Blockchains explained in a few minutes
So why is everyone excited about blockchains and cryptocurrencies? The goal of these projects is to have a way for everyone in the world to agree on an ordering of entries in a distributed ledger, which sounds sort of boring, except that it gives them a way to do banking and finance without any central organizing authority. So how does it work? Let's start with an analogy of how a normal bookkeeper would process incoming chequeues to keep track of a normal ledger.
Cheques and Ledgers
When a purchaser pays for something with a cheque, they are promising that their bank will transfer the amount from their account to the sellers account. The piece of paper that they give to the seller includes a check number, the purchaser's account number, a destination account, and the purchaser's signature to authorize the transfer. With a paper cheque, any of these values this could be faked, but we can imagine a digital cheque that uses cryptography to prove that only the account holder could have writen the cheque and that the contents are as they intended.
At the bank, there is a bookkeeper who is responsible for updating the ledger of accounts to keep track of the balance in all of the accounts at the bank. When the bookkeeper receives the cheque from the seller, the bookkeeper must check three things before recording the transaction in the bank's ledger and transfering the funds:
- that the cheque is signed by the source account holder
- that this cheque number has not been processed before
- and that the source account has enough balance to cover the transaction.
If all three of these tests pass, then the bookkeeper records the transfer in the ledger showing a debit from the source account and a credit for the destination account.
For faster record keeping they typically also store a running balance for the accounts. However, this is redundant information: they can also re-compute an account's balance by starting at the very first (or very last) entry and adding all the credits while subtracting all the debits to produce the current balance.
When a seller wants to accept a cheque from a purchaser, the seller can call the bank to pre-clear the ammount. The bookkeeper can check the balance (either from the running total or by scanning all of the ledger entries to compute it) and tell the merchant if there are sufficient funds to cover the chequeue. Note that this doesn't perform any transfer or reservation -- the actual funds transfer doesn't happen until the cheque arrives at the bank and the bookkeeper has done the three tests to verify that the purchaser has authorized the transaction before recording the transfer.
Ordering in this ledger is determined by the bookkeeper, so there is no question of which transaction occured first. If purchaser tries to use the same cheque number twice or if the seller tries to submit the same cheque multiple times, the bookkeeper can flag the second use as fradulent and not process it. If the purchaser spends multiple cheques that total more than the available balance to different merchants, each of whom has precleared the balance, the first merchant to submit the cheque to the bank will receive the funds and the rest will not.
Public ledger, or Blockchains
A public ledger or blockchain is almost exactly the same, except that the bookkeeper publishes updates to the ledger periodically so that all transactions are public. The bookkeeper doesn't want to publish every transaction as it happens, since that would be too much message traffic for anyone to keep up with. Instead they collect multiple transactions into a block of them and publish the entire block. This is as if they wait to fill up a page in the ledger book before publishing the page for everyone to see.
In a physical ledger, the pages have page numbers that allow easy ordering since the numbers serve as sequential identifiers. Page N has to be processed before page N+1, but after page N-1, etc. If there is a single bookkeeper, they can just use an integer N for the block identifier, although to prevent the bookkeeper from issuing multiple different version of page N, they can instead use a cryptographic identifier derived from the previous block (called a "hash") that summarizes the entire contents of the previous block, which can then be used to tie it to the previous block in the chain.
To preserve security, the bookkeper also needs to sign the new ledger block so that everyone can verify that this is an authentic update from the real bank. The block identifier has to be included in the bookkeeper's signature, which prevents someone from trying to reorder the blocks and pass them off as a valid ordering of transactions. Given block N, the verifier can lookup block N-1 and verify it, then lookup block N-2, etc until they get back to block 0 (also known as the Genesis Block since it is the origin of the chain and has no parent).
This "chain of blocks" is the official ordering of all transactions. Since each block includes the cryptographic hash of the previous block, if someone tries to insert or change a block earlier in the chain, they would have to alter every block following it since each block includes a cryptographic hash of its parent block, and that hash would be changed by the modification.
Additionally, the public nature of the blockchain allows everyone to compute not only their balance, but also everyone else's on their own. A seller is able to check that a purchaser has the balance to to cover a transfer, without having the contact the bank to preclear a transaction, before sending the transaction to the bookkeeper to be recorded (although there is a race condition if the purchaser is attempting multiple simultaneous transactions with different sellers, which will be addressed later).
The accounts in the ledger are like numbered Swiss Bank accounts -- there are no names associated with them, only cryptographic account numbers. This is called the "wallet address" and everyone can create new wallets to transfer funds between so that their identity is somewhat concealed, although it is still possible to compute the account balance in a given wallet.
Multiple bookkeepers, or Miners
Bitcoin and many other cryptocurrencies use a blockchain as a distributed ledger. A distributed ledger differs from the public ledger in that there is not a single bookkeeper, nor even a single bank, to send a transfer request to. Instead transactions are broadcast to a pool of miners. Each miner has its own "ledger page" that it fills in with the transactions that it has received.
Each miner's internal working block follows the same rules as the bookkeeper's ledger page. When a miner receives a new request, it performs the same three tests that the bookkeeper did (the transfer has a valid signature, has not yet been processed, and the wallet has sufficient current balance) before recording the transaction in their working blocks. When any one miner fills up their working block, they sign the full block and publish it. In blockchain terminology, the miner has "mined" a new block and the miner receives a "reward" for doing the bookkeeping work of verifying the transactions. This reward consists of some cryptocurrency as well as a per-transaction fee that the purchaser adds to motivate the miners to include their transaction in the current block.
When the other miners receive the newly published block, they validate that the other miner followed all the rules, and then throw away their partially filled in blocks. They each create a new empty working block with the latest published block as its parent, and then check if any transactions that they had recorded in their previous working block are not present in this newly published block. If so, they apply the same tests to those and record them in the new block.
Multiple miners might publish a new block at close to the same time, or only some of the miners might see the new block, so there will be a fork in the linear blockchain. In most blockchains, the longest chain "wins" and is accepted by the most miners, so eventually those short chains will be discarded. The transactions that are on the short chains need to be re-tested and added to new blocks to be considered "cleared". Sellers typically wait until some number of new blocks have been added to the chain after the block containing their transaction to ensure that there is not a double-spend attack going on.
Since the miner that published the new block might make mistakes or be dishonest, all of the other miners check the work before accepting the block. If less than half the miners accept the block, then it will likely end up being discarded and no new blocks will be mined on it, leaving it as a short dead-end on the chain. With many cryptocurrencies there is no penalty to publishing a bad block, although some have a way to penalize miners that do not follow the protocol.
Proof of Work
Another potential attack is that an adversary might generate lots of transactions to fill up new blocks to make their chain longer, so a way of slowing down the mining process is necessary. One of the key inventions in Satoshi's Bitcoin paper was the "Proof of Work" system, in which the miners are not just validating the transactions in the block, they are trying to solve a complex mathematical puzzle based on the transactions in the block, the block's parent identifier, and a random number. Since they are just guessing these random numbers, it is as if they are miners hitting the cave walls with their pickaxes and eventually a lucky strike finds a diamond.
Technically, the Bitcoin miners are trying to find a random number such that the SHA256 hash of the block has certain properties, but the details don't matter that much (and other cryptocurrencies use other puzzles). The key property of the puzzle, however, is that it is very easy to verify that a solution is correct, no matter how long it took a miner to find the solution. Since finding this random number requires lots of computation, being able to show the solution is proof that the miner has done the work to mine the block and deserves the reward.
The difficulty of the puzzle is adjusted automatically so that no matter how many computers are added by the miners around the entire planet, it will take all of them around ten minutes for one of them to find a random number that solves the puzzle. And since the puzzle includes the block identifier of the parent block, it acts as a signature that creates an ordered chain of blocks.
Because solving the puzzle takes lots of computation, and computation requires lots of energy, the Proof Of Work cryptocurrencies are ecological disasters. All of the miners who have also been working on the same parent block, but did not find a solution, must throw away their work on that block, and start over on the next block. This is incredibly wasteful on a global scale. However, the reward for mining a block is currently 6.25 BTC or $300k, so as long as an individual miner's cost is less than that to operate per block that they mine, they are incentivized to try to solve this puzzle regardless of the cost to the other miners.
Ideally the price of the cryptocurrency would reflect the price of energy, although many of the large mining pools are based in countries with cheap coal power and as a result the price of the cryptocurrency doesn't take into account the externalities of generating the power for the Proof of Work system. This leads to the famous quote:
imagine if keeping your car idling 24/7 produced solved Sudokus that you could trade for heroin
Currently the mining pools are using around the same energy as the country of New Zealand. Each transaction included in the block is about the same carbon footprint as half a billion credit card transactions. It is really bad.
Anonymity
And the worst part is that it doesn't provide the anonymity that many of the users want because the distributed ledger is public and everyone can see all the transactions. This makes it possible to trace how funds move through the system. While the bitcoin wallet addresses are just random numbers, they do provide tracability.
Like most cyber criminal enterprises, their interface with the real world is where they become vulnerable to old-fashioned police work. When the DoJ closed down Silk Road, they gained access to the wallets of the website. This allowed them to follow backwards through the blockchain every wallet that had sent bitcoins to it, and every wallet that had exchanged bitcoins with that wallet, etc. This provided an entire web of evidence that they could then trace to find when these bitcoin touched real-world businesses, allowing them to the track down the real people involved in many of the transactions.