Bonus: The Crypto Story by Matt Levine - Part 2

Matt's gone deep into the blockchain to break down its origins, it's possible, futures, and the current state of a technology that's showing up everywhere in industries ranging from finance to shipping too, of course video games. And we're going to be bringing his exploration to you in audio form thanks to the talents of Bloomberg editor and professional voice actor Mark Ledoff. You'll get weekly chapters of the special Crypto

issue of Bloomberg Business Week. Welcome to the second chapter of the special audio edition of the Bloomberg Business Week Crypto issue, written by Matt Levine and narrated by Mark Leadoff. Did you miss a chapter? You can find it right here in the Bloomberg Crypto podcast feed, section three one final diggression the crypto in crypto, cryptography is the study of secret messages, of coding and decoding. Most of what I talked about in this article won't be about cryptography.

It will be about you know, pon zis. But the base layer of crypto really is about crypt photography, so it will be helpful to know a bit about it. The basic thing that happens in cryptography is that you have an input a number, a word, a string of text, and you run some function on it and it produces a different number or word or whatever as an output.

The function might be the Caesar cipher. Shift each letter of a word by one or more spots in the alphabet, so Caesar becomes dib fits or pig Latin, shift the first consonants of the word to the end, and add a, so Caesar becomes easier say, or something more complicated. A useful property in cryptographic function is that it be one way. This means it's easy to turn the input string into the output string, but hard to do it in reverse. It's easy to compute the function in one direction, but

impossible in the other. The classic example is that multiplying two large prime numbers is quite straightforward, factoring an enormous number into two large primes is hard. The Caesars for is easy to apply and easy to reverse, but some forms of encoding are easy to apply and much more difficult to reverse. That makes them better for secret codes.

What I call a one way function in the text is more strictly a function that we hope is one way based on current understanding of computer technology and math and cryptography. One example of this is a hashing function, which takes some input text and turns it into a long number of a fixed size. So I could run a hashing function on this article. A popular one is called shaw to six, which was invented by the National Security Agency, and generate a long incomprehensible number from it.

To make it more incomprehensible, it's customary to write this number in hexadecimal so that it will have the digit zero through nine, but also a through f. I could send you the number, and say I wrote an article and rent it through a shaw toft si hashing algorithm, and this number was the result. You'd have the number, but you wouldn't be able to make heads or tails of it. In particular, you couldn't PLoP it into a computer program and to code it, turning the hash back

into this article. If you want to try it for yourself, there are various shaw to fifty six calculators online. One is at zorbin dot com. Or if you want to program it yourself or do some hashing with pencil and paper, there is a US government publication f I p s pub that spells out the algorithm, or it's on Wikipedia. The hashing function is one way. The hash tells you nothing about the article, even if you know the hashing function.

The hashing function basically shuffles the data in the article. It takes each letter of the article, represented as a binary number, a series of bits zeros and ones, and then shuffles around the zeros and ones lots of times, mashing them together until they are all jumbled up and unrecognizable. The hashing function gives clear, step by step instructions for how to shuffle the bits together, but they don't work in reverse. It's like stirring cream into coffee. Easy to do,

hard to undo. Applying a shaw to fifty six algorithm will create a sixty four digit number for data of any size. You can imagine hash of the entire text of James Joyce's seven thirty page novel Ulysses goes three F one two zero four two b six d F two three by eight or eight night. It fits in the same sixty four character space as the hash of Hi I'm Matt, which starts with eight six d and ends with zero four four. But what if I wrote hi I'm Matt with a comma instead of an exclamation mark.

Then it starts with nine f five and ends with fifty eight B. There's no apparent relationship between the numbers for Hi I'm Matt and Hi I'm Matt. The two original inputs were almost exactly identical, the hash outputs are wildly different. This is a critical part of the hashing function being one way. If similar inputs mapped to similar outputs, then it would be too easy to reverse the function and decipher messages. But for practical purposes, each input maps

to a random output. Since hashes spit out a fixed number of digits, it's possible that two different inputs could map to the same hash. This is called a collision, but a sixty four digit hexadecimal number allows for a lot of different hashes. Sixteen to sixty four or about ten to the seventy seven of them, or many billion times more than the number of atoms on Earth. What's the point of a secret code that can't be decoded?

For one thing, it's a way to verify. If I sent you a hash of this article, it wouldn't give you the information you need to recreate the article. But if I then sent you the article, you could plot that into a computer program the show to fifty six algorithm and generate a hash, and the hash you generate will exactly match the number I sent you, and you'll say, ah ha, yes, you hashed that article. All right. It's impossible for you to decode the hash, but it's easy

for you to check that I encoded it correctly. Exercise for the reader. I have included some hashes of some texts in this article, and I have talked about the hash of this article, but I haven't included the hash of this article in the article? Why not believe me? I wanted to. This would be dumb to do with

this article, but the principle has uses. A simple everyday one is passwords If I have a computer system and you have a password to log into the system, I need to be able to check that your password is correct. One way to do this is for my system to store your password and check what you tie up against

what I've stored. I have a little text file with all the passwords, and it has password one two three written next to your user name, and you type password one two three on the login screen, and my system checks what you type against the file and sees that they match and lets you log in. But this is a dangerous system. If someone steals the file, they would have everyone's password. It's better practice for me to hash

the passwords. You type password one two three as your password when setting up the account, and I run it through a hash function and get back zero zero eight dot dot dot six zero one, and I store that on my list. When you try to log in, you type your password and I hash it again, and if it matches the hash on my list, I let you in. If someone steals the list, they can't decode your password from the hash, so they can't log into the system.

It's beyond the scope here, but there's a lot more cryptographic fund Rainbow tables salt, etcetera involved in defeating or strengthening this type of security. There are other more crypto nerdy uses for hashing. One is a sort of time stamping.

Let's say you predict some future event and you want to get credit when it does happen, but you don't want to just go on Twitter and now and say I predict that the Jets will win the super Bowl in to avoid being embarrassed or influencing the outcome, or whatever.

One thing you could do is right the Jets will win the super Bowl in four on a piece of paper, put it in an envelope, Seal the envelope, and ask me to keep it until the super Bowl, after which you'll tell me either to open the envelope or burn it. But this requires you and everyone else to trust me.

Another trustless thing you could do is type the Jets will win the super Bowl in four into a cryptographic hash generator, and it will spit out six four b dot dot dot eight four seven, and then you can tweet here is a shot to fifty six hash of a prediction. I am making six four b dot dot dot eight four seven. Everyone will say, well, aren't you annoying? But they won't be able to decode your prediction, and then in a while, when the Jets win the Super Bowl,

you can say, see I called it. You retweet the hashed tweet and the plain text of your prediction. If anyone is so inclined, they can go to a hash calculator and check that the hash really matches your prediction. Then all the glory will accrue to you. Aside from hashing, another important one way function is public key encryption. I have two numbers called a public key and a private key. These numbers are long and random looking, but they're related

to each other using a publicly available algorithm. One number can be used to lock a message and the other can unlock it. The two key system solves a classic problem with codes. If the key I used to encrypt a message is the same one, you will need to decode it. At some point. I'll have to have sent you that key. Anyone who steals the key in transit can read our messages. With public key encryption, no one

needs to share the secret key. The public key is public, I can send it to everyone posted on my Twitter feed whatever. The private key is private, and I don't give it to anyone you want to send me a secret message. You write the message and run it through the encryption algorithm which uses one the message and to my public key, which you have to generate an encrypted

message that you send to me. Then I run the message through a decryption program that uses one the encrypted message and to my private key, which only I have to generate the original message, which I can read. You can encrypt the message using my public key, but nobody can decrypt it using the public key. Only I can decrypt it using my private key. The function is one way as far as you're concerned, but I can reverse it with my private key. A related idea is a

digital signature. Again, I have a public key and a private key. My public key is posted in my Twitter bio. I want to send you a message, and I want you to know that I wrote it. I run the message through an encryption program that uses one the message and to my private key. Then I send you one the original message and to the encrypted message. You use a decryption program that uses one the encrypted message and to my public key to decrypt the message. The decrypted

message matches the original message. This proves to you that I encrypted the message, so you know that I wrote it. I could have just sent you a Twitter d M instead, but this is more cryptographic. Imagine a simple banking system in which bank accounts are public. There's a public list of accounts, and each one has a public balance and a public key. I say to you, I control account number zero zero, one, two, three, four, five, six, seven, eight nine, which has two fifty dollars in it, and

I'm going to send you fifty dollars. I send you a digitally signed message saying here's fifty dollars, and you decode that message using the public key for the account, and then you know that I do, in fact control that account, and everything checks out. That's the basic idea at the heart of bitcoin, though there are also more complicated I d is. We'll be right back with more from Bloomberg Business Week Special Crypto issue, written by Matt

Levine a narrated by Mark Ledorff. Section four. Now back to bitcoin. How does it work? The simple form of bitcoin goes like this. There's a big public list of addresses, each with a unique label that looks like random numbers and letters and some balance of bitcoin in it. An address might have the label one A, one Z P, one e f F two, the mpt f L five f n A and a balance of sixty eight point six bitcoin. By the way, that address one A one dot dot dot f n A is famous in crypto lore.

It's the address that received the first bitcoin. Presumably it belongs to Satoshi Nakamoto. The address acts as a public key. Actually it's a hash of the public key, but it is in fact perfectly legitimate cryptographic terminology to refer to the pub key hash as a public key itself, wrote Metallic Bitterran, creator of Ethereum, another major blockchain, in white paper, explaining that project good enough for Vitalic, good enough for

me if I own those bitcoin. What that means is I possess the private key corresponding to that address, effectively the password accessing the account. Because I have the private key, I can send you a bitcoin by signing a message to you with my private key. You can check that signature against my public key and against the public list

of addresses and bitcoin balances. That information is enough for you to confirm that I control the bitcoin that I'm sending you, but not enough for you to figure out my private key and steal the rest of my bitcoin. That kind of means I can send you a bitcoin without you trusting me, or me trusting you, or either of us trusting a bank to verify that I have

the money. We define an electronic coin as a chain of digital signatures, so Toshi wrote, the combination of public address and private key is enough to define a coin. Cryptocurrency is called cryptocurrency because it's a currency derived from cryptography. You'll notice that all we've done here is exchange a message and somehow called the result of that a currency. The traditional financial system isn't so different. Banks don't move around sacks of gold or even very many paper bills.

They're keepers of databases. What happens, roughly when I make a hundred dollar payment to you is my bank sends a message to your bank telling it to update its ledger. Similarly, in bitcoin, the messages change a public ledger of who holds what, but who maintains that. The rough answer is that the Bitcoin network, thousands of people who use bitcoin and run it software on their computers, keeps the ledger collaboratively and redundantly. There are thousands of copies of the ledger.

Every note on the network has its own list of how many bitcoin are in each address. Then when we do a transaction, when I send you a bitcoin, we don't just do it privately. We broadcast it to the entire network, so everyone can update their lists. If I send you a bitcoin from my address and my signature on the transaction is valid, everyone will update their ledgers to add one bitcoin to your address and subtract one from mine. The ledger is not really just a list

of addresses and their balances. It's actually a record of every single transaction. Actually it's only that, not a list of addresses and their balances at all. I describe it that way in the text for convenience, and you can reconstruct the list of addresses and balances from the record of all transactions, and people do. But that's not technically what a bitcoin's ledger is. The ledger is maintained by everyone on the network, keeping track of every transaction for themselves.

There's a section in the Bitcoin white paper titled Reclaiming disk Space about how the network can in effect compress some of the data it keeps about old transactions using Merkel trees, all of which is beyond the scope of this piece. But people in crypto say Merkel trees a lot. So there you go. All of that's nice, but now instead of trusting a bank to keep the ledger of your money, you're trusting thousands of anonymous strangers. What if we accomplished Well, it's not quite as bad as that

each transaction is provably correct. If I send a bitcoin from my address to yours and sign it with my private key, the network will include the transaction. If I try to send a bitcoin from someone else's addressed to yours and don't have the private key, everyone on the network can see that it's fake and won't include the transaction. Everyone runs open source software to update the ledger for

transactions that are verifiable. Everyone keeps the ledger, but you can prove that every transaction in the ledger is valid, so you don't have to trust them too much much. Incidentally, I am saying that everyone keeps the ledger, and that was probably roughly true in early bitcoin's life, but no longer.

There are thousands of people running full nodes which download and maintain and verify the entire Bitcoin ledger themselves using open source official bitcoin software, but there are millions more not doing that, just having some bitcoin and trusting that everybody else will maintain the system correctly. Their basis for this trust, though, is slightly different from the basis for your trust in your bank. They could, in principle verify

that everyone verifying the transactions is verifying them correctly. Philosophically, they're part of a trustless system, so they can feel a bit better about trusting it. Notice too, that there's a financial incentive for everyone to be honest. If everyone is honest, then this is a working payment system that might be valuable. If lots of people are dishonest and put fake transactions in their ledgers, then no one will

trust bitcoin and it will be worthless. What's the point of stealing bitcoin if the value of bitcoin is zero. This is a standard approach in crypto cryptosystems try to use economic incentives to make people act honestly, rather than trusting them to act honestly. That's most of the story, but it leaves some small problems. Where did all the

bitcoin come from? It's fine to say that everyone on the network keeps a ledger of every bitcoin transaction that ever happened, and your bitcoin can be traced back through a series of previous transactions, but traced back to what how do you start the ledger. Another problem is that the order of transactions matters. If I have one bitcoin in my account and I send it to you, and then I send it to someone else who actually has

the bitcoin. This seems almost trivial, but it's tricky. Bitcoin is a decentralized network that works by broadcasting transactions to thousands of nodes, and there's no guarantee they'll all arrive in the same order everywhere, and if everyone doesn't agree on the order, bad things double spending or people sending the same bitcoin to two different places can happen. Transactions must be publicly announced road Satoshi, and we need a system for participants to agree on a single history of

the order in which they were received. That system, I'm sorry to say, is the blockchain. Coming up next, you'll hear more from Matt Levine's special Crypto issue of Bloomberg Business Week, narrated by Mark Leadoff, Section five oh the blockchain. Every Bitcoin transaction is broadcast to the network. Some computers on the network they're called miners, compile the transactions as

they arrive into a group called a block. At some point, a version of a block becomes as it were official, the list of transactions in that block, in the order in which they're listed, becomes canonical part of the official

bitcoin record. We say that the block has been mined. Actually, a block becomes really canonical when it has five confirmations, when it has been mined, and then another block has been mined that refers back to it, and then another block has been mined referring to that block, et cetera, five times, so that the chain has continued five blocks after the block in question. In bitcoin, a new block is mined roughly every ten minutes. You can see a

finished block online on any block explorer site. For example, block seven five nine six five mined on September is basically a list of two d and sixty six transactions between different addresses. An address starting BC one q and S sent point zero zero five to bitcoin to an address starting sixteen q z C seven thirty nine v g g L split point zero one two bitcoin between one four in r d K and thirty seven oh

one E three, and so on. The miners then start compiling a new block, which will also eventually be mined and become official. Here's where hashing becomes important. That new block will refer to the block before it by containing a hash of that block. This confirms that the block before it one is correct and accepted by the network, and two came before it. In time, each block will refer to the previous block in a chain. Oh, yes,

a block chain. The blockchain creates an official record of what transactions the network has agreed on and in what order. The hashes are time stamps, they create an agreed order of transactions. You could imagine a simple system for doing this. Every ten minutes, a minor proposes a list of transactions and all the computers on the Bitcoin network vote on it. If it gets a majority, it becomes official and is entered into the blockchain. Unfortunately, this is a bit too simple.

There are no rules about who can join the Bitcoin network. Anyone who hooks up a computer and runs the open source Bitcoin software can do it. You don't have to prove you're a good person or even a person. You can hook up a thousand computers if you want. This creates a risk of what's sometimes called a Sibyl attack, named not after the ancient Greek prophetesses, but rather after the ninety three book about a woman who claimed to

have multiple personalities. The idea of a cibil attack is that in a system where the ledger is collectively maintained by the group, and anyone can join the group without permission, you can spin up a bunch of computer nodes so

that you look like thousands of people. Then you verify bad transactions to yourself and everyone is like, ah, well, look at all of these people verifying the transactions, and they accept your transactions as the majority consensus, and either you managed to steal some money or you at least throw the whole system into chaos. The solution to this is to make it expensive to verify transactions. To minor block, bitcoin miners do an absurd and costly thing again. It

involves hashing. Each miner takes a summary of the list of transactions in the block, along with a hash of the previous block. Then the miner sticks another arbitrary number called a nonce on the end of the list. The minor runs the whole thing list plus nons through a shaw to fifty six hashing algorithm. This generates a sixty four digit hexadecimal number. If that number is small enough, then the miner has mined the block. If not, the

minor tries again with a different nons. What small enough means is set by the bitcoin software and can be adjusted to make it easier or harder to mind a block. The goal is an average of one block every ten minutes. The more miners there are and the faster their computers are, the harder it gets. Right now, small enough means that the hash has to start with nineteen zeros. A recent successful one looked like this, nineteen zeros followed by six C nine yard yata eight f f to zero three.

It's like a game of twenty questions where you're constantly guessing a number that will work, except you get no clues, and it's many, many, many times more than twenty guesses. It is vanishingly, vanishingly unlikely that any particular input, any list of transactions plus a nonce will hash to a number that starts with nineteen zero's. The odds are roughly

seventy five sex tillion to one against. So the miners run the hash algorithm over and over again, trillions of times, guessing a different nons each time, until they get a hash with the right number of zeros. Vitalic again. Because Shaw Toft six is designed to be a completely unpredictable pseudo random function. The only way to create a valid block is simply trial and error, repeatedly incrementing the nonce

and seeing if the new hash matches. The total hash rate of the Bitcoin network is something north of two hundred million terra hashes per second. That is two hundred quintillion hash calculate lations per second, which is one a lot, but two a lot fewer than seventy five sextillion. It takes many seconds six hundred on average at two hundred quintillion hashes per second to guess the right nons and

mina block. This is a race. Only one minor gets to mina block, and that minor gets rewarded with bitcoin. To minor block is also to mine new coins to pry them out of the system after much computational work, like finding a seam of gold after picking through rock, hence the metaphor. When miners find the right number of zeros, they've published the block and it's hash to the Bitcoin network. Everyone else reviews the block and decides if it's valid.

Valid means all the transactions on the list are valid. The hash is correct, it has the right number of zeros, etcetera. If they do, then they start work on the next block. They take the hash of the previous block, plus the transactions that have come in since then, plus a new non's and try to find a new hash. Each block builds on the one before Section six. Mining all of this is incredibly costly. Miners need special hardware to do all of these hashing calculations over and over again, and

these days run huge farms of always on computers. Mining bitcoin uses as much electricity as various medium sized countries. This is not great for the environment. The most famous description of bitcoin, attributed to a Twitter poster, might be imagine if keeping your car idling seven produced solved Pseudoku's, you could trade for heroin. And it is in some sense purely wasteful. People sometimes say bitcoin miners are like

solving difficult math problems to do their mining, but they aren't. Really. They're brute force guessing quintillions of numbers per second to try to get the right hash. No math problems are being solved, and nothing is added to the world's knowledge by those quintillions of guesses. But the miners are solving an important problem for bitcoin, which is the problem of

keeping its network and its ledger of transactions secure. It's demonstrably costly to confirm bitcoin transactions, so it's hard to fake, hard to run a civil attack. That's why Satoshi and everyone else calls this method of confirming transactions proof of work. If you produce the right hash for a block, it proves you did a lot of costly computer work. You wouldn't do that lightly. Proof of work. Mining is a mechanism for creating consensus among people with an economic stake

in a system without knowing anything else about them. You'd never mind bitcoin if you didn't want bitcoin to be valuable. If you're a bitcoin miner, you're invested in bitcoin in some way. You've bought computers and paid for electricity and made an expensive, exhausting bet on bitcoin. You have proven that you care, so you get to say in verifying the bitcoin ledger and you get paid. You get paid bitcoin, which gives you even more of a stake in the system.

These bitcoin come out of nowhere. They're generated by this mining by the core bitcoin software. In fact, all bitcoin are generated by mining. There was never an initial allocation of bitcoin to Satoshi, Knakamoto or two early investors, or anyone else. This is the answer to the question of where bitcoin come from. They were all mined. Originally, the mining reward, which is set by the software, was fifty bitcoin per block. Currently it's six point twenty five bitcoin.

One important point about these mining rewards is that they cost bitcoin users money. Every block, roughly every ten minutes, six point twenty five new bitcoin are produced out of nowhere and paid to miners for providing security to the network. That works out to more than six billion dollars per year. That is six point twenty five bitcoin every ten minutes, or thirty seven point five per hour, or nine per day, multiplied by three sixty five days a year, multiplied by

the price of bitcoin. This cost is indirect. It is a form of inflation, and as the supply of bitcoin grows, each coin in theory becomes worth a little less all else being equal. Famously, though there will only ever be twenty one million bitcoin, it's written into the code. So what happens when that limit is reached. What incentive could miners have to keep the bitcoin network running? Transaction fees?

The bitcoin code also lets miners collect a slice of each transaction, and this will become the only method for rewarding them once the last coin is mined. Current estimates are that this won't happen until Right now, the bitcoin network is paying around one point five percent of its value per year to miners. That's lower than the inflation

rate of the US dollar. Still, it's worth noting every year the miners who keep the Bitcoin system secure capture a small but meaningful chunk of the total value of bitcoin. Bitcoin users get something for that six billion dollars. Security and decentralization. If you can make a lot of money mining bitcoin, a lot of people will want to mine bitcoin. This will make it harder for one person to accumulate

most of the mining power in bitcoin. If one person or group got a majority of the mining power, they could do bad things. They could mine a bad block, double spending coins, reversing recent transactions, et cetera. This is called a attack. When there are billions of dollars up for grabs for miners, people will invest a lot of money in mining and it will be expensive to compete

with them. And if you invested billions of dollars to accumulate a majority of the mining power in bitcoin, you would probably care a lot about maintaining the value of bitcoin and so you'd be unlikely to use your powers for evil. Thank you Matt Levine, and thank you Mark Ladoff. As a reminder, if you're looking for these episodes in the Crypto Feed, will be publishing them every Sunday through December.

If you'd like to read this issue in print form, you can head on over to Bloomberg dot com slash the Crypto Story. This is Bloomberg Crypto, a daily podcast from Bloomberg and I Heart Radio. For more shows from I Heart Radio, visit the I Heart Radio app, Apple Podcasts, or wherever you get your podcasts. Send us your comments, questions, or suggestions for the show to Crypto at Bloomberg dot net or find us on Twitter. We're at Crypto. The

supervising producer of Bloomberg Crypto is Vicky very Galina. Our senior producer is Janet Babin. Our producers are Mohammed Faruke and Sharon Barriro. Our associate producers are Ty Butler and Moses on Them. Dasta wonder At is our engineer. Original music by Leo Sidron Im Stacy Maria Shmaal. We'll be back tomorrow