How Bitcoin Works: the Tech Explained

Bitcoin ownership rests on public-key cryptography. A wallet generates a private key — a very large, effectively unguessable random number — and from it derives a public key and one or more addresses (the strings you share to receive funds). The relationship is one-directional: going from private key to address is trivial, but reversing it is practically impossible. Whoever controls the private key controls the coins — the literal meaning of "not your keys, not your coins."

An address is not a balance-holding account; it is closer to a lock. Coins sent to it are locked to it, and only a valid signature from the matching private key can unlock and spend them. A signature proves you hold the key without ever revealing it.

Address formats you will encounter

• Legacy (P2PKH) — starts with 1. The original format; still valid but larger and costlier to spend.
• SegWit — starts with 3 or bc1q. Lower fees and better efficiency.
• Taproot (P2TR / bech32m) — starts with bc1p, from the 2021 Taproot upgrade. Uses Schnorr signatures and improves privacy and the efficiency of complex spending conditions.

Seed phrases and backups

Rather than backing up every private key individually, modern wallets show a seed phrase (usually 12 or 24 words) from which all your keys and addresses are deterministically generated. Whoever has the seed phrase has the wallet. Write it down offline, store copies securely, and never type it into a website or share it — legitimate services will never ask for it.

Multi-signature: requiring more than one key

For larger holdings, a single key is a single point of failure. Multi-signature (multisig) setups require several keys to authorize a spend — for example a "2-of-3" wallet, where any two of three keys must sign. This guards against both theft (an attacker needs several keys, often in different places) and loss (you can lose one key and still recover funds). It is widely used by businesses, custodians, and serious cold-storage holders, with keys split across hardware wallets, locations, or trusted co-signers. The trade-offs are added complexity and having to back up every co-signing key plus the wallet configuration; test any setup with a small amount first.

A note on "two-factor authentication"

Multi-factor authentication (MFA) on an exchange or custodial app protects your login to that service — not the underlying coins, which the custodian still controls. MFA and multisig solve different problems. Use strong, unique passwords and an authenticator app (rather than SMS where possible) on any account, but remember that true self-custody security comes from controlling the private keys yourself, ideally on hardware kept offline.

A Bitcoin transaction is a signed message that reassigns ownership of coins. Crucially, Bitcoin does not track balances; it tracks unspent transaction outputs (UTXOs) — discrete chunks of bitcoin locked to particular spending conditions. Your wallet "balance" is simply the sum of all UTXOs you can unlock.

Inputs and outputs

Every transaction consumes one or more existing UTXOs as inputs and creates new UTXOs as outputs. It works like cash: to pay 0.7 BTC from a single 1 BTC UTXO, you spend the whole UTXO and create two outputs — 0.7 BTC to the recipient and about 0.3 BTC back to yourself as "change," minus the fee. This is why a wallet accumulates many small UTXOs over time.

Signatures and verification

To spend a UTXO, the owner attaches a digital signature created with the relevant private key. Every node independently checks that:

• the inputs reference real, unspent outputs;
• the signatures satisfy those outputs' spending conditions;
• the inputs are worth at least as much as the outputs (no money created from nothing); and
• the same UTXO is not spent twice.

If any check fails, honest nodes reject the transaction. No central party performs this validation — everyone does, which is what makes the network trustless.

Fees and the mempool

The difference between total inputs and total outputs is the transaction fee, paid to whichever miner includes the transaction. Pending transactions wait in each node's mempool, and because block space is limited, fees act as an auction: higher fees generally confirm faster when the network is busy. Fees are measured in satoshis per virtual byte (sat/vB), so a transaction's cost depends on its data size, not the amount being moved.

Bitcoin Script and "smart contracts"

Each output carries a small program in Bitcoin Script, a deliberately limited, stack-based language defining the conditions for spending. The common case simply requires "a valid signature from this key," but Script can express richer rules: multisig, time locks (spendable only after a certain block or date), and hash locks (released when a secret is revealed). These programmable conditions are Bitcoin's form of smart contracts.

One misconception is worth correcting: Bitcoin smart contracts are not written in Solidity, and Bitcoin is not Ethereum. Bitcoin Script is intentionally not Turing-complete — it cannot loop indefinitely — favoring predictability and security over open-ended programmability. Taproot lets complex spending conditions stay private unless actually used, and layers such as the Lightning Network build on Script's time and hash locks for fast, low-cost off-chain payments. So Bitcoin supports automated, condition-based transfers, but within tighter limits than general-purpose contract platforms.

If transactions are individual messages, the blockchain is the shared record of which ones happened and in what order. It is a chain of blocks, each bundling a batch of confirmed transactions with a small header of metadata.

How blocks link together

Every block header contains a cryptographic hash of the previous block. A hash is a fixed-length fingerprint produced by the SHA-256 function; change even one bit of the input and the output changes completely and unpredictably. Because each block commits to the one before it, the blocks form a tamper-evident chain: altering an old transaction would change that block's hash and break the link in every block that followed. To rewrite history, an attacker would have to redo the work for that block and all later ones faster than the rest of the network adds new blocks — an enormous and growing cost.

Each block also summarizes its transactions into a single Merkle root in the header, which lets lightweight wallets confirm a transaction is included without downloading the whole block — the basis of the Simplified Payment Verification (SPV) used by many phone wallets.

Decentralized, append-only, and confirmations

The blockchain is not stored in one place. Thousands of full nodes worldwide each keep a complete copy and independently enforce the rules. New blocks can be appended, but existing history is, for practical purposes, permanent — there is no delete or edit. This is what people mean by calling Bitcoin immutable: not that change is mathematically impossible, but that rewriting confirmed history becomes prohibitively expensive as more blocks pile on top.

When your transaction first lands in a block it has one confirmation; each later block adds another. Because reversing it means out-pacing the whole network across every block on top, more confirmations mean more security. Many services treat a few confirmations as final for everyday amounts and require more for large transfers. Block times average about ten minutes but vary because mining is probabilistic.

With no central authority, who decides which valid block comes next? Bitcoin's answer is proof-of-work mining, the consensus mechanism that turns electricity and computation into agreement.

What miners actually do

Miners gather pending transactions into a candidate block, then race to find a number called the nonce that makes the block's header hash fall below a target set by the network. Because hash outputs are unpredictable, the only way to find one is to try astronomically many combinations — trillions of guesses per second across the network. This trial-and-error is the "work" in proof-of-work. The first miner to find a valid hash broadcasts the block; other nodes verify it instantly (checking a hash is cheap; finding one is hard) and, if valid, build on it.

Difficulty adjustment

The network targets one new block roughly every ten minutes. As more computing power (hash rate) joins, blocks would arrive faster, so Bitcoin recalculates the difficulty every 2,016 blocks (about two weeks) to hold the average near ten minutes — keeping block timing stable whether the network is large or small.

Block rewards and the halving

Mining is incentivized by two things: the block's transaction fees and a block subsidy of newly created bitcoin. The subsidy started at 50 BTC in 2009 and halves every 210,000 blocks — roughly every four years — in an event called the halving. After the April 2024 halving the subsidy is 3.125 BTC per block as of 2026, and the next halving (expected around 2028) will cut it to 1.5625 BTC. Halvings enforce a fixed supply: no more than 21 million BTC will ever exist, of which roughly 19.7 million had been mined by 2026. As the subsidy shrinks toward zero over the coming century, transaction fees are designed to become miners' primary reward. (These follow the protocol's fixed schedule; verify current values on any block explorer.)

Why proof-of-work secures the chain

The design makes honesty the most profitable strategy. To cheat — say, to reverse a payment and double-spend — an attacker would need a majority of the network's hash rate (a 51% attack) and to outpace everyone else, costing vast sums in hardware and electricity. Even then they could not steal coins they lack keys for or create extra bitcoin; the worst realistic outcome is reversing some of their own recent transactions. For nearly everyone, mining honestly and collecting rewards is far cheaper.

Nodes always treat the valid chain with the most accumulated proof-of-work as authoritative. When two miners find blocks almost simultaneously, the network briefly sees competing tips but converges as the next block extends one. This simple rule — follow the chain with the most work — is how a leaderless network of strangers agrees on a single shared history.

Is Bitcoin actually anonymous?

What happens if I lose my private key or seed phrase?

Why do transactions sometimes take a long time or cost a lot?

Does Bitcoin support smart contracts like Ethereum?

Can the supply of Bitcoin be increased beyond 21 million?