Coin analogy

From Bitcoin Wiki
Jump to: navigation, search

Since the time of Bitcoin's creation, the coin analogy has been used to help understand Bitcoin transactions. Everyone trying to understand Bitcoin's technology should know it.

The coin analogy

Let's say that you've received bitcoins in three distinct transactions of 1 BTC, 3 BTC, and 5 BTC, and these are the only transactions your wallet has received. So your wallet now contains 9 BTC. Your wallet is also said to contain three coins: each incoming transaction creates one coin, regardless of the value. Your wallet contains a 1BTC coin, a 3BTC coin, and a 5BTC coin. Imagine them as physical gold coins with different sizes.

For now, assume no transaction fees. If you want to send someone 4 BTC, then you can do it in one of two general ways:

  • You can melt down the 1BTC coin and the 3BTC coin, and use it to re-mint a single 4BTC coin, giving this coin to the recipient.
  • You can melt down the 5BTC coin, and use it to re-mint one 4BTC and one 1BTC coin, giving the 4BTC coin to the recipient and keeping the 1BTC coin as change.

You can not somehow leave the 5BTC coin where it is and "break off" 4 BTC from it. When many people are first learning about Bitcoin, instead of this coin analogy, they imagine an analogy involving address balances, which is incorrect and causes no end of confusion. The incorrect balance analogy goes like this: each address works like a bank account number and has so many BTC assigned to it; when you send BTC, you debit the sending address's balance and credit the receiving address's balance. Although thinking in this way will sometimes sort-of make sense, Bitcoin absolutely does not work like this, and if you think like this then you will have a large number of subtle misunderstandings. For example, people who think in this way are often mystified by the concept of change outputs.

Returning to transaction fees, it's like a little bit of gold that gets left in the smelting machinery. Later on, the miners sweep through and collect all of the fees in a block into a single new coin.

Addresses are like locks on vaults which hold one more more coins. They set the conditions under which someone can take the coins out. When you send a coin to an address, you are constraining the coin. The most common condition is "the person controlling the private key associated with this public key hash can spend it". If you send coins to a single address on more than one occasion (this is not recommended), then there are two coins with the exact same constraints; however, the coins remain separate, and spending one does not affect the other.

Your wallet then is a collection of vaults, each constrained by different locks (ie. addresses). Inside of those vaults are a number of coins, each representing a variable amount of BTC. This depends on the wallet, but generally when you spend BTC from a wallet, it will choose fairly randomly/arbitrarily from all of the coins in the wallet when deciding which coins to melt down, and will not pay much attention to the addresses constraining each coin -- the wallet is capable of unlocking any of the vaults, after all.

Technical note: More precisely, it's the outputs of a transaction which create these coins -- a single transaction technically can create more than one coin for a single address or wallet, though this is a bit rare. Among Bitcoin experts, the term "coin" is sometimes used in the manner above, but to avoid confusion between these coins and the BTC unit of account, these objects are nowadays more commonly called unspent transaction outputs, or UTXOs.