How BitCoins are Used and Stored – Crypto Academy Lecture 4

How BitCoins are Used and Stored – Crypto Academy Lecture 4


CryptoSlo cryptocurrency news and
investing welcome to lecture four where we’ll talk
about how we store and use bitcoins in practice in section 4.1 we’ll talk about the
simplest way of storing bitcoins and that is simply putting them on a local
device now just to review in order to spend a Bitcoin you need to know two
kinds of things first of all you need to know some information that’s stored on
the public blockchain you need to know what the identity of the coin is and how
much it’s worth for example and along with that you also need to know the
secret key of of the owner of the Bitcoin presumably that’s you now if you
think about it the first piece of information being on
the public blockchain you don’t need to worry too much about how to store it
because you can always get it back when you need it but the secret signing key
is the thing that you’d better keep track of so in practice when we talk
about how you store your bitcoins what we’re really talking about is how you
store and manage your keys and that’s going to be the main topic when we talk
about how to store bitcoins so really this lecture which we titled how to
store and use bitcoins might as well be called how to store and use secret keys
because that’s really what it’s about okay now when figuring out how we’re
going to store and manage our keys there are three goals that we have in mind the
first goal is availability you want to be sure that you can actually spend your
coins when you want to the second goal is security and that is that know what
nobody else can spend your coins if someone gets the power to spend your
coins they could just send your coins to themselves and then you don’t have the
coins anymore and the third goal is convenience just
that whatever you do it’s relatively easy to use okay so the simplest
approach to managing your keys what to do with them is just to take the key and
store it in a file and put that file on your own local device on your computer
on your phone or on some other kind of gadget that you carry your own or
control and evaluating that method against our three goals well for
convenience it’s great nothing really nothing could be better than to have say
an app on your phone that where you can push a button or swipe something and
spend your bitcoins so for convenience it wins but when it comes to
availability and security storing things on a local device in a simple way is not
such a great idea and the reason is first when you get to availability that
your key your coins are no more available than your device that means if
you lose the device if the device crashes and you have to wipe the disk if
your file gets corrupted or something like that you’re out of luck the key is
lost therefore your coins are lost similarly for security your keys
therefore your coins are just as secure as your device if somebody managed to
break into your device to compromise it if they can put malware on your device a
virus or something like that then then they can get the key you leak the key to
themselves and they can then send all of your coins to themselves
so although storing things locally is very convenient and very simple it
really isn’t up to the task for availability in security and the way to
think about this is this is a lot like carrying around money in your wallet or
your purse or in your pocket it’s useful to have some spending money but you
don’t want to carry around your life savings because you worried that you
might lose it or that somebody might steal it and so what you typically do is
store a little bit of information a little bit of money in your wallet and
keep most of your money somewhere else now in order to do all of this we
typically if we’re going to follow the local storage approach we typically use
wallet software and that’s just software that manages all the details of keys and
makes things convenient it keeps track of your coins it gives you a nice user
interface if you want to send four dollars and 25 cents worth of bitcoins
to your local Starbucks the wallet software will give you some easy way to
do that and by the way if you’re using wallets software once you’re using
software to manage keys and such it’s a nice trick it’s a useful trick to use a
whole bunch of different addresses a whole bunch of different keys so rather
than taking all of your coins and paying them to one address and controlling them
with one key you can have a separate address a separate Bitcoin address and a
separate key for each coin that keeps things separated so that you get a
maximum degree of anonymity or privacy and you don’t need as an individual to
worry about the management of all these different keys and addresses your wallet
software takes care of it for you and just gives you a very simple interface
that says how much is in the wallet and lets you spend it the wallet software
figures out all the details of which keys need to be
and how to generate new addresses and all of that stuff so one thing you need
to do if you’re going to be able to receive bitcoins in payment into your
wallet or spend them to somebody else is you need to have have a way of
exchanging an address with somebody so you can give them an address or receive
an address so that payments can happen and there are two main ways that
addresses are encoded or conveyed in this way the first one is as a text
string and the second is as a QR code so it’s a texts during what we do is we
take the bits of the key and we encode it as a number in base 58 notation and
then we use these 58 characters to to encode the digits in our base 58
notation so what this is basically is it’s all of the digits and capital
letters and small letters except that they’ve taken out a few that might be
confusing or might look like each other for example capital o and zero are both
taken out because they look too much alike
but other than that most of the characters are here and you can encode
in first in base 58 notation and then using this alphabet the second method
for encoding a Bitcoin address is as a QR code something like this this is a
simple a 2d barcode and you can do something like point your phone at this
take a picture and your phone can scan it and recover the bits of the address
and so this is the sort of thing you might use for example in a store or if
you want to have a phone to phone communication well my phone might
display a barcode like this which is my address on it and your phone might take
a picture of it in order to get the address
so this down here actually is an active address and if you’d like to give me
some bitcoins feel free to to do so in segment 4.2 we’ll talk about hot
storage and cold storage recall that in 4.1 we talked about how
to store bitcoins on your local computer the equivalent of carrying money around
in your wallet or your pocket now the idea of hot and cold storage is that
you’re going to have some storage which is which is hot or online as on your
phone or in your local computer and as and as we covered before storing
bitcoins in that way is convenient but it’s also somewhat risky you keep some
money in hot storage and you keep some money in cold storage cold storage is
offline it’s locked away somewhere it’s not connected to the Internet and it’s
archival it’s more secure it’s safer but of course it’s not as convenient so this
is similar to how you carry some money around on your person but you don’t keep
your life savings on your person you put that somewhere somewhere safer and so
when we’re using this strategy of hot and cold storage we’re going to have
separate keys and separate addresses for the coins that are stored either on the
hot side or the cold side and so the main topic of discussion here the main
thing we need to go over is how you move coins back and forth between the hot and
cold sides and what the relationship is between the sides okay so obviously
you’re going to have to have separate secret keys to control the coins on the
hot side and the cold side the whole point of cold storage is that the coins
that are in cold storage are not vulnerable to attack or loss because if
the hot storage is compromised and so you need to have separate private keys
for hot versus cold storage and of course each side needs to know the
addresses that the other side is using because you want to be able to transfer
money back and forth between the different sides between the hot side and
the cold side and so each side has its nose its own secret keys and it also
knows the addresses at which the other side will accept transfers and that lets
you do transfers back and forth now in practice of course the cold storage is
not online and so the hot storage and the cold storage won’t be able to
connect to each other across any network so you can think of the cold storage as
being locked up somewhere while the hot
storage is operating now the good news here is that even if the cold storage is
offline and not connected to anything the hot storage still knows the
addresses at which the cold storage is willing to accept coins and that means
that the hot storage can send coins across to the cold storage even while
the cold storage is offline and that’s very nice at any time if the amount of
money in your wallet in your hot wallet becomes uncomfortably large you can just
transfer a chunk of it over into cold storage and you don’t need to put your
cold storage at risk by connecting it in order to receive that money on the cold
side next time the cold storage connects it
will be able to receive from the blockchain information about about the
those transfers to it and then the cold storage will be able to do what it wants
with those coins okay but now we have a little bit of a problem if you think
about it which is how we manage these addresses on the one hand as I said in
segment 4.1 we want for privacy reasons and for other reasons to be able to
receive each coin at a separate address and to be able to manage the different
secret keys that are used at that address and so whenever we transfer a
coin from the hot side to the cold side we’d like to use a fresh cold address
for that purpose but because the cold side is not online we have to have some
way for the hot side to find out about those addresses and that’s the problem
that we need to solve now there’s a kind of awkward solution to this which would
work but we’d prefer not to use and that is this that we have the cold side
generate a big batch of addresses all at once we transfer those addresses over to
the hot side and then we use them up one by one and the drawback of that is that
we’re periodically going to have to reconnect the cold side in order to
transfer more addresses and we might worry that while we’re out and about
spending our bitcoins on a night on the town that the hot wallet will run out of
these addresses and and that could be a problem so that’s an awkward solution
generating them in batches what’s a better solution a more effective
solution is to use a hierarchical wallet but that requires a little bit of
cryptographic trickery so let me explain the the trick behind hierarchical
wallets so just to review previously when we
talked about key generation when we talked about digital signatures back in
lecture 1 we talked about an API operation called generate keys which
generates a public key and a secret key the public key in a Bitcoin context
corresponds to the Bitcoin address that can receive coins and the private key
we still call a private key and that’s the key that allows us to spend or
control the coins that are sent to the corresponding address so this is how
things normally would work if we generated keys in the standard way but
with hierarchical key generation we do things a little bit differently rather
than just doing generate keys we do a heroic hierarchical key generation
operation and this generates two things it generates rather than an address it
generates what we’ll call address generation info and rather than
generating private key it generates what we’ll call private key generation info
and now we can take this information and generate multiple keys for example given
the address generation info we can apply a gen address operation and give it the
address generation info and some integer I and that will generate the I thad ress
in a whole series of addresses and we can do this for any integer I and any
integer I we can generate the I a dress and the sequence given only that integer
and the address generation info similarly on the private key side we can
take this private key generating info and use it to generate a key again using
any integer I and what we get is the IP in the sequence right now what makes
this useful is that it has two important properties first that the I third recipe
i key matchup and correspond to each other just as if they were generated the
old-fashioned way and what i mean by that is that a coin that’s transferred
to the ipad ress will be spendable and controllable by somebody who knows the
IP so these behave just like a regular address in a regular key the other thing
that’s important is that we have a security property and the security
property is this that the address generation info doesn’t leak keys that
is it doesn’t leak any information about what the keys might be and that
means that it’s safe to give the address generation info to anybody and so that
anybody can be enabled to generate the ice key
now not all digital signature schemes that exist can be modified in a way like
this – to support hierarchical key generation some can and some can’t but
the good news is that the digital signature scheme used by Bitcoin which
is called ECDSA does support hierarchical key generation and so we
can do this trick and the reason this is useful for hot and cold storage is that
we can take this operation and split it up between the hot side and cold side of
our storage like this everything that has a blue background here is done on
the cold side and everything that has a red background is done on the hot side
and so what we do is at the very beginning on the cold side we do the
generate keys hierarchical operation we then take the private key generation
info that that makes and keep it on the cold side and we take the address
generation info that that makes and pass it across to the hot side then once
we’ve done that the hot side can generate the entire sequence of
addresses on its own without neither needing any further communication with
the cold side we can generate an arbitrarily long string of addresses or
at least long enough that we never have to worry about running out and on the
private side we can generate the corresponding keys again without needing
to communicate we can generate that later so if we do things this way
there’s only one passage of information from the cold side to the hot side about
keys and addresses that happens once at the very beginning of the situation and
once that’s done then no further connection is required and so this lets
us use separate keys and separate addresses for every coin that’s passed
across to the cold side but without requiring a lot of back-and-forth
communication and critically for security without requiring the cold side
to connect to the net or pass information out in any way except once
at the beginning okay so with that in place we can talk about the different
ways in which cold information can be stored I said earlier that information
on the cold side whether it’s a key or key generation info or something else is
stored offline but let’s get more specific about exactly how it is stored
the first way we can store it is to store the information in some kind of a
device and just put that device in a safe it might be a laptop computer it
might be a mobile phone or tablet or it might just be a thumb drive but whatever
it is we store the information on that device we turn the device off we lock
the device up and now obviously if somebody wants to steal this they have
to get into our locked storage and get that device away from us the second
method we can use is called the brain wallet and in a brain wallet what we’re
doing is we are taking the information that we want to protect and we’re
encrypting it under some kind of passphrase or password that a user
remembers then in order to get the information back later we’re going to
ask the user to give us the passphrase and then we’ll be able to decrypt if we
do this and if the crypto is done correctly and if the user picked a good
passphrase then the security of this will be as good as the security of the
passphrase and as long as the user isn’t tricked or coerced into giving up the
passphrase and as long as the adversary can’t guess the passphrase then our data
is going to be secure but this of course is subject to the same kind of attacks
that passwords typically are the third thing we can do to protect information
offline is what’s called the paper wallet we can take the information and
we can print it out onto paper and then we can put that paper in some safe or
secure place we can lock it in a safe deposit box or something like that now
the benefit of doing that obviously is that again just like with a device the
security of this is just as good as the physical security of the paper that we
that we’re using this is a Bitcoin paper wallet they come in different shapes and
sizes but this is one example what you see over here is the public address the
address of this of this wallet and this is shown in two ways first as a 2d
barcode as a QR code and then second down here you see it as a character
string in the base 58 notation now originally this side over here was
sealed because it has the private key within it and you don’t want
give away the private key too easily we can open this up originally would we
would have broken a seal and we have this stuff here that’s designed to
frustrate scanners and people looking through and so on and eventually we open
it up and we see over here this which is a 2d barcode which contains the the
private key that controls access to this wallet now this particular wallet
doesn’t have any coins in it I wouldn’t be showing you the private key if it had
any coins of mine in it but but this is the experience that you would have and
this is a thing that you can hand out to someone and in fact this was handed out
at a conference as an example so this shows how you can take a how you could
take Bitcoin Bitcoin wallet and encode it as a paper artifact you could take
this thing I could seal it up put in an envelope and put it in a safe deposit
box and and it would be relatively safe there the fourth way that we can store
offline information is to put it in some kind of tamper proof device some sort of
device that resists tampering the idea is that we either put the key into the
device or the device generates the key and then the device is designed so that
there’s no way it will output or divulge the key the device might sign a
statement with the key when we say press a button or give it some kind of
password but the device is designed so that it doesn’t give out the key and the
advantage of that is that again the security of the key is we hope as good
as the security of the device and in particular if we lose the device or if
it’s stolen we’ll know it unlike the theft of information about a
key where we might not know that someone has learned our key if the key is built
into a device and the device can never divulge the key then if someone has
stolen the key it net they will necessarily have stolen the device and
will know that the device is missing so this has some advantages as well now in
general people may use a combination of all four of these methods in order to in
order to secure their keys for hot storage and especially for hot storage
holding large amounts of bitcoins people are willing to work pretty hard and come
up with novel security schemes in order to protect them and we’ll talk a little
bit about one of those more advanced schemes in the next segment if segment 4.3 we’ll talk about how to
share and split keys up to now we’ve talked about different ways of storing
and managing the secret keys that control bitcoins but we’ve always put a
key in a single place whether that’s locked in a safe or in software or on
paper it’s in one place and starting the key in one place leaves us with a single
point of failure so that if something goes wrong with that single storage
place then we’re in trouble so here what we’d like to do now is be
able to take a key and split it up into pieces and share those pieces around so
that we avoid the single point of failure problem and so we’re going to
introduce a cryptographic trick called secret sharing the idea is we’re going
to take some secret in in our case a secret key and we’re going to divide it
up into some number and of pieces and we’re going to do that in such a way
that if we’re given any K of those pieces then we’ll be able to reconstruct
the original secret but if we’re given fewer than K pieces then we won’t be
able to learn anything about the original secret so for example we might
have N equals two and K equals two that means we’re dividing the secret into two
pieces and you need both pieces to put them together in a specific way of
getting N equals to K equals to secret sharing like this is as illustrated here
that first we’re going to generate a number P which is a large prime number
doesn’t need to be secret or anything just just really big s this is going to
be the secret and the secret has to be between 0 and P minus 1 inclusive and
then we’re going to generate a random value R secretly which is also within
the range of between 0 and P minus 1 and now we’re going to split our secret into
two pieces X 1 and X 2 piece X 1 is going to be s plus R modulo P and
remember that modulo is the operation that sometimes written with the percent
sign in programming languages it just means take this value s plus R and
divide it by P and keep the remainder when we do that division that’s as plus
our modulo P so that’ll be X 1 our first share and the other share X 2 is going
to be s plus 2 our modulo P and now if we have both of these shares
X 1 and X 2 we can combine them to reconstruct the secret s what we do is
we compute 2 times X 1 minus X 2 modulo P so 2 times X 1 is 2 s plus 2 R and X 2
which we’re subtracting off is s plus 2 R and so we have two s minus s that
leaves us with an S we have 2 R minus 2 R and so the two R’s cancel out and
we’re left just with s mod P which is equal to s because s is less than P and
so we can reconstruct the secret in this way so given two shares we can
reconstruct but given only one of the shares it turns out we don’t learn
anything and to see why that is consider X 1 we took s which is the secret but we
added to it a random number which is which which could take on any value
between 0 and P minus 1 with equal likelihood and if you think about it you
can convince yourself that the result then of S Plus R modulo P is equally
likely to take on any value between 0 and P minus 1 and that’s true regardless
of what s was and so this share by itself convict just looks like a purely
random number and doesn’t convey anything about what the value of s might
have been similarly this share by itself is also equally likely to take on any
value between 0 and P minus 1 and therefore it doesn’t convey any
information about s so that’s N equals 2 K equals 2 given both shares we can get
back the secret given 1 share we can’t okay now in general we can talk about
how to get higher values of N and K for example let’s talk about how to get
higher values of n where K equals 2 that is we’re going to want to require two
shares to be put together to reconstruct the secret but we’re going to make more
than two shares that that are eligible for use in this way and so the way we’ll
do that is to draw our X standard x and y axis here and we’re going to add a
point here at 0 comma s where s is the secret and so obviously if somebody can
learn what this point is then they will have reconstructed the secret ok now
we’re going to now we’re going to draw a line and we’re going to draw a line that
has a random slope our R is going to be generated ran
and so and so we would get a line like this and now we can give out shares the
first share is this point here at x equals one and y is s plus R the second
share is here at x equals two and Y turns out to be s plus 2 R the third
share is here x equals 3 and y is s plus 3 R and so on we can go as far up this
line as we want and generate as many shares as we want ok now if you think
about it you can convince yourself that given any two points you can interpolate
and find S right that’s a property of a line given any two points on a line you
can interpolate the line imagine setting down a ruler that exactly touches say
these two points and then you can just draw a straight line along that ruler so
given any two points you can reconstruct what this line is you can see where the
line crosses the y-axis that will be 0 comma s and that will give you back the
the secret but given just one point you don’t really know anything because if
you have say this point well the line might be sloped like this but equally
likely it might be sloped like this it could be sloped any way at all and so
given just this point you don’t really know anything about where this line
might cross the y-axis so you don’t know anything about s and in fact you can
prove that if you do this arithmetic modulo a large prime P like we did
before in the previous slide that in fact you can prove that any two points
are sufficient to interpolate and find s and fewer than two points don’t tell you
anything about s and so this gives us N equals any value in K equals two all
right but but now what if we wanted to require more than two points well for
two points we drew a line because any two points are sufficient to uniquely
specify a line if we want to require three points what we’re going to do is
use a quadratic function because any three points are sufficient to
reconstruct a quadratic function and so we can use this table to understand
what’s going on so if we use the equation s plus rx
mod P with the random parameter R that’s the slope that we saw in the previous
slide then you need two points to recover the S because you need two
points to interpolate a line if on the other hand if then you use a
quadratic that is s plus some random value r1 times X plus some other random
value r2 times x squared then there are two random parameters r1 and r2 and with
any three points you can uniquely interpolate a quadratic and get back s
and we can just go up the ladder here if we use a cubic function there are three
random parameters we need four points and in any case you can generate as many
points as you want on the line or the quadratic or the cubic and therefore you
can get any value of n and you see how you can get any value of K by just going
to higher and higher order polynomials and so this scheme will let you take any
secret and split it into n shares such that K shares or more are needed to
reconstruct and that turns out to be a really useful thing because now you can
take a secret key or other secret information and split it up in this way
support k out of n splitting for any k n n so let’s talk about the good good and
bad that we get out of this process the good part is that we can store the
shares separately and the adversary needs to be able to recover K shares in
order to get back what the secret was and that’s a good news right that means
that if we use say K equals 3 and equals 4 the adversary needs to get break into
three separate places and if we’re clever about storing those separate
shares in places that are far apart and independently secured then we can make
the adversaries job much more difficult and indeed if we notice that the
adversary has compromised one of those places we can then race out and try to
recover the other shares and address the problem the other thing that’s good
about this is that we can afford to lose some of the shares if we do three out of
four secrets splitting then we can lose one share and we’ll still have three
left and so we can put those three remaining ones together and still get
back the key so even though we’re spreading out the information there are
more places where information might be lost we can also tolerate the loss of
some of those in general we can tolerate the loss of n minus K of them now that’s
the good news the bad news is that if we take a key and we split it up in this
way and we then want to go back and use the key to sign something we still need
to bring the shares together and recalculate the initial secret
in order to be able to sign with that key and that point where we bring all
the shares together and recombine them is still a single point of vulnerability
where an adversary might be able to attack us and that’s the bad news so
although this is useful it’s not a panacea and there’s something else that
we’d like which is the ability to generate separate shares and use those
shares separately in order to sign and and that’s what’s behind the concept of
multi-sig that we saw earlier in lecture 3 so if you recall multi-sig in lecture
3 it lets you keep the shares or the different pieces that need to sign a
particular transaction apart and to allow them to approve the transaction
separately without needing to reassemble the key at any point so just as an
example of application of that suppose that Andrew Arvind IDI and Joseph are
coworkers let’s say they’re cofounders of a company and the company has a lot
of bitcoins hey you know we can dream now what we might want to do is use
multi-sig to protect our large store of bitcoins so what we’re going to do is
have each of the four of us generate a key pair and we’re going to for our
company’s cold storage store the coins so that we require multi-sig with three
out of the four keys signing now the result of that is that we know that
we’re relatively secure if the four of us keep our keys separately and secure
them differently that someone would have to compromise three out of the four keys
that if some employee or even two employees go rogue those rogue employees
can’t steal all of the company’s coins because you would need a conspiracy of
three out of four to do that and we also know that if something goes wrong if one
of us loses our key or if one of us gets run over by a bus and can’t and our
brain wallet is lost the others can still get the coins back and transfer
them over to a new place and so multi-sig allows you or helps you to
manage large bodies of cold storage poins in a way that’s relatively secure
and that requires action by multiple people before anything drastic happens in segment 4.4 we’ll move on to talk
about online wallets and exchanges thus far we’ve talked about ways in which you
could store and manage your bitcoins yourself now we’ll talk about ways in
which you can use other people’s services to help you do that so the
first thing you could do is to use an online wallet an online wallet is kind
of like a local wallet that you might manage yourself except that the
information is stored in the cloud and so you have some kind of say web-based
interface like this this is from one called blockchain but there are plenty
of other online wallet services you might have a website that you use on
your computer you might have an app that you use on your phone so it’s like a
local wallet bits in the cloud it might typically run in your browser which
means the site sends the code that does all of the operations the site will
store your keys at least it will have the ability to
access your keys ideally the site will encrypt those keys under a password that
only you know but of course you have to trust them to do that you have to trust
their code to not leak that key or leak that password and then of course you
would log in in order to access the wallet okay so an online wallet has
certain trade-offs compared to doing things yourself one of the big
advantages is that it’s convenient you don’t have to install anything in on
your computer in order to be able to use an online wallet in your browser on your
phone you maybe just have to install an app once it’ll work across multiple
devices you can have one wallet that you access on your desktop and on your phone
and it will just work because the real wallet lives in the cloud but there are
security worries if the site or the people who operate the site turn out to
be malicious or are compromised somehow now you have to worry about the
information of yours that they’re storing you have to worry about the fact
that they’re supplying code that has its grubby fingers on your bitcoins and
they’re all there are things that can go wrong if there’s a compromised or malice
at the service provider ideally you would hope that the site and this or the
service is run by security professionals who are better trained or perhaps more
diligent than you in protecting the security of things and so you hope that
they do a better job and that your coins are actually more secure but at the end
of the day you have to trust and you have to rely that they won’t be
compromised now another approach instead of an online wallet is something that
that functions rather more like a bank in the real world and to set context for
this let’s talk about how banks or bank like services operate in the traditional
economy so this is pretty simple right you give the bank some money that’s a
deposit and then the bank and exchange promises to give you back that money
later and of course crucially the bank doesn’t actually just take your money
and put it in a box in the back room all the bank does is promise that if you
show up and ask for the money they’ll give it back the bank will typically
take that money put it somewhere else they’ll invest it or something else like
that the bank will probably keep some money around in reserve in order to make
sure that they can pay out the demand for withdrawals that they’ll face on a
typical day or maybe even an unusual day and many banks typically use something
called fractional reserve where they keep a certain fraction of all of the
demand deposits on reserve just in case now Bitcoin exchanges are businesses
that at least from a user user interface standpoint function in a way that’s
similar to banks that is they accept deposits of bitcoins you can transfer
your bitcoins to in exchange and they will just like a bank promise you that
they will give them back on demand later you can also transfer fiat currency that
is traditional currencies like dollars or Euros and or the or similar into in
exchange by doing a transfer from your bank account and so you can make
deposits of both of these sorts of things and they promise to pay back
either or both of them on demand and what they then let you do is again
various banking like things they let you make and receive Bitcoin payments you
can direct the exchange to pay out some some bitcoins to a particular party or
you can ask someone else to deposit funds into a particular exchange on your
behalf put them into your account and they also let you exchange bitcoins for
for fiat currency or vice-versa and typically the way they do that is they
find some customer who wants to buy bitcoins with dollars and some other
customer who wants to sell bitcoins for dollars and they try to match them up
that is the try to find customers who were willing
to take opposite positions in a transaction so that there’s a mutually
acceptable price and then they will consummate that transaction now it’s
important to understand what happens if you buy or sell bitcoins in an exchange
so suppose my account at some exchange starts holding five thousand dollars in
three bitcoins and I use the exchange I put in an order to buy two bitcoins for
five hundred and eighty dollars each and eventually the exchange find someone
who’s willing to take the other side of that transaction and the transaction
happens so the result of that is that my account is different now I have 5
bitcoins instead of 3 and I also have three thousand eight hundred and forty
dollars that is that’s my five thousand initial dollars – five hundred and
eighty dollars each times two big points that’s thirty eight forty so now that’s
what’s in my ex my account but the important thing to note here is that
when this transaction happened involving me and another customer of the same
exchange that no transaction actually happened on the Bitcoin blockchain
because the exchange didn’t need to go to the blockchain in order to transfer
from my account in order to into that other person’s account some dollars or
in the other direction some bitcoins so all that happens in this in this
transaction is that the exchange is now making a different promise to me than
they were making before before they said we’ll give you five thousand dollars in
three bitcoins now they’re saying we’ll give you three thousand eight hundred
and forty dollars in five bitcoins it’s just a change in their promise no
actual movement of money through the dollar economy or through the Bitcoin
blockchain and of course the other person has had their the exchanges
promised to them change in the corresponding opposite way now there are
pros and cons to using exchanges the one of the big pros is that exchanges help
to connect the Bitcoin economy and the flows of bitcoins with the fiat currency
account economy the dollar and euro and in other national currency economy so
that it’s easy to transfer value back and forth if I have an accountant in
exchange and I have a bunch of dollars and a bunch of bitcoins I can trade back
and forth between dollars in bitcoins pretty easily and that that’s really
helpful the con is risk that because in exchange functions in
some ways like a bank that is that it is accepting demand deposits that it’s
accepting payments of money to it in exchange for a promise to pay money back
later that you have the same kinds of risks that you face with banks and those
risks really fall into three categories the first risk is the risk of a bank run
this of course is a famous scene from the movie It’s a Wonderful Life Jimmy
Stewart is running a credit union another Bank like business and all of
these people have shown up and they want their money back this is a bank run and
Jimmy Stewart explains to them I don’t have your money in the back room I lent
out your money to Fred so he could open his hardware store and so on so one of
the risks is that even if the bank is solvent on paper that you might show up
and want your money back and the bank might be unable to produce it and
there’s a danger of a kind of panic behavior where where once the once the
rumor starts to get around that a bank or exchange might be in trouble and they
might be getting close to not honoring withdrawals then people Stampede in to
try to withdraw their money ahead of the crowd and you get a kind of avalanche
and that’s what Jimmy Stewart was able to stave off with his eloquence in in
the movie the second risk is that the owners event the banks might just be
crooks this is Charles Ponzi inventor of the Ponzi scheme a Ponzi scheme is a
scheme where he would get people to give him money in exchange for wonderful
wonderful profits in the future only he would actually take their money and use
them to pay out the wonderful wonderful profits to people who bought previously
and so his schemes were always insolvent and were doomed to eventually fail and
lose a lot of people a lot of money which is why he went to prison and so
there’s the risk that the people who run the exchange are just crooks the third
risk is the risk of a cyberattack the risk that someone will manage to
penetrate the security of the exchange exchanges have large numbers of bitcoins
that means that they store key information that controls large numbers
of bitcoins and they need to be really careful about their procedures and how
they manage their cold and hot storage and all of that and if something goes
wrong if that key information is copper if a suitable quorum of employees is
compromised then your money could get stolen from the exchange and all of
these things have happened we have seen exchanges that failed due to the
equivalent of a bank run we’ve seen exchanges that fail due to the operators
of the exchange being crooks and we’ve seen exchanges that failed due to
break-ins and in fact the studies on this are not encouraging the best
studies I think best study I think shows that at least as of the time of the
study something like 45% of Bitcoin exchanges had ended up closing due to
some failure some inability to pay out the money that that the exchange had
promised to pay out the most famous example of this of course is Mount GOx
Mount GOx was at one time the largest Bitcoin exchange and it eventually found
itself insolvent that is unable to pay out the money that it owed and Mount DOX
was a Japanese company and it ended up declaring bankruptcy leaving a lot of
people including these two gentlemen wondering where their money had gone
right now Mount GOx and the bankruptcy of Mount cocks is
tangled up in the Japanese and in American courts and it’s going to be a
while I think before we know exactly where the money went the one thing we
know is that there’s a lot of it and Mount GOx doesn’t have it anymore so
this is a cautionary tale about the use of exchanges now connecting this back to
banks we don’t see a 45 percent failure rate for banks in most developed
countries and the reason for that partly is is because is because of regulation
for traditional banks government regulates in various ways the first
thing that governments do is they often impose a minimum reserve requirement in
the US this is typically three to ten percent of demand deposits a bank is
required to have in liquid form so that it can deal with the surge of
withdrawals if that happens second the regulator’s often regulate the types of
investments and money management methods that banks can use to make sure that the
bank’s assets are invested in places that are relatively low risk because
those are really the assets of the depositors in some
now in exchange for these forms of regulation governments typically do
things to help banks or at least protect their depositors first governments will
issue Deposit Insurance that is that they’ll tell depositors that if you
deposit your money in a bank that follows these rules then we the
government guarantee that if the bank goes under we will make good on at least
part of those deposits for you and the other thing that government sometimes do
is act as a lender of last resort and what that means is that if a bank gets
itself into a tough spot but it’s basically solvent that the government
may step in and loan that bank money in order to tide it over until it can move
money around as necessary to to get itself out of the woods so traditional
banks are regulated in this way Bitcoin exchanges are not the question of
whether or how Bitcoin exchanges or other Bitcoin businesses should be
regulated is a topic that we’ll come back to in lecture 7 now there is one
interesting thing that a Bitcoin exchange or somebody else who holds
bitcoins can do which relies on some cryptographic tricks to give users or
customers some amount of comfort about where the money went or where the money
is that those people deposit it into the into the Bitcoin business and that’s
what’s called the proof of reserve so let me explain how that works
the idea the goal here is that a Bitcoin exchange or some other business that’s
holding bitcoins can prove that it has a fractional reserve it can prove that we
have at least let’s say 25% or maybe that we have a hundred percent of the
deposits that people have made with us available and under our control if need
be and so the way that proof of reserve works is you break the problem into two
pieces first you prove how much reserve you’re holding that’s the relatively
easy part so the the company publishes a valid
payment to self transaction of that amount that is if they claim to have a
hundred thousand bitcoins they create a transaction in which they pay a hundred
thousand bitcoins to themselves and show that that transaction is valid then they
signed some challenge string that is some random string of bits that was
generated by some impart party and they sign that challenge
string with the very same private key that was used to validate that payment
to self transaction that proves that someone who knew that private key was
participating in this proof of reserve now strictly speaking that’s not a proof
that the party who’s claiming to own the reserve owns it
all this proves is that whoever does own that hundred thousand bitcoins is
willing to cooperate in this process but nonetheless this looks like a proof this
this looks something like a proof that somebody controls or knows someone who
controls the given amount of money so the first piece is to prove how much
reserve you have and the second piece is to prove how many demand deposits the
group holds and if you can prove those two things then somebody can simply
divide those two numbers and that’s what your fractional reserve is one more
thing to note before we go on and talk about how you prove how many demand
deposits you hold that’s the tricky part is that in proving how much reserve
you’re holding you could under claim that is the organization might have
150,000 bitcoins but but choose to make a payment to self of only a hundred
thousand and so this proof of reserve doesn’t prove that this is all you have
but it proves that you have at least that much okay now how do you prove how
many demand deposits you hold in order to do that we’re going to use a trick
that relates to the Merkel trees that we talked about in lecture 1 and if you
recall a Merkel tree is a binary tree that’s built with hash pointers so that
each one of these pointers not only says where we can get a piece of information
but also what the cryptographic hash of that information is now we’re going to
add to each one of these hash pointers another field or attribute so we’re
going to add to each hash pointer a total value that is a total monetary
value in bitcoins of all of the things that are underneath that hash pointer in
the tree so for example this hash pointer here would be tagged with the
total value in this entire left subtree right now down here at the bottom we’re
going to have one item for each user for each users or customers account and
we’re going to combine these up the tree so that each node will the hash pointer
coming out of it will be labeled with the sum of the values on the two hash
pointers down below so that will be a valid total for the
sub-tree so that’s so we can construct that structure and then the exchange
that wants to do the proof of Reserve can cryptographically sign the root hash
pointer here which is making a claim that this is a valid tree and that
everybody is down here okay now each customer can then go to the organization
and they say ok prove it to me if this is prove that my account is included in
your tree and so I can go to the exchange I can make that I can make that
demand and they can show me this partial tree I can see that this that up here
that the hash pointer is the same hash pointer that they sign I can see that
the hash pointers are consistent all the way down and that that is that the hash
stored in this hash pointer actually is the hash of this the cryptographic hash
of this node and so on for each hash pointer all the way down and so just
like with the Merkle tree that proves that my account here was in the tree
that they initially committed to I also am going to verify that that that the
amounts in the hash pointers add up all the way down so for example the amount
the total value in this hash pointer adds up to the same total as this hash
pointer plus this hash pointer which is included in this node and I make sure
that on this path down to my account that the totals add up all the way now
if you think about it if everybody does this if everybody makes a demand to see
their own account then every branch of this tree is going to get explored and
someone is going to verify that for every node in the tree that the value of
the hash pointer pointing to that node is equal to the sum of the value on
these two children and so if everyone does this then they will collectively
prove over the whole tree that that the values are added correctly going up the
tree it’s ok ok so this is the scheme that we’re that first the the exchange
builds a tree like this that includes all their customers accounts at the
bottom and sums the total values going up the top then all customers are really
realistically those customers who are willing to go to the trouble demand to
see the partial subtree that includes their
and verify that everything adds up and if that works then we can believe that
the organization is correctly reporting all of the accounts that they have or
actually to be a little bit more precise they can claim to have more accounts
than they really have all they’re proving is that every actual account
appears somewhere in the tree now let’s let’s review so first you they’ve proven
that they have at least X amount of reserve currency by doing a self
transaction of X amount then they’ve proven that their customers have at most
an amount Y deposited and of course they can they can claim that in the other
direction as well so what that means is that the reserve fraction is if they
reported exactly accurately it’s X over Y if in fact X is larger than the
reserve fraction is larger than they’re claiming or if Y is smaller than the
reserve fraction also because this is in the denominator is also larger than
they’re claiming and so when they prove an X improve the y this way you can
guarantee that the actual reserve fraction they’re holding is at least as
big as what they’re claiming and therefore they can prove or reserve to
you and what that means is that if a Bitcoin exchange wants to prove that
they hold 25 percent reserves on all deposits or 100% they can do that in a
way that’s independently verifiable by anybody and no central regulator is
required so that’s an aspect of regulation that Bitcoin exchanges can
prove voluntarily but other aspects of regulation as we’ll see in a later
lecture are harder to guarantee in segment 4.5 we’ll talk about payment
services thus far we’ve talked about how you can store and manage your bitcoins
now we’re going to talk about how a merchant can accept payment in bitcoins
in a practical way so the scenario here is that we have a merchant maybe it’s an
online seller of some kind of goods or services maybe it’s a local retail
merchant and they want to be able to receive payments in bitcoins now the
reason they want to be able to receive payments in bitcoins let’s say is not
that the merchant is so excited about bitcoins but simply because their
customers want to be able to pay in bitcoins what the merchant wants is to
receive dollars or local fiat currency whatever that is at the end of the day
they want to have some way of receiving payments in bitcoins which is easy for
them to deploy so they don’t have to worry a lot about tech technology
changing their website or building some kind of point-of-sale technology and
they also want low-risk their various risks associated with receiving payments
in bitcoins and the merchant doesn’t want to have to worry about those so
they don’t want to have to worry about technology risk that is that by the risk
that by changing their technology something will go wrong their website
will go down something will malfunction and that will
cost them money they don’t want to deal with the security risks of handling
bitcoins the possibility that someone will break into their their hot wallet
or some employee will make off with their bitcoins and they don’t want to
deal with the exchange rate risk that the value of a Bitcoin in dollars may
fluctuate from time to time and the merchant who might want to sell a pizza
for $12 wants to know that they’re going to get $12 or something close to it and
that the value of the bitcoins that they received in exchange for that pizza
won’t drop drastically before they can get it before they can exchange those
bitcoins for dollars so the merchant wants to be isolated from all of that
and so the reason that we have payment services is fundamentally to allow both
of these parties to be happy and get what they want while someone else takes
care of bridging the gap between these these different desires so the process
by which a merchant might arrange to accept Bitcoin payments on their site
through a payment service would work something like this the merchant would
first go to the payment services website and they’d fill out a form that look
something like this this particular form comes from a service called coinbase and
so the merchant says all right I want to display a button on my web page I want
it to be a Buy Now button I want the button to look like this here’s the name
of the item that is being bought here’s the the sale price amount which can be
in either bitcoins or dollars or some other currency and then here’s where the
funds should be sent but when my when when the customer buys the merchant then
having filled that out presses this button to generate button code and out
will come a bunch of HTML code that the merchant can just drop into their
website the merchant will put that into their website and in what will appear on
the website to the customer will be a button that looks like whatever they
chose when the customer pushes that button then a bunch of payment magic
will happen and the merchant will eventually get a confirmation saying
that yeah a payment was made by this customer for alpaca socks in
such-and-such amount so the way that that actually works or one typical way
that that the mechanism might work for a payment is illustrated here here we have
down at the bottom a user who wants to buy something from from the merchant
who’s up here and we have over here the payment service okay so the user goes to
the merchants web site they shop they pick out an item they want to buy and
when it comes time to pay the merchants will deliver a webpage which will
contain the pay with Bitcoin button and it will contain some other information
it will contain a transaction ID that is some identifier that is meaningful to
the merchant in their own accounting system along with an amount that they
want to be paid and this will basically be the magic HTML code that was provided
earlier by the payment service the user if they want to pay with bitcoins will
click that button that will cause a that will cause information to be sent to the
payment service as an HTTP or HTTPS ideally request which says that that
button was clicked here’s the transaction ID from the merchant here’s
the amount and of course the identity of the merchant is implicit here when that
happens now the payment service know is that this customer whoever they are
wants to pay a certain amount of bitcoins and so the payment service will
pop up some kind of a box or do some kind of an interaction which with the
user in which the user will receive information about how to pay and the
user will then initiate a Bitcoin transfer to the payment service once the
user has created that that payment then the payment service will send back
information might be a redirect of some kind may be an HTTP redirect or some
something else that comes back to the users browser and causes the users
browser to send a message on to the merchant from the payment service saying
it looks okay so far and then later the payment service will directly send a
confirmation saying that yes in a in in correspondence with this transaction ID
that you could emerge incremental ikan firmed in the Bitcoin blockchain and the
payment service will confirm that it’s giving you the money at the end of the
day so once that happens now the merchant knows that the payment is
confirmed and they can go ahead and allow whatever the item is that this
user bought to be shipped out to the user and then the user will eventually
get the item and everyone is happy so this is a typical kind of flow the
details of the flow might work a little differently depending on which payment
service you’re using but that’s the idea from the merchants standpoint what
happens is they include this blob of HTML in their website that eventually
they get this this tentative okay things are going ahead and eventually a firm
confirmation from the payment service they use this transaction ID to match up
the purchase of this particular Snuggie by this particular user in their
accounting system and they use the confirmation to know they got paid and
now the final step is the one in which the payment service actually gives money
to the merchant ok so the end result of this whole process is the following that
the customer pays bitcoins some number of bitcoins that the merchant gets
dollars that’s what the merchant wanted they wanted to sell that item for a
particular number of dollars or whatever their local fiat currency is the
merchant gets the number of dollars they asked for – a small percentage the
payment service is going to take a small percentage as a fee maybe a couple of
percent and the payment service does everything else the payment service
receives the bitcoins that the customer paid it pays out the dollars maybe at
the end of every day it makes a deposit into the merchants
make account of all of the payments that came in that day and of course it keeps
a small percentage and that’s how it makes its profit and the payment service
absorbs all of the risks involved in this process it absorbs the security
risk so it has to have good management of the bitcoins of its cold storage and
all of that it absorbs the exchange rate risk because it’s receiving bitcoins and
paying out dollars if the price of dollars against bitcoins fluctuates
wildly the payment service might be unhappy then again if it fluctuates
wildly in the other direction the payment service might be happy but that
risk that uncertainty is part of in absorbing it as part of what the payment
service does one thing to note here is that the payment service if it’s
operating at large scale is receiving large numbers of bitcoins and paying out
large numbers of dollars and therefore it’s going to have a constant need to
exchange the bitcoins its receiving for more dollars so that it can keep this
whole cycle going and so a payment service is going to be an active
participant in the exchange markets that link together in this case the dollar
economy and the Bitcoin economy and that’s another thing that they need to
worry about not just what is the price of exchange but how can we manage to
exchange currency in this large volume but in exchange for doing all of this
stuff the payment service gets their fee and so this is potentially a lucrative
business because it solves the mismatch between the customers desire to pay
bitcoins and the merchants desire to just get dollars and concentrate on
selling goods in segment 4.6 we’ll talk about
transaction fees this is a topic that has come up before in a previous lecture
and it will come up again later in a later lecture
and transaction fees are one of the bits of how the engine-room of Bitcoin works
if you will and it touches a bunch of different topics so what I want to talk
about here today is the practical details of how transaction fees are set
in Bitcoin today we talked about storage in this lecture we’ve talked about
payment services we’ve talked about exchanges but bottom line is whenever a
transaction is put into the Bitcoin blockchain that transaction might pay
transaction fees now recall from a previous lecture that a transaction fee
is just defined to be the difference between the total value of coins that go
into a transaction minus the total value of coins that come out the inputs have
to be always at least as big as the outputs because a regular transaction
can’t create coins but if the inputs are a little bigger than the outputs then
the difference is deemed to be a transaction fee and that transaction fee
goes to the miner who recorded this transaction the miner who made the block
that records this transaction the economics of transaction fees are
interesting and we’ll come back to this in a later lecture but what I want to
talk about today is how transaction fees are actually set in Bitcoin as it
operates as of the time of this filming these things do change from time to time
but will give you a snapshot of what’s going on right now okay so why are
transaction fees exist at all well the reason is that there’s some cost that
someone has to incur in order to relay your transaction the nodes in the
Bitcoin peer-to-peer network need to relay your transaction and ultimately a
miner needs to build your transaction into their block and it costs them a
little bit of computational effort to do that and the time that they spend
calculating a block that’s slightly larger because it contains your
transaction it’s time that they could otherwise have spent trying to make a
block and get a block reward so there is a cost both to the peers in the
peer-to-peer network and to the miners of incorporating your transaction so the
idea of a transaction fee is to somehow compensate people for those costs that
they curr because your transaction exists
generally you’re free to set the transaction fee to whatever you want it
to be you can pay no fee or you can pay a high fee but as a general matter if
you pay a higher transaction fee it’s natural that your transaction will be
relayed and recorded more quickly and more reliably okay so the current
consensus transaction fees are as follows first of all no fee is charged
if the transaction is less than a thousand bytes in size in total size if
all of the outputs of the transaction are 1/100 of a Bitcoin or larger that’s
currently worth about five or six dollars u.s. and if the priority of the
transaction according to a certain formula is large enough the priority
formula works like this you look at all of the inputs to the transaction and for
each one you add up the product of the age of that input times the value of
that input in bitcoins you add that up over all the inputs then you divide by
the transaction size so if you meet these three requirements then no fee
will typically be charged and your transaction will be relayed and it will
be recorded in the blockchain without a fee otherwise a fee is charged and that
fee is about 0.0001 bitcoins per thousand bytes and that’s a fraction of
a US penny per thousand bytes now just as an aside the approximate size of a
transaction based on the number of inputs and the number of outputs is
about a hundred and forty eight bytes per each input plus about thirty four
bytes for each output plus about ten bytes for other information and so a
transaction that’s of small size has maybe two inputs and two outputs it’s
size would be four to five hundred bytes all right now the current status quo is
that most miners enforce the consensus fee structure which means that they will
either not service or will service last transactions that don’t meet the
consensus fee structure so if you don’t pay the consensus fee your transactions
will typically take longer to be recorded it’s worth noting that if you
pay a small fee that because of the way the priority calculation works the
priority includes age of your bitcoins the longer your transactions it’s
without being recorded the higher its priority will get because it’s bitcoins
get slowly older but in any case if you haven’t paid the Consensus fee your
transactions will probably take longer to find their way into the blockchain
maybe that’s ok with you most miners prioritize transaction based on the fees
that are paid and based on the priority formula and I’m not going to go into the
details of how that works but but if you pay more or if your priority is higher
according to the formula then your transaction probably gets memorialized
first now finally I said this was the consensus and that most miners do it but
in fact there are other miners who don’t enforce these rules and who will record
and operate on a transaction even if it pays a smaller fee or no fee at all so
if you make a transaction that doesn’t meet the fee requirements it will
probably find its way into the blockchain anyway but the way to get
your transaction recorded more quickly and more reliably is to pay the
consensus fee and that’s why most wallet software and most payment services
include the consensus fee structure in the payments that go on and so you’ll
see a little bit of money raked off for transaction fees when you engage in
everyday Bitcoin business in segment 4.7 we’re going to look at
currency exchange markets that is markets on which you can trade bitcoins
against fiat currencies like dollars and euros etc we’ve talked earlier about
Bitcoin exchanges and other types of businesses that are involved in trading
between bitcoins and fiat currencies but now we want to look at this as as a
market we want to look at the size of it the extent of it and how it operates and
we’ll look a little bit at the economics of this market the first thing to
understand about this if you’re new to it is that it operates in many ways like
the market between two fiat currencies like the market between dollars and
euros the price will fluctuate back and forth depending on how badly people want
to buy euros versus how badly people want to buy dollars on a particular day
so in the Bitcoin markets we can look at at data and in fact there are sites like
Bitcoin charts this is the Bitcoin markets page on Bitcoin charts which
shows exchanges the trade dollars against bitcoins and you can see there’s
a list of different exchanges or different places where you can trade
dollars against bitcoins here from top to bottom up here at the top we have
bitstamp which on this particular day had the highest volume for each one
there’s the current price for bitstamp on the day I took this screenshot it was
five hundred and eighty two dollars and fifty four cents you can get graphs you
can look at the average the volume etc you can look the 24-hour average price
was five hundred and eighty five dollars the volume was about 6100 bitcoins are
about 3.6 million dollars over the previous 24 hours so you can see there’s
a lot of trading here and if you go to this site live you can see the prices
move in real time as as trades get made so this is an active market it’s a
liquid market and there are plenty of places you can go to to buy or sell
bitcoins another place you can go besides an online exchange if you want
to buy or sell bitcoins is that you can use sites that help you meet people to
trade bitcoins in real life so here I went to local bitcoins calm it’s an
example I said I want to buy bitcoins in Princeton New Jersey United States and
it gave me a bunch of results a bunch of people who on this particular day were
willing to sell me bitcoins for what price
for how many and so I could then contact these people I could arrange to meet
them at a coffee shop somewhere or in a park or wherever it is and I could give
them dollars and in exchange they would give me bitcoins and so this is another
way to do it you can just find a person near you or you can find somebody you
know the very first bitcoins I bought I bought from one of my students who owned
some bitcoins I just gave him some dollars and he paid some bitcoins into
my digital wallet another thing you can do is you can go to a physical place
there are some places in the world or some regular meetups where it’s known
that people go to trade bitcoins and so you can go to a certain park a certain
street corner on a particular day and you know that there will be people
standing around wanting to buy or sell bitcoins and you can do business with
them and here you see a bunch of people at one of these meetups looking at their
phones with their apps to to transfer or verify transfer of bitcoins and so these
are all the ways that you can trade or the popular ways that you can trade
bitcoins against dollars okay now this is a market as I said and the market
matches buyers who want to do one thing with sellers who are willing to do the
opposite thing it’s a relatively large market meaning millions of US dollars
per day pass through it it’s not like the New York Stock Exchange or it’s not
like the dollars to euros market which is vastly larger but it’s relatively
large so that there is a notion of a consensus price and that a person who
wants to come into this market to buy or sell a modest amount at least will
always be able to find a counterparty the price of this market this consensus
price like the price of anything in a liquid market will be set by supply and
demand that is what is the supply of bitcoins
that might potentially be sold and what is the demand for bitcoins by people who
have dollars the price through this market mechanism will be set to the
level that matches supply and demand but let’s dig into that a little bit more
first of all let’s talk about what is the supply of bitcoins the supply of
bitcoins that is the bitcoins that you might possibly buy in one of these
markets is first of all equal to the supply of bitcoins that are in
circulation currently of course there’s a fixed number of bitcoins in
circulation at the time of this it’s about 13.1 million and the rules of
Bitcoin is they currently stand say that this number will slowly go up and to hit
a limit of 21 million eventually but you might also sometimes include demand
deposits of bitcoins that is if someone has put money into their account in and
Bitcoin exchange and the account doesn’t keep a full reserve to meet every single
deposit then you’ll have demand deposits at that exchange that are larger than
the number of coins that the exchange is holding and depending on exactly what
question you’re asking about the market it might or might not be be correct to
include demand deposits in the supply so when should you include demand deposits
well basically you should include demand to mark a deposits in a market analysis
when demand deposited money can be sold in that market so for example if you’re
talking about exchange of dollars for bitcoins that can happen in an exchange
if I have bitcoins demand deposited in an exchange I can trade those for
dollars and so if that’s the scenario you’re looking at it would make sense to
include demand deposits in that exchange as part of the supply it’s worth noting
as well that when economists conventionally talk about the supply of
a fiat currency they typically include in the money supply not only the
currency that’s in circulation that is the actual paper and metal money but
also the total amount of demand deposits and that’s for the logical reason that
people can actually spend their demand deposited money to buy stuff and so
although it’s tempting to say that the supply of bitcoins is fixed at 13 point
1 million currently or 21 million eventually for some purposes we have to
include demand deposits where those demand deposits function like money and
so the supply might not be fixed in the way that some Bitcoin advocates claim
and we need to look at the circumstances of the particular market we’re talking
about in order to understand what the proper money supply is but let’s assume
we’ve agreed on what supply we’re using based on what market were analyzing
let’s now look at demand there are really two main sources of demand for
bitcoins there’s demand for bitcoins as a way of
mediating fiat currency transactions and there’s demand for bitcoins as an
investment so first let’s look at mediating fiat currency transactions so
here’s this scenario imagine that Alice wants to buy something from Bob or wants
to pay some money to Bob and Alice and Bob want to transfer let’s say a certain
number of dollars but they find it convenient to use Bitcoin to do this
transfer perhaps they’re at a distance Alice wants to be able to email the
money to Bob perhaps they like the fact that they can
have very low transaction fees in Bitcoin and lower than some other
service whatever the reason they want to use bitcoins to mediate this transaction
so the way that works is this that first Alice buys bitcoins for dollars Alice
then sends those bitcoins to Bob as a Bitcoin transaction once the once that
transaction is recorded in the blockchain and it’s confirmed to bob
satisfaction bob will sell those bitcoins for dollars and get the dollars
back so Alice starts by putting in dollars Bob ends by getting out dollars
but the key thing for the purpose of Bitcoin demand is that the bitcoins that
are mediating this transaction that are bought by Alice in step one and sold by
Bob in step three have to be taken out of circulation and they’re devoted to
serving this transaction during the time that the transactions going on and that
creates a demand for those bitcoins if there are a lot of people who want to
mediate transactions like this whether those are fiat currency transactions or
other transactions if they want to mediate transactions that will generate
demand for for bitcoins so that’s the first source of demand the second source
of demand is that bitcoin is sometimes demanded as an investment that is
somebody wants to buy bitcoins and hold them in the hope that the price of
bitcoins will go up in the future and that they’ll be able to sell them so to
the extent that people buy are buying and holding those bitcoins those
bitcoins are out of circulation but there’s a demand to buy bitcoins at
least depending on the price when the price is low you might expect a lot of
people to want to buy bitcoins as it as an investment but if the price goes up
very high then the demand for bitcoins as an investment won’t be as high so
that’s the second source of demand now we can do some simple economic modeling
to understand how these markets will behave
and I’m not going to do a full model here although it’s in it that’s an
interesting exercise what I want to do is look specifically at the market for
at the effect of of this transaction mediation demand and what effect that
might have on the price of bitcoins and we can build a simple model for doing
that so here’s a simple model of the demand that it’s driven by transactions
by transaction mediation and what it tells us about what the price should be
so we’re going to assume some parameters here first we’re gonna say t is equal to
the total transaction value that’s going to be mediated via bitcoins by everyone
who’s participating in the market and that’s going to be measured in dollars
per second we’re going to assume for simplicity that people the people who
want to mediate these transactions have in mind a certain dollar value of the
transactions or if it’s some other fiat currency we’ll translate translate it
into dollars for simplicity so there’s a certain number of dollars per second of
transactions that need to be mediated we’re going to say D is equal to the
duration of time that bitcoins need to be held out of circulation in order to
mediate a transaction that’s the time from when the payer buys the bitcoins to
when the receiver is able to sell them back into the market and we’ll measure
that in seconds and then s is going to be the supply of bitcoins that are
available for this purpose and so that’s going to be all the bitcoins that exist
that is all of the hard currency bitcoins all of the 13.1 million or
eventually up to 21 million bitcoins not including those that are held out by
people as long term investments so at any point in time there’s some supply of
bitcoins that are sloshing around and available for this purpose okay and now
we can do some calculations the first thing we’ll do is we’ll figure is we’ll
calculate how many bitcoins become available – in order to service
transactions per second well there are s bitcoins in total that are used and
because they’re available for because they’re taken out of circulation for a
time of D of D seconds then every second about 1 over D fraction of those
bitcoins will become newly available because they’ll emerge from that out of
circulation State and so on average s over
bitcoins will become available for mediating transactions every second
that’s the supply side on the demand side the number of bitcoins per second
that are needed to mediate transactions well we have t dollars worth of
transactions to mediate and in order to mediate $1 worth of transaction we we
need a certain we need one over P bitcoins that is we need to take this T
which is measured in dollars per second and divided by the price in dollars per
Bitcoin and the result we get is bitcoins per second these are the number
of bitcoins per second that are needed in order to serve all the transactions
that people want to serve okay so if you look at a particular second of time for
that second there’s a supply of bitcoins of s over D and there is a demand of T
over P and now if you think about the dynamics of this market it behaves like
many markets in that the price will fluctuate in order to bring supply into
line with demand if the supply is higher than the demand then there are bitcoins
that are going unsold and so the people who are selling bitcoins will be willing
to lower their price to try to sell those bitcoins and so the price will
come down if supply is higher than demand and when the price comes down
that will cause demand actually to go up because P the price is in the
denominator of demand so if supply is bigger than demand then
demand will be pulled up on the other hand if demand is higher than supply
that means that there are people who want to get bitcoins to mediate a
transaction who can’t get them because there aren’t enough bitcoins around and
so those people will bid more in order to get their bitcoins they’ll have to
bid more because they will become there’ll be a lot of competition for the
limited supply of bitcoins and so if the demand is higher than the supply the
result is that price will go up and when price goes up then because price is in
the denominator of the demand that means demand will come back down demand for
bitcoins will come back down as the price goes up so if you have supply here
and demand here then the demand will be pulled down toward the supply right and
so if the supply is at some that the demand we’ve we’ve argued will
always be pulled toward the supply and in fact the two will come into
equilibrium and so the equilibrium condition the point where you’ll end up
in this market is where this supply s over D is equal to the demand T over P
and so if you set those two those two expressions equal to each other and then
you solve for P the price what you get is this that in equilibrium the price
should be equal to T times D divided by s all right so what does this mean
well one thing we can conclude about this is that if you think of D as being
D the duration as not changing because probably the duration that you need to
hold a Bitcoin to do a transaction is not going to change
so if D doesn’t change and if s the supply is not changing then what this
tells us is that the price is going to be proportional to the demand for
transaction mediation as measured in dollars and so if the demand for
transaction mediation in dollars doubles then the price of bitcoins should double
and we could in fact graph the price against some estimate of the demand for
transaction mediation and see whether they match up and when economists do
this they do tend to match up pretty well so we could graph the the price of
bitcoins against the demand for transaction mediation as you can best
estimate it in dollars per second and those things should tend to be
proportional over time and when economists do that they do tend to match
up pretty well the other thing we can note is that supply is in the
denominator here and that supply includes only the bitcoins that aren’t
being held as investments and so what that tells us is if more people are
buying Bitcoin as an investment the result will be that coins are withdrawn
from this status where they’re available to mediate transactions and so the s
that we’re using here will go down so that if investors are buying a lot of
bitcoins it will drive down s and therefore P will go up and so that makes
sense if there’s more demand on the investment side then the price that you
need to pay to mediate a transaction will go up right now this is not a full
model the market in order to have a full model
we need to take into account the activities of investors we need to bear
in mind that investors will will demand bitcoins when they believe that the
price will be higher in the future and so we need to think about domain
investors expectations and investors expectations of course have something to
do with what is the expected total transaction value demand in the future
and we could build a model that’s more complex I’m not going to do that here
but you’ve got a flavor of the kind of thing that you can do so the bottom line
here is that the there is a market between bitcoins and dollars or bitcoins
and other fiat currencies that that market has enough liquidity that you can
buy or sell in modest quantities in a reliable way although the price does go
up and down and that it’s possible to do economic modeling and get some idea of
how supply and demand interact in this market and predict what the market might
do as long as you understand unknowable things like how much are people going to
want to use Bitcoin to mediate transactions in the future that kind of
economic modeling is important to do and very informative and I’m sure that there
are people who are doing it in some detail today but a detailed economic
model of this market is beyond the scope of this course you

Author:

Leave a Reply

Your email address will not be published. Required fields are marked *