How to create a new virtual currency, part 1
By Demir Selmanovic, lead technical editor at Toptal, a company that provides freelance engineering talent, including virtual currency engineers.
Bitcoin created a lot of buzz on the Internet. It was ridiculed, it was attacked, and eventually it was accepted and became a part of our lives. However, bitcoin is not alone. At this moment, there are over 700 “altcoin” implementations which use principles similar to bitcoin.
So, what do you need to create something like bitcoin?
Without trying to understand your personal motivation for creating a decentralized, anonymous system for exchanging money/information (but still hoping that it is in scope of moral and legal activities), let’s first break down the basic requirements for our new payment system:
- All transactions should be made over the Internet.
- We do not want to have a central authority that will process transactions.
- Users should be anonymous and identified only by their virtual identity.
- A single user can have as many virtual identities as he or she likes.
- Value supply (new virtual bills) must be added in a controlled way.
Fulfilling the first two requirements from our list, removing a central authority for information exchange over the Internet, is already possible. What you need is a peer-to-peer (P2P) network.
Information sharing in P2P networks is similar to information sharing among friends and family. If you share information with at least one member of the network, eventually this information will reach every other member of the network. The only difference is that in digital networks, this information will not be altered in any way.
You may have heard of BitTorrent, one of the most popular P2P file sharing (content delivery) systems. Another popular application for P2P sharing is Skype, as well as other chat systems.
The bottom line is that you can implement or use one of the existing open-source P2P protocols to support your new virtual currency, which we’ll call "Topcoin."
To understand digital identities, we need to understand how cryptographic hashing works. Hashing is the process of mapping digital data of any arbitrary size to data of a fixed size. In simpler words, hashing is a process of taking some information that is readable and making something that makes no sense at all.
You can compare hashing to getting answers from politicians. Information you provide to them is clear and understandable, while the output they provide looks like a random stream of words.
There are a few requirements that a good hashing algorithm needs:
- Output length of hashing algorithm must be fixed (a good value is 256 bytes).
- Even the smallest change in input data must produce a significant difference in output.
- The same input will always produce the same output.
- There must be no way to reverse the output value to calculate the input.
- Calculating the hash value should not be compute intensive and should be fast.
If you take a look at the simple statistics, we will have a limited (but huge) number of possible hash values, simply because our hash length is limited. However, our hashing algorithm (let’s name it Politician256) should be reliable enough that it only produces duplicate hash values for different inputs about as frequently as a monkey in a zoo manages to correctly type "Hamlet" on a typewriter!
When signing a paper, all you need to do is append your signature to the text of a document. A digital signature is similar: you just need to append your personal data to the document you are signing.
If you understand that the hashing algorithm adheres to the rule where even the smallest change in input data must produce a significant difference in output, then it is obvious that the hash value created for the original document will be different from the hash value created for the document with the appended signature.
A combination of the original document and the hash value produced for the document with your personal data appended is a digitally signed document.
And this is how we get to your virtual identity, which is defined as the data you appended to the document before you created that hash value.
Next, you need to make sure that your signature cannot be copied, and no one can execute any transaction on your behalf. The best way to make sure that your signature is secured is to keep it yourself, and provide a different method for someone else to validate the signed document. Again, we can fall back on technology and algorithms that are readily available. What we need to use is public key cryptography, also known as asymmetric cryptography.
To make this work, you need to create a private key and a public key. These two keys will be in some kind of mathematical correlation and will depend on each other. The algorithm that you will use to make these keys will assure that each private key will have a different public key. As their names suggest, a private key is information that you will keep just for yourself, while a public key is information that you will share.
If you use your private key (your identity) and original document as input values for the signing algorithm to create a hash value, assuming you kept your key secret, you can be sure that no one else can produce the same hash value for that document.
If anyone needs to validate your signature, he or she will use the original document, the hash value you produced, and your public key as inputs for the signature verifying algorithm to verify that these values match.
How to send money
Assuming that you have implemented P2P communication, mechanisms for creating digital identities (private and public keys), and provided ways for users to sign documents using their private keys, you are ready to start sending information to your peers.
Since we do not have a central authority that will validate how much money you have, the system will have to ask you about it every time, and then check if you lied or not. So, your transaction record might contain the following information:
- I have 100 Topcoins.
- I want to send 10 coins to my pharmacist for the medication (you would include your pharmacist's public key here).
- I want to give one coin as a transaction fee to the system (we will come back to this later).
- I want to keep the remaining 89 coins.
The only thing left to do is digitally sign the transaction record with your private key and transmit the transaction record to your peers in the network. At that point, everyone will receive the information that someone (your virtual identity) is sending money to someone else (your pharmacist's virtual identity).
Your job is done. However, your medication will not be paid for until the whole network agrees that you really did have 100 coins, and therefore could execute this transaction. Only after your transaction is validated will your pharmacist get the funds and send you the medication.
This is a function performed by miners who do the computationally-intensive work of the validity of each and every transaction requested by users. The role of the miners will be explored in the second installment of this two-part series on creating a virtual currency.
Demir Selmanovic Demir Selmanovic is the lead technical editor at Toptal, a company that provides freelance engineering talent, including virtual currency engineers. www