We know how to make a trustworthy ledger that cannot be tampered with by using hashes and proofs of work. We know that Bitcoin uses such a ledger—called a blockchain—to model digital currency. How?
A naive implementation of digital currency would have a ledger of who gave money to who. For example, let's say Pat, Chris, and Kelly all have $50 each in our new digital currency. Let's say that Pat pays $25 to Chris and $15 to Kelly and that Kelly pays $10 to Chris.
Here's how our ledger might look:
Source | Amount | Destination -------|--------|------------ INIT | $50.00 | Pat INIT | $50.00 | Chris INIT | $50.00 | Kelly Pat | $25.00 | Chris Pat | $15.00 | Kelly Kelly | $10.00 | Chris
Since we know how to keep such a ledger correct and tamper-free, we could use blockchain technology to manage our digital currency.
Since this is currency, however, we need there to be a finite supply of it or the money system breaks down. We need to make sure that when money changes hands, it only does so once and that no one can spend the same money twice, which is called the double-spending problem.
For example, let's say Pat has given Chris $45, leaving Pat with $5. Pat then wants to pay both Kelly and Aidan $5. If this were physical currency, that couldn't happen, since there would be only $5 physically in existence. With digital currency, someone could subvert the ledger and allow Pat to transfer $5 to both Kelly and Aidan:
If this were allowed, here's what the ledger would look like:
Source | Amount | Destination -------|--------|------------ INIT | $50.00 | Pat Pat | $45.00 | Chris Pat | $5.00 | Kelly Pat | $5.00 | Aidan
Even if we've used hashes as described, and have done the proof of work to ensure the ledger hasn't been subverted, we've found a new way to subvert the system. The ledger is clearly wrong because it's allowed Pat to spend money twice. Although the ledger itself doesn't know that it's tracking digital currency, we do, and we've allowed it to become subverted.
This means that we can have a completely trustworthy ledger that allows people to spend money multiple times.
If we alone maintain the ledger, then we must be trusted to not introduce bugs like this, and must be trusted to keep the ledger safe and correct. If we become corrupted or go out of business, the money we're tracking for everyone will become unstable or worthless. That's not good.
We could prevent this by distributing the ledger far and wide. We could encourage hundreds, thousands, or even millions of people to maintain a copy of the ledger and update it with new transactions.
Because the ledger uses a blockchain to keep it correct and tamper-free, anyone could examine any of the millions of copies of the ledger to see if it had been tampered with.
New transactions would need to be accepted by a majority of people keeping a ledger, and that transaction would create a new ledger that is viewed as the source of truth. Transactions against the old ledger would be invalid. As long there is a clear majority on what the canonical ledger is, the system works.
As an example, if Pat wants to pay Kelly $5, the process would be as follows:
- Someone books an entry in their ledger that Pat paid Kelly $5.
- That entry will require proof of work against the latest entry in the distributed ledger.
- Once that work is done, the transaction is submitted to the other ledger-holders.
- The other ledger-holders will examine it for: correct hash, valid proof of work, and correctness of the transaction, i.e. that it is not double-spending. If all criteria are satisfied, they accept this transaction as legitimate.
- Once a majority of ledger-holders accepts the transaction, it becomes real—subsequent transactions must be booked against this new entry.
Step #4 is the key to preventing double-spending. Let's see how that would work.
In our example above, Pat has only $5, and wants to spend it twice: giving $5 to Kelly and also giving it to Aidan.
Click to embiggen
Since any newly accepted transaction requires subsequent transactions to be against the new one, we can't accept two transactions at once.
So, suppose the work for booking the $5 to Kelly completes first and is accepted by the majority of ledger-holders. The official copy of the ledger now includes this transaction:
Click to embiggen
When the work for the second transaction to Aidan completes, it will be out of date, since it no longer refers to the latest entry in the ledger. Ledger-holders won't be able to accept it, since it will corrupt their ledgers, so it is rejected. The transaction must be restarted using the newly-accepted $5 payment from Chris to Kelly.
Click to embiggen
Since the ledger-holders can verify that Pat no longer has $5, even if the proof-of-work were correct, they won't accept the payment. They can do this because they can safely (and absolutely) trust their copy of the ledger.
Although an evil (or broken) ledger-holder could still choose to accept this transaction, the majority certainly would not, as it would create major problems in the money system. Thus, in order to subvert this new distributed system, you'd need to control a majority of the ledger-holders. The more widely-used the currency is, the less likely this is to happen.
This system closely mimics the way hard money works, i.e. possessing a physical thing that we all agree has value. If you have 10 pounds of gold, and the society you inhabit considered that valuable, you can use it to buy things. But, if the majority of people suddenly decide gold is worthless, you have nothing. The system only works because enough people agree that it works.
OK, so that's how we can use an append-only immutable ledger to create a reliable digital currency. What else could we do with this?