Published by Mario Oettler on

Let us assume Alice owns a certain amount of digital money. Let’s call this a coin. We explain later where those coins come from. But for now, we just assume Alice owns it.

If Alice wants to send a coin to Bob she creates a transaction which says: I allow Bob to spend this coin. This permission is called unspent transaction output.

Owning a coin basically is the permission to spend a coin granted from the previous owner. And a transaction is to grant this permission to another user. And if Bob wants to send this coin to Chris he creates a transaction that takes this unspent transaction output (UTXO) as input and says: I allow Chris to spend this coin.

Chris would now check if Bob had the right to spend this coin at all. She would need to find out that Alice allowed Bob to spend her coin. This goes all the way down till the first owner (in our case Alice).

You might think that this is really difficult, particularly if a coin is spent many times. And yes, checking the whole chain would take a lot of time. But there is a solution where you only need to check the last step. Once that unspent transaction output is referred it cannot be spent again (referred to by another transaction). This is enforced by the so-called miners that enforce the rules.

If Bob wants to send a coin further to Chris, he now has to ask Chris to tell him her address first. He then creates a new transaction pointing to the transaction from Alice, which is now his coin. and says:

The owner of the secret key (Chris’s secret key) corresponding to this address (Chris’s address) is allowed to spend this coin, meaning to create another transaction. He proofs that he is allowed to spend this coin by signing his transaction with his secret key.

You can imagine a bitcoin transaction consisting of two parts:

  1. Inputs
  2. Outputs

The output is also called locking script. It contains the conditions under which the coins (=UTXO) may be spent.

The input is a reference to another unspent transaction output (UTXO). It contains the transaction hash and the index of the UTXO. The input section also contains the proof that the transaction creator is allowed to spend the UTXO that is referred.

In the following example, Alice wants to send 2.5 BTC to Bob. She creates a transaction, that refers to another transaction (5ab195b…) and an index. She provides her signature to proof that she is allowed to spend the UTXO.

In her output section, she says that the holder of the key to the address 147QWY… is allowed to spend this 2.5 BTC. This address belongs to Bob.

If Bob wants to send these coins to Chris, he refers to the transaction 305fa1.. and the output index 0. He provides its signature to proof that he is the key holder of address 147QWY….

So far, we have solved the identification issue by replacing names with addresses and secret keys. But we haven’t solved the double-spend problem yet.

Sending Fractions of a Coin

In Bitcoin, UTXOs can be spent only completely. It is not possible to spend fractions of it. You can imagine that like a 10 Euro bank note. If you want to pay only 7 Euro, the teller gives you 3 Euro back.

In Bitcoin, you have to give a change address. This is where the coins go that you don’t want to send to the receiver. For the change address, you hold the private key.

In our picture, Alice has 10 Bitcoins and wants to send 3 BTC to Bob. So, she creates a transaction with one input worth 10 BTC and two outputs (recipients). One recipient is Bob (3 BTC), and the other one belongs to her (7 BTC).

Spending multiple coins

Similarly, it is possible to send multiple coins to on Output. This is useful, if you want to pay 2.5 BTC but have only on UTXO of 2 BTC and another one with 0.5 BTC available. Again, you can imagine this like coins in you purse.

The transaction says, Bob is allowed to spend 2 BTC from UTXO {5a195b…,0} and 0.5 BTC from UTXO {15497ca…,2}.