Bitcoin Digital peer-to-peer cryptocurrency Αλέξανδρος Αφεντούλ ς el0"#$0 %at& 'ail.ntua.gr Cryptography Bitcoin is heavily using crypto : ● Digital signatures – ECDSA is used, an elliptic curve variant of DSA ● Hashing – SHA-2 ! and R#PEMD-&!' are used #f we wanna make a distri+uted peer-to-peer currency with no central authority, we still have to trust so)eone... … let it be crypto. Digital signatures ● Digital signatures is an application of asy)metric cryptography ● $rove the authenticity (and integrity) of a piece of data. ● 1e use them every day in HTTPS, in soft(are packages and more. ● Alice owns some data. Creates a pair of pu+lic and private *ey. Digitally signs data with her private key. 3ives the data along with its digital signature to Bo+, ● Bo+ knows Alice's pu+lic key. Bo+ is able to verify that data is digitally signed +y Alice. Digital signatures Digital signatures & elliptic cur-e crypto ● #n Bitcoin, transactions are signed using ECDSA, i.e. elliptic curve DSA. ● Elliptic curve crypto is based on the difficulty of solving the discrete logarith) pro+lem over a certain elliptic curve. ● ECC's main advantage is considered to +e s)aller key si5e while )aintaining the same level of security with crypto +ased in pri)e factori5ation, ● Bitcoin is using Secp2 !*& elliptic curve, Has*ing ● Hashing functions take an arbitrary bloc* of data as input and return an output of fi6ed length. ● Have the following properties: – output is easily computed for any input – if input is slightly modified output will +e completely different – we can't (easily) find a collision, i.e. sa)e output for different inputs, ● Hashing functions are widely used in crypto, +ut also in other applications that require message integrity, ● Bitcoin uses SHA-2 ! (outputs 2 ! bits) and R#PEMD-&!' (outputs &!' bits0 /onetary problem+ Bitcoin -as any currency- has to solve some pro+lems : ● Dou+le-spending, Alice cannot send the same +itcoin to Bo+ and Charlie at the same time ● 8orgery, Alice cannot produce arbitrary amount of bitcoins, a hard pro+lem especially when currency is digital ● 9alidity of transactions, so)eone somehow has to guarantee the validity of the transactions, especially in a decentrali5ed network ● #nflation? Bitcoin ● #ntroduced by Satoshi Nakamoto back in 2''< with the relevant paper. Nakamoto also wrote an initial open source implementation of the idea in C++. ● Bitcoin is a protocol which enables the existence of distri+uted peer-to-peer digital currency. Transactions are almost free, al)ost instant and truly irreversi+le. ● Bitcoin is secured by cryptography ● Bitcoin is open source and nowadays developed +y a co))unity ● Has gained a lot attention +y a variety of people glo+ally ● Also, is now considered valuable... Bitcoin - ad1resses ● Bitcoin addresses can be seen as the “+ank account? of Alice. Alice's bitcoin address is where so)eone will send bitcoins to Alice. ● Alice can create arbitrary nu)+er of bitcoin addresses. Multiple +itcoin addresses consist a bitcoin wallet, ● Essentially bitcoin addresses correspond to the pu+lic part, of a pu+lic-private key pair. Alice creates such *ey pairs at will. ● A bitcoin address is in fact the hash of a ECDSA pu+lic key, Bitcoin - transactions ● A bitcoin transaction is a pu+lic stament that some +itcoins +elonging to Alice's bitcoin address are now belonging to Bo+'s +itcoin address, ● Every transaction is digitally signed with sender's private key, the pair of the pu+lic key which holds the coins, ● Every transaction is broadcasted through a network of peers, ● Each transaction will have to be validated by the so called 'miners4 (we'll talk later on about mining). 2ransactions are validated in a variable ti)e window of some minutes, ● 2ransactions are grouped in +locks, ● As long as a transaction is validated, it is part of the blockchain, Bitcoin - transactions Bitcoin – block+ & 0loc3chain ● %iners are trying to find bitcoin blocks which will include transactions waiting to be validated, ● A block contains an amount of bitcoin transactions which were at some point of ti)e validated, ● Every block, apart fro) transactions, contains a uni7ue identification of the previously found bloc*, ● Appro6imately every &' minutes a block is found, ● Thus a chain of +locks is created, the bloc*chain, Blockchain is essentially the complete history of every single transaction ever happened in the bitcoin net(ork . ● Blockchain is the serial binding of many +locks, Bitcoin - Mining ● %ining is the procedure of finding a bitcoin bloc*. ● %iners try to solve a hard proble), Finding a solution is hard but any solution can be instantly verified by the whole net(ork, ● %iner takes as input an amount of broadcasted transactions waiting to be validated and a unique identification of the last discovered bloc*, ● The problem is to find a hash of the above input with a specific nu)+er of leading '0'. The more zeros, the more difficult is the proble), Difficulty is adjusted by the net(ork, in order to have a solution every 10 minutes independently of the network's total hashrate. ● As long as a miner finds a solution, they broadcast it, network verifies it and the block is added to blockchain. Transactions in that block are then considered valid, ● Finding a solution serves as a proof of work. One has to spend resources and time to find a block. Remem+er a bloc* contains a part of bitcoin transaction's history. An adversary must have more than 50B of network's hashing rate to change the history (create another version of bloc*chain). Bitcoin – Mining & Rewar1+ ● %ining validates transactions and secures +itcoin, thus it4s very important, ● %ining is a resource e6pensive procedure, ● As an incentive to *eep )ining and *eep the net(or* sta+le, miners finding a +loc* are re(arded (ith an amount of +itcoins. ● Esentially, miner finding a +loc* is allo(ed to perfor) a special transaction, sending to himself a predefined amount of +itcoins out of no(here, ● 2hat4s ho( +itcoins are created, ● %ining re(ard is currently at 2 B2C, "e(ard is halving every 2&',''' +loc*s, so eventually only 2& million +tc can ever +e found ● 2his (as ta*en as )easure against inflation, "e)e)+er that in Bitcoin there is no central authority printing money, 2his is su+ject of an ongoing de+ate, ● %iners also get the fee for every transaction they include in a +loc*, Bitcoin & t*e general+6 problem ● Bitcoin is an elegant solution to the By5antine 3enerals' $ro+le) ● 2he proble) in +itcoin, is how can a net(or* of entities that don't trust each other )utually agree on a certain thing ● 2his thing that +itcoin peers agree on is the +loc*chain, the entire history of +itcoin transactions, ● Every peer has a local copy of the bloc*chain and needs to contantly update it (ith ne( transactions. 2hat4s essential in order to *no( how many coins each address has, ● Bitcoin )anages to solve the proble) +y introducing the proof of (or*, i.e, hashing /and +y )a*ing every transaction public0, ● Each )iner repeatedly hashes 7ueued transactions until they find a valid solution (hich (ill be +roadcasted, 2hen the (hole networ* agrees to re+ase their +loc*chain history (ith this +loc* included, Bitcoin 2 )lient+ ● A bitcoin client is needed to perfor) bitcoin transactions ● Start here : https://bitcoin.org ● 'Bitcoin core' is the original client, stable and secure, but harvest more resources since it downloads the whole bloc*chain ● Electrum is a light(eight client. Uses a set of re)ote servers (hich hold the entire bloc*chain. Still *eys are kept and transactions are created client-side. http://electru).orgC ● 1eb wallets must be avoided. Bitcoin gives the advantage of having your coins locally, there is no reason to give the) to the “cloud?, Bitcoin 2 7*at6s so great a0out it? ● $eers do not trust each other, yet are able to reach a consensus ● 2ransactions cannot be bloc*ed /e,g. banks, paypal, visa etc0 ● 2ransactions are almost instant, have very lo( fees, are independent of sender4sCreceiver4s location, contrary to ban*ing syste) ● Every peer has full control of its coins, no entity can “free5e” the) ● %ulti-signature addresses and transactions, 8unds can be transferred (hen n of ) *eys are used, ● 1e can create bitcoin keysCaddresses offline, then print the) on paper, *eeping the coins in “cold storage?, ● Bitcoin is not anony)ous, actually every transaction is public, Bitcoin can under certain conditions be )ore anony)ous than traditional banking, but certainly less anony)ous than cash, Please gim'e moar ● https:CCen.(ikipedia.orgC(ikiCElliptic_curve_cryptography ● http:CCblog.cloudflare.comCa-relatively-easy-to-understand-primer-on-elliptic-curv e-cryptography – d@+4s curve2 &< : http:CCcr,yp.toCecdh.html – agl4s curve2 &<-donna : https:CCgithu+,com/aglCcurve25519-donna ● https:CCen.(ikipedia.orgC(ikiCECDSA ● https:CCen.(ikipedia.orgC(ikiCSHA-2 ● https:CCen.+itcoin.itC(ikiCProtocol_specification ● https:CCgithub.com/bitcoin/+ips ● https:CCen.(ikipedia.orgC(ikiC2(o_Generals%27_Problem ● https:CCen.(ikipedia.orgC(ikiCBy5antine_fault_tolerance ● https:CCgithub.com/spes)ilo/electrum /client in python0 .