How can I buy Bitcoin?
Generate a password, and then pay someone to send bitcoins to that password.
A password?! That's it?
Yep, that's it.
What do you mean with "send to a password"?
It means those bitcoins now belong to the owner of that password.
What if someone finds my password?
Then he will be able to spend your bitcoins.
How hard will it be to try all possible passwords to check if they have bitcoins?
Really hard, it would take hundreds of thousands of years to do it. There are a lot of different possible passwords available. If you choose your password at random - and don’t use your birthday - you're safe.
How many different possible passwords are there?
Almost 2^256, or in numbers you understand, 115,792,089,237,316,195,423,570,985,008,687,907,852,837,564,279,074,904,382,605,163,141,518,161,494,336. That's higher than the number of atoms in the perceived universe.
But wait, you told me that to get some bitcoins, I had to pay someone for him to send his bitcoins to my password. So, he must know my password, right?
No, absolutely not. Bitcoin uses mathematics to transform your password (also known as a private key) into a public key. These two keys are related, but totally different. It's really easy to get a public key from a private key. But it's impossible to guess a private key from his public key. So what you do is ask that guy to send his bitcoin to your public key, instead of your private key, thus keeping it secret.
Send to the public key?! But if it's public, everyone will know about it! How are my bitcoins secured then?
Because you asked that guy to send the bitcoins not to the public key itself, but to a script.
A script? What is that?
Imagine your public key as a word. One can say "These bitcoins now belong to these public key X". But with Bitcoin script, we can build sentences. So, instead, we can say "These bitcoins now belong to who proofs to own the private key where its public key is the same as this public key X". That sentence in bold is what we call the unlocking script.
Sentences instead of words? That sounds interesting.
Yes, it is. There are different sentences in use nowadays in Bitcoin, but I will explain this to you when you're 11. For the meantime, let's stay with the basics: a) you need a password, or as you now know, a pair of keys (public and private), b) you pay someone to send his bitcoins to your public key, and c) you don't need to show him the private key. Only the script and your public key are recorded, in what is called a transaction.
So a transaction happens when some bitcoins change ownership?
Exactly. A transaction has two parts: inputs and outputs. Input are all the bitcoins entering the transaction. These bitcoins will change ownership. Remember, the owner has to prove he owns these bitcoins, by satisfying the unlocking script. The output defines the new ownership of the bitcoins referenced in the input.
We can have more than one input and more than one output? Why?
Imagine you have 2 private keys, each "owning" 5 bitcoins. You want to buy something that costs 7 bitcoins. You create a transaction with those 2 private keys on the input, which gives you 10 bitcoins in total. On the output, you define that 7 will belong to the public key of the seller, and 3 to your public key again (it's your change).
But now everyone can see that my bitcoins belong to this public key. Is that ok?
If you use the same public key for every bitcoin you receive, people will know that they belong to the same person. So you should generate a new pair of keys for every bitcoin you receive. Even the public key for your change should be different.
A new password for every bitcoin I receive? That's a nightmare!
No it isn't, if you use a Bitcoin wallet to manage all your passwords.
A wallet? What's that?
You know what a browser is, right?
Yeah, it allows me to access the World Wide Web.
Exactly, and a Bitcoin wallet it's just like a browser, but to access the Bitcoin network.
So, my bitcoins are stored in that wallet?
Not your bitcoins, your passwords. Your bitcoins are registered on the network as belonging to your passwords, so you just need to take care of your passwords.
So, if I lose my wallet, and so my passwords, I lose my bitcoins?
Yeah. That's why it is so important to backup your passwords.
But with a new password for every time someone sends me bitcoins, there are always new passwords being generated. How can I backup something that's always changing?
Because in Bitcoin there's a concept of a super master password. If you backup that, you'll be able to access all your used (and future) passwords. This super master password is called a seed phrase.
Future passwords? Really?
That's the beauty of Elliptic Curve Cryptography. But I will explain that to you when you're 12.
What if my wallet app disappears? Like if the company which made the app go bankrupt?
You just install another wallet and add the seed phrase to it. The new wallet will then be able to know all your passwords, and will be able to scan the network and find your bitcoins there.
But where do wallets see this? Where is that information recorded?
In a database, or how we call it, a ledger.
A database? What's that?
It's a place where information is stored. You know that Google spreadsheet where I keep your school grades? The one I share with you and your mother? That's a database. Imagine that there's a Google spreadsheet where every transaction is recorded. Imagine that anyone in the world could read that Google spreadsheet. Anyone, with no restrictions. But no one could edit it.
Yeah, like tweeting the public link of the spreadsheet.
Exactly, everyone could read all the sheets from the spreadsheet and verify all transactions.
Verify all transactions?
Yeah, all transactions must be registered in this spreadsheet and can be validated. And you should validate all transactions, to be sure you don't have a fake spreadsheet. You want to be sure the transaction changing ownership of the bitcoins to you is there. Before sending the money. For this to work the spreadsheet must be non editable.
That's ok, no one can edit the spreadsheet, they only have read access.
Except of course, for the owner of the spreadsheet. The one who sent the link initially. He can do whatever he wants with it.
The owner? I forgot about him. But, in that case, we have to trust him to be honest?
No, we don't. Bitcoin solved the problem by not having an owner, and by distributing the ledger. There is not one, but more than 100.000 copies of the ledger distributed around the world. These copies run in computers we call nodes.
So nodes maintain copies of the ledger around the world?
Yes, and they validate transactions.
How do they know they have the correct spreadsheet?
Because all transactions are valid, and no one can change what's written there.
No one can write to it? How come?
I didn't say no one can write to it, I said no one can change what's written there. Pay attention please.
Hu? What's the difference?
Well, you cannot change what's written there, but you can add information there. Like with your school grades spreadsheet. Do you know how your school grade spreadsheet has several sheets?
Yes, one for each school period.
Exactly. After I enter your grades, I don't need to change them. They will not change. And in the next period, I just add a new sheet to the spreadsheet with the new grades. Without touching the previous sheets.
So, you can never change anything, but you can always add information on top?
Why is that important?
Because after a transaction is stored in a new sheet, it cannot be changed. Imagine the guy you pay for your bitcoins afterwards changes the transaction to another public key. You no longer control/own those bitcoins, and you lost your money. It's of paramount importance the immutability of the spreadsheet.
So, will my transaction appear in a new sheet in this spreadsheet?
Yes, sooner or later.
Sooner or later? How come?
Well, someone needs to write the new sheet, right? But who? To solve this, Bitcoin runs a lottery every 10 minutes. Whoever wins it gains the right to add a new sheet to the spreadsheet. So, your transaction will only appear after this lottery finishes. And even then, it may not see it in the new sheet. If there are a lot of transactions waiting to be included in a sheet, you will have to wait.
Why aren't all new transactions in the new sheet?
Because sheets have a limit in size. If there are too many transactions to be included, a selection must be made. The winner of the lottery is free to choose which transactions he wants to include in the new sheet. You know, we should start calling these sheets blocks, that's their real names.
Can't we bribe the lottery winner?
Bribery? What do they teach you in school nowadays?
Actually, we can, and it's quite easy. When you define a transaction, you can define your output inferior to your input. This way, you are telling the lottery winner he can keep the difference. Of course, lottery winners will choose those transactions with a higher difference.
How are new bitcoins generated?
In this 10 minute lottery. The winner also gains some bitcoins as a prize, and this it's the only way new bitcoins are born.
So, every 10 minutes some bitcoins are born?
Yes. It’s called the block subsidy, and these new bitcoins belong to the lottery winner. When Bitcoin started, the block subsidy was 50 bitcoins. Every 210.000 blocks (more or less 4 years) this block subsidy is cut in half. Nowadays the block subsidy is 6.25 bitcoins, and in 2024 it will be cut to 3.125 bitcoins.
So, how many bitcoins will ever be generated?
Almost 21 millions.
That’s it? 21 millions?
Yes, 21 millions in round numbers, no more no less.
And why 21 million?
Nobody knows. Satoshi Nakamoto, the guy who invented this, decided it. It was easy to get any other number. If for instance he wanted to be 42 millions, all was needed was to start with a block subsidy of 100 bitcoins instead of 50. Or if he wanted it to be 16 millions, just halved the block subsidy every 160.000 blocks instead of 210.000. The truth is, nobody really knows.
Can’t we ask him?
Nopes. He disappeared shortly after announcing Bitcoin.