Bitcoin Proof of Work
• Require a unit of work to do a task
• Send email
• Access a website
• Process a Bitcoin transaction Why?
• Prevent spam
• Prevent denial of service attacks
• Rate-limit the network HashCash
• Find a partial pre-image of a hashed value.
• Hashcash: SHA-1
• Bitcoin: SHA-256
• Hashcash: at least the first 20 digits (out of 160) need to be 0
• Bitcoin: at least the first T digits (out of 256) need to be 0
• Question: what security properties does this have? Merkle Tree From previous classes
• Byzantine consensus
• Hash function
8 9 10 11 Bitcoin
• Bitcoin is a public, digital, decentralized currency. • Public
• Every transaction (past or current) can be read by anybody. • Digital
• There are no bills, only bits to represent transactions. • Decentralized
• Bitcoins are mined, not minted, by a collection of actors, not a central bank.
• Anybody can create an account and receive bitcoin.
• Anybody can try to mine bitcoin.
• Rules are set by computer code and changed upon a consensus of the actors.
12 Cash vs. Digital Cash
• Properties of traditional cash • Properties of digital cash
• Anonymous • Pseudo-anonymous
• Transferable • Transferable
• No transaction fees • Very low transaction fees
• Total money supply expendable, • Total money supply fixed, set set by central bank by protocol.
13 Why Scammers Use Bitcoin
• Lower fees (more profit for criminals)
• Large userbase (compared to other digital currencies)
• Easy to get (can exchange Bitcoin for cash on the street)
• Distributed system (no Bank of Bitcoin to forcibly shut down)
• Less direct regulatory oversight (anti-money laundering efforts only on some endpoints)
14 Bitcoin
Give green 0.25 BTC
0.25 BTC
15 Merkle Tree Blockchain Block Header
• version
• previous block header hash
• merkle root hash
• time when miner started hashing the header
• nBits (representation of difficulty level)
• nonce Mining
• https://www.youtube.com/watch?v=GmOzih6I1zs
• Hashcash
• Difficulty set by speed of network
• Once solution is found, broadcast block to network
• If valid, mining begins on merkle root including the block
• Otherwise, everybody ignores it. Mining Pools
• Miners group together to share rewards, divide the work
• Lowers the variance for revenue.
• Centralization in a decentralized network 51% attack
• Attacker owns more than half of the miners
• Doublespend: Reverse transactions that he sends while he's in control.
• Prevent some or all transactions from confirming
• Prevent other miners from mining any blocks Block Withholding Attacks
• if we gain a lead:
• withhold blocks mine on private chain
• else if lead shrinks, but is still at least alpha:
• reveal blocks to keep abreast with public chain
• else if lead drops below alpha:
• reveal all blocks mine on public chain
Spam attack
• Fill up the blockchain with small, insignificant transactions
• Prevent others from transacting Mempool Confirmed Transactions Blockchain Size Theft of Bitcoin
• “Be your own Bank”
• Steal the keys, steal the bitcoin forever
• Bad passwords
• Bad randomness
• Bad security hygiene Sybil Attack
• Single adversary controls a lot of nodes
• From these nodes, can carry out a 51% attack Blacklisting
• Stop transactions from being processed to/from a node Fungibility
• Each Bitcoin is worth the same amount as every other Bitcoin
• Does this property hold? Questions
• With the rise of 51% attacks:
• why? to what end?
• when will this stop?
• What are the points of centralization in this network?
• Is this inevitable?