I’m pleased to announce the release of Mastering Bitcoin, Third Edition, published by O’Reilly Media and co-authored by Andreas Antonopoulos and myself.

Where (and when) to get it

  • O’Reilly’s website offers a subscription service that gives you immediate access to our book and tens of thousands of other technical books, plus many additional resources. Subscribers had access to early release versions of Mastering Bitcoin as it was being written. I’m also currently in the process of writing almost 100 quiz questions for their site that will help test your understanding after every chapter (more about that later).

  • Ebooks should be available by mid-November.

  • Print books should be available by early December. You can pre-order them now on sites like Amazon.

  • Source code for the book text will be available from me under a CC-BY-SA license one year after publication of the print version, which is the earliest date allowed by my contract with O’Reilly. A version under a more restrictive license might be available sooner; I’ve given my permission for that to happen, but there are other rights holders involved.

I’ll update this section as additional information becomes available.

What’s New

It’s been six years since the publication of the previous edition of Mastering Bitcoin. The best parts of Bitcoin are the same, but there have been many improvements that make Bitcoin more secure, more scalable, and more private. The third edition describes some of those improvements:

  • Schnorr signatures are a powerful new way to authenticate Bitcoin transactions. We offer an intuitive explanation of how they work, inspired by Gregory Maxwell and Andrew Poelstra’s wonderfully simple description that starts with Claus Schnorr’s original interactive authentication protocol. We add details bit by bit until we arrive at the BIP340 standard implemented in Bitcoin today.

  • Scriptless multisignatures make it possible for an essentially unlimited number of people to create a single public key that can be spent by a single signature from all of them, massively increasing the scalability and privacy of Bitcoin. Schnorr signatures make scriptless multisignatures so easy that it only takes us a few paragraphs to intuitively describe their mathematical foundation. We then briefly describe the MuSig family of multisignatures that provide additional security against malicious co-signers.

  • MAST also massively boosts Bitcoin’s scalability and privacy by allowing an essentially unlimited number of conditions to be used in Bitcoin Script, with only the conditions that were satisfied needing to appear onchain.

  • Pay-to-Contract (P2C) is a method for modifying Bitcoin public keys that was first described in 2012 but doesn’t get talked about much. It allows receiving money to a private commitment that can either kept secret forever or proven publicly later. It’s as simple as it is powerful, so we’re able to describe it quickly.

  • Taproot combines the capabilities afforded by scriptless multisignatures, MAST, and P2C into a single protocol. Because we previously introduced each of those three foundational technologies, it’s very easy to explain how taproot works and how it provides Bitcoin users with a huge improvement in scalability, privacy, and fungibility.

  • Bech32 and bech32m are the new address formats introduced for segwit and taproot that make addresses much easier to use. We refresh the entire address section of the book. It now starts with Bitcoin’s original payment protocol based on IP addresses—possibly where Bitcoin “addresses” got their name—and works it way through base58check addresses to the improvements introduced in bech32(m).

  • Fee management was briefly described in earlier editions of the book, but with recent development of Bitcoin’s fee market we now go into much more detail. We describe both RBF and CPFP fee bumping. We also describe cases where they don’t always work (transaction pinning) and near-term partial solutions for contract protocols such as package relay.

  • Scriptless threshold signatures can be easily explained as a variation of scriptless multisignatures with one extra feature (verifiable secret sharing), which is exactly how Gregory Maxwell privately explained them to me and another developer several years ago when we were having trouble following development discussion. We again take our inspiration from him in providing a highly comprehensible explanation.

  • Compact block filters are a new way for lightweight clients to learn about transactions affecting their wallets. It’s more private for clients and less problematic for nodes. We describe the principles they’re based on using simple arithmetic and rolls of a pair of dice, giving readers a solid foundation before we look at implementation details.

  • Compact blocks simultaneously sped up block propagation and significantly reduced the bandwidth requirements to run a relaying full node. We describe how it works. We also describe the FIBRE block relay system that builds on compact blocks to provide even faster block relay among peers who can be trusted not to perform denial-of-service attacks against each other.

  • BIP8 and speedy trial are new ways to activate soft forks. We don’t go into much detail—I have no idea what we’ll actually use for the next soft fork activation—but we look at some of the activation method features that were widely discussed during the activation of taproot in 2021.

  • A new appendix is added after the copy of Satoshi Nakamoto’s original paper describing Bitcoin. The new appendix, whose addition was suggested by Matthew Zipkin, is a slightly updated version of my 2016 errata to the Bitcoin paper that describes differences between the version of Bitcoin described by Nakamoto and what was actually implemented by Nakamoto and later developers.

Who is this new co-author?

The book’s primary author, Andreas M. Antonopoulos, is known to almost all Bitcoiners. He’s given innumerable speeches, appeared on hundreds of podcasts, and made many videos in addition to writing several books about Bitcoin. Much of his work over the past decade has been focused on introducing people to Bitcoin for the first time, explaining how it works, and helping new users avoid costly mistakes. It’s not possible to count how many people he’s converted to Bitcoin or how many thousands of bitcoins he’s prevented from being stolen or lost through his timely advice.

The new co-author on the book, David A. Harding (that’s me!), has also been writing technical documentation about Bitcoin for about a decade, but I’ve focused on the much smaller number of people who work on developing and directly using the Bitcoin protocol, such as developers for Bitcoin Core, LN, and various wallet libraries. I’m best known as co-author of the weekly Bitcoin Optech newsletter. My goal has always been to make those devs just a tiny bit more effective over the long term so that the protocol will get to wherever it is going a little sooner.

For this book, we started with Andreas’s second edition text and an outline he created for the third edition. I made the outlined changes, plus some others that occurred to me along the way (or which were suggested by early reviewers). The final decision on all text appearing in the third edition was mine, so any problems are entirely my fault.

Updates

In addition to dozens of pages of new material, we’ve also made some substantial improvements to existing parts of the book.

  • Generalization of authorization and authentication: previous editions of the book described Bitcoin’s Script language, but new features of Bitcoin exist outside the scope of Script. For example, P2WPKH addresses and taproot scriptpath merkle proofs. We take a cue from a 2014 comment that Peter Todd sent me: we show the evolution of Bitcoin authorization and authentication from the version described in the whitepaper (pubkeys and sigs) to Bitcoin 0.1 (scriptPubKeys and scriptSigs) to segwit (witness programs and witness structure). This not only contextualizes each of the large number of different features involved in modern Bitcoin input verification but it makes clear why Bitcoin “scripts” and “programs” aren’t meant for arbitrary computation—they can be thought of as just really flexible public keys and signatures.

  • Terminology: Nakamoto gave us Bitcoin but, alas, he did not give us a consistent set of terminology. Bitcoin Core developers often use terms derived from the names of functions in their code base. Other developers use different terms. Happily, during the writing of the book, Mark “Murch” Erhardt proposed a BIP for recommended terms related to transactions. His BIP isn’t final yet, so it might change, but we updated every chapter of the book to use the recommended terms. We know other developers and technical writers who are making similar changes to their software and documentation, which we think will help everyone who works on Bitcoin.

  • Colored coins are now RGB and Taproot Assets: a section present since the original version of the book about colored coins has been updated to describe the two modern protocols for anchoring non-bitcoin transfers in the Bitcoin block chain. Both protocols depend on pay-to-contract (P2C), so our earlier description of that in relation to taproot means we only have to describe their other common building block: client-side validation.

  • More backup & recovery systems: six years ago, the book recommended a simple backup stack of BIPs 32/39/44. Today, there are a lot more options for backups, each providing a different set of reasonable tradeoffs. BIP32 still reigns supreme for deterministic key generation, but we go into different seed generation algorithms (e.g. BIP39 vs SLIP39 vs Electrum vs Aezeed, with a brief mention of Codex32), implicit paths (e.g. BIP44) versus explicit paths (e.g. descriptors), and also describe the importance of backing up wallet labels (h/t BIP329) and other data (like channel states).

  • Every transaction field: previous editions covered most of the fields contained within a transaction, but we’ve now dedicated an almost entirely new chapter to going through every field in a serialized transaction in order, explaining what they do. Unlike several other descriptions I’ve seen, we take a witness-native approach, treating the fields added for segwit as first class parts of a transaction and only mentioning at the end of the chapter which fields should be removed for legacy serialization.

  • Many small corrections and updates: I can’t count how many small things needed updating after so many years since the previous edition. However, there will undoubtedly be errors, omissions, and information that becomes confusingly outdated in the new edition, so I encourage any readers to also check the publisher’s errata page for the third edition.

  • BIPs: the previous appendix that listed all of the BIPs has been replaced with a slightly edited version of the Bitcoin Core document that lists which BIPs it implements. Some people think that all BIPs are standards recommended for general adoption by the development community, but a lot of BIPs are junk. We don’t want readers of the book to waste their time learning about junk. Bitcoin Core developers have only adopted the BIPs they think are useful for users of their software. That’s not a complete list of useful BIPs, but it’s a really good list that avoids any concern about us playing favorites.

What’s missing

Technical reviewers of the book included Mark “Murch” Erhardt, René Pickhardt, Olaoluwa Osuntokun, and Jorge Lesmes, each of whom provided incredible feedback. I did my best to address all of their concerns, but there were two substantial changes I didn’t have time to make:

  • Better integration of LN: the new edition mentions LN dozens of times throughout the text, examining how base-layer design affects second layer operation, but one reviewer correctly noted that we should have rewritten the first few overview chapters to better reflect how many people use LN-integrated wallets today.

  • Partially-signed Bitcoin transactions (PSBTs): although we mention PSBTs in the book, they are not described in any detail, which a different reviewer thought was a glaring omission given their importance across so many parts of Bitcoin today, from hardware signing devices to multiparty protocols.

I couldn’t agree more with both of those reviewer comments. It’s my hope that O’Reilly will be interested in producing a fourth edition a few years from now and that they will invite me back as co-author so that I can rectify both of those notable omissions.

On The Brink

I’m pleased to announce that all royalties I receive for Mastering Bitcoin, third edition will be donated to the 501(c)(3) non-profit, Brink. Brink currently provides grants to multiple developers working full time on Bitcoin Core.

I’ve previously served on Brink’s board and currently serve on its grant committee, in both cases as an unpaid independent member, and I’m happy to be able to contribute financially to its amazing team of developers. I don’t expect to receive a large amount of royalties—technical books are not typically huge sellers—but I’ll be keeping track of all my receipts and donations in a spreadsheet for transparency.

What other books do better

The first edition of Mastering Bitcoin was the first substantial printed documentation about how Bitcoin worked. In the years since, many other books have been published that tackle the subject in different ways. I’ve read a few of those that I thought were excellent and I think it’s worth comparing them to Mastering Bitcoin, third edition (MB3E). Obviously, this comparison is in my very biased opinion.

  • Grokking Bitcoin by Kalle Rosenbaum is a favorite of mine, and not just because Kalle asked me to write the foreward to it. One of the reviewer comments on MB3E was that it goes from a gentle overview of Bitcoin in chapters 1-2 to a suddenly much more technical book in chapters 3-5. (I think it smooths out starting in chapter 6.) By comparison, Grokking Bitcoin is a wonderfully smooth introduction to the concepts that underlie Bitcoin. It starts with a basic description of money that anyone can understand and then introduces ideas from computer science one at a time until you’re left with Bitcoin as money. It doesn’t go as far into specifics as MB3E and it isn’t currently as up-to-date as MB3E, but I’d highly recommend it either on its own or as a companion to MB3E.

  • The Bitcoin Standard by Saifedean Ammous is, to my knowledge, the best selling book about Bitcoin. It’s a book about Bitcoin’s place in history and economics, not about how Bitcoin works, but I had the pleasure of reviewing early drafts of it for correctness where it describes technical parts of Bitcoin’s operation (e.g. mining and payment batching). I think the book excels at showing how the market is always looking for the best form of money available. To the market, the best money is often the most widely used form of money, so the people who control the most widely used money can often include some level of anti-features in their money which personally enrich or empower them at the expense of other users of the money. But, if a new form of money comes around with fewer anti-features and some desirable new features, there’s a strong chance that the market will eventually move to that new money, turning it into the most widely used money. Bitcoin is poised to be that new money. Since MB3E is a technology book, we don’t cover any of that beyond some basic discussion about the 21 million BTC limit, so if you want a broader economic view on why Bitcoin could be really important, I suggest reading Saif’s book (but I hope you will also consider coming back to MB3E to learn how the technology works, as that’s really cool too).

  • Bitcoin: A Work In Progress by Sjors Provoost. A fantastic book with a title I’m jealous of not having claimed for myself. Sjors is a Bitcoin Core developer known especially for providing high-quality reviews on important proposed changes to the network’s most critical software. Each chapter of this book provides in-depth discussion about something that happened in Bitcoin in the past few years, making it part explainer and part history text. I love it. No significant previous knowledge of Bitcoin is required for Sjors’s book, so you can absolutely read it on its own, but if you’re looking for a book to read after MB3E—a book that’s fun but still technical—his book would be my recommendation.

  • Programming Bitcoin by Jimmy Song provides numerous exercises in building a wallet and using it to send and receive transactions. I also had the pleasure of providing technical feedback on early drafts of this book, and it was Jimmy’s recommendation of me that lead to my being selected as co-author for MB3E. Different people have different learning styles, and for a lot of programmers, the best way for them to learn is just by writing code to do the thing they want to learn. That’s where Jimmy’s book excels. If you want to learn, for example, address formats, Jimmy will have you writing code for base58check almost right out of the gate. If you want a wordier and more theoretical approach that doesn’t require coding, MB3E might be more your speed. For the best of both approaches, consider reading the books back-to-back: read MB3E straight through to see how the technology fits together; read Programming Bitcoin to cement your new knowledge by putting it into practice.

  • Mastering the Lightning Network is also co-authored by Andreas Antonopoulos along with Olaoluwa Osuntokun and René Pickhardt, both of whom were kind enough to provide detailed early reviews on MB3E. Mastering LN is sort of the sequel to previous editions of Mastering Bitcoin. It’s not possible to really understand modern Bitcoin development without also understanding at least a little bit about LN. In MB3E, we introduce LN early and mention it repeatedly throughout the book, but anyone who is serious about Bitcoin should at least consider skimming Mastering LN. Of all the Bitcoin books I’ve provided technical feedback on early drafts for, this was the one I had the least to criticize—it was accurate in almost every detail.

  • Bitcoin Development Philosophy by Kalle Rosenbaum and Linnéa Rosenbaum is an overview of how Bitcoin protocol developers think about the technology they help steward. If you come away from MB3E or any other book or resource thinking that you know how to improve Bitcoin, I would suggest reading the Rosenbaum’s overview before posting publicly. Most changes involve tradeoffs, but some of those tradeoffs are things that most developers and users don’t find interesting. For example, almost any aspect of Bitcoin can be improved by increasing the amount of trust placed in third parties, but most people don’t want that (especially in core protocols) out of concern that depending on third parties will ultimately put their bitcoins at increased risk of theft or censorship. I think the dev philosophy guide makes excellent reading after completing MB3E for anyone planning to continue into Bitcoin open source software development.

  • Onboarding to Bitcoin Core by Will Clark is an amazing document that describes all the major parts of Bitcoin Core. It’s a must read if you plan to start contributing to Bitcoin Core, but it’s also a compelling read to anyone trying to build a deep understanding of how Bitcoin technology works. I would definitely recommend reading MB3E or other introductory documentation about Bitcoin before reading the onboarding guide, but it you want to learn in a week what it would take you years to learn on your own about Bitcoin Core, I cannot recommend Clark’s guide highly enough. (Correction: an earlier version of this post attributed the onboarding guide to Matthew Zipkin; it is now correctly attributed to Clark. My sincerest apologies to both of them for my mix-up.)

Quiz questions

As I was finishing the book, O’Reilly began testing a new feature on their subscription site: an optional quiz at the end of each chapter of some of their books. I’ve written 5 questions for each chapter, plus 20 questions for the end of the book. These will only be available on O’Reilly’s site: they won’t be printed in the book.

Although the questions can all be answered using material in the book, some of the answers go into more detail than available in the book itself. In particular, many answers provide some historical context for past decisions made by Bitcoin developers, which I think may provide a nice reward for anyone who answers a question correctly.

The questions are also not just multiple choice but use a variety of features, including cloze deletions and image manipulations, making them cooler than some chapter-end quizzes you many have tried in the past.

As of the publication of this blog, I’m still working with the editorial team on the questions and answers, so they aren’t available online yet. I’ll update this section when they are.

Thanks

Many people from the publisher and the Bitcoin development community greatly assisted with the book. It would not have been possible for me to have updated it without their help. I thank several of them in the book itself, but there is one person who isn’t directly thanked in the book, who wasn’t paid by the publisher, and who doesn’t work on Bitcoin—but who was absolutely essential to my being able to work on the book:

Amanda, thank you for agreeing to let me take on this project. I significantly underestimated how long it would take and how much it would stress me out. That time was often time we were supposed to have together, and that stress was often stress you had to live with as much as I did. I feel like I have taken so much and given so little in return, even though you say it is otherwise. Thank you for all your support these past ten months and, most of all, for your love.

(Also, Amanda, I promise I’ll try to do better at keeping the house clean. :-)