Explain Like I'm Five: How does, exactly, Blockchain Work? Blocks, POW and POS mining made simple.

What is a Blockchain? Why blocks are chained? Is is truthful?

When new technologies are presented, some hype may be expected. People are curious to know how it is going to change their lives, their jobs and which benefits will it provide.

Bitcoin network started when Satoshi Nakamoto, its creator, mined the first block ever. He has received a 50 BTC block reward for mining a block.

Since then, Bitcoin was on the news for several times, got known and its usage as a currency has increased. Even so, the way it works is still rounded with questions, and the technology is mostly dominated by Blockchain specialists.

Since this post has attracted your attention, it is safe to assume that you're involved with crypto-currencies in some grade. Perhaps you're aware of what it stands for, or have heard about it (positive or negatively). There is also a huge chance that you have ever generated or installed a wallet for Bitcoin or other crypto-currency in your computer or smartphone, and maybe you've even received and sent transactions. Sure, perhaps you are already a long-term user, who deals different crypto-currencies on exchanges or even a developer who've ever worked with crypto-currencies. Stable crypto-currencies' softwares commonly makes us think that everything "just works", and the behind-the-scenes may not look as interesting as the final results for most of the users. This article is for curious.

While reading, do not worry if you could not understand some of the terms used. Most of them get explained later in the article. Also, if you felt something was not well explained, just ask for clarification in the comments.

First of all, we know that Bitcoin and crypto-currencies store each transaction as well as users' positions on a distributed database named "blockchain" with no central authority. We know that miners do mine blocks (although perhaps we do not know what mining really looks like) and that nothing once registered on the blockchain can be modified. But how this all happens?

In order to start understanding crypto-currencies, it's needed to understand what having no central authority means. If a friend sends you a bank transfer, you will probably check the transaction through your internet banking, mobile banking or bank ATM. Despite the method you will use, eventually you'll be relying on your banking institution, simply by believing when it says that the transaction exists.

Having no central authority leads to two terms: untrust and consensus. Untrust means that no party actually needs to trust other part in order to have any information as valid or invalid. Consensus means that an information is valid once most of the parties (50% + 1) is able to confirm that.

In order to have consensus, nodes must verify by themselves any information relayed on the blockchain. If an information should not be taken as valid, then honest blocks are able to know so and ignore these. Nodes do not take informations as valid before checking these.

Having no central authority also leads to another question. In order to be able to send you some money, your friend probably opened his internet banking, mobile banking or visited some bank agency or ATM. In any method, your friend had been required to tell, to his bank institution, his intent in sending you some amount.

On the other hand, when you tried verifying his transaction, you reached to your bank institution. If your friend and you are clients of the same banking institution, it operated as central authority, whereas if this was an interbanking transaction, another bank (or possibly a country's central bank) was responsible for this role (we explained a bit more about it in this article). The central authority required trusting from both parties and acted as hub in order to make the transaction possible.

Bitcoin (we will use it often as an example) do not have a central authority. Nobody is required to trust anyone. So, once you want to send a transaction, there is no central 'server' where you can connect and tell your intents. So how does the network receives and spreads information about transactions?

This is easy to tell if you ever worked with torrents, which is also a P2P (peer-to-peer) network. Instead of downloading from a central server, torrent users download part of their files from different other users. As soon as any part of a file is downloaded, they also start serving it to other users.

Since Bitcoin works in a P2P network, every client downloads the needed information from other clients. In order to emit a new transaction, a node sends its data to all the nodes that it have connected too, and these nodes will also broadcast that transaction data with the nodes that they are connected to, and so on, until every node knows about the transaction.

This, however, has left us with a question. When we want to download a file through torrent, we must download a file (or click a 'magnet' link) which lists a few servers where our torrent client (BitTorrent, µTorrent, Transmission…) can know where to find information about where our file is located. In the case of Bitcoin, we are not required to download any servers list. So how does Bitcoin find other nodes?

Actually it tries different ways, in the following order:

1. The 'peers.dat' file: Bitcoin clients keep a list of nodes they've been recently connected in a file that is stored on the ".bitcoin" folder inside the user's folder. Of course if it just got installed, this file will be empty.
2. User-supplied node: An user has the option to provide one or more nodes IP addresses that will be used. This is done through the command-line.
3. Hard-coded nodes: Bitcoin source code includes a few hard-coded nodes that are used if none of the options above worked (i.e. this is a first run and the user has not supplied any node). These nodes are mostly maintained by some Bitcoin developers.
4. From other nodes: Once it finds a node and connects to it, they may want to share the list of nodes they know with each other.

After connecting to some nodes, it’s time to check if the local blockchain copy is updated. Bitcoin full nodes are required to download the entire blockchain (which contains transactions since the first block, in 2009) in order to be able to verify informations they receive.

Bitcoin's Blockchain size: 168 GB as of May 2018. And will continue growing.

After this check, the client may download remaining blocks that had been generated during the time it was offline (or even the entire blockchain if it is a first run) before start working as a node.

It's easy to assume that 'blocks' are some kind of unit of Blockchain, from its name. We also know that blockchain stores, permanently, transactions information. But how is it done? What are blocks?

Before getting to know how blocks are formed, it's important to know a few terms that are highly used on the block producing: Hash, Merkle Root and asymmetrical cryptography.

Hashes are results of hashing algorithms. Hashing consists in taking any input and

Building Blocks

Blocks are basically lists of transactions. A transaction is commonly associated only with money transfers, however, smart contract execution results are also transactions.

In order to fully understand what a block is, there is nothing better than seeing a true bitcoin block. So, here you go.

Bitcoin Block #0

This is the so-called Genesis block, the first block mined by Satoshi Nakamoto, Bitcoin's creator. You can see it here.

Let's study what the block incudes. The image above shows a block represented as "hex dump". A hex dump is a common way to visualize data that is normally not human-readable. It converts every byte to hexadecimal (which is human-readable) and represents it on the middle column. The third column shows a few human-readable characters (not converted to hex) and keeps unreadable characters as "." whereas the first column just shows the offset (distance from the beginning) of the fist item of each line.

A block has a header and a body. The block header are its first 80 bytes (on the hex dump above, the 5 initial lines). It's made up by:

• Protocol version (yellow): on the block above, Satoshi was using the first client implementation, therefore version 1.0.0.
• Hash of the previous block (green): it is needed to hash the previous existing block. This is what chains blocks, since, in order to be valid, blocks must reference their previous blocks through its hash. Now you know the actual meaning of 'blockchain'. Since the image above shows the first block, obviously there was no previous block. That's why this field is full of zeroes.
• Merkle root of the transactions (blue): A merkle root of all the transactions in the current block.
• Timestamp (pink): Timestamp is a special way that computers and developers have created to represent and calculate dates. It's too easy to understand: it's simply the number of seconds of the represented data since the "Unix epoch", which is, by convention, midnight of January 1st, 1970.
• Target Threshould (yellow): A machine-readable representation of the network difficulty. It is encoded in a way to be shorter. A good analogy for this encoding is scientific notations, although scientific notations use base-10, whereas the target encoding uses base-256.
• Nonce (red): a number that must be guessed. This is exactly what miners try to guess. You'll understand it better on this article.

After the block header, there comes the block body. It lists every transaction. Before being able to fully understand it, it's needed to understand how Bitcoin transfers occur.

When you tell the network your intents in sending a specified amount in Bitcoins to someone else, actually you must point which coins, exactly, you want to send. You can imagine it as when you're selecting money bills and coins to pay something. If you are buying a $1 ice cream, although you may have multiple similar $1 bills on your wallet, it's needed to choose one. It also happens with Bitcoin: although you may have more funds than you want to send, it's important to specify which funds, exactly, you are going to spend. Of course your wallet software does it automatically for you.

The block body is composed by a non-empty list of transactions, each in the format:

• Version number: block version number, currently 1 (01 00 00 00).
• Inputs count: the amount of "coins" (inputs) used on this transaction
• Inputs: a list of inputs (coins) to be used on this transaction
• Outputs count: the receiving addresses count
• Outputs: list of receiving addresses; a transaction may sent amounts to different addresses and sometimes it is also required to pay some "change" back to an address owned by the sender, i.e. when the sum of inputs result in an amount higher than the desired amount to be sent. It's exactly like paying a $1 ice cream while you only have a $5 bill: you use the $5 bill to pay for the ice cream and get back $4 as change.

Let's analyze an interesting transaction. In May 22th, 2010, Laszio Henyecz has knowingly paid two pizzas $41 using Bitcoins (10,000 bitcoins at the time). The anniversary of this transaction is celebrated world-wide by Bitcoin enthusiasts as "Bitcoin pizza day". You can view the transaction on Blockchain here (it's interesting to note that the Blockchain website is not the official Bitcoin Blockchain. These are different things, and the website is just a Blockchain Explorer — among others — built by a company named 'Blockchain').

You'll see that the transaction has about 130 inputs (it's usual, since it is a huge amount of bitcoins, and obviously you will need more coins to sum a high amount) and only one output, since the sum of inputs gives exactly the 10,000 BTC desired to be sent.

Changes are needed because it is not possible to spend half of a Bitcoin, nor are Bitcoins a database giving how many coins. When a Bitcoin transaction is sent, the sender must reference where the coins come from (which transactions generated them).

We can make it better understandable through an example: let's say you have 30 BTC in your wallet. You have received 20 BTC when you sold your sport car and 10 BTC as a thanksgiving gift from Uber. And you have to send 25 BTC to pay your favorite drinkhouse where you always go during Bitcoin price dumps. So you access your wallet and send 25 BTC to the bar-man address.

Although, for you, it's a matter of setting the amount and clicking Send, under the hood, your wallet must select a combination of inputs that sum equal or higher than the desired amount.

In our example, you only have two outpoints to use as input. One of them with 20 BTC and the other with 10 BTC. The sum of them, 30 BTC, is higher than the desired amount (25 BTC). But there is no way to sum exactly 25 BTC with your outpoints, so these two will be used.

Let's say the calculated fee was 0.0004 BTC. So the total spent amount was 25.0004 BTC. It's needed to send 4.9996 BTC back to a wallet owned by you. Your transaction will look like:

Some interesting facts:

• It is not needed to specify that the remaining 0.0004 BTC are to the miner (even because you do not know the miner address). Since you specify the destination of 29.9996 BTC from the input of 30 BTC, the remaining (obviously 0.0004 BTC) automatically goes to the miner. The network understands that the funds that weren't redirected to any address are meant to be considered mining fees.
• The change address can be any wallet controlled by the transaction sender. However, there is no way to know whether one user possesses the private key for any address. Therefore, the change is actually just another output. It is, then, possible to send payments for two or more wallets at once (from only one transaction).
• Since each block has a maximum size limit of 1MB, miners cannot include every transaction they'd like to in their block. That's why they tend to choose first the transactions with higher fees.
• The transaction fee is calculated depending on the size of the transaction. It is called "fee per kilobyte". The more inputs and outputs you have, the larger you transaction will be (since it will contain more data) and, therefore, the higher you will pay for fees.
• Due do this previous item, your wallet software runs an algorithm that is able to find the best combination of your outpoints that will generate the shorter transaction data, so you will pay less fees.

Another interesting thing about transactions in Bitcoin network is that it’s not a “subtract from sender, sum to receiver” operation. Bitcoin has a very simple non-Turing-complete script language that is actually a smart contract allowing the receiver to spend the received coins (inputs).

Quick note: Turing-completude is a characteristic of programming languages that are able to perform any calculation that could be done on Turing machine, invented by Computers-father Alan Turing, given enough power and memory. Bitcoin script language lacks a few operations, such as looping, and therefore is not Turing complete.

This, however, hasn't told us everything. What does mining a block mean? In order to know the answers for these questions, it's needed to understand that there are several consensus methods for blockchains. Some blockchains even use more than one method (those are called 'hybrid blockchains'). In this article, we will study the Proof-of-Work-based consensus method, used by Bitcoin, and give an introduction to Proof-of-Stake, another largely used consensus method.

Proof-of-Work: You've Got Lucky

In order to understand PoW, it's needed to know what is hashing.

Hashing: check sum

When you download and run a compressed file (.zip, .rar, .7z, .tar.gz…) and your compression software tells you that the file is damaged, how does it knows the original file content in order to decide that it was damaged in some part during the transfer?

And how does every site knows that you've wrongly typed your credit card details, without even trying to charge it?

This is done thanks to the hashing algorithms. They take any amount of content and convert to a limited set of characters.

A very popular hashing algorithm is MD5. This algorithm takes any content and converts to exactly 32 characters from numbers (0–9) to letters (a-f… actually it converts to 16 hexadecimal characters), regardless of the size of the initial string. Also, good hashing algorithms ensure that even a minimal change on the original string is able to produce changes on the final hash.

For example, "test" returns "098f6bcd4621d373cade4e832627b4f6". Any machine running the MD5 algorithm will return this result for the "test" string.

Since we are talking about a limited set of characters, it's possible for two different strings to return the same hash. This is called hashing collision. Luckily, this is pretty rare (although some cases were found, already).

Another characteristics of hashing is that it is impossible to get back the initial result. For example, with "098f6bcd4621d373cade4e832627b4f6", you cannot get back "test", unless you check a list of known hashes and you are lucky enough to have your hash there. These lists are called rainbow tables and some are publicly available online. Another way to "reverse" a hash is through brute-force: generating several strings per second and getting their hashes until you've found one that produces the same hash that you want. However, if the original string is large and made up by different types of characters (mixing letters, numbers and special symbols), none of us will be alive to check when this task is done, since it can take absurd amounts of years to finish (this is why it's so important always to use strong passwords).

When it's needed to check if some information (or file) has been transferred correctly, the sending part may send you a checksum of the file. Once you've received the file, you will calculate the checksum of the file contents and compare with the one you have in hands. If it is not the same, then the file was corrupted.

For being one-way (cannot be reversed), checksum algorithms such as MD5 are very commonly used to encrypt users' passwords before saving in a database, in order to protect them in case of a data leakage (although it is not recommended to use checksum algorithms for this, since there are better algorithms that are specially made for password hashing and are harder to break).

Bitcoin's Proof-of-Work does not use MD5. Actually it uses another hashing algorithm named SHA-256, developed by the NSA. 'SHA' stands for 'Secure Hash Algorithm'. It generates 64 characters hashes, instead of MD5’s 32.

PoW Mining: Where You'll Be Happy With Left-sided Zeroes

Mining is actually simpler than it looks like. Let's say you want to mine (interesting note ahead: Satoshi Nakamoto, bitcoin creator, imagined that every node running Bitcoin would also mine). As a miner, when bitcoin users send transactions, you'd choose the ones you want to be in your block and save them in your mempool, a temporary storage. You build a block in the format showed beforehand, on this article, making sure it does not overpass the 1 MB limit, and start trying to find the nonce.

You already read that the block contains a part named "nonce" and we've previously defined it as "a number that must be guessed".

The nonce is just a number. And this is what bitcoin mining is all about: you have to keep increasing this number until the hash you calculate using the entire block header content must start with a certain amount of zeroes. The amount of zeroes required to be in your hash's beginning is controlled by the network and is named "target" and is related to the "network difficult".

Bitcoin's first block nonce was 2083236893. This means that Satoshi Nakamoto, who mined this block, had to generate hashes with the nonce, probably starting at 0 until that value. When he calculated the hash of the block header with that nonce, he got '000000000019d6689c085ae16…', which started with zeroes required by the network difficult.

What's interesting about PoW is that it does not matter how long you are trying to find a block. There is no "progress" or "completude". The chances you have to find a valid hash is still the same as someone who just started trying to mine.

Of course, given that the network difficult increased since Bitcoin's first appearance, nowadays there are more miners trying to find valid hashes. They have strong machines that are able to generate and check more hashes per second (this is called 'hashpower'). There are machines that are crafted exclusively for PoW mining and can perform this task better than personal computers.

There are methods that let the mining task be more performant, giving you a better hashpower. A largely used configuration is using GPUs (graphics boards) instead of the computer's CPU for generating hashes. It works because since the GPU is designed to calculate colors of a matrix of pixels at high speed, it is better than the CPU for repetitive tasks.

Once you find a valid hash, you broadcast it to every node you're connected, and they will broadcast to their nodes. Not because they like you, but because once they know that the current block has already been found, they can start working on the next block (remember that the next block's header will include the previous block's header hash?). Therefore it's better for them if the block they just received gets accepted by the network.

The network is also programmed to give miners who find a valid hash a 'block reward'. When you generate a new block, you receive every transaction fee from the transactions you have listed on your block, plus the block reward. Initially, the block reward started at 50 BTC. Currently, it is 12.5 BTC, and it gets reduced in half every 210,000 blocks. When the Bitcoin emitted amount gets near 21 million (actually 20,999,999.9769 BTC), the block reward will stop existing and the miners will only be paid by network fees. This is expected to happen on year 2140.

In average, a new block is generated every 10 minutes. The network tries to control it so this time cannot be easily changed. Every 2,016 blocks (about two weeks), the network checks how long they've taken to generate blocks on the previous two weeks and modifies the network difficult, up or down, in order to keep the block generation time around 10 minutes.

Something that can also happen is two miners mine a valid block slightly in the same time. In this case, it is said that the blockchain suffered a 'fork' (do not confuse with 'bitcoin forks', which are alternative crypto-currencies based on Bitcoin's code) and the network 'chooses' one of the blocks, by mining the next block: since every block must contain the hash of the previous block's header, once a new block is mined, it must refer to one of the blocks. This way, the 'longest blockchain' (the blockchain with more blocks) is the valid one. The other block is called 'orphan' and gets cancelled. The transactions on the orphan block, if not present in the valid block, gets cancelled and refunded.

Every time a new block is generated, since it refers to the previous block (and the previous block refers to the previous block (and the previous block refers to the previous block…)), each past transaction receives a new confirmation, since a new block ensures the block containing the transaction is valid. The named '51% attack' occurs when an attacker, having more hashpower than all the network nodes, pre-mines several blocks (say 4) and emits multiple transactions against a target (his intent is to cancel these transactions even after it being confirmed). After 3 blocks (3 confirmations), the attacker broadcasts his pre-mined blocks. Since he has 4 blocks and the current blockchain still has 3, his blockchain is considered valid and every transaction (including his transactions against a target) will be cancelled.

Of course since Bitcoin has a huge hashpower, performing a 51% attack would be quite expensive and hardly an attack like this could result in more profits than expenses. Anyway, it's recommended to wait for 6 confirmations before taking any transaction as valid. Since one confirmation comes with a new block mined, and a new block is expected to be generated at every 10 minutes, it would lead to a 1 hour waiting time.

Proof of Stake: What do you have to bet?

In July 2011, in BitcoinTalk (an online forum opened by Satoshi Nakamoto where verbs like 'hodl' (hold) are created by drunk members and people buy pizza with Bitcoin), a user posted what would be the idea behind the different existing Proof-of-Stake implementations. It got used initially by Peercoin. Nowadays, several currencies use PoS, and some currencies, like Ethereum, use a mix between Proof-of-Work and Proof-of-Stake.

The magic behind Proof-of-Stake is relying on the amount of coins held by a part instead of on its processor power. Blocks aren't mined, but minted; there aren't miners, but forgers. Block rewards usually don't exist, so PoS currencies must be completely pre-mined and sold on an ICO (Initial Coin Offer) or for free through airdrops, or use PoW to generate the coins. Forgers only receive transaction fees. It's, however, possible to generate new coins and pay forgers with them, through the inflation of the total supply (amount of existing coins), but this is not done by most implementations.

In PoS, a block creator is chosen randomly, based on an block selection algorithm. These algorithms are usually based on the 'stake'. Forgers are required to deposit a 'stake', part of their coins, in order to vote for transactions and blocks. The stake is held. If the forgers try attacking the network voting on invalid blocks, the stake is lost. In theory, since they're staking their funds, they are incentivized to vote correctly.

Good block selection algorithms ensure randomness to the process of electing the next block. An easy-to-imagine way is to choose who staked more coins, but this would lead to centralization, since only the richest members would be able to generate blocks. Therefore, different algorithms have been made.

PoS-based first currency, Peercoin, chooses a block creator based on the named "coin age". It is the product of the staked coins and the days they've been held for, generating a "score". The stake with the highest score wins and is able to produce blocks. However, only coins that had been held for at least 30 days are eligible for staking. When used once as stake, the days counting is started from zero. Also, to avoid blockchain dominance by long-time held volumes, if the coins used as stake is held for more 90 days, only 90 days are counted.

There are other methods for choosing a block creator. Another very largely used method is through our already-known hashing. NxT, for example, concatenates the previous block hash and the public key of the forger address and hashes the resulting string with SHA-256. Since SHA-256 results, as we already noticed, in a hexadecimal value, it can be compared just like numbers. This way, the lowest hash wins and is elected to produce the next block. Staking higher amount, in this case, is the same as buying multiple lottery tickets: at the end, only one stake will be chosen, but since you have multiple stakes, you have a better chance of being chosen.

The deal is that the stakes are public and the algorithms are run by every node. This way, every node is able to find out, from its own, who is the next block producer (and what is the next block), and the consensus is reached. Also, anyone is able to stake their funds and try to produce a block.

Delegated Proof-of-Stake: Let me be your voice

The highest ICO since crypto-currencies appearance has been for EOS, which ended in the last month after a 355-day sales period and have collected $ 4 millions, bases its consensus on Delegated Proof-of-Stake (DPOS). In this model, users elect witnesses and the most-voted nodes are able to validate transactions. They also elect delegates who are able to vote on network improvement and governance-related subjects, but never on the block production. Users' votes are weighted by their stakes.

On EOS model, users elect a fixed number of 21 block producers. The BPs are required to create blocks, host files, serve as backup and run tasks that are required for the network maintenance. While EOS advocates claim that having 21 block producers who are chosen by users through weight voting reaches enough decentralization, it's possible to find averse comments claiming that this is not enough decentralized, or is, indeed, centralized. How this is going to work in practice is something we will start seeing as of now, but it's clear that consensus methods — and crypto-currencies in general — get improved every time.

What do you think about the consensus rules we have just presented? Do you have an idea that could improve them? Have you found some method that you have found interesting? Let's discuss it on the comments area. After, of course, clicking and holding the clap button for some time. We know it's pleasurable.