Bitcoin

• Require a unit of work to do a task

• Send email

• Access a website

• Process a transaction Why?

• Prevent spam

• Prevent denial of service attacks

• Rate-limit the network HashCash

• Find a partial pre-image of a hashed value.

• Hashcash: SHA-1

• Bitcoin: SHA-256

• Hashcash: at least the first 20 digits (out of 160) need to be 0

• Bitcoin: at least the first T digits (out of 256) need to be 0

• Question: what security properties does this have? Merkle Tree From previous classes

• Byzantine consensus

• Hash function

8 9 10 11 Bitcoin

• Bitcoin is a public, digital, decentralized currency. • Public

• Every transaction (past or current) can be read by anybody. • Digital

• There are no bills, only bits to represent transactions. • Decentralized

are mined, not minted, by a collection of actors, not a central bank.

• Anybody can create an account and receive bitcoin.

• Anybody can try to mine bitcoin.

• Rules are set by computer code and changed upon a consensus of the actors.

12 Cash vs. Digital Cash

• Properties of traditional cash • Properties of digital cash

• Anonymous • Pseudo-anonymous

• Transferable • Transferable

• No transaction fees • Very low transaction fees

• Total money supply expendable, • Total money supply fixed, set set by central bank by protocol.

13 Why Scammers Use Bitcoin

• Lower fees (more profit for criminals)

• Large userbase (compared to other digital currencies)

• Easy to get (can exchange Bitcoin for cash on the street)

• Distributed system (no Bank of Bitcoin to forcibly shut down)

• Less direct regulatory oversight (anti-money laundering efforts only on some endpoints)

14 Bitcoin

Give green 0.25 BTC

0.25 BTC

15 Merkle Tree Block Header

• version

• previous block header hash

• merkle root hash

• time when miner started hashing the header

• nBits (representation of difficulty level)

• nonce Mining

• https://www.youtube.com/watch?v=GmOzih6I1zs

• Hashcash

• Difficulty set by speed of network

• Once solution is found, broadcast block to network

• If valid, mining begins on merkle root including the block

• Otherwise, everybody ignores it. Mining Pools

• Miners group together to share rewards, divide the work

• Lowers the variance for revenue.

• Centralization in a decentralized network 51% attack

• Attacker owns more than half of the miners

• Doublespend: Reverse transactions that he sends while he's in control.

• Prevent some or all transactions from confirming

• Prevent other miners from mining any blocks Block Withholding Attacks

• if we gain a lead:

• withhold blocks mine on private chain

• else if lead shrinks, but is still at least alpha:

• reveal blocks to keep abreast with public chain

• else if lead drops below alpha:

• reveal all blocks mine on public chain

Spam attack

• Fill up the blockchain with small, insignificant transactions

• Prevent others from transacting Mempool Confirmed Transactions Blockchain Size Theft of Bitcoin

• “Be your own Bank”

• Steal the keys, steal the bitcoin forever

• Bad passwords

• Bad randomness

• Bad security hygiene Sybil Attack

• Single adversary controls a lot of nodes

• From these nodes, can carry out a 51% attack Blacklisting

• Stop transactions from being processed to/from a node Fungibility

• Each Bitcoin is worth the same amount as every other Bitcoin

• Does this property hold? Questions

• With the rise of 51% attacks:

• why? to what end?

• when will this stop?

• What are the points of centralization in this network?

• Is this inevitable?