Bitcoin wallets provide a layer of abstraction for us so that we can use words that are comfortable to us (such as address and bitcoin) that don't actually exist at the protocol level. This makes it easier to talk about transferring control over value with phrases such as "Please send 1.2 bitcoins to my address" instead of needing to understand what is actually happening in the blockchain or at the protocol level.
This means that when you start reading about or looking at the protocol, concepts that you thought you understood suddenly don't make sense.
A transaction with the bitcoin protocol doesn't have any addresses, and there aren't any actual things that can be called "bitcoins" that are used in the transaction. Instead the blockchain is a ledger of entries where each entry is a "transaction" and a transaction consists of two lists:
- A list of "inputs" - these supply value to the transaction. Each input is simply a reference to an "output" somewhere earlier in the ledger along with some data that satisfies the requirements which the output was encumbered with. If the requirements aren't met, then the transaction is invalid. If the requirements are met, then the value assigned to that output is available for the transaction to use in it's own outputs.
- A list of "outputs" - these encumber the value that was provided to the transaction with new requirements that must be met for these outputs to be used as inputs to some other transaction. Each output is simply a value and some data that defines the requirements that must be met to use that value.
Any remaining value that was supplied to a transaction that was not accounted for in the list of outputs is then available for the miner to claim as a "transaction fee" when they add the transaction to the block they are mining. A transaction can only be in the blockchain in a single block. Once it is in a block in the blockchain, it is invalid for any other miner to re-include the transaction in another block later in the blockchain.
If an output has
not yet been referenced as an input into any transaction that is in the blockchain, then that output is called "
unspent". Once an
output is referenced in a list of inputs in a transaction in the blockchain, that output is called "
spent" and can never be used in a transaction again.
This is why transactions have "change" outputs. Lets say you have a single output valued at 2 bitcoins. You create a transaction that lists that output as its only input and provides the signature that the output requires for spending it. This supplies 2 bitcoins of value to the transaction and if your transaction gets confirmed (included in a block in the blockchain) that 2 bitcoin output is then "spent" and can never be used in an input list again. Your transaction also has an output that is given a value of 0.5 bitcoins. This output is encumbered with a requirement of a signature generated with the private key that your friend owns (in other words, you've just "sent 0.5 bitcoins to your friend"). That leaves 1.5 bitcoins of value in the transaction that you haven't accounted for yet in your list of outputs. You can't spend the 2 bitcoin output anymore since it is now considered to be "Spent". Your wallet can either leave the transaction like this (in which case you have just paid a 1.5 bitcoin transaction fee) or, before it sends the transaction onto the network, it can add a second output to the list of outputs in the transaction. This second output can be assigned a value of 1.4999 bitcoins and be encumbered with a requirement of a signature generated with a private key that your wallet has control over. If it does that, then the remaining 0.0001 bitcoins of value that aren't accounted for become the "transaction fee", and there is now a new unspent output valued at 1.4999 bitcoins that is available for you to reference in the next transaction that you create.