A Basic Introduction to Bitcoin Transactions
.. and the bizarre consequences they engender
itcoins are, as every currency since the dawn of money, meant to be a tool of exchange, of transaction between people or entities. However, whereas transactions in most modern currencies are quite straight forward (especially those in cash) bitcoins are a lot more complex. There is no physical bank note, nor a central entrusted entity which holds your wealth and acts as middle man. In bitcoins, all the transactions are entirely public, and you, with any average computer, can join in and be part of the verification network. So how can it all work?
Let’s start with a simple metaphor. You’re going to a shop, and you have a few coins, say 50¢, 20¢, 20¢. You want to buy a single banana, at the fruity cost of 80¢. You give your three coins, and get a banana and 10¢ back. Looking only at the money flow, you have just made a transaction in which the inputs were the three coins you gave, and with two outputs: 80¢ to the shop, and 10¢ back to you.
The concept of transaction input and output is fundamental to understanding bitcoins. If you think about it, from the day they were forged, those coins have been going from transaction to transaction, from owner to owner. Before being yours, they were owned by someone else, maybe the ice-cream truck down the road.

When using coins, the proof that you currently own the coin is trivial and immediate: you physically have them in your hand. In bitcoins, on the other hand, the way you prove that you own some amount of bitcoin, is by showing previous transactions made to a certain person, and proving that this person is you. (The details of proving the ownership are detailed below)
So, in this sense, you can only ever spend bitcoins of which you can prove to be the recipient from previous transactions. Therefore, you don’t ever physically “hold” bitcoins, there isn’t a bitcoin-bank account with a balance; what you own is stored as the list of outputs of transactions which were made to you (or rather, to your address), and which have not already been spent. As such, it is very much like owning cheques of which you are the recipient. You can’t cut a cheque in half and have two cheques of half the value, can’t glue two together, or anything like it, but you can combine them during a transaction, and if there’s more than what you actually need to pay, get the change back.
Therefore, at the end of your transaction with the shopkeeper, the 10¢ change is stored in the bitcoin network as one of those “outputs of transaction” stated below, and you’ll be able to use them in a future transaction by referencing back to it, and proving you’re the owner.

Addresses and ownership
I’ve referenced addresses and ownership a few times now, but how do these work? As mentioned earlier on, there is no such thing as a bitcoin bank account in which you deposit money. Instead, what you own is the sum of all the currently unspent transaction outputs made to you (i.e. to your address). But what are these addresses? And how do I prove that I am the owner of the address, and not some fraudster trying to steal money?
Keeping it simple, in cryptography there are algorithms which allow the creation of pairs of public and private keys. Importantly, one private key is associated to only one public key, and vice versa. Furthermore, in bitcoin, there are also addresses, which are generated directly from the public key.
But how do you use them? Well, turns out that due to the way they are generated, they have some very important properties, which we’ll now see. There is a cryptographic process which allows you to create a “digital signature” for any piece of information (e.g. text, sound, image..) using your private key. This signature can come in different form, but usually it will look like a long series of seemingly random letters and numbers. But the interesting part is that the public key can be used to prove that the signature was made using the private key associated to it.
For example, suppose you want to send a message, for instance “I hereby pay 3$ to John”. You would take this sentence, sign it using your private key, and then show your public key as proof that it is you who wrote the message. Now the network looks at your balance, and accepts the transaction if you have enough balance.
But that would be too easy.. there is no bank account balance, in bitcoins, so what do you do? This is where what we learned earlier about addresses comes in handy. As previously mentioned, transactions are made to an address. Now an address is directly connected to a public key, which is directly connected to a private key. Therefore, you can prove that a transaction was made to you, by proving that you own the public key. And how do you do that? By signing the transaction with your private key.
Mind blown, eh? So coming back to the shopkeeper’s example. What you’d do is take the three unspent transactions made to your address, sign each one with your private key, and use them as input, providing to the network the three transaction references as well as the newly generated signatures. You have now proved that you owned the unspent amounts, the network can verify this using the public key you gave, and will therefore validated the transaction.
The interesting implication of the day
Now if you thought this was a bit strange, get ready for what comes next. As we’ve seen, you can have (nearly) as many inputs and outputs in a bitcoin transaction as you wish. These outputs do not necessarily need to go to the same person, as we’ve seen with the shopkeeper example where there were two recipients, yourself and the teller. But, more interestingly, the inputs can come from different sources too!
Each transaction input is seen as an independent part, with its address and value. So in theory, you could agree about a transaction with someone, hand them a partially completed transaction with your inputs already “signed” (i.e. verified) by yourself, and the person could add their extra inputs, and then send the final transaction to the network for processing! In practice, this really only happens if a single person possesses multiple addresses and needs to combine transactions from both, but it’s still and interesting thought.