The superpowers of a Bitcoin user

Let us briefly recap what we have discussed so far. We have a large distributed network of nodes and miners that collectively follow a protocol of cryptography- and communication methods, allowing them to reach an agreement on what bitcoin transactions have take place. Each node maintains its own identical copy of this bitcoin blockchain and it is incredibly easy to verify whether the data that a node presents is indeed legit.

We now have a publicly available money that is not controlled by anybody, cannot be taken down because of the sheer size and worldwide distribution of its network of individual nodes, and for which its history - meaning what transactions have taken place and thus who owns what - cannot be altered, accept by actually transacting bitcoin. Furthermore, the money has a predefined and unalterable monetary policy that limits the amount of bitcoins that will ever be in circulation to just short of 21 million, and it has full transparency on how the remaining supply of bitcoin is going to be issued.

One of the open questions that we posed at the start of this How does Bitcoin work? segment was this:

How do we ensure that only the owner of an address can send bitcoin from it, if other people are the ones adding transactions to the ledger? And how do we ensure an owner cannot send more than the amount of bitcoin they own?

We know that nodes pass user transactions to miners, miners group these transactions together in blocks, and the blocks with transactions get added to the blockchain database of each node when a miner can show proof of work. What prevents a node or miner from creating a transaction sending bitcoin from an address that they do not own? They are the ones that can determine what goes into the blocks, so how come they cannot just add transactions from other users paying bitcoin to themselves?

This is because the protocol that the Bitcoin network runs also requires bitcoin transactions to meet certain criteria. Let's touch on the most important of these criteria for when a transaction is or is not considered valid.

Note Bitcoin doesn't actually work with users. Bitcoin works with addresses, and more specifically public addresses. The transactions that are included in the blocks do not say Alice sends 0.1BTC to Bob, like shown earlier. They actually say something more like 3b1uf8ja37hakD... sends 0.1BTC to 3b1haJBd83bsj... instead. __ Bitcoin can be send to a public bitcoin address and bitcoin can be send from a public bitcoin address. You can think of this like an email address. Everybody can send an email to it, and only the owner can send an email from it. One person could have access to many different public addresses, and one public address could be shared by multiple people. Bitcoin does not deal with users, it only deals with addresses. A block of transactions looks a little more like the image shown below.

Transactions are from public address to public address, shown truncated here.

The first criteria that the protocol has for whether a transaction is valid is pretty obvious. That is that an address should never be able to send more bitcoin than it owns. The simplified explanation is that whenever a transaction is submitted and shared over the network, nodes basically look at all the bitcoin that address has received, all the bitcoin it has send, and thus are able to verify whether that address still has enough bitcoin left.

The second criteria that the protocol uses for verifying submitted transactions is also very obvious but is more technical in nature. That is, an address can only send bitcoin from it, if the owner of the address has signed off on it. This is incredibly important of course and should be absurdly secure, because only the person that owns an address should be able to spend its bitcoin. If not, then we are introducing trust and security issues, and take away the sovereignty of truly owning one's own money.

Every transaction that is included in a block therefore needs to have a valid signature generated by the owner. The owner does this with something called a private key. The private key can be thought of as the password to an email address. It allows the owner of the email address to verify that they are indeed the owner. In a similar fashion, each public address has an associated private key, and this private key is what allows a user to prove that they are the real owner of the public address. Only the owner of the private key associated with the public address can send bitcoin from it.

Only ownership of the associated private key allows for the sending of bitcoin from a public address

Warning These keys are for example purposes only. They may not exist, be valid, or be matching. Please do not send bitcoin to these addresses or use them in any way.

The upcoming two videos are going to give you a much better idea of what this looks like under the hood but the short of it is that anytime a user submits a transaction to send bitcoin from an address, she signs the transaction with her private key. Just as nodes are able to verify that a miner has spend a lot of work by looking at their proof without having to have to redo the work themselves, nodes are able to verify that the signature for a transaction can only have been generated if the associated private key was used without having to see the private key itself.

This is how we can prevent anybody sending bitcoin from an address that they do not own, or more specifically, that they do not have the private key for. And it is this, combined with the decentralized, censorship-resistant nature of the bitcoin network, that gives an owner of bitcoin full control over their own money. If a user employs proper key management - meaning they keep their private key secure and use good public address rotation -, they have gained access to the first censorship- and seizure-resistant digital money in history. They can send value from anywhere in the world to anywhere in the world without permission and without anybody able to stop or confiscate it, and the money that they are holding cannot be debased by a central party deciding to create more of it.

This is an incredible superpower and a life-saver to hundreds of millions of people.

Warning This private key-public address relationship is what allows truly sovereign ownership of bitcoin. Only the owner of the private key has access to her own bitcoin. There is nobody else who can get in via some backdoor. However, this also has very important implications for how you decide to use Bitcoin. If you do not actually own your private keys, or you lose them, you do not own the bitcoin of the public address. Not your keys? Not your bitcoin. We will discuss this in more detail when going through the different ways you can use Bitcoin in a later segment.