Bitcoin Proof of Work • Require a unit of work to do a task • Send email • Access a website • Process a Bitcoin transaction Why? • Prevent spam • Prevent denial of service attacks • Rate-limit the network HashCash • Find a partial pre-image of a hashed value. • Hashcash: SHA-1 • Bitcoin: SHA-256 • Hashcash: at least the first 20 digits (out of 160) need to be 0 • Bitcoin: at least the first T digits (out of 256) need to be 0 • Question: what security properties does this have? Merkle Tree From previous classes • Byzantine consensus • Hash function 8 9 10 11 Bitcoin • Bitcoin is a public, digital, decentralized currency. • Public • Every transaction (past or current) can be read by anybody. • Digital • There are no bills, only bits to represent transactions. • Decentralized • Bitcoins are mined, not minted, by a collection of actors, not a central bank. • Anybody can create an account and receive bitcoin. • Anybody can try to mine bitcoin. • Rules are set by computer code and changed upon a consensus of the actors. 12 Cash vs. Digital Cash • Properties of traditional cash • Properties of digital cash • Anonymous • Pseudo-anonymous • Transferable • Transferable • No transaction fees • Very low transaction fees • Total money supply expendable, • Total money supply fixed, set set by central bank by protocol. 13 Why Scammers Use Bitcoin • Lower fees (more profit for criminals) • Large userbase (compared to other digital currencies) • Easy to get (can exchange Bitcoin for cash on the street) • Distributed system (no Bank of Bitcoin to forcibly shut down) • Less direct regulatory oversight (anti-money laundering efforts only on some endpoints) 14 Bitcoin Give green 0.25 BTC 0.25 BTC 15 Merkle Tree Blockchain Block Header • version • previous block header hash • merkle root hash • time when miner started hashing the header • nBits (representation of difficulty level) • nonce Mining • https://www.youtube.com/watch?v=GmOzih6I1zs • Hashcash • Difficulty set by speed of network • Once solution is found, broadcast block to network • If valid, mining begins on merkle root including the block • Otherwise, everybody ignores it. Mining Pools • Miners group together to share rewards, divide the work • Lowers the variance for revenue. • Centralization in a decentralized network 51% attack • Attacker owns more than half of the miners • Doublespend: Reverse transactions that he sends while he's in control. • Prevent some or all transactions from confirming • Prevent other miners from mining any blocks Block Withholding Attacks • if we gain a lead: • withhold blocks mine on private chain • else if lead shrinks, but is still at least alpha: • reveal blocks to keep abreast with public chain • else if lead drops below alpha: • reveal all blocks mine on public chain Spam attack • Fill up the blockchain with small, insignificant transactions • Prevent others from transacting Mempool Confirmed Transactions Blockchain Size Theft of Bitcoin • “Be your own Bank” • Steal the keys, steal the bitcoin forever • Bad passwords • Bad randomness • Bad security hygiene Sybil Attack • Single adversary controls a lot of nodes • From these nodes, can carry out a 51% attack Blacklisting • Stop transactions from being processed to/from a node Fungibility • Each Bitcoin is worth the same amount as every other Bitcoin • Does this property hold? Questions • With the rise of 51% attacks: • why? to what end? • when will this stop? • What are the points of centralization in this network? • Is this inevitable?.