We’re going to begin Bitcoin Core daemon (bitcoind) now because it can take up to a few minutes to embark spil it runs through integrity checks.
We’ve previously created a Bitcoin Core configuration opstopping te .bitcoin/bitcoin.conf. Since bitcoind is all setup, commence bitcoind by running the following guideline:
It should print “Bitcoin server starting” and instantaneously comeback control to your prompt, meaning bitcoind is running ter the background. If you run the very first bitcoin-cli guideline below and get an error about Bitcoin commencing, wait a minute and attempt again.
Look at a Bitcoin transaction
Let’s look at a transaction to see what information it contains to help us get a feel for how private and not-private Bitcoin can be. We’ll also be getting a feeling for transactions so that wij can create some te the next tutorial. Please note that this is just one type of transaction. We’ll look at other types when wij embark building our own transactions.
Te this case, wij’re going to look at a transaction made by someone who volunteered for this analysis, this transaction wasgoed made Friday, Two Oct 2015 at a puny bitcoin-accepting cafe.
The instruction above should open the transaction te the less screen pager. You can always press q to abandon, and you can use the arrow keys to scroll up, down, left, and right.
Let’s go through the results one section at a time (wij’ll omit some unnecessary parts). Te the output below wij substituted some actual gegevens with "[. ]" because wij want you to look at the output displayed by less te your remote terminal.
The txid is the hash of the bytes te this transaction. A txid is the canonical identifier for any transaction, albeit ter a future tutorial you’ll learn how transaction malleability makes the txid dangerous to depend on te some cases.
All transactions have a version number and a locktime. Except for a few pranks, all transactions presently on the blockchain are version 1. Wij’ll voorkant the semantics of the locktime field ter a zometeen tutorial, but the locktime field does provide us some identifying information here—one major Bitcoin wallet (Bitcoin Core GUI) sets the locktime for every transaction it makes, since the locktime here is 0, wij can assume this transaction wasgoed not made with Bitcoin Core wallet.
The zwemvlies array contains the Input Vectors (recall Bitcoin Core is programmed ter C++). Thesis correlate to the outputs from previous transactions that are being spent.
Each input refers to the previous output it’s spending by the txid of the transaction that output appeared te and the zero-based index number of the output ter the Output Vector (vout). So the input above spends the 2nd output te the transaction with the above txid. Wij’ll look more at that output straks ter this tutorial.
Thesis two fields together are called the outpoint of the previous transaction, the outpoint is the canonical identifier for a particular output and is usually written with a colon separating the txid from the output index number. For example, wij would write the above outpoint spil 26a990967f80c01a 6df04743c8f3dc9c b13ab9755db71535 fdc78b25ebc7c256:1
The scriptSig provides a cryptographic signature or other gegevens that proves that the person creating this transaction is authorized to spend the bitcoins paid to the output being spent. The scriptSig above is shown spil hex spil well spil "assembly code" (asm) for the Bitcoin Script language. Decoded, the hex scriptSig above converts into the following information:
Albeit the two gegevens shoves above aren’t labelled te the transaction itself, someone familiar with Bitcoin Script can determine what they are by looking at the data-reading opcodes ter the scriptPubKey of the output being spent here.
Related to privacy, wij can see that this transaction uses an uncompressed public key (pubkey). Most modern wallets use compressed public keys (33 bytes), so wij can infer that the creator of this transaction is either spending an old output or is using a non-upgraded (or unmaintained) wallet.
Going back to our JSON-encoded transaction:
The sequence number is a feature added to Bitcoin by Satoshi Nakamoto to enable what he called "high frequency transactions". Unluckily the feature wasgoed found to be insecure soon after Bitcoin wasgoed released. There are future plans to repurpose the sequence number for use te other advanced Bitcoin transactions—but for now, almost all transactions disable this feature by setting sequence to its unsigned 4-byte maximum value.
Wij come now to the Output Vector (vout) section of the transaction.
The very first output here has a value of 0.01664767 bitcoins, worth about $Trio.95 USD when transaction wasgoed made. Where did those bitcoins come from? Te order for this transaction to be valid, those bitcoins had to have bot available ter the input wij witnessed above.
The amount is implicit ter the input, which is why wij didn’t see it explicitly announced above. When Bitcoin Core validates received transactions, it checks to ensure all the inputs together have enough value to pay for all of the outputs together.
If the total amount available te the inputs is greater than the amount spent to the outputs, the miner who mines this transaction is permitted to voorkoop the remainder spil a transaction toverfee. This is one reason it’s dangerous to create your own transactions by hand—if you accidentally leave behind to spend all of your input value, you’ll lose the remainder to miners.
Note: there’s a proposal to permit spenders to specify the max they think they’re spending and have the transaction rejected if the value ter the inputs exceeds that amount.
The scriptPubKey specifies the conditions that vereiste be sated te order for this output to be spent. Ter this case, the asm field is fairly useful te providing the Bitcoin Script opcodes that get used:
- OP_DUP duplicates the gegevens voorwerp on the top of the stack. When this code runs, that top voorwerp should be a public key.
- OP_HASH160 hashes the gegevens voorwerp on the top of the stack using a certain dual hash wij call hash160: RIPEMD160(SHA256(gegevens)). This is the hash used to create Bitcoin addresses te their binary form (the encoded form commencing with the number 1 is a special version of base58 encoding). When this code runs, that gegevens should be the copy of the public key.
- 82f6. 7914 is a HASH160 of the public key whose corresponding private key is authorized to spend thesis 0.01664767 bitcoins.
- OP_EQUALVERIFY compares the top two items on the stack to see if they’re bit-identical. If they are, it pops both of them off the stack, if they aren’t, it terminates the script te failure.
- OP_CHECKSIG takes the top voorwerp on the stack spil a public key and the next voorwerp on the stack spil a signature and ensures that they both were derived from the same private key, spil well spil ensuring the signature signed the adequate gegevens from this transaction. (Wij’ll voorkant what gegevens gets signed te another tutorial.)
All the surplus of the information ter the block above is computed by Bitcoin Core for our benefit—it does not show up ter the transaction directly. The "reqSigs" tells us that only one signature is required to spend this output—we’ll look at a multi-sig output ter a straks tutorial. The type is "pubkeyhash", which wij call P2PKH. The address shown here is the base58check-encoded version of the hash160 hash shown above (wij’ll look at base58check te another tutorial).
Here is a 2nd output to this transaction. Most person-to-person transactions on the blockchain have two outputs, can you figure out why?
The reaction is because the utter value of any inputs to a transaction voorwaarde be spent or the remainder goes to miners. So typically part of the input value goes to the person being paid and the 2nd part goes to back to the spender spil "switch". This output wasgoed worth about $56 USD when created, so wij can think of this cafe patron spil paying for his $Four drink with $60 and receiving $56 te switch.
Early Bitcoin wallets always placed switch spil the last output te a transaction, but this diminished privacy—it made it effortless to figure out the actual amount paid versus the amount returned te switch. Better wallets today randomly place switch within the sequence of outputs so no outward correlation exists.
Let’s recap what gegevens wij found ter the transaction with an eye to the privacy implications:
From the input (not shown previously), wij know what transaction outputs were used to fund this transaction. Here are the relevant details:
From the previous transaction output, wij know a Bitcoin address belonging to the person now spending the bitcoins (1L4m6YkTuPpfY5DkZ oYXfSH5Nk8f5ZGJs3).
Coinjoin: a secure &, decentralized privacy enhancement
Coinjoin-style transactions were invented by Bitcoin developer Gregory Maxwell to make it difficult to perform the type of naïve blockchain analysis wij used above. A coinjoin-style transaction has two or more participants (the more, the better). They do something similar to mixing bitcoins, but they do it trustlessly so nobody can steal anyone else’s bitcoins. Retrieve a sample coinjoin transaction using the following code (we’ll use less again—see the instructions at the top of the previous section for help using it).
Spil before, we’re substituting some gegevens values with “[…]”. Look at the transaction displayed on your terminal ter less for the juist values. We’re also going to delete more of the irrelevant gegevens this time.
Let’s skip directly to the input section:
Wij see three inputs, recall that the value of thesis inputs is implicit ter the input—the actual value is only explicitly provided te the referenced output. Spil a convenience, we’ll provide the those output values below:
Above wij see that three inputs are provided—two approximately 0.01 bitcoins ter value and one much larger than that.
Now let’s look at the output amounts:
Above wij see four outputs, three of equal amount and one that’s much larger. Wij can assume that the much larger output is switch that wasgoed returned to the person who contributed the much larger input—but for the three equal amounts, wij don’t know from looking at the blockchain which participant received which share.
It’s still possible for an investigator to talk to the participants ter the coinjoin transaction and detect who controls which bitcoins, but lightly automated analysis of blockchain gegevens is prevented (provided the software randomizes the outputs, some software has failed to do this and permitted automated recovery of the association inbetween input and output).
The coinjoin transaction is trustless because all of the participants have to sign the final transaction before it can be added to the blockchain, so they each have a chance to verify that they’re receiving back the onberispelijk amount of bitcoins before signing. This means it can provide enlargened privacy without any reduction ter security.
Exercise: calculate the transaction toverfee paid by the transaction above.
Anatomy of a soft fork: the BIP30 &, BIP34 soft forks
Bitcoin utter validation knots (utter knots) such spil Bitcoin Core each independently validate each block on the Bitcoin blockchain to determine whether or not those blocks go after Bitcoin’s rules, such spil the rules about the inflation schedule (i.e., the 21 million bitcoin limit). This independent validation permits them to deterministically reach overeenstemming about the state of the Bitcoin ledger without using voting or other corruptible processes.
The rules thesis knots use to deterministically reach overeenstemming are called overeenstemming rules, thesis overeenstemming rules aren’t flawless, so they from time to time need patches to fix bugs or upgrades to add fresh features. There are two known ways to switch the overeenstemming rules:
A hard fork switch that causes old knots to reject blocks created by miners following the fresh rules.
A soft fork switch that upgraded miners enforce by rejecting blocks created by non-upgraded miners (if necessary).
Te the very first two years of Bitcoin when there wasgoed only one Bitcoin software program (now called Bitcoin Core), Satoshi Nakamoto implemented several soft forks by simply updating the code te Bitcoin Core. Now that there are hundreds of Bitcoin programs, more coordination is needed and a Bitcoin Improvement Proposal (BIP) process wasgoed created to manage soft forks, hard forks, and other switches that affect numerous programs.
Let’s take a quick look at two closely-related soft forks designed to fix a bug te Bitcoin’s merkle tree generation code. Please open BIP30 te a browser on your laptop and read the brief Abstract, Motivation, and Specification sections.
Now let’s look at one set of the duplicated transactions te the blockchain.
What happens if wij attempt to retrieve those transactions?
Notice from the output that only one of the transactions is retrieved—the zometeen one. The earlier transaction is now entirely unspendable, meaning the 50 bitcoins te it have bot lost forever.
From the specification section of BIP30 wij can see the very first of the soft forks to prevent future cases of this bug (rephrased slightly):
Blocks are not permitted to contain a transaction whose identifier matches that of an earlier, not-fully-spent transaction ter the same chain. This rule primarily applied to all blocks whose timestamp is after March 15, 2012, 00:00 UTC
Miners which did not upgrade to the fresh code by 15 March 2012 were still willing to build duplicated transactions—but if they had, upgraded miners would’ve rejected their blocks.
Exercise: Take a ogenblik and see if you can identify a possible flaw with the project described above.
Time-based soft forks (a type of “flag day” upgrade) have a serious problem: if the upgraded miners don’t control a majority of the network hash rate at the switchover time, the upgraded miners may hard fork off of the network—that is, they’ll become incompatible with the non-upgraded miners and there will be two incompatible forks of the blockchain.
This isn’t a problem for hard forks where a potential incompatibility exists no matter what upgrade mechanism is used.
Gladfully, there were no problems with the BIP30 soft fork, but a better fix for the duplicate transaction problem described ter BIP30 wasgoed implemented using a better soft forking mechanism te BIP34.
Please take a uur to open BIP34 te a web browser on your laptop, and read the entire document (it’s brief).
Albeit the solution described ter BIP30 wasgoed effective at preventing the problem, it also slowed down total knot transaction validation by requiring toegevoegd lookups for each transaction. BIP34 prevents the problem by requiring miners insert some unique gegevens into their coinbase transactions, preventing duplicates to the maximum extent available with SHA256d’s collision and second-preimage resistance.
Te order to implement BIP34, a gradual soft fork upgrade wasgoed used (the very first time for this particular method):
- Individual miners indicated that they were ready to add the toegevoegd gegevens to their coinbase transactions by producing version Two blocks.
- Once 750 of the last 1,000 blocks were version Two (or higher), any fresh version Two blocks became invalid if they didn’t include the toegevoegd gegevens ter their coinbase transactions.
- Once 950 of the last 1,000 blocks were version Two (or higher), all blocks had to be version Two or higher, and they had to obey with the rule to add the reserve gegevens to their coinbase transactions.
Let’s sample at the block version numbers before and shortly after version Two (or higher) became required at block height 227,930. (Note: the last version 1 block wasgoed somewhat earlier, 227,835).
Some people call this blockchain voting, albeit it may be more accurate to call it upgrade readiness signalling. The aim is to ensure that the breathtaking majority of miners are ready to enforce a fresh overeenstemming rule before that rule becomes active.
Hard fork analysis: block size voting
Spil this document is being written, the Bitcoin community is debating when and how the block size limit should be raised, with almost all proposals suggesting a hard forking switch. One popular proposal, BIP100, suggests that miners should be permitted to vote on what block size they want within the range of 1MB to 32MB.
Albeit there is presently no code that implements BIP100, many miners are voicing support for it by placing the ASCII string “BIP100” te the special coinbase field of their coinbase transactions, or using BIP100-style block size voting strings which commence with the ASCII string “BV” followed by 7 to 8 ASCII-encoded digits.
The following Python3 script will connect to Bitcoin Core and scan the most latest 100 blocks on your local blockchain for the above BIP100 strings and print a tally that gives you an idea about what percentage of the network hash rate is voting for BIP100.
Before running the code below, you need to install the Python3 json-rpc library so you can communicate with bitcoind.
You will be prompted for the password you used to login to this machine. After you’ve installed the module, paste the following code into a verkeersopstopping named fork-bip100.py.
Once you’ve saved the fork-bip100.py verkeersopstopping, you can run it with the following guideline:
It may take up to a minute or more to run, but afterwards it will print two lines to your console: the number of the last 100 blocks voting for BIP100 and the number not voting for BIP100.
Learn the 21 devices, and commence building your very first Bitcoin App!
David Harding, Justin O',Brien, Balaji S. Srinivasan