A lot of commentary has been going around about Bitcoin's recent bubble and pop. Much of that commentary has ignored the basics - how Bitcoin technology works. Even if you don't get excited by cryptography, the technical choices have real impact Bitcoin's future. And even if you don't like Bitcoin, there are many other digital payment and alternative currencies existing or soon to exist, which must solve the same problems. For example, several banks and credit cards are working on phone-to-phone payments and in under-developed nations mobile phone top-ups are often used as currency.
Any digital payment technology must solve essentially two problems: 1) prevent me from spending your money and 2) prevent me from using the same money multiple times - called the double spending problem. The first requires that the payer give the receiver something only the payer could have - a unique signature. As long as there is no way for me to generate your signature, I can't spend your money; thus if the receiver gets your signature, they can trust it's your payment. The second requires that someone checks all my payments, regardless of receiver, to ensure that each payment can be used only once (thus not double spending the same money).
Below I explain how Bitcoin solves these two problems. I also give a simplified analogy which avoids much of the software and official jargon. After that I discuss how Bitcoin's solution to these problems determine its security as well as its economic properties.
Bitcoin Technical Explanation
For the unique signature Bitcoin uses the same technique used by banks, credit cards, etc - public/private key digital signatures. This was introduced by Rivest, Shamir and Adleman in 1977 [formally RSA, acquired in 2006 by EMC (EMC)]. The public & private keys are chosen such that 1) encryptions using the public key can only be decrypted by the private key and 2) it's computational intractable to determine one from the other (it would take longer than the lifetime of the universe to crack the private key). Conveniently, doing the reverse - 'encrypting' with the private key, 'decrypting' with the public key - forms a unique signature: if the verification comes out as expected, then only the corresponding private key could have made the signature. This ensures that payments are coming from the right entity. In the case of Bitcoin, the public keys themselves become the identifiers of the paying and receiving "wallets", and knowing the private key represents ownership of that wallet.
The standard solution to the double spending problem - ensuring I don't spend more money than I have - is to use a special trusted entity. The trusted entity looks at all transactions and makes sure none are repeated. Some protocols use a government entity; mobile protocols typically use the network operator; the phone-to-phone prototype I worked on used a bank as the trusted entity. Bitcoin on the other hand does not use one entity checking for double spends. Instead, Bitcoin uses the whole community to do checking. Making this community checking work is the technical innovation of Bitcoin.
Bitcoin spenders announce all their transactions to the Bitcoin network. These are picked up by anyone which wishes to participate in verifying Bitcoin transactions - these are called 'miners'. Each miner takes each announced transaction and checks that it both, has right signature and data entries, and has not been seen before (ensuring this is a first-spend); if both pass the transaction is added into the newest 'block' of data. The miner then hashes the block. The one-way hash function is a mathematic function [y = hash(x)], with the special properties that 1) it is easy to compute y given x, but impossible to compute x from y and 2) small changes in x create big and random changes in y. So it is very easy to check that we agree on the outcome of the hash of a particular block, but it is very hard to get a particular hash value. In the Bitcoin protocol, the miners must get a hash for the block below a specified target value; if they don't, they add a random number - called a nonce - to the end of the block and try again. The miners will try billions of possible nonces before they successfully 'mine' the block. As a reward for the verification work, the winning miner gets to include a small transaction to himself - this is the source of the money supply. The new block is announced to all the other miners, who then verify the block and if it follows the rules, the miners all start on the next block. If the other miners think something is wrong, if they think someone is trying to cheat, they will reject the proposed block and continue to mine it for themselves. Each block also has a reference to the previous block, so every accepted block is an acceptance of the entire history of bitcoin transfers.
Bitcoin By Analogy
When you use Bitcoin, you start with two things: a wallet which everyone knows about (so they can give you money) and a special signature which no one can duplicate, but which marks all outgoing payments as yours. Since the account is public, everyone can send you bitcoins. But making that signature is private, so no one else can use it. This makes it easy for others to check that you have ownership of bitcoins coming out of your wallet.
In most systems you'd make payments through a government controlled or regulated intermediary. In Bitcoin, you make the transfer through a committee of clearing houses. Each clearing house quickly checks all the transfers, and puts a seal on them. Everyone in the committee checks the work, and if they agree, everyone files a copy of the sealed transfers and starts on the next set. Every set includes a reference to the previous seal, and everyone has a copy, so no one can go to the files and change history without everyone noticing. For doing all this work, the committee pays itself some bitcoins - just in the way the government intermediary could create its own money if it wanted. Bitcoin calls these clearing houses miners, so I'll use that term from here on.
Is Bitcoin Secure?
Yes - the various security techniques, and the combination of them in Bitcoin, have been studied by many security experts and have been found to be robust. But let me be a little more specific about what exactly is secured. First, the signatures are a well established cryptographic technique which can't be cracked. No one else from the outside can spend your bitcoins - not going to happen under any circumstance, even under the attacks described later.
Second, the block chain is secured by the collective acceptance of the miners. Thus the block chain - the official history of transfers of bitcoins - is safe as long as the majority of the miners (technically the majority of the computing power) stays honest. Additionally, the old history (more than a few hours or days) is already copied and stored across thousands of machines (maybe more?) who would presumably refuse to change.
There are roughly three categories of ways to attack the Bitcoin system. First is going after your wallet. As mentioned, no one can crack your private key/signature and take your bitcoins. The exception, of course, is if someone gets your private key. That key is a huge number, so you won't memorize it; most likely you'll store it somewhere on your computer or mobile device or at some online wallet provider. Hopefully you'll have a password to get access to it. You could think of this as putting the emperor's seal in a vault. If someone can crack the vault, they have access to the emperor's seal even if the seal itself can't be copied. So every time you hear about bitcoins being stolen, what happened is that a hacker got access to a bunch of private keys.
On the block chain - the history - there is one possible attack. If I had the majority of the mining power (the majority of the fastest working clearing houses), I could rewrite a couple hours worth of history and continue to control the official history of events as long as I held that majority. This would not let me spend your bitcoins, but I could use it to respend my own. Remember however that the miners get 'paid' to do their work. So it's more economically advantageous for me to support the system than to hijack it, even if I could.
The third kind of attack is a denial of service. There are a number of ways to disrupt the overall Bitcoin ecosystem for a few hours. The exchanges - the service providers who will convert between bitcoins and dollars or euros or yen - could be taken offline for several hours which would significantly disrupt the use of Bitcoin, even if transactions within the system were functional. This has happened several times. Additionally, in the past there have been several ways to produce abnormal transactions which effectively halt some or all miners until they figure out how to deal with the problem. A major case of this occurred in March which resulted in about two hours of history being rolled back and the transactions re-validated. In the end no improper transactions exist in the history, but Bitcoin is still vulnerable to temporary outages.
Bitcoin Economic and Transactional Properties
Bitcoin deflates. The current rules reduce the bitcoin creation by miners by half every 4 years, resulting in a total of 21 million bitcoins (after that only transaction fees will pay miners for their work). This fixed supply was modeled after gold (GLD) with the explicit intention of creating deflation; so far about 11 million bitcoins have been mined. In theory, the rules could be changed, but as discussed above, no one can unilaterally decide to change the system; a community agreement would be needed. Additionally, people do occasionally lose their wallets due to computer failures, password loss, etc.. Since the private key can not be determined, those bitcoins are gone forever. So far this amounts to 1 million bitcoins and is likely to run around 1% per year, resulting in a long term loss of supply.
Transaction fees are set by the payer, not by the verifier. Currently, miners are mostly 'paid' by expanding the monetary supply. Users of bitcoins can also - at their discretion - leave some transaction fees for the miners. As the bitcoin supply growth slows, these fees will become the larger economic incentive. But again, it is impossible to take money out of a wallet or change a transaction without the payer's signature, so only the payer can set the amount of transaction fees to be paid. This provides a way for payers to prioritize transactions. Paying a higher fee will incentivize miners to verify and confirm that transaction as soon as possible. Paying lower fees will signal a willingness to wait for confirmation until after high priority transactions are processed and when computing power is cheaper - such as at night when electricity is cheap. This prioritization method has not be actively used in practice, but the structure is there. In practice, transactions are also prioritized by their wait time so that no one is abandoned.
Bitcoin transactions are irreversible - there is no 'undo' and no repudiation. Once a transaction is sent to the miners, it will find its way into a verified, hashed, sealed, confirmed block. It cannot be undone. If someone wants fraud protection they would need to use some kind of Bitcoin escrow service. This is really like wire transfers - once sent, it is sent, and retrieval is at the discretion of the recipient.
Bitcoin transactions are public but pseudo-anonymous. All bitcoin transactions are recorded publicly and available for viewing - which is great for research. However, only the number associated with the wallet is stored. To actually identify a person would require linking that person to their wallet numbers. This would be hard, very very hard, but not impossible.
Bitcoin as Money
"Money as Trust": For bitcoins to be money, we must trust them. We must trust that the supply will not hyperinflate and we must trust that someone will accept in exchange for something else. For US dollars, our trust is in the Fed not to print too many, in the Treasury to accept them as tax payments (and other debts), and in the banks not to lose or confiscate them.
When Cyprus broke that last promise - by confiscating Euros and denying access to them - many people in Europe lost that trust and began looking for a different source of trust, one not so dependent on governments. People flocked to bitcoins to find an alternate repository of trust. Here is where bitcoins excel - with Bitcoin, trust is in the protocol and the community which accepts it. As mentioned earlier, as long as the majority of the community agrees to follow the rules, Bitcoin works. No one can unilaterally decide to change the system; a community agreement is needed to change anything. You don't have to trust the guy who created the protocol, or the people who work at a particular exchange as long as you trust that most of the Bitcoin users/miners will play by the rules. This is also where Bitcoin has fantastic incentives - the system rewards the miners for making Bitcoins a useful method of transactions, so they are likely to do what is best for the users of the system.
"Medium of Exchange": For bitcoins to be money, to be useful and valuable, they must be a good medium of exchange. Here Bitcoin also does well - Bitcoin is a highly efficient medium of exchange. There is no need for a bank vice-president or even a teller or anyone at all in order to make transactions. Transaction verification is a highly competitive business, and so costs tend to move towards compute costs - which are low. Bitcoin is not subtract to geographic boundaries or regulation further keeping costs down. For trade between developing nations - where financial infrastructure is lacking and direct currency exchange is not available, bitcoins could become an important currency. Compare this, for example, to gold which is a terrible medium of exchange - it's heavy, cumbersome, vulnerable to theft, etc. One could exchange notes representing gold, but now the notes are the medium of exchange. Normal fiat currencies due well here, though bitcoin transaction costs are generally even lower.
"Store of Value" or as an asset: Given volatility of the exchange value of bitcoins over the last month, no one would argue bitcoins are a reliable store of value. One reason is that a bitcoin is only worth what you can get in exchange to it and have no intrinsic value - they don't produce anything. Here gold fairs better, at least we can produce headphones from it and make women happy - very valuable. Of course given the recent price drop for gold, we'd have to be at least cautious about this. Again, normal currencies do surprisingly well - their value tends to be stable (yen and Iceland as exceptions) - in large part because they are a unit of account and prices are sticky.
"Unit of Account": Again Bitcoin fails. One economist described bitcoins to measuring with a slinky. No one does their accounts in bitcoins. No one takes a fixed number of bitcoins as tax. No one has any sense of how to price anything in bitcoins. So every business that takes bitcoins sets their price in some normal currency and converts it to bitcoins based on the exchange rate. I was recently had the same experience buy McDonalds in Dubai using euros - the price is in dirhams, they just let me pay a fluctuating number of euros. Until prices are set in bitcoins, the value won't be sticky and bitcoin will be volatile. Note that the same can be applied to gold - no longer are prices set in ounces of gold, so it's no longer a unit of account and that makes it a volatile store of value.
A Final Concern - The trust model could fall victim to economic success
Should Bitcoin ever become wildly successful, the job of mining will become increasingly competitive. Since there is no differentiation in the work, the mining winners will be those organizations able to do the work most cost effectively. This will be great for transaction costs. However, in all cost driven markets, the industry inevitably consolidates into a very small number of very large organizations. In Bitcoin this could subvert the whole trust model. If one player was able to gain 51% of the computing power, it could effectively set the rules, and that would subvert the whole point of the technological innovation that started this.
Bitcoin is a very clever technology. The system has a remarkable amount of security built in - bitcoins in accounts are safe from confiscation from both outside and inside the system. The safety of the official confirmed history of transactions rests not in one organized, but in the whole community of users, making it difficult to attack and also difficult for minority views to change the system. Some security concerns remain - to me the principal one is the vulnerability to temporary outages. A determined persistent attacker, such as a major government, could make Bitcoin unviable.
As an asset, Bitcoin profits from a strictly capped deflating supply. As an asset, I think Bitcoin will keep to its supply plans - as those controlling the system stand to gain the most from keeping it that way. Bitcoins suffer, however, from having no production use, uncertain and volatile value.
As a currency Bitcoin mostly fails. Prices aren't sticky, so the value will stay volatile, and there's no reason to do accounting in bitcoins.
Bitcoin is also fascinating experiment in digital transaction systems. I have no doubt that the lessons learned in the experience will have significant impact on all kinds of payment systems - from 'digital wallets' to phone-to-phone payments to other full blown virtual currencies. For developing nations trying to break into international trade, Bitcoin provides a very real, very efficient option to the expense of building a mature financial system. Even for individuals, it could serve as a much cheaper way to make international payments, putting it in competition with PayPal (EBAY). Bitcoin could easily beat banks and viably compete with other remittance services.