Bitcoin explained from the viewpoint of inventing your own cryptocurrency.
Videos like these made possible by patreon: https://patreon.com/3blue1brown
Protocol Labs: https://protocol.ai/
Interested in contributing? https://protocol.ai/join/
Special thanks to the following patrons: http://3b1b.co/btc-thanks
Some people have asked if this channel accepts contributions in cryptocurrency form as an alternative to Patreon. As you might guess, the answer is yes :). Here are the relevant addresses:
Supplement video: https://youtu.be/S9JGmA5_unY
Music by Vincent Rubinetti: https://soundcloud.com/vincerubinetti/heartbeat
Here are a few other resources I'd recommend:
Original Bitcoin paper: https://bitcoin.org/bitcoin.pdf
Block explorer: https://blockexplorer.com/
Blog post by Michael Nielsen: https://goo.gl/BW1RV3
(This is particularly good for understanding the details of what transactions look like, which is something this video did not cover)
Video by CuriousInventor: https://youtu.be/Lx9zgZCMqXE
Video by Anders Brownworth: https://youtu.be/_160oMzblY8
Ethereum white paper: https://goo.gl/XXZddT
If you want to contribute translated subtitles or to help review those that have already been made by others and need approval, you can click the gear icon in the video and go to subtitles/cc, then "add subtitles/cc". I really appreciate those who do this, as it helps make the lessons accessible to more people.
Music by Vince Rubinetti:
3blue1brown is a channel about animating math, in all senses of the word animate. And you know the drill with YouTube, if you want to stay posted on new videos, subscribe, and click the bell to receive notifications (if you're into that).
If you are new to this channel and want to see more, a good place to start is this playlist: http://3b1b.co/recommended
Various social media stuffs:
I have a question about the example that comes along at 19:50 - is there a presupposition that most of the blockchain miners (apart from Alice) will be trying to produce legitimate blockchains? If everybody or even just most are producing garbage ledgers, won't the process hum along like it's supposed to, but with inaccurate ledgers?
It isn't much of a stretch to assume that the vast majority of miners will build on a singluar legitimate blockchain. Miners aren't the only network actors, it's possible for pretty much anyone in the world to run a full copy of the blockchain, checking every single detail down to every byte of info, including all the proof of work produced by the miners, and their not going to follow a garbage blockchain ledger. This creates an extremely robust schelling point on a global scale.
My question is: who actually checks for POW? I mean... if a malicious miner created the longest chain, each block without proof of work, and broadcast this chain to the network, would the miners automatically reject this? Or can you add a block to any chain only when you have POW?
Not only would other miners immediately reject a chain with less POW, but so would all users running nodes on their computers. All network nodes check all POW and verify all the transactions that miners include in blocks. You can do this yourself by running a full bitcoin node on your own computer.
Hey 3blue1brown! Easily the most concise intro to crypto I've seen in awhile, speaks volumes on your ability as a producer. I was hoping you could do a video on some of the issues the crypto industry is currently struggling with, such as scalability - and the limitations of classical hardware on nonce factorizations. Would be cool to explore alternative approaches
In just about 12 months, BTC has made a drop of over 80% from a peak of $19,800 to less than $4,000 and I wonder how silly those that kept talking of $100,000 and more look now. Seriously, how much more evidence do we need that cryptocurrencies are purely speculative bubbles that are best treated as such and milked at the moment? The only space for investing is in real companies doing actual business with real currency valuation. My forecast for the long-term value of bitcoin is 0$, 0€, 0£, 0¥. Don’t get me wrong, I am not a crypto hater, in fact, I am above average financially but I still have a strategy which I implement with which I make a minimum of $30,000 monthly for a couple of months already. Even though I get assistance from Mr. James Long with trade strategies and signals, I still trade on my own so I don’t have to grant anyone access to my trade account (funds). What I do is seek his opinion on the markets as he is a very seasoned analyst and trader and then I use his signals which are very simple to use in placing trades and in the process, I learn a lot from him. You can mail him** (jameslong241 @ Gmail. com) if you need his assistance too. A word of caution, never mix emotion with coins if you want to succeed and you have to be brutal as well i.e sell, buy, and trade when you have to follow the rules and always seek help if you are not already a master trader and are not making good and consistent profit on your own already.
And to add, back in the massive 2017 into 2018 BullRun, when BTC was about $19K, the expert traders were telling noob investors to HODL & BUY. All while the experience traders were slowly liquidating there BTC, XRP, ETH etc., making massive gains. Only to eventually buy back on the cheap. I asked somebody why they give these noob holders bad advice, and there response was so the NOOBS won't crash the price by panic selling, and to give the experience traders a chance for huge returns.
Amazing amazing video. Thank you so much for this, I really wanted to know the details of the mining process. This really did a good job. I still have a few questions that I hope fellow YouTubers and enthusiasts could answer. By this logic, blockchain cannot work without miners? Miners won't work without a reward, meaning for every blockchain there must be a reward system?
Correct. In Bitcoin, there are 2 sources of rewards that go to pay miners. There is the new coins that get released to the miner who finds a block (this will decrease per block over time, go read about bitcoin "halving"), and the miner also gets all the fees of every transaction they include in a block they mine (which is expected to grow to be worth more than the new coins made in each block).
When it comes to Bitcoin, block production is adjusted to 1 block every 10 minutes, and each block can only be a few megabytes large - this will ensure that the bitcoin blockchain can be maintained on regular home computers with regular home internet connections (trustless usage). However, for other blockchains that grow too big too quickly, such as Ethereum perhaps, it will be difficult to maintain the full blockchain on a regular computer, so then you might have to rely on trusting a big data center.
I'm missing something here. Not sure exactly how to word my question but I'll try to throw out some key words and maybe someone can help.
I can almost understand how this would work if it was only one large block and only one transaction happened at a time (until the miners finished).
I'm having trouble understanding two things:
How can multiple transactions happen at once and still be accounted for properly?
And what is going on with there being multiple blocks? If each block can only have ~2500 transactions, how are the blocks connected?
Edit: I think I understand that the blocks are just pieces of the larger ledger and they are the spots between the pieces the miners put in to make the blocks start with zeros. This way the ledger is still intact.
I also think that I understand that if two people make transactions at the same time, they both tell the miners and then the miners include both transactions in their next block. The order isn't super important within a block?? Maybe?
+Zack Taylor Yes, the ledger does grow over time and more bandwidth is needed for the initial download of the blockchain (when first starting up a node). It is obvious that uncontrolled growth of the ledger would be problematic, hence, the Bitcoin protocol rules stipulate that blocks can only be so large (current absolute max size per block is just under 4MB). So while initial blockchain download (over 200GB currently) for new nodes just getting synced might take a while (up to a week), keeping up with downloading (and verifying) a 1-4MB block every ten minutes is very doable on most home computers/internet connections. So it might then seem that the bottle neck for scaling is the ~2500 transactions per 10 minute interval, however, it is important to realize that bitcoin developers are now busy building out a 2nd layer protocol network ontop of the bitcoin blockchain call the Bitcoin Lightning Network, where true scale can be achieved (over >100,000 transactions per **second** is now possible).
+SAL so does the ledger get bigger over time? And take up more bandwidth as time goes on? Thanks, thinking of the blocks as pages makes a lot of sense. And I appreciate the clarification you have about multiple transactions in quick succession.
Yes, you seem to have a good understanding of how it works. I like to think of each block in the blockchain as a "page in the ledger". In general, the order isn't important within a specific block. Sometimes however a specific set of connected transactions all happen quickly before a block is mined. It is possible that A sent to B, and B sent to C, and C sent to D before a block is mined, at which point all 3 transactions will be mined together and will be listed in order within the same block (the transactions will reference each other within that one block). Each block contains a hash of the previous block. New transactions need to reference past transaction outputs (from previous blocks) that were unspent until now.
How to contribute or make a donation for you to keep on making such a great comprehensive videos? Can you go into the details of how the sk and pk are related and how it is possible to verify the signature and the message by knowing the pk? Or any references on this topic? Thanks!
You are confusing the market for bitcoin and the actual bitcoin system. There was such a thing as the "internet bubble" some years ago, but that doesn't explain how the internet works. Also, people don't use graphics card to mine bitcoin (you need an ASIC machine).
+Ivan Novotný All nodes already have all the account balances with associated public ADDRESSES (and addresses can only be derived from an associated public key which must be derived from the private key). So whenever a sender makes a transaction, it is digitally signed with their private key and it will show the public key and show and that it **matches to that specific public address**. So no, an attacker can't alter the transaction without the correct private key - it would be invalid as it won't "match" the public address. The transaction effectively states to the network "this X amount of bitcoin now belongs to this NEW address", and there is no way for an attacker to change it (unless of course they somehow manage to steal your private key and make a transaction before you do). I hope I was able to explain that well enough.
+SAL SAL Ok. But, for veryfiyng the nodes must have the public key of my signature. What happends when somebody change this public key as it will passes to the attacker's private key? I'm sorry for explaining my question so unluckily. I'm talking about man-in-the-middle attack. Attacker doesn't need to know my private key for signing but he can still attack my transaction by changing the look of my signature's public key before entering the broadcast to all nodes. What it will mean? Because when he changes it, the network verifies the trandaction as valid. Or not? Couldn't he change also the transaction content? Or modifying the public key of signature before entering the network is pretty impossible?
Once the sender digitally signs the transaction, that transaction message gets broadcast to the entire network, each node verifying it is correctly signed. If nodes see that it isn't a valid signature, then they don't propagate it. If it is a valid signature, it will then be added to the immutable blockchain by a miner.
What if Alice exchanges the money for another currency in the meanwhile, this system is neat but also flawed. With time its going to become unmanageable with never-ending history. Not to mention all the power needed to keep it running.
I struggled to grasp this concept till I learn the below on a Cryptocurrency 101: Transaction records are collected in blocks. As transactions transfer ownership of CryptoCurrency balances, each block represents an update of the user’s balances on the network.
Blockchain technology underpins the global transactions of CryptoCurrencies ensuring transparency, enhancing security through a secure record-keeping system. It also allows for improved traceability of data and transactions across the different types of CryptoCurrencies, along with increased efficiency, speed and a reduction of costs compared to that of traditional banking systems.
Described as the ultimate smart currency, CryptoCurrencies represent a digital currency which is encrypted. It offers users a verifiable transfer of funds operating independently of a central bank across global networks.
The system keeps an overview of CryptoCurrency units and their ownership and also defines whether new CryptoCurrency units can be created. When new CryptoCurrency units are minted, all network participants are notified as the ledger is decentralized and is automatically updated. if its helps you as well there is another on Bitcoin 101 and blockchain 101 which may help. https://www.cryptofish.com/blog/what-are-cryptocurrencies-and-how-do-they-work/
It depends. It will initially just sit there "unconfirmed" until it gets mined into the blockchain. Usually no miner will do this for free, so yea, eventually it will just get dropped and doesn't go through. However, if the recipient of that zero fee transaction is serious about wanting that transaction, the recipient can pick up that zero fee transaction and use it in a subsequent transaction (to themselves) that does have a fee (the fee for the subsequent transaction will cover the 2 transactions). This is known as a "child pays for parent (CPFP)" transaction.
The transaction was digitally signed with Alice's private key, and only Alice's key can sign the transaction she sends. If Bob tries to make a change, it wouldn't be valid - it will simply be ignored by the network.
This video is really an awesome explanation! I have been reading up on Bitcoin along with other Cryptocurrencies and Blockchain to try and get a better understand and I would definitely recommend this video which I will definitely be sharing. Along with this I also found the below really helpful in terms of understanding Bitcoin and Blockchain. https://www.cryptofish.com/blog/bitcoin-101/
Why is the proof of work necessary at all? If we already need, for every transaction, a signature that only the person making the transaction can produce, then how could anyone send fake signals? They'd need a signature they can't possibly fake...
The problem becomes that the person sending the transaction can still produce ANOTHER valid signature to "double-spend" their money (a conflicting transaction). Proof of work solves this double spend problem WITHOUT a trusted central entity.
If you want to do so without trusting any third party, then the answer is yes. Maintaining a fully synced up copy of the entire blockchain is known as running a full node. Your node can tally up the bitcoins of your addresses to show your balance. This is actually the key feature that makes bitcoin unique compared to all other previous forms of money - you can easily do full validation of the entire system yourself without relying on any third party!
Unfortunately, most people are lazy and do choose to rely on other services to tell them their balance. Even worse off are people who store their coins with trusted central entities, which make them a big target for hackers.
21:25 doesn't this mean that bitcoin is completely infeasible to be used on a daily basis? For example if I go to the shop and pay for something with bitcoin, the shop will have to wait for quite a few blocks to be added before they can trust that they've been paid. That would take on the order of at least minutes, which is far too long.
Not only that, but fees for blockchain transactions can be expensive for everyday small payments. So while the bitcoin blockchain is being optimized for security and decentralization, there is a second layer payment network being developed called the "bitcoin lightning network" where payments are now instant and fees are extremely small (on the order of 1/100,000,000 of a bitcoin).
+VwertIX Nope, but it's well-established in the English language to use male pronouns for anonymous mechanistic entities so deliberately overriding this with a female pronoun grates annoyingly to the average casual listener (woke bell-ends excluded). If the author wants to get laid there are easier ways than inserting female pronouns where they're not required and statistically highly unlikely to be correct.
+JOe-HOs there is no way to see the number of individual miners, however, we do know roughly how much total mining power there is. Many miners team up together into mining pools - just googling "bitcoin mining pools" should show the big pools out there.
Then transactions would stop getting included in the blockchain. But it would also mean it tons of profit being left up for grabs, which would lead to many people (my self included) to jump into the mining game to get some easy money, and thus mining would resume.
2^256 roughly equals to 10^78. Which is not very much, because our Universe consists of 10^80 elementary particles. And if you want to measure the volume of a Universe in PLank volumes, you will get something like 10^185. So please, do not judge astronomy ;)
Rodolfo Assereto Because Bob would have to be the one to broadcast that. It isn’t trustworthy to say that someone paid you, the digital signature of the person who actually made the payment has the final say.
In the spirit of your 2^256 cryptography security video, could you do a follow up on the ecological impact of cryptocurrencies ? My understanding is that all these protocols require an insane amount of energy, and that therefore if we all relied on cryptocurrencies, our impact in term of energy consumption would be colossal.
The only question I have is:
Why on Earth was the underlying core computation (SHA256) used instead of some provably NP(Hard) computation? That is, we -think- reversing SHA(256) is NP(Hard), but as you stated in the video, it's really "Well, we don't know a way to reverse this."
We need the underlying problem to be NP complete, so that it is very hard to find an answer, but easy to verify if its correct. NP Hard would not be applicable because it would be very hard to calculate an answer, and also very hard to verify the answer. The very essence of mining revolves around having miners go through a large amount of work, and have others verify the miners went through the large amount of work. If others had to go through the same amount of work just to verify, then the whole system is pointless.
Sorry I find your example at 21:14 confusing how would bob not know whether or not Alice paid him $100???
my understanding is that there is a large database of "miners" that hear all transactions, and thus their ledgers are always the same
+64standardtrickyness By fraudulent transactions (or blocks that contain them), I mean they are transactions that are breaking the network consensus rules. Some obvious examples: a transaction that tries to spend bitcoin without providing a digital signature from the private key (ie. spending bitcoins from an account you don't control) or trying to create a transaction that references an x amount of bitcoin but making the output be greater than x (ie. trying to spend more than you have in your account) - these types of situations are not a concern at all as the network instantly disregards those transactions and blocks that may contain them. The only issue left is double spending (which is what I think you are getting at in your example) - if someone has say 1 bitcoin, then makes 2 different transactions referencing that 1 bitcoin. On the face of it, neither transaction on its own is fraudulent, but both can't be true. If two different miners solve competing blocks, but each includes one of the two contradicting transactions, then both branches at that point are still fair game (there is no false block yet), but one branch is abandoned over time as the majority of mining power will choose one branch to build on (it makes no economic sense for a miner to build on a minority/losing branch). Even if a player with large compute power did go through with trying out your example, they would have very likely lost much more than they would have hoped to gain as they wasted valuable time and electrical resources mining the block or blocks they don't want included in the longest blockchain.
What it comes down to is this: if you are receiving a large transaction, don't consider it "finalized" until many subsequent blocks have been built on top of the block that contains the transaction of interest, to ensure that you are not being double spent. For example, if i'm receiving 100 bitcoin, I wouldn't trust it after seeing it in only 1 block (I'm not going to immediately send them whatever they paid for just yet) - I can however be confident it is finalized after waiting 6-10 blocks have been built on top of it - someone trying to double spend that transaction to me at that point would not only need to redo that block, but they would also need to solve all the subsequent blocks as well, which would at that point have cost them much more than 100 bitcoin in electrical power to pull off. Miners make money by playing by the rules and building on the longest chain, not by wasting resources on blocks that don't get included in the longest blockchain.
@SAL by fraudulent block, do you mean the transactions are not verified or something else?
My question was in the absence of any central processing system or omnicient miners supposing there was a period of time which an adversary attempting to cheat would have more computing power during that time send someone else 100 bitcoins and then attempt to make a block hiding that transaction (or stating that no such transaction occured I'm not sure if the blocks represent transactions or time but it shouldn't matter) and using their superior computing power at a particular time, quickly output a block hiding their transaction and find the key for that block making their (false) block temporarily the longest and then the other miners come back, see that this person has the longest block and works on this (false ) block
+64standardtrickyness if it is indeed a fraudulent block/chain (with an invalid transaction), it simply will not be accepted by the network as they check it in real time (nothing to worry about). However, if it is a competing chain with double spent coins ( coins being spent to 2 different addresses), then all you have to do is sit back and wait for a few more blocks to see which branch the majority of miners are building on (that becomes the true blockchain, since it will gather the most proof of work). That is why it is good practice to wait for 3-6 blocks to be built on any particular block that has a transaction of interest to you. It doesn't matter if a miner gets "lucky" for a few blocks, it is not something that can be kept up continuously.
but that doesn't fundamentally solve the issue of getting lucky (or putting in power during some downtime) at some point and being able to output the most mining power by one block (by outputting one fradulent block on top of the output previously with most computing power) wouldn't all miners then start working on this fradulent branch hence perpetualting the wrong branch?
+64standardtrickyness To determine which branch is the valid/true blockchain, it is the one with the most mining power put into it. Imagine that you are a miner and you see a completing branch that has less mining power behind it - it would not make sense to go mine on it because the rest of the network won't acknowledge it as valid. Alice in this situation is doomed to lose as the rest of the miners have more mining power than Alice.
But then how will bank charge transaction tax ?
Exchange rate will difficult to control if not Impossible .
Then if someone government (major power colluding )have super computer which can peta flop computing having larger block can controll all transactions ?
Also if you are generating money without any physical work how it will be valued ?
How to prevent hawala , money laundering , tax evasion?
The idea with Bitcoin is to completely bypass any bank or government control. Exchange rate and value is determined by the free market. If mining is compromised, then the users will upgrade to fix it. You don't need a physical object to value, the Bitcoin blockchain can be run and examined by anyone. You can't stop black market transactions from happening - which now means governments will have to do actual detective work to go after criminals.
The transaction will only be included in the blockchain if it is valid, and it is only valid if the transaction from Bob was digitally signed by Bob's private key. I hope that makes sense. Invalid transactions are ignored by the network, and are not included in the blockchain.
We will accept entries between now and June 15th. Posters will ship in July.
YESTERDAY WAS EVERYTHING OUT JUNE 30th.
Filmed primarily during the tour celebrating the 10th anniversary of our debut album, this feature length documentary, directed by our friend Matthew Mixon, follows the band as we reunite with our original vocalist Jesse for the first time since our split a decade prior. The film explores the fatal tragedy that brought the band together and follows our journey across North America as we face old ghosts and attempt to reconcile the past.
Signal Spam is a public-private partnership that allows users to report anything that they consider to be spam in their e-mail client or webmail in order to assign it to the public authority or the professional that will take the required action to combat the reported spam.
The Spam Signal reflex.
A spam report allows to collect all the technical information required for the identification of a spammer, wether the report relates to a marketing abuse or cyber-criminal spam. Signal Spam is responsible for the qualification of your report and distributing useful information to the fight against spam.
Download the plugin that corresponds to your messaging environment and install it.
Report spam from your e-mail and track developments in your personal space.
Thanks to your reports, Signal Spam collects information essential to the identification of spammers , and share them with the authorized actors able to take action adapted to each specific report.
Consult the code of ethics.
The reports provide the digital evidence investigators and public authorities need engage legal procedures, controls and sanctions against companies which send abusive marketing e-mails, and legal actions against cyber criminals.
Easy-To-Use Tools For Hard Trading Decisions.
Find what to trade, when to trade, and how to trade with signals and tools for over 350,000 stocks, ETFs, futures, forex and mutual funds.
Managing your own portfolio is easier than you think.
Create Your MarketClub Account Now.