Berentsen and Schär
In the Bitcoin system, transaction legitimacy is guaranteed using asymmetric cryptography. 6 The idea is based on using pairs of keys consisting of a private and a public key. A private key should not be shared. It corresponds to a random value from an incredibly large set of numbers. A public key, on the other hand, is derived from that number and can be shared freely. It serves as a pseudonym in the Bitcoin network. 7
A private key is used to encrypt a message that can be decrypted only by using its corresponding public key. This type of encryption is also known as a“ signature.” The signature clarifies that this approach is not used to hide any of the information in the encrypted message. Anyone can simply decrypt a message using its public key, but the signature serves as proof that the message has been previously encrypted using its corresponding private key; it’ s like a handwritten signature but much more secure.
For example, consider Edith, who wants to send a Bitcoin payment to Daniel over the Bitcoin network. She uses her private key to encrypt the message. The other network participants can only decrypt this message using Edith’ s public key. If an attempt is successful, it ensures that the message was encrypted using the corresponding private key. Because no one else has access to Edith’ s private key, this approach can be used to validate the transaction’ s origin( Figure 9).
When the transaction circulates in the network, any network participant can decrypt this message and is in the position to subsequently change the payment instructions. However, because the participant does not possess Edith’ s private key, he or she cannot re-encrypt the manipulated message. The tampered transaction will therefore be identified and rejected by the rest of the network.
2.3 Transaction Consensus
We have now discussed how a transaction message is communicated and how its legitimacy and origin can be verified. We have also explained how consensus regarding ownership of the Bitcoin units is achieved in the Bitcoin network by using the proof-of-work consensus protocol.
However, Edith would be able to generate two transactions that both reference the same Bitcoin units. Both transactions could be propagated simultaneously over the network( transaction capability), and both would display a valid origin( transaction legitimacy). Because of differences in the propagation of these two messages in the Bitcoin network, some of the nodes would first receive a message for transaction A while others would first receive a message for transaction B( Figure 10). In order to avoid double spending, it is important that only one of the two transactions finds its way into the Bitcoin Blockchain. A mechanism that decides which of the two transactions gets included in the Blockchain is therefore necessary.
The Bitcoin system solves this double spending problem in a clever way. The transaction that is first added to a valid block candidate, and therefore added to the Blockchain, is considered confirmed. The system ceases to process the other one— that is, miners will stop adding the conflicting transaction to their block candidates. Moreover, it is not possible for a miner to add conflicting transactions to the same block candidate. Such a block would be illegitimate and thus be rejected by all the other network participants.
12 First Quarter 2018 Federal Reserve Bank of St. Louis REVIEW