A wallet stores the information necessary to transact bitcoins. While wallets are often described as a place to hold[93] or store bitcoins, due to the nature of the system, bitcoins are inseparable from the blockchain transaction ledger. A wallet is more correctly defined as something that "stores the digital credentials for your bitcoin holdings" and allows one to access (and spend) them.[7]:ch. 1, glossary Bitcoin uses public-key cryptography, in which two cryptographic keys, one public and one private, are generated.[94] At its most basic, a wallet is a collection of these keys.
Lightweight clients consult full clients to send and receive transactions without requiring a local copy of the entire blockchain (see simplified payment verification – SPV). This makes lightweight clients much faster to set up and allows them to be used on low-power, low-bandwidth devices such as smartphones. When using a lightweight wallet, however, the user must trust the server to a certain degree, as it can report faulty values back to the user. Lightweight clients follow the longest blockchain and do not ensure it is valid, requiring trust in miners.[96]

A wallet stores the information necessary to transact bitcoins. While wallets are often described as a place to hold[93] or store bitcoins, due to the nature of the system, bitcoins are inseparable from the blockchain transaction ledger. A wallet is more correctly defined as something that "stores the digital credentials for your bitcoin holdings" and allows one to access (and spend) them.[7]:ch. 1, glossary Bitcoin uses public-key cryptography, in which two cryptographic keys, one public and one private, are generated.[94] At its most basic, a wallet is a collection of these keys.

Transactions are defined using a Forth-like scripting language.[7]:ch. 5 Transactions consist of one or more inputs and one or more outputs. When a user sends bitcoins, the user designates each address and the amount of bitcoin being sent to that address in an output. To prevent double spending, each input must refer to a previous unspent output in the blockchain.[77] The use of multiple inputs corresponds to the use of multiple coins in a cash transaction. Since transactions can have multiple outputs, users can send bitcoins to multiple recipients in one transaction. As in a cash transaction, the sum of inputs (coins used to pay) can exceed the intended sum of payments. In such a case, an additional output is used, returning the change back to the payer.[77] Any input satoshis not accounted for in the transaction outputs become the transaction fee.[77]
Cameron and Tyler Winklevoss, the founders of the Gemini Trust Co. exchange, reported that they had cut their paper wallets into pieces and stored them in envelopes distributed to safe deposit boxes across the United States.[101] Through this system, the theft of one envelope would neither allow the thief to steal any bitcoins nor deprive the rightful owners of their access to them.[100]
Because of bitcoin's decentralized nature and its trading on online exchanges located in many countries, regulation of bitcoin has been difficult. However, the use of bitcoin can be criminalized, and shutting down exchanges and the peer-to-peer economy in a given country would constitute a de facto ban.[167] The legal status of bitcoin varies substantially from country to country and is still undefined or changing in many of them. Regulations and bans that apply to bitcoin probably extend to similar cryptocurrency systems.[168]
The overwhelming majority of bitcoin transactions take place on a cryptocurrency exchange, rather than being used in transactions with merchants.[138] Delays processing payments through the blockchain of about ten minutes make bitcoin use very difficult in a retail setting. Prices are not usually quoted in units of bitcoin and many trades involve one, or sometimes two, conversions into conventional currencies.[32] Merchants that do accept bitcoin payments may use payment service providers to perform the conversions.[139] 

There is ongoing research on how to use formal verification to express and prove non-trivial properties. A Microsoft Research report noted that writing solid smart contracts can be extremely difficult in practice, using The DAO hack to illustrate this problem. The report discussed tools that Microsoft had developed for verifying contracts, and noted that a large-scale analysis of published contracts is likely to uncover widespread vulnerabilities. The report also stated that it is possible to verify the equivalence of a Solidity program and the EVM code.[41]
Blockchain analysts estimate that Nakamoto had mined about one million bitcoins[28] before disappearing in 2010, when he handed the network alert key and control of the code repository over to Gavin Andresen. Andresen later became lead developer at the Bitcoin Foundation.[29][30] Andresen then sought to decentralize control. This left opportunity for controversy to develop over the future development path of bitcoin, in contrast to the perceived authority of Nakamoto's contributions.[31][30]
×