2. A BIT ON ME
- TU/e MSIT master with major in cryptography
- Co-author qualified digital signatures req. (BE)
- Author self-healing anonymous DHT network
- Founder Argus Labs (AI, Context, Sensors)
Love technology and finance
3. THE MATH
Yes. The boring stuff. Let’s try and make it easy on the ear.
4. Inversion problem (1)
F(x = remainder digits 5 – 10 after square root)
x = 3, SQRT(x) = 1,73205080756887, y =
50807
x = 5, SQRT(x) = 2,23606797749979, y =
67977
x = 9, SQRT(x) = 3,00000000000000, y =
00000
F(y = 00000) -> x
x = 1, y = 00000 ≠ F(x = SQRT(x))
x = 2, y = 00000 ≠ F(x = SQRT(x))
…
x = 9, y = 00000 = F(x = SQRT(x))
5. Basic principle
Need a function that requires more time to
create than to verify it.
Dwork and Naor (1992), square root on
thousands
of digits long numbers. Impractical.
Adam back (1997) hash collisions. Initially
finding SHA1(x) == SHA1(y) where x != y
✖
full collision is unfeasible
✔
k-partial collision is doable
6. Inversion problem (2)
Hashing is an ideal function ! It’s one-way,
secure and requires less power to verify than to
create.
SHA256 (“Pay Filip 1 BTC 00001”) =
57ca9f83daba36d98abd0588627535a4c6f6f09b77a3e63b7d5bdd5b0594e4ff
Computational too easy. Let’s make it harder by
accepting only results that start with a “0” !
SHA256 (“Pay Filip 1 BTC 00014”) =
01fa6ca07d67d4c59c00c2a3caeea75f94b7e549d40c9566f3eb6158e1154793
Took me 14 trials to get a hash that starts with a
“0” and was already a bit harder. I had to do
some work to obtain the result.
7. Please pay me 1 BTC
Ensure replay or tampering attacks cannot
happen:
- Receiving address
- Cryptographic nonce
- Timestamp
- Hash of previous block header
8. Hashcash principle
Bitcoin is based on second-preimage attacks.
Proof of work mechanism to protect against
spam and Denial of Service attacks.
For x, find a second preimage x' ≠ x such
that h(x) = h(x′) => “Solution”
implement the proof-of-work by incrementing a
nonce in the block until a value is found that
gives the block's hash the required zero bits
More zeroes = higher difficulty (0 = 16 fold
increase). Today we are at 15 trailing zeroes.
9. Difficulty
> 30 trillion attempts to find solutions, every
second!
Individually calculated on timestamp of last
solution, and distributed collectively.
Calculate timestamp(most recent solution) –
timestamp(2016 solutions ago) :
- Less than 2 weeks
- More than 2 weeks
= increase difficulty
= decrease difficulty
11. Two flavours
Hashcash-sha256 :
- SHA-2 based (256 bit)
- Costly creation, cheap verification
- CPU based (processing cost)
Hashcash-scrypt :
- PBKDF2 based (1 iteration in 128kb memory)
- Cost of creation equals cost of verification
- Memory based
12. Terminology
Proof of work
Solution-verification check both the problem
and the found solution (CPU or memory)
Block
Set of recent Bitcoin transactions that have not
yet been recorded in any prior blocks
Bitcoin = SHA256(SHA256(Block_Header))
Blockchain (Merkle-Tree)
Append-only. Each block memorializes what
took place immediately before it was created.
13. Learnings
Difficulty levels can drop (in theory).
ASIC miners for hashcash-scrypt won’t
disrupt significantly
Mining is a cost – value tradeoff (find cheap
ways to improve value)
Hashcash-scrypt is less resistant to
centralization issues than hashcashsha256^2
Hashcash-scrypt verification is more costly
than hashcash-sha256^2
SHA3 makes ASIC miners become worthless
15. Before we begin
Mining is calculating solutions to a difficult
mathematical problem (“inversion”) :
- 6 solutions, or blocks, found per hour
- Currently a block contains 25 BTC
- BTC in block reduce by 50% every 210k
blocks
- Maximum of 21 million (prevents inflation)
Single or Pooled Mining :
- Cost/reward for solo mining is infeasible
- Pooled mining
Selfish miner threat :
- US$ 1M for 2.6 Ph/s to take over 51%
- Ghash.io warning issuance
16. •
Cryptographic hash functions convert
data to alphanumeric string :
•
Fixed length
•
Nonces is a random number added to
data
•
The miners work to produce a new
hash :
•
•
•
•
Previous hash value
Transaction block
Nonce
User with correct hash value is
rewarded Bitcoin (25 BTC, Dec-2012;
12.5 in Sep 2015)
22. ASIC MANUFACTURERS
Preordering is a risky game – Beware of newcomers
Always asked time-stamped photographic proof
Demand pictures of the wafers at the fabs
Founders must have background in IC board design
Always take delivery delays into account vs. difficulty rise
Might kill the ROI of hardware purchase
6 to 9 month waiting times are common (go figure!)
Less nm = more power efficient design = better performance
New ASIC equipment pushes out previous generations of miners
Outdated hardware cannot be “upgraded” + difficulty level increases
(!) theoretically heavy investment and power increase might lead to natural centralization
23. ASIC AND BEYOND (theory)
Quantum computing
D-Wave running at 2.7 kelvin
Forming single-atom quantum bits
Might destroy Bitcoin security (elliptic curve cryptography becomes broken)
Quantum solves factoring problem but also the discrete logarithm problem
Balanced ternary computing
More efficient complex computing than binary
Too costly to produce only for Bitcoin mining purposes
Mass-parallel ASIC computing
24. AT A TIPPING POINT
BitFury’s Ghash.io countermeasures
Most powerful mining pool had to ensure it cannot establish a selfish-miner situation
ASIC manufacturers need to watch they don’t sell too much to one party
Moving from the home/basement to data centers
Mining as a service is surfacing (indication of a heavy $$$ CAPEX market)
Hobbyists are being flushed out and serious mining operations kick in
Speculation is at its core of investment decision making (Winklevoss, Andreesen, …)
Direct value is only for manufacturers, not miners
Bitcoin mining becomes a lonely place for those with an unfair advantage Fiat/BTC
27. MINERS BECOME TRADERS
CFD (“Contract For Difference”) Trading
Buying BTC using shorted BTC/USD profit proceeds
Simple CFD trading (highly volatile, pump and dump, political, etc.)
Emerging of trading platforms
Kraken
500Trade
Mt.Gox (uh-oh)
28. MINERS GO SCRYPT
Explosive growth of hashcash-scrypt(1) based coins
Litecoin (LTC) most popular (often referred to as “silver”)
Possible to recycle “old” CPU/GPU mining rigs
First ASIC miners are popping up: e.g. Viper Miner (25 Mh/s)
Hinweis der Redaktion
A second hash pre-image means given one-preimage x of hash y where y=H(x), the task is to find another pre-image of hash y: x' so that y=H(x'). This is not to be confused with a birthday collision which is to find two values x, x' so that H(x)=H(x'), this can be done in much lower work O(sqrt(2^k))=O(2^(k/2)) because you can proceed by computing many H(x) values and storing them until you find a matching pair. It takes a lot of memory, but there are memory-time tradeoffs