Zcash into a new currency called Ebitz. Also, Zcash has what’s known as a trusted setup, meaning that if the company that created Zcash is malicious, they could have kept a compromising key they told everyone that they destroyed, allowing them to steal people’s money.

Conclusions

There’s lots going on in the world of cryptocurrencies. Bitcoin is still on top and likely to remain that way. There are a small handful of interesting cryptocurrency projects out there, and one of them will definitely change the world in the next decade.

Obligatory disclaimer: I own significant amounts of Bitcoin and Monero, but none of the others.