Bitcoin works. No matter what other opinions you hold about this strange phenomenon, it undoubtedly works, marches on, or, as I (and others) have previously argued, is alive. Even if most of the world would grind to a halt, the Bitcoin network would continue to produce valid blocks every 10 minutes or so.
Bitcoin works because of many things: game theory, economic incentives, cryptography, ingenious engineering, resilience on a network level, and so on and so forth. Killing Bitcoin is hard. Really hard. Killing Bitcoin is like killing an idea. An idea that is stuck in the heads of hundreds of thousands of zealous individuals.
First of all, it is quite hard to shut down the internet globally; and secondly, Bitcoin can transcend the internet. Everything which can transmit data can be used to transmit bitcoin transactions, and everything which can hold data can store a copy of Bitcoin’s block chain. It’s just a ledger; the whole thing is just information.
Curiously, the Bitcoin network is embodying the eternal struggle of life: the struggle against entropy; a battle on the edge between order and chaos.
To understand this chaotic struggle — and how Bitcoin thrives because of it — it is helpful to briefly discuss the following concepts: entropy, randomness, and information. I hope to convince you that these concepts are related and that they are essential in Bitcoin’s ongoing struggle for survival.
Let’s dive in.
In computing, entropy can be used to measure the randomness of a data source. In cryptography in general, and in Bitcoin in particular, a good source of entropy is essential to keep you secure. Mess up the entropy of your private key (aka your seed phrase) and your bitcoins will be my bitcoins soon.
Note: the technical term for this unwanted transfer of coins is rekt. You don’t need to know what “getting rekt” means in detail, or the many ways in which you can get rekt; it is enough to know that you should avoid such a situation at all costs.
Entropy is quite a complicated concept, but in general terms, it describes how random or how compressible something is.
- High entropy: randomness.
- Low entropy: orderliness.
Or, in other words, with a nod to Tsachy Weissman:
- High entropy: not very compressible.
- Low entropy: very compressible.
There are complicated formulas and quite a few disambiguous definitions of entropy. The concept finds applications in classical thermodynamics, statistical thermodynamics, quantum statistical physics, order and disorder, life, astrophysics, and more. It is also a measure of irreversibility.
In Bitcoin, reversibility and irreversibility are probabilistic. If enough people with enough hash power collude transactions could be reversed. Absolute irreversibility does not exist in Bitcoin. Final settlement is never final, but always probabilistic. Yes, the chances of reversal might be beyond astronomical, but nevertheless, final settlement does not and should not exist in Bitcoin. Nakamoto consensus forbids it.
The first law of thermodynamics, also known as the law of Conservation of Energy, states that energy cannot be created or destroyed in an isolated system. The second law states that the entropy of any isolated system always increases, and the third law states that the entropy of a system approaches a constant value as the temperature approaches absolute zero.”
In Bitcoin, entropy is important for multiple reasons:
- Secret information should be generated by high-entropy data sources
- New blocks reverse entropy locally, i.e. create order out of chaos
- Bitcoin’s security model relies upon chaotic processes
- Validation relies on deterministic processes
- Everyone can validate structured data
- Nobody can guess random data
While the above speaks in absolutes (everyone and nobody), the truth is more nuanced: Again, Bitcoin is probabilistic in nature, thus, in theory, one could guess a private key just like in theory you could find a billion valid blocks in one millisecond.
Details aside, we will try to keep it simple here. In general, if you have two coins, the entropy of this system is two. As in: you can describe the whole system with two bits: 00, 01, 10, 11.
Flip both coins at the same time, and you will end up with either tail-tail, tail-heads, heads-tail, or heads-heads. If you are a fair coin flipper, the chance of each combination will be 25%. Imagine a system that flips hundreds of coins at once, and you have something which could be used to generate a private key.
Randomness is essential to cryptography. At the root of all secret communication is some form of information asymmetry: you know something a potential eavesdropper does not.
A good secret is like a good password: randomly generated, i.e. coming from a data source that has a high degree of entropy.
If something is “perfectly” encrypted, an eavesdropper can not distinguish what was said from random data. This is the purpose of proper encryption: you want to hide what was said, and, if possible, even hide the fact that something meaningful was said at all.
- “Good” randomness: not compressible / high entropy / secret / secure.
- “Bad” randomness: compressible / low entropy / guessable / insecure.
Bitcoin doesn’t use encryption per se. The ledger is public and transparent by design, enabling anyone to audit the whole system with the will to do so. Bitcoin uses cryptographic signatures and cryptographic hashes, both of which produce quasi-random outcomes. And if you know the secret, you can unlock some coins (using your private key), add new blocks to the block chain (using the nonce you found), or prove that you are who you say you are (by signing a message, which at least proves that you are in control of one or multiple keys).
Only you know your private key. Nobody else should know your private key. Only you, the successful miner, found the nonce for the next block. That is information asymmetry. That is what makes Bitcoin work.
All cryptographic systems work because of information asymmetry. And curiously, properly encrypted data is indistinguishable from random data. Otherwise, an eavesdropper could make some sense of the encrypted message, which in turn would mean that the encryption used isn’t very good.
What is information, anyway?
People often say that Bitcoin is thermodynamically secured. While this is true, I’d like to dig a little deeper. What does thermodynamically secured mean, exactly?
It means that — as far as we know —changing things in our universe requires energy. When I say “changing things” I mean it: change anything at all in our universe, and you will need to “use” energy — put in some work — to change that thing.
Move a chair? You have to put in some work. Grow a tree? You’ll need the energy of the sun to turn CO2 into wood. Do a calculation? Energy is required to manipulate whatever is holding the data. Store the outcome? You’ll need energy to arrange (and protect) the atoms for storage, no matter what medium is used.
Bitcoin lives mostly in the informational realm, and just like all other information systems, it needs to store and process the information via a physical medium. Thus, if you change information in Bitcoin, you effectively change a thing in the real world. Whether that thing is a solid-state disk, USB stick, hard drive, optical storage medium, or something else doesn’t matter.
The fact that changing things — or, in other words: flipping bits — requires energy, is the root conundrum of all computation. It is the reason why your computer makes a bunch of noise and gets hot if it does a lot of “thinking.” It is the reason that computer science students have to study the Big O notation and software companies love to ask questions about it. Changing a zero into a one requires work, and no matter how fast you are working, you still need to expend some amount of energy. According to physics, there literally is no such thing as a free lunch. Flipping bits is work, which requires energy.
And here is the thing: Bitcoin utilizes the fact that the difference between hard computational problems and exponentially hard computational problems is big. Mind-bogglingly big.
Alright. Back to our original question: What is information, anyway?
Information relates to both knowledge and meaning. It is the opposite of not knowing, and the opposite of information in data is randomness. In other words: if you are not able to make sense of some data, it might appear random to you.
- Sensible information: quite compressible.
- Nonsense information: not very compressible.
Pi might help to clear up what I’m trying to say: 3.141592653589793… can be “compressed” into π, or the circumference of a circle with the diameter of one.
As a computer programmer, you could think of this concept as follows: can I write a computer program that generates the information I’m trying to convey, which is actually shorter than the information itself? (That’s what I mean when I say “compressible”.)
In short: sense and nonsense, order and chaos, or information and randomness are intricately linked. One could say that they are two sides of the same coin, and both concepts are related via something we call entropy.
Information implies structure and structure benefits from redundancy. The most ancient structures in nature have been adapted for survival by evolution. At the root of it is DNA, two chains that coil around each other to form a double helix. Symmetric, redundant information. The properties which allow DNA to survive and thrive are embedded in its processes: redundant structure, a copying mechanism that relies on this structure, the baked-in error correction which leads to four bases instead of two, etc.
Bitcoin, in comparison, is simpler: one chain, two bits, no error correction (information is copied perfectly). However, as with DNA, the properties which allow Bitcoin to survive (and thrive) are embedded in the replication process: a chaotic race to find new blocks, replication of blocks in the network, and replication of the software (and the ledger) on as many nodes as possible. Further, when we talk about the Bitcoin organism, error correction is equivalent to being alive. The network self-validates with every beat of the heart, every ten minutes or so. This is what makes the bitcoin organism extremely robust as well. It is designed for survival.
In Bitcoin, high entropy information is usually kept secret. Your private key should, as the name implies, be kept private. It is for your eyes only. Which particular nonce you just tried, i.e. the work you already did when mining a new block, is usually kept private as well. You don’t want your competitors to know which numbers produce invalid blocks and can be skipped.
Bitcoin utilizes both order and chaos to create a system that grows — and even thrives — between these extremes. It utilizes information asymmetry and an ingenious incentive structure which leads to a global competition to find Bitcoin’s secrets.
Which processes are orderly, which are chaotic, and how Bitcoin is able to grow on the edge between order and chaos will be explored in the next section.
Growth between Order and Chaos
What makes the Bitcoin network tick? Again, there might be many answers to this question, but the only thing that is truly ticking in the Bitcoin network is the global clock: a block clock, where every block is one unit of time.
Currently, we call this process mining because new bitcoins are generated for every valid block that is mined (read: found). We call this the block subsidy, and it is an incentive structure to bootstrap the network.
In a sense, the Bitcoin organism “grows” on the edge between order and chaos: finding new blocks is a chaotic process, and its result is a very orderly list of transactions: the Bitcoin block chain, also known as the ledger.
From a “finding new blocks” point of view, we are still extremely early. Only ~10 years in. The block reward era will go on until the year 2140 or so, which means we are about 13% into the bootstrapping phase of Bitcoin: the reward era.
Satoshi undoubtedly knew that this was a long game. The era where fresh blocks are associated with a reward is only one phase of the Bitcoin game. Note that this phase is 6930000 blocks long. With an average block time of ~10 minutes, the reward era turns out to be 131 years long.
There will be a time where those who are tasked with finding new blocks are rewarded mostly via the networks’ fee market, as Dan Held brilliantly argued in Bitcoin’s Security is Fine. The point in time where the fee market takes over will be somewhere between the year 2020 and 2140. Either that, or Bitcoin will die, or some museum computers will try to find new blocks at an economic loss.
After this point in time, we will probably still talk about “mining” bitcoin, even though all the “miners” won’t be producing any new bitcoins. All 21 million BTC — or 2,099,999,997,690,000 sats, to be precise — will have been mined. No new bitcoin will be added to the pool of existing coins in circulation.
Miners — if we still call them that —will still try to find new blocks, mind you. But the bitcoin moved by these blocks will have a long economic history. Gone are the days where miners award themselves new bitcoin in the coinbase transaction, to be spent after 100 blocks.
Will bitcoin still exist in 5000 years, and eventually beat gold as the de-facto money of humanity? I don’t know, but important information is extremely hard to kill. I expect bitcoin to live for a very long time, just like ancient scriptures and religious texts survive to this day. It is just information, all of it, and it can transcend the medium it is printed on.
Of course, I expect something approximating hyperbitcoinization to have happened until this point. We will have a circular bitcoin economy, and bitcoin banks will globally settle vast amounts of value between them. What private citizens — or sovereign individuals, to use a more fitting term — will use is yet to be seen. I doubt that the bitcoin base layer will be used by persons like you and me. And that’s perfectly fine.
With the stage set, and concepts like order, information, randomness, and entropy in mind, let’s take a look at some bitcoin concepts. We will distinguish them visually: from chaotic (left) to orderly (right).
While the framing of order and chaos is useful, it is neither precise nor universally applicable. However, I believe that thinking about the parts which make Bitcoin tick in this way is a helpful exercise, and I believe that the core point — that bitcoin lives, grows, and thrives on the edge between order and chaos — is profoundly true.
Let’s ponder on these concepts for a bit.
- Private key: Chaotic information, very high randomness. Secret information which is best kept private. Maximum entropy for maximum security. If your private key is not random, you’re gonna have a bad time.
- Nonce: Chaotic information, high randomness. A nonce is a specific number. Miners are in constant competition to find the next nonce which produces a valid block. Multiple numbers might fit the criteria, but the mining process is very much like finding one random number.
- Fresh block (before broadcast): Newly found blocks are the outcome of the chaotic process which is finding a nonce. Before blocks are broadcast, blocks can be understood as secret information. Fresh blocks can be ambiguous, since multiple blocks can form a valid chain tip at the same time. It is in your best interest to broadcast a fresh block immediately to everyone to reap the reward. Fresh blocks are only held back if you are an attacker, or very stupid, or both.
- Chain tip: Forming the chain tip is a process which is mostly orderly, but again, it is generated by a chaotic process. As mentioned above, the chain tip can be ambiguous. One version of the chain tip will survive, the losing versions will become orphan blocks. You can validate the correctness of all information in all blocks up to the chain tip. The chain tip reflects the current time in Bitcoin.
- Orphan blocks: Orphan blocks are part of the orderly, natural growth process of the Bitcoin block chain. Valid blocks are discarded on a regular basis. If two valid blocks are found at roughly the same time, they fight a probabilistic battle for survival. In the long run, only one block can win this race. The losing block will become an orphan block and die a lonely death.
- Unconfirmed transactions: Orderly structure which can be easily validated. An unconfirmed transaction can be valid or invalid. Valid transactions are included in blocks based on economic incentives, which is — again — a probabilistic, market-driven process. Invalid transactions are discarded.
- Buried blocks: Orderly structure generated by a chaotic process, some time ago. The possibility of a reorg (re-organization of buried blocks) becomes exponentially unlikely because the probabilities against it multiply. Example: if every block has a 50% chance to reorg, the chance of a 6 block reorg would be 1.5%. Actual numbers are closer to 0.31% per block and 0.0000000000008875% for a 6 block reorg.
- Confirmed transactions: Orderly structure which can be validated very easily. Irreversibility is probabilistic and dependent on block height. Once a transaction is confirmed, it becomes more final the deeper it is buried in the block chain.
- Public keys: extended public keys (xpub, ypub, zpub) are generated by a
- deterministic process from a random seed — your private key.
- Block time: Valid blocks are found, on average, every 10 minutes. This is what makes the Bitcoin network tick. Bitcoin’s heartbeat is extremely regular when measured in blocks. While still regular when measured in human time, mining is a fundamentally probabilistic process, and thus there is a real possibility that some blocks are found very quickly or comparably late.
- Difficulty adjustment: While the difficulty adjustment is a very orderly process, it can be a bit chaotic if hash power changes drastically (as it did in August 2017, because of the contentious bcash hard fork). Difficulty adjustment is based on block time, which is only probabilistically linked to human time.
- Bitcoin supply: Bitcoin’s supply is fixed since its inception. The issuance of new bitcoin is embedded in Bitcoin’s consensus code and is thus virtually impossible to change.
- Whole ledger, deeply buried blocks (aka the Bitcoin block chain): Orderly, sequential, structure which is pretty much unambiguous up to the chain tip and can be validated by everyone.
- Ledger validation: Validation is an orderly, sequential process. The outcome of this process is a simple boolean value for each block: true or false, valid or invalid. Every node arrives at the same block height independently, which is what forms Nakamoto consensus.
The fact that all of the above, the whole machinery, works in concert to provide a yes or no answer to the question “Is this what actually happened?” will never cease to amaze me.
Let me repeat the above. The whole purpose of the Bitcoin organism is to decide what happened when to whom. How much does everyone have, and how did this come to be? The how is important, because it allows everyone to audit everything, and come to the same conclusion.
In short, Bitcoin utilizes chaotic processes (mining, private key generation) and information asymmetry (public information which is widely shared, secret information which is not shared at all) to build up a structured, orderly, and permanent record, that can be audited and verified by everyone.
This is Bitcoin. This is Nakamoto consensus. This is the innovation, and this is also what makes bitcoin the best and hardest money that ever existed on planet earth.
You might call it open, permissionless, borderless, neutral, censorship-resistant, public, sound, antifragile, and a couple of other adjectives.
I call it Life. And we all call it Bitcoin.
- German translation by Der Geier
- German audio by Fat Joe
- English audio by Guy Swann
- Greek translation by Nina
- Romanian translation by Thursday
Want to help? Add a translation!
Consider sharing it, translating it, or remixing it in another way.