Buckle up, this is going to be a long one.

Last time, we started building our own cryptocurrency, by showing how we could build a public ledger of transactions in such a way that we could trust each transaction. But we were still missing one important feature: Decentralization.

Up until now, even though the ledger is public and accessible by everyone, we treated it as if it was in only one place, kept up to date by someone everyone would have to trust. This is basically just a bank, and we’d like to remove this centralization from the system.

First, we’ll start by requiring everyone to keep a private copy of the ledger for themselves. Second, we require everyone in the system to use “SquidCoins” (Symbol “🦑”) instead of Euros or Dollars to track their transactions (I’ll get to why that is necessary further down below). Then, instead of adding our transactions to the publicly accessible SquidCoin ledger, we instead announce transactions to everyone in the SquidCoin network, asking them to add the transaction to their copy of the ledger. So, when Alice announces a transaction sending Bob 🦑100, Bob will check his copy of the ledger to ensure Alice’s transaction is valid (also verifying her digital signature), and then announce he’s accepting Alice’s transaction of 🦑100 to everyone else.

If you imagine yourself as a node in this network, receiving transactions from others, and adding them to your ledger, you might spot a problem: How do you know that anyone else has received the same transactions, and just as important, added them in the same order to their copy of the ledger? In other words, how do you know your ledger looks the same as everyone else’s?

This is the actual innovation a cryptocurrency offers: a way to ensure everyone agrees on which transactions happened in what order without resorting to a centralized authority that everyone has to trust.

In order for this to work, we start by splitting the ledger into blocks. Every block contains a certain number of transactions. So whenever a node announces a new transaction in the SquidCoin network, the other nodes add it to their current block, and once the block fills up, a cryptographic hash function is used to calculate its hash.

(I wrote about hashes in issue #40, but if you need a refresher: A cryptographic hash function takes any kind of input, and returns a fixed length output, which looks random, but isn’t. Giving it the same input will always produce the same output, but changing the input even very slightly will produce wildly different outputs)

Here’s where the first interesting thing happens: To prove to all other nodes that a node did its “work” on this block, this hash needs to fulfill a certain criteria in order to be accepted. Like Bitcoin, we’ll use the SHA-256 algorithm (which produces 256 bits of output) in our protocol, and as our proof of work, SquidCoin requires that the first 30 bits of this hash must be zero (Bitcoin has something different). Now, the chances that our block “naturally” produces such a hash are quite small, so we allow an arbitrary number to be added to the block in order to influence the resulting hash. Since we require the first 30 bits to be zero, a node must make at worst around 1 billion (2 to the power of 30) guesses in order to find a suitable number to add to the block.

On the other hand, once we have found such a number, it is easy for others to verify that a node did its work, since just calculating the hash of the finished block is quick and easy. In addition, the hash ensures that the transactions and their order inside the block are fixed, since changing any of those would result in a wildly different hash, and require recomputing the proof of work.

This entire process is what’s called “mining” in cryptocurrency, and nodes that do these calculations are called miners. In order to reward the miners for their work, we allow them to include one special transaction at the beginning of the block: the block reward. This transaction doesn’t have a sender, and therefore no one can sign it, but it gives mining nodes the motivation to calculate the proof of work for a newly completed block. This also introduces new SquidCoins into the network that have not existed before, hence why we use SquidCoins in the first place, and not just a list of transactions in some other currency. From the miners perspective, mining is a bit like playing the lottery: Whoever guesses the right number first gets the reward.

So, to recap: Miners compete on finding the proof of work, and they get a reward if they are the first to find it. Whenever a miner completes a block, they announce it to the SquidCoin network, and everyone else in the network adds it to their ledger. Then the whole thing repeats with the next block of transactions.

There’s still a few big problems though. First: Even though we’ve split the ledger into blocks, and the order of transactions within those blocks are now fixed, how do we know the blocks themselves are ordered? Second: Even though we’ve completed our block, what happens if someone else also completed a block at the same time, with, let’s say, a slightly different order of transactions? Which block should the network trust?

Let’s tackle the former issue first, since the solution is quite simple: We require each block to start with the hash of the previous block. This forms the blocks into a chain, ordering them (hence the name “blockchain”), and also prevents anyone from changing older blocks, since doing so would change their hash, which would change the hash of the block that follows it, and so on. You could do it, but you would have to redo the proof of work for each one of the blocks, making it infeasible.

The second problem is a bit more tricky. The solution is that we don’t actually trust any new block that comes along. It can, in fact, happen that we have to keep track of multiple blockchains, since we might get new blocks from different miners who happened to complete a block at nearly the same time, and thus both announced their newly mined blocks to the network. But which one is the correct one?

So, we again modify the SquidCoin protocol: Whichever blockchain is the longest is the one to be trusted. If there’s a tie, then you just wait until enough new blocks have been announced that one of the chains is clearly the longer one. In other words, the SquidCoin networks trusts whichever blockchain has the most proof of work done on it.

This is a very simple, and as it turns out, elegant solution to the problem of trust when you don’t have a central authority. To illustrate why, let’s look at what an attacker, Eve would have to do to fool Alice into thinking Eve has sent her a transaction, while never announcing that transaction to the rest of the network (this requires that Eve controls at least one miner). To accomplish this, when a new block needs to be mined, Eve prepares a different, special block, one that includes her transaction to Alice. Now Eve has to complete the proof of work for this block and announce it to Alice before any other miners in the network do so for the regular block without the special transaction. That’s hard, as we saw above, but definitely possible. Except this special block has a different hash, so in order to keep Alice from discovering the fraud, Eve now has to create the proof of work for all future blocks faster than all the other miners too! Even though she only added one transaction, Eve has produced a new blockchain which is entirely different from the one everyone else (except Alice) is seeing. At some point, Eve will fall behind on computing the proof of work for new blocks in the fraudulent blockchain. Once this happens, Alice will eventually see a different, longer blockchain — the one that doesn’t include the transaction that Eve promised to send. Since the protocol states that the longer blockchain is the correct one, Eve has failed in her attempt to trick Alice.

And so, even though we’ve glossed over quite a lot of details, we finally have built ourselves a cryptocurrency. To recap: We built a network of nodes, who announce transactions. These transactions are packed into blocks. A block contains the hash of the previous block, a list of transactions, a special “block reward” transaction, and the proof of work. Special nodes called “miners” calculate the proof of work so the block’s hash satisfies a certain requirement. Newly mined blocks are announced to the network, and nodes trust the longest blockchain. All of this put together allow us to transfer 🦑 in our SquidCoin network without ever having to trust a central authority.

Some of the details I glossed over have interesting consequences though, so I’ll just quickly describe a few of them:

• What happens at the very beginning, when there are no SquidCoin in existence? Easy — the creator of the blockchain just mines a few blocks with no transactions except the block reward in them, thus introducing new currency into the network, which can then be sent around.
• I described the “proof of work” requirement as static, but it doesn’t have to be. For example, In the Bitcoin network, the “proof of work” difficulty is adjusted every two weeks, in order to maintain an average mining time of a block at around 10 minutes.
• I never specified how big the “block reward” should be. When Bitcoin started out, the reward was 50 bitcoins, but this was halved every 210.000 transactions (or roughly every 4 years). As of writing, the block reward is 12.5 bitcoins. This actually puts an upper limit on how many bitcoins there can ever be at around 21 million bitcoins.
• Since each block in the Bitcoin takes around 10 minutes to complete, there’s also an upper limit on how many transactions the Bitcoin network can do per second, which caps at around 4 transactions per second. In comparison, the VISA payment network processes around 150 million transactions per day, or an average of 1667 transaction per second (although there are certainly peak times with multiple times that).

Most of the information in this and the previous issue came from the excellent video Ever wonder how Bitcoin (and other cryptocurrencies) actually work? by 3Blue1Brown channel on YouTube, and How the Bitcoin protocol actually works by Michael Nielsen. The original Bitcoin paper by Satoshi Nakamoto is also worth a read.

Got any questions? Anything unclear? Hit reply, and maybe I’ll do a follow-up to answer the most common (or interesting) questions.

• Map Showing Where Today’s Countries Would Be Located on Pangea

• Why You Can Focus in a Coffee Shop but Not in Your Open Office

• Settlers of Catan and the Invasion of the German Board Games

The Serial-Killer Detector A former journalist, equipped with an algorithm and the largest collection of murder records in the country, finds patterns in crime.