Berentsen and Schär
In the Bitcoin system , transaction legitimacy is guaranteed using asymmetric cryptography . 6 The idea is based on using pairs of keys consisting of a private and a public key . A private key should not be shared . It corresponds to a random value from an incredibly large set of numbers . A public key , on the other hand , is derived from that number and can be shared freely . It serves as a pseudonym in the Bitcoin network . 7
A private key is used to encrypt a message that can be decrypted only by using its corresponding public key . This type of encryption is also known as a “ signature .” The signature clarifies that this approach is not used to hide any of the information in the encrypted message . Anyone can simply decrypt a message using its public key , but the signature serves as proof that the message has been previously encrypted using its corresponding private key ; it ’ s like a handwritten signature but much more secure .
For example , consider Edith , who wants to send a Bitcoin payment to Daniel over the Bitcoin network . She uses her private key to encrypt the message . The other network participants can only decrypt this message using Edith ’ s public key . If an attempt is successful , it ensures that the message was encrypted using the corresponding private key . Because no one else has access to Edith ’ s private key , this approach can be used to validate the transaction ’ s origin ( Figure 9 ).
When the transaction circulates in the network , any network participant can decrypt this message and is in the position to subsequently change the payment instructions . However , because the participant does not possess Edith ’ s private key , he or she cannot re-encrypt the manipulated message . The tampered transaction will therefore be identified and rejected by the rest of the network .
2.3 Transaction Consensus
We have now discussed how a transaction message is communicated and how its legitimacy and origin can be verified . We have also explained how consensus regarding ownership of the Bitcoin units is achieved in the Bitcoin network by using the proof-of-work consensus protocol .
However , Edith would be able to generate two transactions that both reference the same Bitcoin units . Both transactions could be propagated simultaneously over the network ( transaction capability ), and both would display a valid origin ( transaction legitimacy ). Because of differences in the propagation of these two messages in the Bitcoin network , some of the nodes would first receive a message for transaction A while others would first receive a message for transaction B ( Figure 10 ). In order to avoid double spending , it is important that only one of the two transactions finds its way into the Bitcoin Blockchain . A mechanism that decides which of the two transactions gets included in the Blockchain is therefore necessary .
The Bitcoin system solves this double spending problem in a clever way . The transaction that is first added to a valid block candidate , and therefore added to the Blockchain , is considered confirmed . The system ceases to process the other one — that is , miners will stop adding the conflicting transaction to their block candidates . Moreover , it is not possible for a miner to add conflicting transactions to the same block candidate . Such a block would be illegitimate and thus be rejected by all the other network participants .
12 First Quarter 2018 Federal Reserve Bank of St . Louis REVIEW