Professional Documents
Culture Documents
Mechanics of Bitcoin
4
Inputs: 2[1] is this valid?
Outputs: 6.0→David, 2.0→Alice
SIGNED(Alice)
..
.
3
Inputs: 1[0], 2[1]
Outputs: 19.0→Bob
SIGNED(Bob)
..
.
3
Inputs: 2[0], 2[1]
two signatures!
Outputs: 8.0→David
SIGNED(Carol), SIGNED(Bob)
Input = 2
output = 1
Output #ID
Value
Output Script
● Metadata
○ Information about that block
■ Size of the transaction
■ Number of inputs,
■ Number of outputs
■ Hash of the entire transaction which serves as a unique ID for the
transaction which is used to reference transactions.
■ lock_time
● Inputs
○ The transaction inputs form an array, and each input has the same form.
○ An input specifies a previous transaction, so it contains a hash of that
transaction, which acts as a hash pointer to it.
○ The input also contains the index of the previous transaction’s outputs
that’s being claimed.
○ Signature which is used to sign to show that we actually have the ability to
claim those previous transaction outputs.
● Outputs
○ The outputs are again an array. Each output has just two fields. They each
have a value, and the sum of all the output values has to be less than or
equal to the sum of all the input values. If the sum of the output values is
less than the sum of the input
• Remember the following:
– Every coin that is going to be spending is known as Input or consumed
coin.
– Every input or consumed coin is created as output in earlier transactions
– Hence, it is possible to establish a relationship between the input or
consumed coin of a current transaction and output coin produced in the
earlier transactions.
– Why we need to relate it?
• To verify the ownership of the coin
– How will you verify the ownership of coins in a transaction?
• Get the public key hash (address) from the recipient of coin as a output in earlier
transaction and get the signature and public key in the current transaction. Then
check
– Hash(pub key)==public key hash
– Verify(Signature, transaction, Pubkey)
– Do we need to check the whole transactions back to genesis block to
verify the coin is not spend before(Double spend)?
• NO! Check the transactions between referenced output transaction and current
transaction to ensure that coin is not spend before the current transaction.
You can think of the blockchain as being a storage facility
for safe deposit boxes, which we call outputs. These
outputs are just containers that hold various amounts of
bitcoin.
When you make a bitcoin transaction, you select some
outputs and unlock them, then create new outputs and
put new locks on them.
OP_DUP
OP_HASH160
69e02e18...
OP_EQUALVERIFY OP_CHECKSIG
Input “addresses” are also scripts
scriptSi
30440220...
g 0467d2c9...
OP_DUP
scriptPubKe OP_HASH160
y 69e02e18...
OP_EQUALVERIFY OP_CHECKSIG
https://www.blockchain.com/explorer
Bitcoin Network
• Is a peer-to-peer network and inherits many ideas from peer-to-
peer networks
• All nodes are equal; No hierarchy, No special nodes or no master
node
• Runs over TCP, each node peers with each other random node
• Nodes can join and leave at any time – Dynamic n/w
• Download bitcoin client, spin up your pc as node and will have
equal rights and capabilities as every other node on the Bitcoin
network
• No explicit way to leave the network
– If a node hasn’t been heard for 3 hours then other nodes started to forget
it.
Join the network
• Start with a simple message to one node that you
know about i.e. seed node
• Alternative way: send a special message, saying, “Tell
me the addresses of all the other nodes in the
network that you know about” to several new nodes
and learn about as many times as you want then
decide the seed node
• Broadcasting a network
– Transaction is published to the entire network using
flooding or gossiping mechanism
Joining the Bitcoin P2P network
Hello World! 5
1 I’m ready to
Bitcoin!
7
3
6
2
4
Transaction propagation (flooding)
Already
heard
5 that!
1
7
A→B
8
A→B A→B
A→B New
3
6 tx!
A→B
A→B A→B 2
A→B
A→B A→B
4
A→B
Should I relay a proposed transaction?
● Transaction valid with current block chain
● (default) script matches a whitelist
○ Avoid unusual scripts
Sanity checks only...
● Haven’t seen before Some nodes may ignore them!
○ Avoid infinite loops
● Doesn’t conflict with others I’ve relayed
○ Avoid double-spends
Broadcasting in Bitcoin network
• If Alice wants to pay Bob some money, her client creates and her node
sends this transaction to all the nodes it’s peered with.
• Each of those nodes executes a series of checks to determine whether or
not to accept and relay the transaction. If the checks pass, the node in
turn sends it to all of its peer nodes.
– Nodes that hear about a transaction put it in a pool of transactions
which they’ve heard about but that aren’t on the block chain yet.
– If a node hears about a transaction that’s already in its pool, it doesn’t
further broadcast it.
• This ensures that the flooding protocol terminates and
transactions don’t loop around the network forever.
• Remember that every transaction is identified uniquely by its hash,
so it’s easy to look up a transaction in the pool.
Bitcoin Network
• How do the nodes decide whether or not they should propagate the new
transactions?
– First Check: transaction validation — the transaction must be valid
with the current block chain.
• Nodes run the script for each previous output being redeemed and ensure that the
scripts return true.
– Second Check: Ensure that the outputs being redeemed here haven’t
already been spent
– Third Check: Don’t relay an already-seen transaction
– Fourth Check: nodes will only accept and relay “standard” scripts
based on a small whitelist of scripts
• The above-mentioned checks are sanity checks
• No rule that says that nodes have to follow these specific steps
• Due to network latency, nodes will end up with a different view of the
pending transaction pool
Race Condition due to latency in the network