[brbsix]

    If you own 2 BTC, there aren't specific Bitcoins that are marked for you.

If you mine 2 BTC, you posses the private keys to two very specific BTC (unspent outputs) on the blockchain. No one else may spend them without the private keys.

If you own 2 BTC in an exchange then it is true that you are unlikely to own any specific 2 BTC but that's an entirely different subject. At that point you don't really own them.

[beefield]

Out of curiosity, as I do not know enough details:

1. Alice owns one BTC

2. Bob owns one BTC

3. Both send their BTC to Charlie

4. Charlie sends one BTC to David

Question: Is there unambiguous way to define whether David got the BTC originally owned by Alice or the one owned by Bob? If yes, how? If no, doesn't that mean that there exist no specific bitcoins anywhere?

[brbsix]

Yes, absolutely. I'm not sure why I have been downvoted for this, as I haven't exactly said anything revelatory.

However I just want to give an obligatory caution that this is a very contrived answer. In the real world it can be difficult, there are typically many inputs and outputs to a transaction (and we are rarely able to associate names with addresses). There exists an entire field devoted to this called blockchain analysis or chainanalysis.

You can see for yourself. Choose any address on the BTC blockchain. See the transactions it has been involved in. You can inspect inputs and outputs. Here is an example: https://www.blockchain.com/btc/address/1CUTyyxgbKvtCdoYmceQJ...

[thesausageking]

Your link contradicts what you're arguing for. Note that the block explorer only shows "total sent", "total received", and "final balance", not which specific coins.

If your wallet has 10 BTC in it and you send someone 1 BTC, there is no way to know which one of the 10 Bitcoins was sent. It is literally not part of the implementation of Bitcoin.

[brbsix]

I have Electrum open, with the "Coins" tab visible. I see a lengthy list of unspent transaction outputs (UTXOs) which I am referring to as coins. These are coins that I have received. I can very easily craft a transaction with specific coins. I can select the coins that my friend Bob sent me last year and send those specific coins to my friend Dylan. https://bitcoinelectrum.com/how-to-spend-specific-utxos-in-e...

Admittedly that link was a terrible example. Block Explorer only shows the address associated with the transaction input but if you want to see the origin of specific coins regardless of whether an address is being reused, you can get the information from the "list of inputs" field in the raw transaction.

In this overly contrived example with single input transactions, if Dylan wants to recurse up tx inputs to the tx between Bob and me in order to verify that he received some of the same coins, he can do the following:

    uptx(){
        curl -sS "https://api.blockcypher.com/v1/btc/main/txs/$1" | jq -r .inputs[0].prev_hash
    }

    uptx "$(uptx f57cd4acc4b67d819f78d6cd7f17d1dded436735a6c7765afe40269581d2098a)"
    > 32c8f56bbee2b79f71b285697f3b41990091ddc37b667aeb4cb83c1d7be2a847

[cesarb]

Yes. What you think of as a "specific Bitcoin" doesn't actually exist; what exists is an "unspent transaction output", which can be used as an input for a new transaction if certain conditions are met. So what really happens in your example scenario is:

1. Alice knows the private keys corresponding to one or more unspent outputs of transactions, with a total value of 1 BTC;

2. Bob knows the private keys corresponding to one or more unspent outputs of transactions, with a total value of 1 BTC;

3. Both create new transactions, specifying one or more of their formerly unspent outputs as inputs to the new transaction, and Charlie's address (which is a hash of a public key) as one of the outputs of the new transaction, that output having the value of 1 BTC;

4. Charlie creates a new transaction, with David's address as one of the outputs, having the value of 1 BTC. Note that, at this point, Charlie can chose which of the unspent outputs will be used as the input for the new transaction. It can be the output from Alice's transaction, it can be the output from Bob's transaction, it can be the output from some other transaction, or it can even be a combination of them: the transaction could have both Alice's and Bob's outputs as inputs, and have two outputs, one going to David, the other going to a new address (which can be a "change address" on the same wallet, or an address belonging to someone else).

[john_alan]

> Is there unambiguous way to define whether David got the BTC originally owned by Alice or the one owned by Bob?

Yes. BTC is completely traceable. You can follow the TXOs