# Bitcoin (Proof-of-work)

## A chain of blocks as a public ledger

- each block has a header and a body
- the body has entries of transfers
- asymmetric encryption scheme (public/private keys) to prevent forging
- (hash of) public key as address, private key to sign

## Proof-of-work for consensus

- each block header contains the hash value of previous block
- target: a number (256 bit for bitcoin) with the beginning n bits are zero.
- lower than or equal to
- max (easier to computer): 32 bits as 0
- 2^224-1 : 0x00000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

- min (harder to computer): all bits as 0
- can be possibly extended to more than 256 bits, so really no minimum target

- each block also has a 4-byte random number (nonce), a participant (miner) can enumerate the nonce to meet the difficulty requirement.
- on average generating each block will take 2^n tries. If the network has “hashing power” as H, and the expected time to generate next block is t. Then: t*H = 2^n.
- if the desired time to generate the next block is T, then the difficulty should be set as n=log_2(T*H)
- difficulty: max_target / current_target
- min: 1
- max: no max difficulty (greater than 2^224)
- current difficulty: 12,720,005,267,390 ~= 12.7T ~= 2^44
- target = max_target / difficulty ~= 2^(224-44) = 2^180

- difficulty/target is adjusted every 2016 blocks (approximately 2 weeks given the 10 minutes period)

## Timestamp

- accepted as valid if
- lower than now + 2 hours
- greater than the median timestamp of previous 11 blocks

## Incentives and mining

- block reward initially 50 bitcoin for each block, plus transaction fees
- block reward halves every 210,000 blocks (~4 years), 0 after 64 iterations
- currently at 12.5 (2019)

- total amount: ~21 million, over 75% and below 87.5% have been mined (why?)
- 210000 * (50 + 25 + 12.5 + …)

## Merkle tree

- leaf nodes has data
- non-leaf nodes has hash of children nodes
- the merkle root hash (32 bytes) is in the block chain header
- this enables fast verification of the chain
- no need to compute hash for all transaction content.

## Forking

- if two miners both generate (different) next blocks, then the chain “forks”. Other clients may accept either chain.
- eventually, the longer chain wins, that is, a client will replace its own chain with a new chain if the new chain is longer.
- 51% attack: if one controls most of the hash powers, she can always rewrite a chain, causing issues such as double spending.
- to avoid frequent forking, the expected time to generate a block should not be too small. 4 minutes in bitcoin. To achieve this, the difficulty is adjusted every 2016 blocks (~2 weeks).