Cryptocurrency Basics

Cryptocurrency explained in 60 seconds – The Basics of Bitcoin

This entry is part 1 of 8 in the series Cryptocurrency Basics


CryptoCurrency Explained – Cryptocurrencies like Bitcoin are often described as complicated and technical. They’re not: the core concept is simple.

If you have 60 seconds to spare read the explanation below and ‘own’ that concept forever.

CryptoCurrency Explained in 60 seconds

First of all we start with an analogy. Until just over 100 years ago the people of Yap, a Pacific island, used large stone disks as coins. The picture on this page shows some.
Cryptocurrency Explained - Yap Island BitcoinYappians used these stones for large expenses such as dowries. Because the stones were large the islanders didn’t bother moving them about. They just transferred ownership. People knew who the current owner was because it was public knowledge.

This made it difficult to commit fraud.

  • You couldn’t spend someone else’s stone, because everyone knew who owned the stone.
  • You couldn’t spend the same stone twice because everyone would know.
  • You couldn’t fake the currency, because to do that you’d need to carve a new stone – which anyone could do anyway.

It was a great system. It just didn’t scale up well.
Cryptocurrency Explained - bitcoin logoBut cryptocurrency works in exactly the same way, and does scale up.

Here’s why they’re the same.

Bitcoins don’t move around. They stay fixed on a public ledger, the “block chain”. Anyone can check ownership by checking this ledger.

This makes it difficult to commit fraud:

  • You can’t spend someone elses bitcoin, because everyone knows who owns them (from the ledger.)
  • You can’t spend the same coin twice, because the network keeps the ledger up to date and there’s only one ledger. If you did try to spend it twice, everyone would know.
  • You can’t fake the currency, because to create a bitcoin you need to break a difficult maths problem. A new problem is set every 10 minutes, and the winner gets a brand new bitcoin as a ‘prize’. There’s no way to fake the answer – you’re either right or you’re not, so there’s no way to fake a bitcoin.

Openness is at the heart of both the Yap stones and cryptocurrencies. Everything is there for anyone to scrutinise, and so anyone can check if a payment comes from the rightful owner. There’s no need for trust between two people in a transaction, because the system removes the possibility of fraud.

That’s it, that’s the core of cryptocurrency explained in 60 seconds.  Of course there’s a great deal more to it.  If you’d like to follow the technology as it develops, drop by my google+ page or linkedin page and say hi.

Now, if you’ve got another 60 seconds, here are the answers to some burning questions you may have.



What everyone wants to know about cryptocurrency

This entry is part 2 of 8 in the series Cryptocurrency Basics

Why are they such a big deal?

Cryptocurrencies have succeeded in answering two of the fundamental problems with moving money online:

  • How do I stop we stop someone spending the same money twice?
  • How do we avoid middle men?

If it gets established, we’ll all benefit from a faster, more secure way to shop online.

There are also social benefits. The micropayments, microloans and very low transaction fees all help poorer countries access online services.

But aren’t they just for buying drugs?

Yes, they were for a while.

The early adopters of bitcoin were the ones with the biggest incentitive to use it. Among these people were lawbreakers who saw it as a way of moving money around anonymously.

That use is becoming far less prevalent. Now a majority of users of bitcoin hold on to them (about 85% at time of writing.) Many use them for tips and online games. Some use them for purchases.

How Can I prove I Own a Bitcoin?

The public ledger proves ownership.

But how do we know that an entry on the ledger is legitimate?

Where the islanders knew everyone by sight bitcoin relies on digital signatures.

These use the same cryptography that protects websites. It’s designed to prove you are who you say you are, and relies of two passwords, one made public, one kept hidden. If you want to learn more here’s a description of how they work.

An entry on the ledger is legitimate only if it is digitally signed by the owner.

How Do I Spend Bitcoins?

You spend bitcoins by ‘signing’ a transaction and putting it in the ledger. You use a piece of software called a wallet to do this.

It takes about 30 minutes for the transaction to go through.

Can I spend less than a whole bitcoin?

Yes, you can combine and split bitcoins as you see fit. This works just like splitting notes into coins, and back again.

You can do this down to smallest unit, called a satoshi, which is 1/100,000,000 of a bitcoin.

Are Bitcoins Secure?

Yes, pretty much. At the individual level, it’s as secure as any bank website. Keep your password safe and your cryptocurrency is safe.

If you’d like to know more about why I said ‘pretty much’, and not ‘yes!’, read about the large scale vulnerabilities here.

Is Bitcoin stable as a currency?

No, not at all. The price goes up and down, is prone to bubbles and the odd crash of an online exchange. Bitcoin isn’t yet a serious investment.

Can Bitcoins be used anonymously?

No, they can’t. It’s a public network, and any public network is prone to analysis by anyone. If you know how, you can work out real-world identities from it. It’s just not particularly easy to do so.

And that’s it. That’s all you need to know to use bitcoins. For more detail on any of these topics, please read on.



Introduction to Cryptocurrencies

This entry is part 3 of 8 in the series Cryptocurrency Basics

Introduction to Cryptocurrencies by Scott Maxwell

Cryptocurrencies are a new way of transferring money across the Internet. They rely on cryptography not only to ensure anonymity but also to provide a secure peer-to-peer network for the transfer.

In such a transfer, traditional cash is exchanged for the cryptocurrency at an online exchange.  It is then transferred across the network to the new owner.  The new owner can choose to hold the cryptocurrency, or to convert it back into cash. Because of the nature of the cryptography used neither party needs to trust the other and neither party needs to divulge their identity.  Moreover, the transfer is irreversible and does not need to go through a bank or third party.

What does a cryptocurrency coin ‘look’ like?

Cryptocurrency or ‘digital’ coins are numbers in the publically held history of that currency.  This history shows all transactions carried out since it was created.  Anyone can claim ownership of these digital coins if they can prove two things. The first is that the history on public record shows an unbroken chain of transactions right back to the initial one which originally created the coins. The second is that the digital coin is currently linked to a unique encryption key. If the claimant has this key they can prove that the chain is unbroken, and can add the next transaction to the chain.  This allows them to transfer the digital coins to someone else.

What are Cryptocurrencies worth?

The cost to buy cryptocurrencies is set by an open market.  These markets match up buyers with sellers; both are free to negotiate a price they’re happy with.  Exchange rates can vary from day-to-day and transaction-to-transaction.

Recent speculation has seen some cryptocurrencies undergo triple digit by inflation.  Bitcoin, the most popular cryptocurrency, was first traded in May 2010, reached party with the US dollar in February 2011, and currently trades for just under $1000.

This massive increase in value and the widespread use of cryptocurrencies as a way of buying illicit goods on the Internet has attracted the press with stories of crime, and of fortunes won and lost.  The added attention this has brought has made the use of cryptocurrency more popular and they are now becoming mainstream. A number of retailers including eBay now allow the use of the concurrences to buy physical goods. It’s likely that the use of cryptocurrencies will grow in the coming years up from its current market capitalisation value of $12.5 billion.

This presents a problem. What was once a niche for technical hobbyists is now becoming in many respects a world currency. Governments have started to tackle this by putting in place legislation, largely based on existing legislation for wire transfers or traditional fiat currency.  However, fundamentally, the use of crypto currency is dependent on the security of the cryptography that underpins it. As more commerce is carried out using cryptocurrency, the strength of this security becomes critical.

This paper examines the strength of this security, and how vulnerable it may be to malicious disruption.  Given its dominance, Bitcoin is used as the specific cryptocurrency in question.  However, there are a large number of cryptocurrencies that share the same system and therefore the same vulnerabilities.

Next, A Brief Description of the Bitcoin Algorithm

Bitcoin algorithm – A Brief Description

This entry is part 4 of 8 in the series Cryptocurrency Basics

In order to examine its strength, it’s necessary to briefly describe some of the details behind the Bitcoin algorithm.  For a more complete description please see Nakamoto’s original 2008 paper.

Bitcoin Transactions

At the heart of the system is the transaction, a block of data that holds information such as how many bitcoins to send, and the network address to send them to.  This data is digitally signed by the owner of the bitcoins using and encryption method called asymmetric, or public/private key, encryption.

In public/private key encryption one key is held by the owner and kept secret the second is published for all the world to see. Data is encrypted using the public key can only be decrypted using the private key, and vice versa. This can be used to digitally sign a piece of data.


Figure One:  Digitally Signed a transaction


Bitcoin Algorithm – The Blockchain

The publicly held history of all transactions of Bitcoin is held in what is known as the blockchain.  Starting with the creation of each Bitcoin, this shows every transfer of ownership to the present day. The integrity of the blockchain can be proven using another common encryption algorithm used throughout the Internet called SHA256.  Known as a ‘hashing’ algorithm, this is used to detect whether the data has been tampered with.  Changing even a single bit will radically change the output from the hash.

Figure Two: Hashing algorithms prove the unbroken chain of transactions

The output from the hash is a long string of bits. By including this string as part of the next transaction, the two transactions can be chained together.

By combining these two, providing a way to sign a transaction to prove it was created by the owner, then providing a way to chain transactions together to prove they’ve not been tampered with, Bitcoin provides a way to prove ownership similar in main ways to title deeds for property, or ownership records for cars.

The Network

When a transaction is posted publically, a copy is being sent to every server on the Bitcoin network.  This network is extensive and powerful, but was created by individuals the world over donating server time to Bitcoin.  Without this, the system simply wouldn’t function.

But why would anyone donate expensive servers in the first place?

In order to create an incentive for individuals to donate server time, the original design intentionally makes the hashing algorithm more difficult than it needs to be.  Instead of allowing just any output from the algorithm, the design requires that the output contains an exact number of zeros at the start. Not all results have this number of zeros, and so by increasing or decreasing the number of zeros, the algorithm is made harder or easier. Increase the number of zeros and more results had to be thrown away before hitting on the right one, decrease it and fewer have to be far away.

Bitcoin Algorithm - Changing the difficulty of hash outputs

Figure Three: If you stipulate more zeros at the start, hashing gets more difficult.

To get a valid answer, the algorithm needs to be rerun with new random number added to the transaction block each time.  Do this often enough and eventually you’ll stumble upon a random number that’s just right to produce a hash output with exactly the right number of zeros at the start.  However, it’s impossible to calculate in advance which random number will do this. Therefore the calculation of the hash turns into something of a lottery.

It’s being part of this lottery that gives the incentive, as it also includes a prize. The first server solving the puzzle can create an agreed number of the coins and add them to that transaction. These are brand new coins, and can be exchanged for traditional cash or held by the owner.

The probability that any particular server will find a valid output is also set by the design. That calculation looks like this.

Bitcoin Algorithm - Probability to win a bitcoin block

Finally, the difficulty of the algorithm is changed to ensure that no matter how many servers are on the network it is likely that a new result will be found every 10 minutes.

Arbitrating between winners

In its simplest form the above would work only if every server was working on the same block and could agree on who found the winning answer first. On a global network this is not possible. Delays in the transmission of data between servers means that no two servers can be guaranteed to have the same data.

This makes the simple case above susceptible to what is known as double accounting. A coin holder could potentially use the same coin to buy services from two different people at the same time. So long as those two people did not share data neither would know that the other transaction existed.

To make this impossible the design calls for a system of consensus between servers. Each server works on the longest blockchain it holds. It also has in reserve every other potentially valid blockchain.  Because each server is working on what it thinks is the longest blockchain, there is a preference across the whole network for longer blockchain. This gives the blockchain which is actually longest an advantage, and it grows fastest.

Bitcoin Algorithm - blockchainFigure Four: Agreeing who has the longest blockchain.

Longer blockchain therefore grow faster then shorter ones. Over six or seven iterations one will accelerate away from the others and the network achieves a consensus.  Transactions in that blockchain are confirmed and transactions in losing chains are discarded.

Next, Bitcoin Vulnerabilities

Previous, Introduction to Cryptocurrencies

Bitcoin Vulnerabilities

This entry is part 5 of 8 in the series Cryptocurrency Basics

Bitcoin Vulnerabilities – The 51% Attack

This need to achieve consensus is at the root of the first of Bitcoins vulnerabilities, known as the 51% attack.

The 51% attack is analogous to buying success in the lottery. If you were able buy over half of the tickets in a lottery, your probability of winning would be over 0.5.  In the Bitcoin network, this is the same as having more than 51% of the servers at the disposal of one group or person. If anyone achieve this, they would be able to dictate which was the winning chain half the time. This would allow them to spend Bitcoins in a blockchain which they know will be discarded.

Nakamoto, the original designer of Bitcoin, knew about this risk. He suggested that anyone with over half the servers in network would gain more by using those servers to legitimately mine Bitcoins; mining could continue indefinitely, whereas any fraud would undermine the system rather quickly.

There is some evidence to suggest that this incentive isn’t enough. In January 2014 the mining group approached the 51% mark. In the same month a botnet was discovered that hijacked PCs and used them on the network. In June 2013 Feathercoin, an alternative to Bitcoin, had a 51% attack successfully carried out on it. It is therefore entirely possible to add enough servers to a network to take it over, albeit for a short period.

Bitcoin Vulnerabilities – The Transaction Malleability Attack

A second Bitcoin vulnerability is a form of denial of service attack.

There are some changes that can be made to a transaction that doesn’t alter who is sending or receiving the bitcoins and doesn’t alter the amount but does alter the information that goes along with it. The changed is trivial as the same amount of bitcoins is sent between the same two people. But because of the nature of hashing, a very small change in the transaction can result in a very different hash output. Only one transaction is confirmed, the other is discarded. This can have an unwelcome effect on the bitcoin network in three ways.

The first is psychological. If a large number of modified transactions are added into the blockchain it will take time and server power for the network to agree on which of the transactions to accept. While it’s doing this normal transactions can be slow. If enough transactions are modified normal transactions would become impossible. The movement of funds would be stopped. During such an unstable period it’s likely that the price would crash as panic selling set in.

The second effect comes from the way some exchange systems have been written. If information other than the blockchain is being used to confirm a transaction, then the exchange and the blockchain may become out of sync. This may make some exchanges vulnerable to pump attacks, where small transactions can be carried out repeatedly to remove large quantities of bitcoins from the system.

The final effect comes from the implementation of some wallet software. In any transaction it’s likely that one part of it will involve change being given to the originator. This is because the transaction needs to be carried out using bitcoins received in previous transactions. Unless there has been an exact transaction which equals the payment, or a number of transactions that would add up to that amount, some change will be sent back. This is similar to traditional money–if you don’t have the exact amount in coins or notes, you need to give more and expect change in return.

The problem comes when the wallet assumes that the sender trusts himself. This allows the change to be spent before being confirmed, raising the potential for a double spend.

Bitcoin Vulnerabilities – The Shor’s Algorithm Attack

A third Bitcoin vulnerability comes from the use of public/private key encryption.

This encryption method depends on the difficulty of the maths involved for its security. In theory a private key could be worked out from a public key by trying all possible values for that private key. The only thing making this impractical is the amount of time it would take. For even the fastest super computer, a private key would take several tens of thousands of years to break.

However this encryption method is vulnerable to Shor’s algorithm.

Shor’s algorithm uses quantum maths to solve the public-private key encryption much faster than can currently be achieved. Using a quantum computer, it could crack public/private key encryption within in a few minutes. Up until recently, the prospect of working quantum computer was reasonably distant. However in 2012 Shor’s algorithm was demonstrated on a working quantum computer for the first time. Since then quantum computers have been scaled up and are now approaching the point where they could be used in practice. Given the impact on security and the potential benefits to the first organization to build one, this effort is well funded. For example the National Security Agency in the US and GCHQ in UK are both working on a quantum computers that can crack public/private key encryption.

Bitcoin Vulnerabilities – Public/Private Key Encryption Flaws

Regardless of their success, doubt has already been raised about the integrity of the public/private key encryption algorithm itself. Documents leaked in December 2013 by former NSA contractor Edward Snowden points to a flaw in the algorithm used to generate the random numbers necessary to encrypt data. Although the report comes from an uncertain source, this is certainly possible. The standard was written by the NSA, and vetted by NIST (US National Institute of Standards and Technology), an organization which has very close ties with the NSA.

If it’s found that the random numbers been generated by the encryption album are not random after all, the integrity of the encryption standard fails, and with it trust in Bitcoin.

Next, Attacks on Bitcoin

Previous, A Brief Description of the Bitcoin Algorithm

Attacks on Bitcoin

This entry is part 6 of 8 in the series Cryptocurrency Basics

Motivation for Attacks on Bitcoin

Disruption over Deception

The use of vulnerabilities above for financial gain is unlikely. The resources necessary to exploit them are substantial. Also, anyone trying to exploit them is likely to be quickly discovered.

However, they can also be used as a way to disrupt or destroy the Bitcoin network.

Any group that achieved 51% attack on Bitcoin would be in a position to destroy it once it had achieved six or more wins in a row. To do so it would simply have to replace the winning chain with random data. The damage would be irreversible. The chain of ownership would be broken, and all Bitcoins would simultaneously become worthless.

The length of time that the attackers would need to maintain control of the network is short. Given the 10 minute cycle time of Bitcoin, if it held 50% of the servers it would take a little over 10 hours to achieve dominance of the network with absolute certainty. It may be much sooner if the attackers got lucky.

Even if the attack on Bitcoin is well publicised any defence would therefore have only a small amount of time to react.  In that time it would have to contact and coordinate a network of volunteer developers, who together would need to work out a strategy to counter the attack, write the code, and deployed it.

The time to carry out an attack using a quantum computer is much shorter still. For each private key it cracks it could destroy all the Bitcoins owned by that key. Again the damage is irreversible. Using single use public encryption keys would protect somewhat, but the public key still needs to be made public when the Bitcoin is spent. If it could be cracked in the time it takes the network to come to a consensus, that is around one hour, it could still be used to destroy those Bitcoins.

These attacks would also be much harder to detect. The owner would have to come forward and announce that their public key had been cracked. In doing so they would remove their own anonymity and still not be in a position to recover the lost Bitcoins.

It is therefore substantially easier to disrupt or destroy the Bitcoin system than it is to successfully exploit it. But what motivation could there be to do so?

Non-monetary reasons for Attacks on Bitcoin

Although this is speculation, it’s not difficult to suggest a number of reasons why a group may want to destroy Bitcoin.

  • A national government may consider Bitcoin to be a threat to its interests.
  • A militant group may want to disrupt trade on the Internet for political gain or notoriety.
  • A court of law may deem Bitcoin to be illegal or a public menace and order its destruction.
  • Advance knowledge of disruption could be used to speculate on traditional ‘safe haven’ currencies or gold.  As Bitcoin owners flee the system they’d need somewhere to put the value they’d withdrawn, and so the price of these would go up.

This list isn’t complete. Those skilled enough to disrupt the network may well be ingenious enough to also exploit that destruction in all manner of ways.


Bitcoins, and all similar cryptocurrencies, rely on their exploitation being impractical. There is nothing in the design that makes it impossible. A number of vulnerabilities do exist. Although it would be difficult to use these to exploit the system, it is relatively straightforward to use them disrupt or destroy it.

As the market size increases the motivation to attack cryptocurrencies increases.  As the development of quantum and other technologies continues it also becomes easier.

Previous, Bitcoin Vulnerabilities

Next: How Anonymous is Bitcoin?


How Anonymous is Bitcoin?

This entry is part 7 of 8 in the series Cryptocurrency Basics

A question that quite often comes up is whether Bitcoin is anonymous. It looks like an anonymous system because real names are hidden. Any transaction between two people is carried out using public keys – a public key is simply a large number. There are no names, no emails and no addresses, and so it looks like it can be used in total secrecy.

If someone did want to find out who you were, they’d need to find a way to match up public keys with real names. Of course if someone were to hack into a laptop and see the keys being created, then they’d have the proof that’s needed. But if you have access to the laptop then you probably already know who the person is, right?

Hypothetically, if you could see lots of transactions happening over time from a single public key, then you could use network analysis techniques to gain some information on who was using it. For example, you could tell if that person was hanging out in a clique, or used a certain service. Potentially this could link that key back to a specific person. However, to make things harder Bitcoin allows the user to generate any number of public keys they like. In fact, it’s considered good practice to use public keys only once. This makes finding someone’s name is much harder – if a public key is only used once then there really isn’t much evidence to go on, just one transaction at one moment in time. Not much can be inferred from that.

So How Anonymous is Bitcoin?

Put all this together and it’s easy to see why Bitcoin has a reputation for being an anonymous currency.

There’s also plenty of evidence on the web that that’s how people treat it in practice. For example it’s widely used to buy illegal goods, or in transactions that users would be rather not see listed on their credit card bill. It’s also used in political campaigning. Wikileaks, an organization supporting anonymous whistleblowing, urges its supporters to send in Bitcoins because

“Bitcoin is a secure and anonymous digital currency. Bitcoins cannot be easily tracked back to you, and are a [sic] safer and faster alternative to other donation methods.”

But if you ask the experts, then you get a different story. Jeff Garzik, an original member of the team that created Bitcoin, states that it would be unwise

“to attempt major illicit transactions with Bitcoin, given existing statistical analysis techniques deployed in the field by law enforcement.”

So who’s right? Are the developers being too cautious, or the users too gung-ho?


Next:  Analysis of the Bitcoin Network

Prev: Attack on Bitcoin


Analysis of the Bitcoin Network

This entry is part 8 of 8 in the series Cryptocurrency Basics

What data is available in an analysis of the Bitcoin Network?

There’s no doubt that Bitcoin makes a lot of information explicitly public. At its very core is the Public Ledger, which is the entire history of all transactions leading back to the original creation of each Bitcoin. This has to be public, otherwise there would be no method to prove ownership.

It’s this public ledger that makes the analysis of bitcoins different from the analysis of other networks such as Facebook and Twitter. With many social networks there is a method to keep some data private. Analysis has to be carried out with missing or incomplete network data. Not so with Bitcoin.

With social networks there’s also a legal question mark over whether analyzing data infringes the users’ privacy rights. Companies that include network analysis of their social network data in their Terms and Conditions have been challenged in the past and have occasionally needed to rewrite them to take into account the user sentiment. Again, this doesn’t apply to Bitcoin; the public ledger is held in common, and available to all.

The public ledger holds a wealth of valuable information. It includes the date and time of a transaction, and with information about time, comes data about the flow of the currency. It includes the value of the transaction and the bitcoins received in previous transactions and combined to pay for it. It includes context – the fact that it moved from one person to another, and that those people in turn have interactions with others. There’s more than enough data here to attempt an analysis.

How Feasible is an Analysis of the Bitcoin Network?

So how feasible is a network analysis of this type? Well it’s been done before. The community currency Tomamae-cho which was introduced into the Hokkaido Prefecture in Japan in 2004 included the space on the back of each certificate for the recipient to record the transaction date, name and address of the person receiving it. This information was successfully used to form a network of currency flow for analysis.

Where’s George? in the US was a crowd sourced research program to track movement of US dollar bills. It proved very successful and was used to approximate the movement of whole populations.

In both these cases information was complete by design. However for anyone analyzing the Bitcoin network much of the information is still secret. But analysis can still be done.

If there’s information available on how data moves around a network, hiding inside of that network is extraordinary difficult. Every time you interact with the network you’re leaving evidence that can be picked up and analysed. That evidence can be used to infer social ties for example. If a group of people in a network talks to each other a lot the fact that they’re talking can be seen even if you don’t know what they’re saying. That the group talks at certain times of the month, or prior to specific events, can also provide context. These observations then gives you information about that nature of that group and it’s cohesion.

So network analysis of this sort has been done before. Indeed, it’s common practice for Intelligence Services and Marketing Firms alike.



Prev: How Anonymous is Bitcoin?