Blockchain & Bitcoin: The Mathematics

Strip away the hype and blockchain is a chain of cryptographic data structures protected by hash puzzles. Every node in the Bitcoin network independently verifies the same mathematics — hash functions, Merkle trees, elliptic curve signatures — to agree on a single transaction history without trusting anyone.

1. Cryptographic Hash Functions

Bitcoin uses SHA-256 (Secure Hash Algorithm, 256-bit output). A hash function maps arbitrary-length input to a fixed-length output with these properties:

Deterministic: Same input → same output, always
Fast: Computing H(x) takes microseconds
Pre-image resistance: Given H(x), finding x is computationally infeasible (requires ~2²⁵⁶ guesses)
Collision resistance: Finding x₁ ≠ x₂ where H(x₁) = H(x₂) requires ~2¹²⁸ trials (birthday bound)
Avalanche effect: Changing one bit of input flips ~50% of output bits

SHA-256("Bitcoin") = b4056df6691f8dc...(64 hex chars = 256 bits) SHA-256("bitcoin") = 6b88c087247aa2...(completely different)

Bitcoin applies SHA-256 twice: SHA-256(SHA-256(block_header)). This double hashing prevents length-extension attacks and is a design choice from Satoshi's original protocol.

2. Merkle Trees

Each block contains thousands of transactions. Instead of listing them all in the block header, Bitcoin builds a Merkle tree — a binary tree of hashes:

Leaf nodes: hash of each individual transaction
Internal nodes: hash of concatenation of two children. H(AB) = SHA-256(H(A) || H(B))
Root: a single 32-byte Merkle root that commits to all transactions in the block

This allows Simple Payment Verification (SPV): to prove a transaction is in a block, you only need log₂(N) hashes (a "Merkle proof"), not the full block. For 4,000 transactions, that's 12 hashes × 32 bytes = 384 bytes instead of the full block (~1–2 MB).

Tamper detection: Changing even one transaction changes its leaf hash, which propagates up and changes the Merkle root. Since the Merkle root is in the block header, it changes the block hash, which breaks the chain — all subsequent blocks would need re-mining.

3. Proof of Work

The block header contains: version, previous block hash, Merkle root, timestamp, difficulty target, and a 32-bit nonce. A block is valid if and only if:

SHA-256(SHA-256(block_header)) < target The "target" is a 256-bit number. The smaller the target, the harder the puzzle. Finding a valid nonce requires brute force: try nonce=0,1,2,... Expected trials = 2²⁵⁶ / target

There is no shortcut — the only way to find a valid hash is to guess. This is why mining requires enormous computational power. The current Bitcoin network hash rate (2025) is ~700 EH/s (700 × 10¹⁸ SHA-256d per second). Total energy consumption: ~100 TWh/year.

Once a miner finds a valid nonce, broadcasting the block is trivial — any node can verify the hash in microseconds. This asymmetry (hard to produce, easy to verify) is the foundation of proof-of-work security.

4. Difficulty Adjustment

Bitcoin targets 10-minute block intervals. Every 2,016 blocks (~2 weeks), the protocol recalculates the difficulty:

new_target = old_target \times (actual_time / expected_time) expected_time = 2016 \times 10 min = 20,160 min If blocks arrived every 8 min: ratio = 16,128/20,160 = 0.80 \to target decreases by 20% \to difficulty increases Maximum adjustment per retarget: \times4 up or \times0.25 down

This negative feedback loop keeps block time near 10 minutes regardless of how much hash power joins or leaves the network. When China banned mining in 2021, hash rate dropped 50% overnight — difficulty adjusted down over 3 retargets, and block times stabilised within 6 weeks.

5. ECDSA: Digital Signatures

Every Bitcoin address is derived from an elliptic curve public key. Bitcoin uses the secp256k1 curve:

Curve: y² = x³ + 7 (mod p) p = 2²⁵⁶ - 2³² - 977 (a 256-bit prime) Generator point G is a fixed point on the curve Order n \approx 2²⁵⁶ (number of points on the curve) Private key: random integer k \in [1, n-1] (256 bits) Public key: P = k\cdotG (elliptic curve scalar multiplication) Finding k from P is the Elliptic Curve Discrete Logarithm Problem (ECDLP) — computationally infeasible with classical computers.

To spend Bitcoin, the owner signs the transaction with their private key using ECDSA (Elliptic Curve Digital Signature Algorithm). Any node verifies the signature using only the public key. The signature proves ownership without revealing the private key — this is the core authentication mechanism.

6. Byzantine Fault Tolerance

The Byzantine Generals Problem (Lamport, 1982): how do N distributed parties agree on a decision when up to f of them may lie or act maliciously? Classical theory proved that consensus requires N ≥ 3f+1 honest participants — a majority assumption.

Bitcoin's breakthrough (Nakamoto, 2008) reframes the problem: instead of counting identities (which can be Sybil-attacked), attach a computational cost to each vote. A block is a "vote" that cost real energy to produce. An attacker needs >50% of the network's total hash power to produce a longer chain — the 51% attack.

The longest chain rule: nodes always consider the chain with the most cumulative proof of work as the valid chain. This probabilistic consensus converges exponentially: after 6 confirmations (~60 min), the probability of a transaction being reversed by an attacker with 10% hash power is less than 0.001%.

P(attacker catches up from z blocks behind) = 1 if q ≥ p = (q/p)^z if q < p where p = honest hash rate fraction, q = attacker fraction z=6, q=0.10: P = 0.10^6 ≈ 0.000,001

7. Game Theory & Mining Economics

Mining is an economic game. A rational miner mines honestly because:

Block reward: Currently 3.125 BTC (after April 2024 halving). Halvings occur every 210,000 blocks (~4 years). Total supply: 21 million BTC (reached ~2140).
Transaction fees: As block rewards shrink, fees become the dominant incentive. Average fee in 2025: ~$2–$10.
Cost of attacking: To sustain 51% of hash power would cost ~$10 billion in hardware plus ~$20 million/day in electricity. The attacker's reward (double-spending) is usually less than the cost.

The Nash equilibrium is honest mining: defecting (trying to cheat) is strictly less profitable than cooperating. This game-theoretic security is what allows a trustless, permissionless network to function without any central authority.

Proof of Stake alternative: Ethereum switched to PoS in September 2022 ("The Merge"). Instead of computational work, validators lock up (stake) ETH as collateral. Malicious validators lose their stake (slashing). Energy use dropped ~99.95%. The mathematical security model shifts from hash-rate dominance to economic majority.