One of the most asked questions and worry is about the possibility to forge bitcoin. What does this mean exactly? Basically this means: is it possible to create a Bitcoin (or a fraction, better a coin) from the thin air or double spending an existing one? In another words, can an attacker create mathematically coins from nothing or reuse an already spent coin? This is an important concern because if this would be possible, all the network stability would be at risk.

This is a very interesting question and we should analyze how coins are tracked on the bitcoin protocol.

What a transaction creates

When we make a bitcoin transaction we basically use outputs from a previous transaction (or more than one) as inputs to create a new transaction. The transaction may only be valid if created using unspent transaction outputs (utxo) as inputs. This last sentence is very important, do not forget it.

Outputs are finite and integer amounts of satoshis. A satoshi is the smallest denomination of bitcoin.

One of the most important tasks that full nodes must do is, infact, to track all the unspent outputs across the bitcoin network in order to be sure that no one is going to spend already spent outputs.

By what we have just told, we immediately understand that the balance of a wallet is nothing more than the sum of all unspent outputs that can be spent by the private key associated to that wallet. And the wallet can track and calculate this amount by scanning the blockchain for that purpose.

How a transaction spends coins

All the unspent outputs (utxos) of a wallet can be spent all entirely. This means that an utxo can be spent only as a whole and in case that its value is bigger than what is needed, a change can be returned back to the sender. So when a transaction is prepared, the wallet defines utxos that have to be spent (defining the inputs) and creates the outputs to the recipient; these can be used for future transactions by the recipient. In such a way the transaction is build and the value is moved forward from an user to another in a chain of connected transactions. Transactions create new utxos in favor of the recipient spending existing utxo from the sender. For this reasons, utxo cannot be created from thin air, because must match those requirements and must be found into the utxo set.

Going a bit more in deeper, we can say that a scriptPubKey is a locking script that is put as a condition for the recipient to spend the coin. In the same way the scriptSig is a (unlocking) script which must be provided to satisfy the conditions from the scriptPubKey.

For those reasons when a user is going to spend an utxo, he must define inputs which are pointing to the utxo which is going to be spent. At the same moment the scriptSig must be provided for unlocking the condition imposed by the scriptPubKey of that coin (as coming from the sender).

What a full node does

Bitcoin full nodes verify (even if not only) all the transactions, check if a transaction is legitimate or it is trying to double spend an amount (as if someone might forge bitcoin). Infact when an user receive a coin, it must arrive from the utxo set, so it must arrive from the spendable units belonging to the sender user.

Even more important, the full node must verify the blocks and check if the subsidy is correctly created. The subsidy, which is the amount of bitcoin created per block by a miner, must fulfill the protocol. This is very important because bitcoin created from the mining process (as the reward to the miner) do not come from a previous transaction, but are created in that moment as minted.

All above explains how the security is managed in bitcoin protocol and therefore that is not possible to forge bitcoin. This also important to understand why bitcoin is considered so secure and so advanced compared to many other cryptocurrencies. Moreover this security is created and managed by a decentralized network of peers.