Once blockchain tech is understood by the masses, the sky (moon?) is truly the limit. As this video demonstrates, it's not actually that complicated.
It could be made better (perhaps) by clearly establishing at the begining what problem the blockchain attempts to solve. Otherwise, this is a phenominal "blockchain for idiots" introduction that even your grandmother would understand. That's not easy.
Not really. Security via economic incentives is still shaky. Bitcoin community is split, and Ethereum is still working out the kinks and has a high-risk move to PoS coming up soon. The tech is not remotely mature yet, and blockchain being better understood by the masses will have zero effect on that.
Yet not even the advent of quantum computing with todays algorithms could undo a few hours of the Bitcoin blockchain.
A bit too much credence is given to people arguing on the internet rather than the raw state of things. The sheer computing power of bitcoin is a marvel of the modern world.
For all its problems I would say it has a long way to go yet unless the world solves the reality of a borderless economy.
Agreed, this is a wonderful demonstration of the interesting principles behind the idea of a blockchain (or a distributed merkle tree). Definitely worth playing with for anyone interested in this, and the video is a nice overview as well.
As far as the moon being the limit, unfortunately we still inhabit the corrupted sublunary sphere, and blockchain technology (at least as implemented in Bitcoin) has some limitations which make it unsuitable as a currency or log of transactions between untrusted parties. On your last point, I'm not really sure people know what problems blockchain solves, because there are no problems which directly map to this solution, and there are plenty of problems it half-solves.
Problems it purports to solve but fails at:
Anonymity - good enough to protect criminals, not good enough to protect citizens against a state
Trustless consensus - 51% attack makes this unreliable, esp. with semi-anonymous actors
Trustless transactions - POW as in bitcoin makes this impractical due to energy use and delays
People want centralised trust in many cases for verified identity, transaction rollback, legal constraints on transactions, so in an important sense it is solving the wrong problems (pseudo-anonymity, fungible cash, sort-of trustless consensus) while leaving important problems untouched.
Still, the video and website are an excellent demonstration of the ideas behind a blockchain or Bitcoin.
If you really want anonymity, bitcoin isn't the only blockchain technology you have. I know you were focusing on bitcoin in your answer, but I feel the need to expand here because blockchain != bitcoin.
51% attack is overblown. The bitcoin miners self-police and are switching pools as they get close to 50%. And the worst thing that could happen with a 51% is a double-spend. Big
I don't follow you here. Sometimes the block size limit delays a transaction for a bit, but you still get trustless transactions. The bitcoin community is working to address this problem and I am confident this problem will be solved.
That was the #1 problem that Bitcoin/blockchain solved. If it fails at that it calls into question the whole endeavor moreso than any other possible problem could.
If you're worried about a double-spend, wait for 6 confirmations. Or wait for 10 if you really want to be vigilant.
The 51% is one of the most successful FUD campaigns I've seen since Microsoft called the GPL a virus.
An "accepted" blockchain where all of the funds are diverted to their own wallet even for a day would be enough for all of the speculation that provides bitcoins with value to fall apart. Who would want to invest in a product when can demonstrably be devalued?
Also, it doesn't really take 51%, that's an arbitrary figure, it depends on how many confirmations your adversary is using, and is just a probability, so 40% would probably do in some cases, there is no magical threshold of 51%.
Glad you brought up rule changes, as that's another area where a small group or groups can control blockchains, giving the lie to the idea of a completely distributed consensus - in practice the rules are only as distributed as those willing and able to develop clients (which is a very small group), so that small group have de-facto control of the network.
If you listed everything that would need to happen to cause a 51% attack to be successful, along with the odds that this could happen, you'd see that it has zero chance to succeed.
(I'm using some quick back-of-the-napkin odds to calculate the feasibility that this is even possible...)
- Build large mining network under control of state actor that matches the hashing power of the entire network (5% chance this is possible)
- Bad state actor buys something with bitcoin. (100% possible)
- Bad state actor receives the good within 3 blocks or 30 minutes. (5% chance they receive this in time)
- Bad state actor starts building bad blocks with alternate transaction redirecting the BTC into their own wallet. (1% chance)
- Bad state actor solves 3 (3 blocks back to the original transaction) + 2 blocks (to make this a longer blockchain than the good blockchain) faster than the rest of the network. (3.5% chance if they have over 50% of the hashing power)
- Bad state actor did all of this without the rest of the bitcoin network noticing and routing around the state actor (10% chance)
So you have something like 5% X 100% X 5% X 1% X 3.5% X 10% => 0.00000875% chance that this is possible.
Granted, I'm taking a guess at the odds of most of the numbers, but I don't think I'm that far off. The bitcoin network is currently operating at over 3 million TH/s. .
To set up another network with that same hashing power would cost at least $2 billion dollars, if not more.
You could buy 250,000 AntMiner S9s (if you could even purchase that many without anyone knowing and to avoid availability problems) for about $500 million.
Then you'd have to set up a place that could hold that many miners. Okay so get a warehouse wired up and properly cooled for another $100 million.
Then electricity is about 1350 watts per miner, requiring a $200 power supply. So add another $50 million just for power supplies....but let's say you wire it up custom, so I'll knock that down to $25 million.
We need 337.5 million watts of power to run our miners. At 10 cents per KW/h, the electric bill will be around $24.3 million a month--just to run the miners. Round that up a bit to power the rest of the electricity, run the UPS and backups, the computers for the staff, and let's say the monthly electricity cost would be about $35 million a month...which is $420 million a year.
Back to the staff, you'd probably need 500 people to maintain such a big operation, minimum. If each state actor employee received about $100k/year in salary, the personnel costs are about $50 million/year.
Now multiply all this by two because you would never set up an operation like this without building in redundancy. This comes to about $2.2 billion for a year of operations.
$2.2 billion to have a 0.00000875% chance at a double spend or to reject some transactions from making it to the blockchain. You'd be insane to approve this project.
But let's say the bad state actor is able to pull off this feat. Then the bitcoin miners do a hard fork and just route around the bad state actor the next day. Everything picks up again where it left off on Monday.
-  https://blockchain.info/charts/hash-rate
51% attack - consider other uses like a shared ledger between 5 big banks, all of a sudden you just need 3 colluding and your blockchain is broken. Or bitcoin, most of the miners are in China, the state intervenes one day and secretly requires collusion.
POW - 7 transactions a second, minutes to confirm and massive costs for those keeping full copies of the chain are big stumbling blocks to any blockchain based on POW as in the example or bitcoin.
I think it has some fascinating ideas around shared trust, but Blockchains based on POW are fundamentally unsuited to the sort of large networks of transactions they are being proposed for and centralised solutions involving signing or hashing have the same advantages but solve all these problems and others like trust.
This means that only a fraction of all transactions actually need to be visible on the blockchain since LN is a secure way to "keep tabs" on the current coin ownership.
Using multisignature mechanisms and timelocks, this is very secure and abuse resistant.
Maybe I misunderstood something, but couldn't someone with 51% of the power rewrite a block at any point in time in the past, and change history ? Or even write bogus transactions to the blockchain ? This would seem much more serious than double-spend, which in itself is already unacceptable for a monetary transaction system, and not to be brushed off so casually.
In order to change history your miners would need to solve blocks much faster than the rest of the network consistently for multiple blocks. Then all the nodes on the bitcoin network would accept the false fork because it was longer.
Or even write bogus transactions to the blockchain ? This would seem much more serious than double-spend
You can't write a transaction without knowing the private key of the address you're transferring from. This is true whether there's a 51% attack or not. So you can't just write any old transaction to the blockchain. The rest of the network would reject the block with bad transactions in it.
The big problem is buying something with bitcoin and receiving the purchased good--this transaction goes in Fork A. Then the attacker would start the 51% attack and create another fork--Fork B--which competes with Fork A. In Fork B the attack writes another transaction in which she sends the coins back to a wallet she controls.
Then the attacker must continue to solve blocks at a faster rate than the rest of the network is solving it....AND before the rest of the bitcoin network notices what is going on. This is no small feat.
and not to be brushed off so casually
It's not brushed off casually. The 51% attack is brought up a lot in the cryptocurrency community. But it really isn't feasible on closer examination.
In bitcoin it hasn't been a big deal because everyone is aware of the potential and self-polices.
Also, you are ignoring the main driving force for the development of bitcoin, that being the removal of the middleman/governments from the transaction.
Well at least that's the theory :-) Time will tell.
The longest chain always wins. And since valid block hashes are very hard to find, the longest chain is the one that has the most mining effort behind it. This is why mining is essential to securing the blockchain. In order to make a fake chain of any appreciable length, you would need to have >50% of the total hashing power of the blockchain. And if you have that much power, then whatever you say is the right chain is the right chain, because you can mine more blocks than anyone else and so yours is right by virtue of being longest.
The video incorrectly implies that there is some sort of voting mechanism going on wherein the version of the chain with the most copies is correct, but this is incorrect, and would be horribly broken. The P2P network exists only to communicate transactions and blocks; it does not factor in to which version of a chain is considered valid (the longest one always wins). If the P2P network were used for this, then it would be trivial to take over Bitcoin using a Sybil attack, by e.g. hiring a botnet to run millions of fake nodes with your preferred version of the chain. With mining and validity determination by longest length, that doesn't even put a dent in Bitcoin, as even a million general purpose commodity computers can't get anywhere close to matching a small percentage of the overall hashing power of the miners.
This is because Bitcoin changes the difficulty per block over time to keep the time between blocks close to 10 minutes.
This means that two chains can be equally long but have different amounts of accumulated difficulty. It even means that long blockchains can have low amounts of accumulated difficulty.
But for short periods of time, less than ~2 weeks as it is for Bitcoin, the difficulty will not yet have changed and thus length = total difficulty for SHORT forks.
As a miner, you create your own block from the transactions you see. Every miner makes its own blocks.
This means sometimes two miners will find a block at about the same time, and they'll be different. Other miners will have to choose one or the other as the predecessor for their own blocks, and before long one of the candidate blocks will have another block on top of it.
Everybody considers the fork with the most accumulated difficulty to be the valid fork.
That is the only way to get money out of thin air. And because blocks are hard to create, money is hard to create. All other money comes from people sending it to eachother.
For the signature question, we need to differentiate between two types of signatures. The first is the block signature, which is defined by having a bunch of leading zeroes. The second is an ECDSA signature, which is your more traditional cryptographic signature with a public key and a private key.
When coins are mined out of nowhere, they get assigned to a public key. I'm oversimplifying a little bit, but this is sufficient to understand. To spend coins from that public key, you need to sign a transaction saying something like "I send X coins to person A". This message is signed with the secret key that corresponds to the public key that owns the coins.
The really important part about the blockchain is that it prevents you from spending the same coins twice. So, if you only have 12.5 bitcoins, you can't sent 12.5 to Alice and then send the same 12.5 to Bob. You can create signed messages that claim both. Without a blockchain, it's impossible to tell which one is valid, because it's impossible to know which one came first.
But that's the magic of the blockchain. It's a history of transactions. If you try to spend the same money twice in the blockchain, we can very easily see that you've spend it twice. We also know which one is the valid original one, because it will be first in the blockchain. So we know to accept the transaction that's first in the blockchain, and to ignore the second one. (note, in Bitcoin, it's actually illegal to have two conflicting transactions in the same blockchain. The second transaction will never be included into a block at all).
And, as described early in the video, this history is very hard to re-write. If you decide one day later in Bitcoin that you want to actually undo your spend to Bob and instead spend that money back to yourself, you will have to outcompete all of the mining that happened over the past 24 hours to re-write the blockchain. Given that 'all of the mining' is hundreds of millions of dollars of hardware working non-stop, you will not be able to re-write the blockchain.
Also at this point in the BTC world, the difficulty has become so high that Joe Bloggs will never acquire any meaningful amount of BTC, even in a pool. There are specialized arrays of GPUs that can perform calculations at rates much higher than any standard PC or laptop. The same principles apply to any other bitcoin-like blockchain currency though.
There's unfortunately some things that make it a bit of a race - network latency and block verification time. That's why there's so much work spent on shrinking these (the FIBRE network, libsecp256k1)
If you want to mine Bitcoins, you need a bunch of advantages. Special hardware, cheap space, low electricity cost, bulk manufacturing deals. Otherwise you probably aren't going to be breaking even, let alone profiting.
Is there something like Amazon p2s that mine bitcoin and show a running cost (x/h) where I could just bid >x/h and rent it for a while to do my calculations and when I "shutdown the instance" it goes back to mining?
The mega farms are build around scale and cheapest electricity usually. wouldn't it make sense for them to slap a "rent our servers for deep learning" on top? They know really well how much expected value they generate from the mining (with variance due to the BTC price swings) so they could charge a bit more (or 2x...depends on how well known the margins are) to let anyone rent the calculation for other stuff...then return to default-mining once the rented calculations are done.
There as are so called multipools that tell its miner clients to mine on whatever blockchain is currently most profitable. I can imagine merging this with a paid version of BOINC.
That would only be used by the "GPU coin miners", those in blockchains using ASIC resistant PoW like scrypt instead of SHA256.
Ethereum and Zcash both tried to make asic resistant hashing algorithms. So far they have held up. Ethereum has a hardfork history though and also is trying to move to PoS. Given the cost of developing asics, I'm guessing most manufacturers aren't willing to risk that ethereum could just hardfork to invalidate the hardware, destroying the investment.
We will see, but I'm guessing the Zcash algo will see asics within 2 years if the coin sees successful adoption.
How is a signature picked:
This is arbitrary but should be a fixed sequence that you define before hand. It could start with 'abcd' as long as you decide on that sequence. In the example (and for bitcoin also) it is decided that the hashes should start with a specific number of zero's.
He also says Bob can't give Alice 4 dollars out of thin air right after giving Anders 100 dollars out of thin air:
Anders gets 100 dollars out of thin air because he mined (calculated the hash with the specific starting sequence). This is the reward Anders gets.
Looking for a specific hash such as a hash starting with a certain number of 0's is very computational intensive work. That's why he gets the reward.
Hashing is fast for a computer to calculate one way (go from a piece of data -> a hash) but very difficult and as such slow for a computer to calculate it in reverse (go from a hash to the original piece of data for which the hash was generated).
What would you say that is? Real question.
This convergence occurs even if some of the nodes are evil or faulty or out-of-touch, provided that these bad nodes control less than 50% of the total computing power of all of the nodes.
Having said that, he mentioned that everyone has a copy of the blockchain. So, is that really true? Wouldn't "everyone" be overwhelmed by the number of blocks?
Is there a specific example where blockchain is used, other than bitcoin?
The bitcoin database size is more than 100GB now in 2017.
Blockchain is used by all altcoins and Namecoin for distributed DNS like system.
I assume then that there's a way to "query" the blockchain? How does Electrum do it?
It now grows linearly because it has reached the maximum block size of 1MB per block (actually 1000 kB) (this is the block size debate you've likely heard about)
Blocks today are almost always 998, 998 kB in size and without a transaction fee your transaction can take multiple blocks to be processed.
Block every 10 minutes (goal) is 6 blocks an hour, 144 blocks a day is 144,000 kB a day, is around 4,320 MB a month.
The amount of transactions people are willing to do depends on the value each does, so some people think if bitcoin transactions are almost free some other people would "spam" the network with their "worthless" transactions, thus increasing/growing the size needlessly. So these people claim high fees should ensure only really valuable transactions happen on the network, and not for buying coffe/payment-processing.
So your other question, astronomical, completely otterly astronomical.
Which is why people invent https://byteball.org and others to solve these problems.
Many of these solutions come from people who genuinely believe that they've solved fundamental problems with Bitcoin. But by and large, they have missed important security vectors. Writing a blockchain is a lot like rolling your own crypto - leave it to the experts, and don't trust one unless you've got a bunch of experts who agree that it seems sound.
These problems are very hard. If you are wondering why Bitcoin has not adopted some interesting new technology despite years of dozens of experts doing their best to get scaling into Bitcoin, it's probably because the interesting new technology has some fatal flaw.
Pruned nodes I think are like 2 GB right now? Something in that ballpark.
Needless to say, there are some scalability problems here. And there are a lot of solutions to the scalability problems (such as the lightning network), but generally speaking scalability is probably the biggest and most heated topic in the blockchain space.
What you describe is SPV verification, which basically says "if a miner decided to spend $10,000 in electricity mining this block, they probably verified the transactions first, so I probably don't need to verify it myself". Of course, if everyone makes this assumption, it's very easy for the miners to start slipping in illegal transactions without anyone noticing.
So, some of the network running SPV is okay, but too much is a great systemic risk.
This video implies that, while expensive, it's not that expensive to calculate a correct nonce. Why, therefore, is mining now only viable to huge ASIC farms? My presumption is that it must be to do to with either speed (i.e., the farms get there first), or influence (i.e., the farms have more peers, so can sway the vote in their favour).
Every 2016 blocks, the difficulty adjusts. This is supposed to take 20,160 minutes, but if the timestamps indicate that it took less than that, the difficulty will increase, requiring more leading zeroes. If it takes more time than 20,160 minutes, the difficulty will decrease, essentially requiring less leading zeroes.
Also worth pointing out that the hash can be evaluated as an integer. Instead of requiring an exact number of leading zeroes, you require the hash to have an integer representation than is lower than a certain value.
There's actually a lot of work that has gone into Bitcoin to make sure that having higher hashrate and higher influence does not make it more likely so that you can find a block. Ideally, if you have 0.01% of the hashrate, you have a 0.01% chance of finding each block, and if you have 33% hashrate, you have a 33% chance of finding each block. In reality, Bitcoin is not quite this perfect, but it's pretty close. The 33% hashrate miner may have a 34% or 35% of actually finding each block.
It's absolutely brilliant. Blocks come at approximately 10 minute intervals whether it's just two people cpu mining in their basement or a global network of ASIC farms consuming megawatts.
It's certainly been fun to watch. When I started mining on the very first publicly released GPU miner, my ~$500USD ATI PCI GPU yielded a block (each with a 50 bitcoin reward) every hour or two. I was mining somewhere around 10% of all the blocks in the chain.
Now, doing that very nearly requires owning a hydroelectric dam.
Basically, every 2016 blocks (around 11-14 days) new difficulty is calculated based on the time it took to find the previous 2016 blocks.
Whenever someone gets new fast hardware, blocks get solved quicker, but then the difficulty gets adjusted after 2016 blocks, and it becomes hard again (but even harder for the people with worse hardware).
Just wanted to add that some people are looking replacing this 'Proof-of-Work/Mining' mechanism with a different method called 'Proof-of-Stake . Other cryptocurrencies have already implemented this.
If you jump into the blockchain/bitcoin rabbit hole you will eventually come across this :)
For the most part, proof-of-stake has been strictly rejected as a viable means of building decentralized consensus by the industry experts.
Nit - it would be nice not to use the term "signed" for a block that has a sufficiently small hash. The term "valid" is more commonly used for this attribute of a block, and less confusing with signed transactions.
EDIT: Oh, that's when you successfully mine a block. I'm guessing they chose the name "Coinbase" instead of "reward" to promote Coinbase.
By the way, amazing find. Immensely thankful to the OP for sharing.
The issue with one actor controlling over 50% of mining power is that they can spend their money, then go back in time to before the spend to create an alternative chain. Since they control the majority of hashpower, their alternative chain catches up and ultimately becomes the reference chain in the view of the nodes in the peer to peer network. The bad actor is then free to spend the coins from their original transaction again, despite presumably having already received the goods or services from the original transaction.
The real innovation of the blockchain is that it solves the Byzantine Generals problem in the case where less than 50% of the hashpower in the network belongs to coordinating bad actors. In the absence of that level of centralization and collusion, you can be sure that nobody is cheating.
It's not mentioned in the video, but mining is also how new currency is generated - Miners are rewarded for finding blocks (thus there is incentive to mine).
And to answer your question - In the early days, miners were hobyists and simply operated at a loss. The value of coins grew roughly along with the "hash power" of the collective network (as you might expect). And at the same time, the reward for finding new blocks is constantly shrinking.
What I'm wondering is how many blockchains are you verifying as a peer. When you download the blockchain software, you start verifying the entire blockchain, do you keep getting blockchain hashes from other peers and keep comparing them to see what's the consensus?
You verify that they're all valid, and the blockchain with the greatest accumulated difficulty (correlated with chain length) is assumed to be the valid one used by the whole network.
Whenever you get new blocks you first verify validity, and then you check if they make up for a conflicting blockchain longer than yours (if so, you switch), shorter than yours (ignore), or if it extends the blockchain you have (then you add them).
Number of peers don't matter in Bitcoin.
This typically also means that the longest individual blockchain wins.
- So "Hash" it combination of Block Number, Nonce, and the Data?
- If "mining" means computing the Nonce, what is the actual data to be hashed?
- For Coinbase case, is it the data is the miner's Coinbase Account? So that if mining successful, the miner will get the "money"? If so, how do the first miner advertise the result so that the other peer can trust that the first miner actually get the money?
The way you give value to someone else is by saying, "whoever can make this expression evaluate true can move the funds"
The hash covers the Bitcoin block header. The header includes a Merkle Tree Hash of all transaction, including the transaction that is the base for creating new coins = coinbase.
You pay to public keys. Payments have to be signed by the private key holder for the public key that a given set of coins have been assigned to.
Publishing the block itself that you mined is how your announce it. Others then have to accept your block and continue building on it as a part of the blockchain.
Less proof of work = rejected blockchain fork.
But some of the nodes are evil (or maybe just faulty, or maybe just out-of-touch), and want to try to change past data and get the other nodes to accept their fake history (the "fake chain").
When any node notices that some other nodes are saying different things (proposing different chains), it prefers to believe in whichever chain is longer (this is a slight simplification, actually it's accumulated difficulty).
Many of the nodes are constantly accepting new data and 'mining' new blocks to append to the end of the real chain. They are doing this as fast as they can. The problem of finding a new hash for new blocks is embarrassingly parallel, so if there are 1000 nodes in the network they can mine about 1000x as fast as one node (however, the protocol is constantly adjusting the difficulty (the number of prefix zeros required in the hash) to ensure that on average the blockchain is getting longer at a fixed rate).
If the evil nodes want to change something far back in history, they're going to have to try to mine a whole bunch of new blocks before the fake chain gets as long as the real chain. Recall that the other nodes will reject the fake chain as long as they are aware of another chain which is longer. But while the evil nodes are trying to catch up, the good nodes are also going to be trying to mine new blocks to append to the end of the real chain.
Assuming there are more good nodes than evil ones (or rather, that the total computing power of the good nodes is greater than the total computing power of the evil ones), on average the speed that the evil nodes can mine new blocks is slower than the speed that the real chain is getting longer.
Therefore the rule that the longest chain is the right one works.
Now, through random chance it's always possible for the evil chain to get lucky and mine a block much faster than the good chain. But if it alters something deep in history, then in order to catch up, it would have to get lucky in this way many times in a row; the chance of that happening decreases geometrically with the number of blocks it is behind. Therefore, you can be very confident that a block deep in the chain won't be altered.
To reiterate, the reason that it's important that the further back you change something, the more hashes you need to recompute, is that this leads to the following property: if there are two competing chains of different lengths, the probability that the shorter chain will eventually become the longest decreases geometrically with the initial difference in lengths. This property is why the algorithm converges to a consensus on the data in older blocks.
Let's pretend I have the fastest hash generation engine (actually I'd need 2 for this scheme). I would create a real node that uses my engine and becomes part of the node community. Then I create 100 bogus nodes that proxy to my real node. Now I have a large number of nodes that are essentially using my version of "reality" which, in the beginning, is what everyone else says is truth. Meanwhile I'm busy re-writing history to give myself 10 bazillion bitcoins. My other hash engine is recomputing the chain with my bogus history in the background. At some point it catches up with the present. At that point I substitute my bogus chain for the real chain on my main node. My main node is now in disagreement with everyone else's view of reality. My bogus chain also shows up on my 100 other nodes that are proxying my main node. I now have 101 nodes showing my bogus bitcoins. If 101 nodes isn't enough to win the vote then add more bogus nodes until I have 51% of the total nodes.
Also, what's to prevent me from adding many real but zero sum transactions to my chain before I tell the world about those transactions? He who has the biggest chain wins.
Unrelated thought: quantum computing sounds like it could throw a monkey spanner into the wrench works.
You could do that, but it would be expensive. It's not the number of nodes that matters, it's the total computing power of those nodes, because they need to hash faster than the rest of the network. Your nodes, combined, would need to have more computing power than all of the other nodes, combined. If the blockchain you are attacking is popular, the cost of this much computing power would be prohibitive (eg for Bitcoin today [https://gobitcoin.io/tools/cost-51-attack/] estimates it would cost around $1 billion for the machines plus $2 million per day for electricity).
> Also, what's to prevent me from adding many real but zero sum transactions to my chain before I tell the world about those transactions? He who has the biggest chain wins.
Since each block must contain the hash of the previous block, these blocks, although empty of data, still have different hashes. So you have to compute just as many hashes, regardless.
> Unrelated thought: quantum computing sounds like it could throw a monkey spanner into the wrench works.
Yes, maybe. See [https://en.bitcoin.it/wiki/Quantum_computing_and_Bitcoin]
An 'update' would be a new block or transaction. The Bitcoin network shares new blocks and transaction over a flood network where every node is peered with 8+ other nodes, and will tell all of them when it sees a new block or transaction.
Finding that a single number solved two blocks would be very similar to finding a SHA-256 collision (Bitcoin uses a double-SHA scheme that I think was designed to address a length-extension concern).
The Bitcoin "nonce" is actually a much bigger number than shown in the video. 32 bits I believe.
That's why current miners tamper with both the coinbase transaction, timestamp AND the nonce to find potentially valid blocks in mining.
The key is to wait for confirmations
Smart contracts, is specifying conditions which can be checked in the blockchain, like existence of certain data you expect to be posted in the OP_RETURN (comment-like field) by other transactions. When your conditions are met the "smart-contract" makes/signs and publishes its own transaction, and other contracts can depend on this output of your contract.
Everyone who verifies the contract needs to run the program as well, for free, that's why you can't have big programs.
You can then send new transactions to continue using the program, to interact with it, etc...
If you don't send enough gas, they can't run the program though. (Each functions in a program cost some amount of gas to run.)
The 51% problem describes this but it probably won't happen. The miners don't want to be a part of a pool that achieves over 50% hashing power because it would undermine bitcoin and sabotage their efforts. Currently the biggest mining pool is either AntPool or F2Pool. They both have about 15% of the total hashing power .
-  https://blockchain.info/pools
So, if the longest chain violates one of the core rules, that chain is ignored. You only ever follow the longest chain that also follows all of the rules.
Also as Taek points out, the protocol also contains some rules that constrain the content of the chain. No honest node will accept a chain violating these rules even if a majority of the hashpower supports such a chain.
Note that this describes a "proof-of-work" chain. There are other forms of blockchains, such as "proof-of-stake", in which the number of "votes" is proportional to something other than computational power.
I would love to see a 'weaknesses' explanations about blockchains though, like how 'truthiness' is generated and speed of verification and distribution.
And how do these peers communicate with each other?
The chain with the greatest amount of proof of work will propagate to the majority of the network and be accepted as valid by these nodes (assuming it also follows the protocol rules).
It clearly excels in a world where the participants are anonymous and can't trust each other. The trouble is that doesn't describe most business transactions worldwide. Humanity has a couple thousand years of business experience that generally always bent towards parties identifying one another, building trust, and using courts when those previous methods failed.
So there seems a big mismatch here...block chain seems really excellent at solving a problem that doesn't exist in most places.
Bitcoin is a good counter example. And crypto libertarians who would prefer anonymity will clearly always be attracted, but society would have a lot of cultural habits to undo before this would seem attractive in the mainstream.
That costs a lot of money. It makes it hard to get started if you are untrusted, and it means you have to have a court system, you have to do legal stuff, you have to constantly be wary of the potentially changing trustworthiness of your counterparty.
Blockchains eliminate all of this overhead. It doesn't matter if you are dealing with a highly regulated bank or if you are dealing with Bob the hobo, the blockchain guarantees that you can't be stabbed in the back (... err, when used correctly. Used incorrectly it will not provide any security at all).
I think this is something a lot of people fail to grasp. The true power of the blockchain is its ability to bring trust to places where it's currently inaccessible. Banks that don't trust eachother can do buisness directly. Countries that don't trust eachother can do business directly. A person with no name, no reputation, and no tether to a court system can also be transacted with safely, because the courts, names, and reputations are made strictly unnecessary.
And the proposal is that doing things this way is much cheaper than doing things the traditional way, especially when you consider all of the innovation that could never happen simply because the innovator was unknown or untrusted. All of the energy and money that goes into mining Bitcoin, in my opinion, is more than made up for by the value-add here.
Where is that? Because trust seems accessible to me everywhere there is a reasonably open democracy and rule of law.
And why does this trust cost so much? Take payment cards like VISA. Max, they cost 1-1.5%. There's not much to save there. Sure, it would be cheaper if I paid 0.01%, but the cost is already low enough that it's not really preventing any transactions. And of course bitcoin is not going in the direction of enabling micro payments because of transaction costs and volumes.
And some services (namely adult services and gambling services) can't get any access to digital payments at all. VISA, Paypal, etc. all block them, despite the fact that these services are entirely legal. Bitcoin makes it possible to use these types of services without some central party deciding that supporting an adult cam site is bad for business.
This is also great for the unbanked. If you are in Africa with no local bank, no government id, etc, something like Bitcoin can enable you where no bank would ever trust you.
And Bitcoin is in fact going in the direction of enabling micropayments. There is a huge upgrade to Bitcoin in the works called the lightning network, which means you basically have to make 1-6 starter transactions on-chain, but after that you can make an unlimited number of micropayments around the network for essentially free.
Bitcoin has been around for a number of years now, what do you think is the thing that's preventing it from catching on?
This is an important point that very few in the bitcoin community have bothered to investigate.
Credit card fees are even lower than the 1-1.5% you speculate. As credit companies increased their efficiency with technology they didn't lower the fees, but spent the extra profit on marketing in the form of rewards cards and cashback, which shifts money from retailers to card holders. Since vendors compensate by raising prices, that actually means that they redistribute money from people who pay cash or debit to those who use reward cards. There have been class action lawsuits in Canada and the US over this recently.
In Australia they took an administrative approach and capped interchange fees at 0.5% in 2003 and the result was that rewards cards went away. The credit card companies still made profits.
Meanwhile, real transaction costs in Bitcoin are enormous, but instead of being transparent are currently handled via seigniorage through the currently relatively high inflation of the bitcoin supply (rewards to miners). As that is reduced and finally dries up Bitcoin transactions will require large fees. Either that or miners will exit the business and the whole system will collapse since it isn't designed to handle reductions in difficulty. 50% attacks will be easy to carry out, or trust of central authority will be even more important than it is now with the already tiny number of professional miners controlling the network.
Bitcoin already has brainwallets, password derived private keys.
Kinda like if you kept a key in one of those banks that let you rent deposit boxes, and you stored another key there. Then you'd have a way to use the expected greater robustness of the bank (blockchain) compared to, say, keeping the key under your mattress.
So unless you need to SHA256 hash something twice at a rate of trillions of hashes per second, there's really no alternative use. But, again, that's the purpose of ASICs: an increase in performance from a decrease in generality.