When I first started learning about Bitcoin, I found plenty of information, but nothing that directly answered the most burning question:

When you buy bitcoins… what is it that you own, exactly?

That’s the question I’ll answer in this post. Along the way, I’ll introduce several key Bitcoin concepts. You’ll see for yourself how bitcoins are secured and how they’re transferred.

First and foremost, a bitcoin is a unit of account, in the same sense that a gallon is a unit of volume, or a gram is a unit of mass. You can’t pick up a bitcoin and hold it in your hand like you can a dollar bill. But that’s OK, because that’s not what’s important. What’s important is that:

• Bitcoins can be possessed.
• Bitcoins can be transferred.
• Bitcoins are impossible to copy.

These three properties, combined, allow bitcoins to function effectively as a system of distribution of wealth. And fundamentally, that’s what makes bitcoins useful.

When you think about it, what makes dollar bills good at distributing wealth, anyway? It’s the same three properties. You can possess a dollar bill by putting it in your pocket. You can transfer it to somebody else by giving it to them. And dollar bills are pretty difficult to copy. Hence, cold, hard cash is one good way to distribute wealth, and bitcoins are another.

Since bitcoins are not physical objects, but merely units of account, there needs to be some other way to keep track of them. Bitcoin’s solution to this problem is particularly clever.

How Bitcoins Are Distributed

As you may have heard, there is no central server to keep track of everyone’s bitcoins. But that doesn’t mean there are no servers keeping track of bitcoins. Quite the contrary. There are, in fact, thousands of servers keeping track of bitcoins. Every such server in the Bitcoin network is called a full node.

A full node is basically an electronic bookkeeper, and anybody in the world can set up and run one. Each node has a complete copy of the public ledger – that’s a record of every Bitcoin transaction that ever happened, in history, all the way back to the very beginning of Bitcoin. As of today, the public ledger contains more than 30 million transactions and requires 13 GB of disk space.

To actually use bitcoins, you need some kind of device which functions as a wallet. It can be an application running on your computer, a mobile app, a service offered by a website, or something else entirely. Your wallet can add a transaction to the public ledger by informing a single node on the Bitcoin network. That node will relay the transaction to other nodes, which will relay it to others, and so on – similar to the way BitTorrent works. It only takes about 7 seconds for a transaction to propagate across the entire Bitcoin network.

What’s In a Transaction?

By now, it should be apparent that when you “send” bitcoins to another person, you aren’t really sending anything directly to that person. Instead, your wallet reassigns those bitcoins, from one owner to another, by adding a transaction to the public ledger. For instance, here’s a set of three transactions that took place in December last year:

As you can see, every transaction has a set of inputs and a set of outputs. The inputs identify which bitcoins are being spent, and the outputs assign those bitcoins to their new owners. Each input is just a digitally signed reference to some output from a previous transaction. Once an output is spent by a subsequent input, no other transaction can spend that output again. That’s what makes bitcoins impossible to copy.

Each unspent output represents some amount of bitcoin that is currently in someone’s possession. If you add up all unspent outputs on the public ledger, you’ll get the same total amount as there are bitcoins in existence. You could even go so far as to say that the unspent outputs are the bitcoins.

Note that nobody’s real name appears anywhere within a transaction. That’s why Bitcoin is often said to be pseudonymous. Instead of real names, bitcoins are assigned to addresses such as 1PreshX6QrHmsWbSs8pHpz6kLRcj9kdPy6. A Bitcoin address is like a numbered bank account, only much easier to create, and each person can have a potentially unlimited number of them.

Where Do Addresses Come From?

Obviously, if you want to receive bitcoins, you need to have a Bitcoin address. Your wallet can generate addresses for you.

In order to generate an address, your wallet first generates a private key. A private key is nothing but a large number roughly between 1 and 2²⁵⁶. To make such numbers shorter to write, it’s customary to encode them as sequence of numbers and letters.

Next, your wallet converts that private key to a Bitcoin address using a well-known function. This function is very straightforward for a computer to perform. If anyone knows your private key, they could easily convert it to a Bitcoin address, too. In fact, many Bitcoin wallets have a feature allowing you to import private keys.

On the other hand, it’s extremely difficult to go the other way. If someone knows only your Bitcoin address, it’s virtually impossible to figure out what the private key was.

It’s perfectly safe to give your Bitcoin addresses to other people, but extremely important to keep your private keys secret. Most of the time, as a Bitcoin user, you’ll never even see your own private keys. Typically, your wallet keeps track of your private keys for you, usually by storing them in an encrypted wallet file, either on your hard drive, on a server on the Internet, or elsewhere.

How Are Transactions Authorized?

That brings us to why it’s important to keep your private keys secret: Your private keys give you the ability to spend the bitcoins you’ve received.

To see how, take a closer look at the second transaction in the above listing, b6f4ec453a021ac561…. This transaction spends the bitcoins from previous output e14768c1d648b98a52…:0. When we examine that previous output, we see that those bitcoins were previously sent to the address 1NqUaJrFeStshjad1bhrEFFzWSQw6JHbqv. It stands to reason that this transaction should be authorized by whoever generated that address in the first place.

That’s where the digital signature comes in. In Bitcoin, a valid digital signature serves as proof that the transaction was authorized by the address’s owner. Here’s what makes it safe: Just as a private key was required to generate that address, the same private key is required, once again, to generate a valid digital signature.

A digital signature is only valid if a specific equation is satisfied by the address, the previous output and the signature. As you’d expect, every time a Bitcoin node receives a new transaction, it checks to make sure each digital signature is valid. The node has no idea which private key was used to generate each signature, but that’s OK, because it doesn’t need to know. It only needs to verify that the equation is satisfied.

The concept of digital signatures is based on old idea known as public-key cryptography. Bitcoin is not the first digital currency to secure transactions using such cryptography, but it is the first to do so without relying on a single, centralized server. That’s the breakthrough at the heart of Bitcoin.

Some Wallet Types

There’s already a wide range of Bitcoin wallets to choose from, but in most cases, the purposes of the wallet are the same:

• To store your private keys.
• To send bitcoins to other people.
• To generate addresses, so you can receive bitcoins from other people.
• To view your transaction history and current balance.

A desktop wallet is an application you install on Windows, MacOS or Linux. Examples include Electrum, Multibit and Bitcoin QT. Your private keys are stored locally, in a file somewhere on your hard drive such as wallet.dat, and the security of your bitcoins is only as good as your ability to protect that file from data loss and theft. Exceptionally, Bitcoin QT also turns your computer into a Bitcoin node, and therefore requires much more disk space and bandwidth than the other applications.

There are also web wallets such as Coinbase or Blockchain.info’s My Wallet service. When using a web wallet, your private keys are stored – usually encrypted – on the website’s servers instead of your own hard drive. Some web wallets are also Bitcoin exchanges, such as Bitstamp or Virtex, where bitcoins can be traded for US dollars and other currencies.

A mobile wallet is an app you install on a smartphone or tablet. Many mobile wallets, such as the Coinbase app, are simply interfaces to a web wallet, which means that your private keys are once again stored online. One notable exception is Bitcoin Wallet for Android, which stores private keys directly on your mobile device.

Since virtually all smartphones have a built-in camera, QR codes have become a popular way to communicate Bitcoin addresses. You can send bitcoins to someone by scanning their QR code with your mobile wallet.

QR codes can be dynamically generated, too, and can include additional information such as the exact quantity of bitcoin the recipient expects to receive. This allows some mobile wallets to function as point-of-sale devices.

There is even such a thing as a paper wallet. A paper wallet serves just one purpose: to store your private keys. Some of the above wallets can print your private keys for you, but you can also generate a brand new private key and address pair without an existing wallet. Bitaddress.org offers one such service. Once your private keys are printed, you can lock them away in a safe place, such as a safety deposit box, and wipe them from your computer. This is referred to as cold storage.

Bitcoin’s protocol is completely open, allowing anyone to implement an application or device that is compatible with Bitcoin. In effect, the entire Bitcoin ecosystem has been crowdsourced. This has sparked all sorts of innovation – there are many more Bitcoin wallet and point-of-sale devices than the ones I’ve mentioned here, and there are certainly more to come. The landscape is changing constantly.

Unfortunately, this openness also creates an opportunity for scammers. That’s why you must choose your wallet carefully. Do some research before deciding that your wallet provider is trustworthy. In the case of a web wallet, you must trust that website with your bitcoins exactly as you would trust a bank with your cash. A desktop wallet lets you be your own bank, but you must still trust that the desktop wallet actually functions as advertised. It helps to choose a wallet that is open source, is actually built from that source, and has a good reputation on discussion forums such as the Bitcoin subreddit and bitcointalk.org.

Are Bitcoins Backed By Anything Valuable?

If you’re looking for something of value behind Bitcoin, I’d argue that it’s the private keys. Certainly, every fraction of a bitcoin is backed by one. And once bitcoins are sent to an address, the corresponding private key becomes extremely valuable.

Consider the Bitcoin address 1933phfhK3ZgFQNLGSDXvqCn32k2buXY8a. It currently contains 111114 bitcoins. At the time of writing, that’s worth about $90 million US. If you only knew the private key for that address, you could spend that $90 million as if it were yours.

But you don’t know it. Nobody knows that private key, except for the owner of 1933phfhK3ZgFQNLGSDXvqCn32k2buXY8a, whoever that is.

Suffice to say, thieves around the world are itching to discover people’s private keys. A new breed of wallet-stealing malware has already emerged. Safeguarding your wallet is an important subject I won’t cover here, except to say that you must never, ever forget the password to an encrypted wallet, and you must practice impeccable computer hygiene to ensure that no spyware or malware infects any computer that is used to access a Bitcoin wallet.

Summary

So, when you buy bitcoins… what it is that you own, exactly?

When you own bitcoins, what you have is the exclusive ability to add specific transactions to the public ledger. Your bitcoins exist as unspent outputs from previous transactions on the ledger, sent to an address that your wallet created out of thin air, waiting for you to use as inputs in a future transaction. Your wallet is the only wallet that can digitally sign those inputs, because it contains a private key that no one else has.

The entire public ledger is stored, redundantly, on thousands of nodes scattered across the globe. Shutting down Bitcoin at this point would be very difficult indeed.

Don’t be fooled by any oversimplified explanations you’ll find around the web. For example, in Bitcoin’s introductory video, there’s an animation of one user flipping a stack of coins directly to another. In mainstream news articles about Bitcoin, there’s usually stock photo of a physical coin with the Bitcoin logo on it. By now, you should recognize that such illustrations are largely symbolic. They don’t depict the way bitcoins are actually stored and transferred in practice. (Some physical bitcoins do exist, and are similar in concept to paper wallets, but they’re novelties.)

Further Information

Now that you know exactly what a bitcoin is, how it’s secured, and how it’s transferred, you have a foundation for understanding further information about Bitcoin.

• Bitcoin’s public ledger is also known as the blockchain. Since the blockchain is totally public, people have built websites to interactively browse its contents, such as Blockchain.info and BlockExplorer.
• I’ve intentionally left out any details about the mining process and its role in extending the blockchain. It’s simply not profitable to mine bitcoins using ordinary computing hardware anymore. Therefore, mining is not the first concern to novice Bitcoin users. If you’re interested in the state of the art, check into ASIC miners and how to join a mining pool.
• Khan Academy has a fairly comprehensive series of videos diving into the guts of Bitcoin.
• There’s an insightful and entertaining talk, dated Sep. 25, 2013, with Andreas Antonopoulos, a recognized Bitcoin expert. Well recommended.
• The original white paper by Satoshi Nakamoto is what started it all. It’s an accessible read for those with a background in computer science.
• Almost all other cryptocurrencies in existence, including Litecoin, Peercoin, Namecoin, Dogecoin and all those listed on CoinWarz, are cloned and derived from the reference Bitcoin implementation on GitHub.
• This post presented a simplified description of a Bitcoin transaction. Real Bitcoin transactions are based on scripts, which allow various other kinds of financial instruments to exist on the Bitcoin platform.