Bitcoin Protocol Specification

by Arthur Gervais and Ghassan Karame

In this chapter, we detail the operation of Bitcoin and summarize the main scalability measures integrated in the system.


Bitcoin operates on top of a loosely connected P2P network, where nodes can join and leave the network at will. Bitcoin nodes are connected to the overlay network over TCP/IP. Initially, peers bootstrap to the network by requesting peer address information from Domain Name System (DNS) seeds that provide a list of current Bitcoin node IP addresses. Newly connected nodes advertise peer IP addresses via Bitcoin addr messages. Notice that a default full Bitcoin client establishes a maximum of 125 TCP connections, of which up to 8 are outgoing TCP connections.

In Bitcoin, payments are performed by issuing transactions that transfer Bitcoin coins, referred to as BTCs in the sequel, from the payer to the payee. These entities are called “peers,” and are referenced in each transaction by means of pseudonyms denoted by Bitcoin addresses. Each address maps to a unique public/private key pair; these keys are used to transfer the ownership of BTCs among addresses. A Bitcoin address is an identifier of 26 to 35 alphanumeric characters (usually beginning with either 1 or 3).

Each Bitcoin address is computed from an Elliptic Curve Digital Signature Algorithm (ECDSA) public key—for which the address owner knows the corresponding private key—using a transformation based on hash functions. Since hashes are one-way functions, it is possible to compute an address from a public key, but it is infeasible to retrieve the public key solely from the Bitcoin address.[1] Recall that, using ECDSA signatures, a peer can sign a transaction using his or her private key; any other peer in the network can check the authenticity of this signature by verifying it using the public key of the signer.

A Bitcoin transaction is formed by digitally signing a hash of the previous transaction where this coin was last spent along with the public key of the future owner and incorporating this signature in the coin. Transactions take as input the reference to an output of another transaction that spends the same coins and output the list of addresses that can collect the transferred coins. A transaction output can only be redeemed once, after which the output is no longer available to other transactions. Once ready, the transaction is signed by the user and broadcast in the P2P network. Any peer can verify the authenticity of a BTC by checking the chain of signatures.

The difference between the input and output amounts of a transaction is collected in the form of fees by Bitcoin miners. Miners are peers that participate in the generation of Bitcoin blocks. These blocks are generated by solving a hash- based proof-of-work (PoW) scheme; more specifically, miners must find a nonce value that, when hashed with additional fields (e.g., the Merkle hash of all valid transactions, the hash of the previous block), the result is below a given target value. If such a nonce is found, miners then include it in a new block, thus allowing any entity to verify the PoW. Since each block links to the previously generated block, the Bitcoin blockchain grows upon the generation of a new block in the network. A Bitcoin block is mined on average every 10 minutes and currently awards 12.5 BTCs to the generating miner. It was shown in [2] that Bitcoin block generation follows a shifted geometric distribution with parameter 0.19. This also suggests that there is considerable variability in the generation times; for example, some blocks were generated after 99 minutes (e.g., block 152,218).

During normal operations, miners typically work on extending the longest blockchain in the network. The longest blockchain is calculated based on the chain featuring the largest number of blocks created with the largest total difficulty from the genesis block. Due to the underlying PoW scheme, different miners can potentially find different blocks nearly at the same time—in which case a fork in the blockchain occurs. Forks are inherently resolved by the Bitcoin system; the longest blockchain that is backed by the majority of the computing power in the network will eventually prevail.

  • [1] The actual derivation of a Bitcoin address from a public key entails a series of transformations basedon hashes, checksums, etc. For ease of presentation, we omit the details of the actual transformation.More detail on the construction of Bitcoin addresses can be found in [1].
< Prev   CONTENTS   Source   Next >