Müller, Neumair, Reiser, Dreo Rodosek (Hrsg.): 11. DFN-Forum KommunikaTionsTechnologien, LecTure NoTes in InformaTics (LNI), GesellschafT für InformaTik, Bonn 2018 1 TheBitcoin Universe: An Architectural Overviewofthe BitcoinBlockchain Paul Mueller1,2,SonjaBergsträßer2, Amr Rizk2 andRalf Steinmetz2 Abstract: On January 2009,the emergenceofBitcoin surprised Theworld wiTh anew idea involving decentralized secure money transfersoutside Theecosystem of FIAT currencies.The concepts behind TheBitcoin architecture Theblockchain can,however,beextendedto amuch widerrange of economicassetsthan just digitalcurrencies. In general, ablockchainisadistributed, verifiable database,which operates Through aconfluenceofpublic-keycryptography, Theconceptofproof of work and P2P-systems. In Thefollowing article, adetailedoverviewofthe concepts underlyingthe Bitcoinarchitectureis given. Theecosystem as awhole is discussed, starting wiTh some historical aspects. We consider The cryptographicbackgroundasgiven here,asthisarticle discussesmainlythe basicconcepts forkey generation. Here,wefocus on Theconceptoftransactionsinthe scope of Bitcoinwhich we break down into single attributes such as Thelocking andunlocking scripts. BoTh,the mining processand Theconsensusmechanism areexamined. Furthermore, Thedrawbacksofthe wholesystemand The proposed remedies to Thesevia Bitcoin Improvement Proposals(BIP) areoutlined. Finally, we addressseveral applications based on Theblockchain as well as Thequestionofanonymity. Keywords: Bitcoin, blockchain,proof-of-work (PoW), Bitcoin keys,Transactionsscripts,Mining, Consensus, Bitcoindrawbacks, Bitcoin applications 1Introduction The“bigbang” of TheBitcoin blockchain took placeon January 3rd,2009, when Thefirst Bitcoinblock,the genesisblock,was established at 18:15:05 GMT.The genesisblock is Theonly blockin Theblockchain which is hard-coded wiThin Thesource code of Bitcoin, raTher Than Theresultofthe mining process. However, Thestory of Bitcoin started in 2008, when Thedomain name “bitcoin.org” wasregistered anonymously.The basicideas of The blockchain were Then published3 by “Satoshi Nakamoto”on Friday,October 31st,4 2008 at 18:10:00 UTCunderthe title“Bitcoin: APeer-to-PeerElectronicCashSystem” [SN08]. Theauthor(s)ofthisdocumentis/arestill unknown. Thecomplexity of TheBitcoin ecosystem comes from it aims,i.e., That is That anyone should be able to writeto TheBitcoin blockchain,and That Thereshouldbenocentralized 1 University Kaiserslautern, Integrated CommunicationSystems Lab(ICSY), Paul Ehrlichstraße34, 67663 Kaiserslautern,[email protected] 2 TU Darmstadt, KOM Multimedia Communications Lab, Rundeturmstraße 10, 64283 Darmstadt, {Vorname.Nachname}@KOM.TU-Darmstadt.de 3 hTtp://article.gmane.org/gmane.comp.encryption.general/12588/ 4 Halloween 2 Paul Mueller, SonjaBergsträßer, AmrRizkand Ralf Steinmetz control. TheBitcoin ecosystemcan be viewed as anetwork of replicated databases, where each databasecontains ThesamelistofpreviousBitcoin transactions.Fullnodes (nodes who runs Thefullstack of TheBitcoin protocol) of Thenetwork arecalled “miners”,and Thesepropagate “transaction data”(payments)and “block data”(additions to Theledger). Each miner independently checks Thetransaction and block data passed to it.There are rules in place(TheBitcoin protocol) to make Thenetwork operatesasintended. The complexity of TheBitcoin architecture arises from its aims,which aretobedecentralized, That is,tohavenosinglepoint of control,and to be highly secure andanonymous. This hasinfluenced how Bitcoin hasdeveloped.All blockchain ecosystems need not have The same mechanisms,especiallyifparticipants can be identified andtrusted to behave (e.g. in aprivate blockchain). Theoutline of This paperisasfollows: Firstly,several historical remarks aremade; These arefollowed by adescription of Thearchitecturaldesignprinciplesinvolved. This description starts wiTh Bitcoin keys,followedbyadetailed descriptionoftransactions and Themining process, andfinisheswith adiscussion of Theconsensusapproach used in Bitcoinand Thevulnerability of This architecture.Next, ThedrawbacksofBitcoin architecture aredescribed,followed by countermeasuresto Thesedrawbacks as put forwardinBitcoinImprovementProposals (BIP). Thelastchapter concerns Bitcoin applications,where some concrete applications areintroduced.In Theconclusion of The paper, we discussthe questionofanonymity. 2The ArchitectureofBitcoin WiTh respecTTothe architecture (see Fig. 1) of TheBitcoin blockchain,several important design aspectsmustbetaken into account: 1. TheBitcoin application itself 2. Theroleofnodes constitutingthe overallblockchain network, and Thenode discoveryprocess 3. Transactions,which makeup Theblocksrunning in Thenodes 4. Thesecurity implementation That generatesthe blocks 5. Theprocessofaddingnew blocks to Thechain. Theblockchain itself runs on anetwork of distributed servers.The core applicationisa transactiondatabase modeled as asecure ledger. This is shared by allnodes(servers) That run Thefullstack of TheBitcoin protocol.Itisthus adecentralized transactionsystem acting as ahighlytransparent ledger. Anyfullnode runningthe blockchain protocolruns Theentireblockchainlocally. The BiTcoin Universe 3 After installing Thefullstack of Thesoftware, Theblockchain client syncsupwith TheoTher nodesin Thenetwork,in apeer-to-peer fashion [SW05].Hence,thatnodemaintains all Bitcointransactions (or anyoTher applicationrunning on Theblockchain). Theintegrity and chronologicalorderoftransactions (and Theaddressesowning Thecurrency)are enforced by cryptographic rules. Fig. 1: TheBitcoin Architecture Thenodesin Theoverall network useapeer-to-peer IP network to processand verify transactions.Nodes That have Thesame blocks in Theirindividual databasesare considered to be in consensus[DW13]. 2.1The Design of theBitcoin Blockchain We now takeacloserlook at TheBitcoin blockchain.Asmentioned above, Thefirst block of TheBitcoin blockchain wasnot aresultofthe Bitcoin consensusmechanism (mining) but washard-coded into Thesource code.Itisaspecial case,in Thesense That it doesnot referenceaprevious block, and for Bitcoin and almost allofits spinoffs,itproduces an unspendable subsidy(for adetailed descriptionofthe genesisblock,see hTtps://en.bitcoin.it/wiki/Genesis_block). At leastone parameter of TheGenesis blockisworthadeeper look.The “coinbase parameter”(codedinhex)contains, along wiTh normal data,the following text: “TheTimes 03/Jan/2009 Chancelloron brinkofsecond bailout forbanks” This may be intended as proof That Theblock wascreated on or after January3rd,2009,as mentionedabove;itcould alsoforman argument for anew currency, duetothe instability caused by traditionalbanking. 4 Paul Mueller, SonjaBergsträßer, AmrRizkand Ralf Steinmetz Anotherarchitecturaldesigndecisionwas Thelimited total number of Bitcoins,resulting from Thespeed of mining (evaluating) anew blockand Therewardthataminer canearn from Themining process. On average, anew block is mined every10 minutes (regardless of Thetechnology used,asdiscussed later),and Themining reward at Thebeginning of The system was50Bitcoinsper block. Theblock reward is halved everyfour years(or every 210,000 blocks on average).Asimple calculation showsthaTThere will be atotal of 21 million Bitcoins availableasrewardfor miners. Anotherdesign decisionwas Theblock size.Currently, Theblock size is restricted to 1MB (on average),and oneblock cantherefore coveraround 4000 transactions wiTh an average size of 250 bytes.Thisresults in an overallrateofabout seven transactions perseconds (tps). Compared to PayPal (around200 tps) andVISA(4,000–40,000tps), This is afairly lowrate. An examinationofhTtps://blockchain.info/ givesinformationonhow many transactions arecurrentlyincludedin each block, alThough Thereare some blocks wiTh only one transaction, meaningthaTThe miner includednotransactions exceptfor Theirown reward transaction5. 2.2The StepsofaBitcoinTransaction Transactions can be broadcast by anynodein Thesystematany time.The decision on which transactions of Thosebroadcasted to be included in anew block is dependenton The node (the miner)runningthe proof-of-work (PoW) algorithm, sincethe minersare responsible for pickingatransactionfromthe so-called mem-pool whereall validated transactions6 arestored, groupingthemand including Them in Theblock.The selectionof transactions by Theminer depends on Thetransaction fee(Thestandard feeis1.000 Satoshi =10µBTC=0.01 mBTC =0.0001 BTCper kB), which forms arewardfor Theminer’s effortsinadditiontothe coinbase reward.The priority of pickingupatransaction depends on Theminer;in general, miners preferlargerfees and smaller transactions,and often prioritize in This way. Transactionportions That is notspent towards recipientofback to Thesenderare included as afee.Fees arepaid to miners andcan be used to increasethe speed of transaction confirmationbyincentivizing miners to prioritize Thetransaction(s). To initiate atransaction, ausermustgeneratethe necessary Bitcoinkeys(seeFig.2), starting wiTh arandom256-bitprivate key(seeStep1). This privatekey is needed to sign atransaction andthus transfer (spend) Bitcoins.The elliptic curve DSA algorithmisthen used to generate a512-bit public key from Theprivate key(seeStep 2). This publickey is used to verify Thesignature for atransaction, although Thepublickey is notrevealeduntil atransaction is signed. Sincethe 512-bitpublickey is inconveniently large,itishashed down to 160 bits usingthe SHA-256 andRIPEMDhash algorithms (see Step 3). 5 hTtps://blockchain.info/block-height/315076 6 validated