SlideShare ist ein Scribd-Unternehmen logo

A research-oriented introduction to the cryptographic currencies (starting with Bitcoin).

Als PPTX, PDF herunterladen
V
vpnmentor

Presentation by Stefan Dziembowski, associate professor and leader of Cryptology and Data Security Group University of Warsaw. In BIU workshop on Bitcoin. Covered exclusively by vpnMentor.com

Internet
1 von 76
Introduction Stefan Dziembowski University of Warsaw Workshop on Bitcoin, Introduction to Cryptocurrencies, Kfar Maccabiah, Ramat Gan, Israel, June 6-7, 2016
Goal of this tutorial Provide a research-oriented introduction to the cryptographic currencies (starting with Bitcoin). Our main focus: conceptual aspects of this field, and the new research directions. Disclaimer: we omit or simplify many technicalities.
Outline 1. Introduction (2 hours) 2. Mining Pools and Attacks (2 hours) 3. Smart Contracts and Applications (1 hour) 4. Smart Contracts and Applications – cont. (1 hour) 5. Alternative Cryptocurrencies (2 hours) Today Tomorrow
Bitcoin in a nutshell: a “digital analogue” of the paper money A digital currency introduced by “Satoshi Nakamoto” in 2008. Based on the assumption that ``the majority of the computing power is honest”. currency unit: Bitcoin (BTC) 1 BTC = 108 Satoshi as of Jul 6, 2016: Market cap ≈ 9 billion USD 1 BTC ≈ 575 USD
Digital vs. paper currencies Paper: Digital: 16fab13fc6890 Very useful if is also digital.
Traditional ways of paying “digitally” Alice’s credit card number Alice Bob Alice’s credit card number Alice Bob transfer money to Bob’s account transfer confirmation PROBLEMS 1. trusted server for each transaction is needed (money doesn’t “circulate”), 2. high transaction fees, 3. no anonymity.
this was the situation until 2008... then in October 2008:
Probably one of the most discussed cryptographic technologies ever!
PROBLEMS WITH PREVIOUS APPROACHES 1. trusted server is needed (money doesn’t “circulate”), 2. high transaction fees, 3. no anonymity. Bitcoin in Bitcoin: low fees “pseudonymity” no trusted server, money circulates
“no trusted server” – what does it mean? everybody can join the system the users are not “registered” by any authority they contact each other directly hence the name: peer-to-peer network
“No trusted server” nobody “controls the money”, and therefore: • The amount of money that will ever be “printed” is fixed (to around 21 mln BTC)  no inflation • The exchange rate fluctuates:
Really “no trusted server”? The client software is written by people who are in power to change the system. They contain so-called checkpoints (more on this later). For example, this is the list of “desktop clients”: The most popular client. (open source) The developers: Wladimir J. van der Laan, Gavin Andresen, Jeff Garzi, Gregory Maxwell, Pieter Wuille
How to update the protocol if there is no governing body? • Updates have a form of Bitcoin Improvement Proposals (BIPs). • The Bitcoin community has a mechanism to vote on BIPs (weight of the vote on is proportional to the voter’s computing power), • the voting process is organized centrally: (“People wishing to submit BIPs, first should propose their idea or document to the mailing list. After discussion they should email Greg Maxwell <gmaxwell@gmail.com>. After copy-editing and acceptance, it will be published here.”) (we will later talk more about it)
Bitcoin ≈ “real money”? Bitcoin value comes from the fact that: “people expect that other people will accept it in the future.” It’s like all the other currencies enthusiasts: sceptics: It’s a Ponzi scheme P. Krugman A. Greenspan Carlo Pietro Ponzi
Some economists are more positive Ben Bernanke While these types of innovations may pose risks related to law enforcement and supervisory matters, there are also areas in which they may hold long-term promise, particularly if the innovations promote a faster, more secure and more efficient payment system.
Why did Bitcoin become so popular (1/2)? • Seeming anonymity (anonymous enough for trading illegal goods?) • Good timing (in 2008 the “quantitative easing” in the US started). • Ideological reasons (crypto-anarchism).
• Low transaction fees. • Hype? • Very popular in some non-democratic countries (until the government forbids to use it). Why did Bitcoin become so popular (2/2)?
Downsides of decentralization (1/2) There are no “regulators”… MtGox (handling 70% of all Bitcoin transactions) shut down on Feb 2014 reporting 850,000 bitcoins (≈ 450 million USD) stolen.
Downsides of decentralization (2/2) Nobody can reverse transactions, so finally hackers have good reasons to break into personal computers.
Main design principles
Main problem with the digital money Double spending… 16fab13fc6890 16fab13fc6890 Bits are easier to copy than paper!
Bitcoin idea (simplified): The users emulate a public trusted bulletin-board containing a list of transactions. A transaction is of a form: This prevents double spending. “User P1 transfers a coin #16fab13fc6890 to user P2” 16fab13fc6890 you’ve already spent this coin!
What needs to be discussed 1. How is the trusted bulletin-board maintained? 2. How are the users identified? 3. Where does the money come from? 4. What is the syntax of the transactions?
Trusted bulletin-board emulation Main difficulty: Some parties can cheat. the “ideal” world a protocol that implements the ideal world
An idea Assume that the majority of the parties is honest. Then the bulletin board can be implemented by “voting”. dd8bbeabc093b91e4402df4ba... 0.08431821 BTC 54166c365fd6ef4dc22c23e72... 0.6905818 BTC 900852167a13629873ac6defd... 0.11825461 BTC 6e51eb9fbc68bad9b3f62cd4f... 0.00362128 BTC 2842d89b36bc6041c89902cc4... 0.07622 BTC e3bb90693a84b81384b0719f3... 0.0023 BTC 28a7953700f9dccadf779b194... 0.9998 BTC 008bfc174da83ac895636883c... 2.0698 BTC a02a15eea695a066a9d2db4f7... 0.30642891 BTC edb62013b99cb0162e2595fc6... 1.00491631 BTC “Is this the correct contents of the bulletin board?” ... yes yes yesnono “honest” = they always tell the truth transaction T Every transaction is broadcast to all the parties
How to implement broadcast? A well-known problem in distributed computing. Standard solution in peer-to-peer networks: let the users relay the messages. message M
Problem How to define “majority” in a situation where everybody can join the network?
The Bitcoin solution Define the “majority” as the majority of the computing power Now creating multiple identities does not help!
How is this verified? Main idea: • use Proofs of Work • incentivize honest users to constantly participate in the process The honest users can use their idle CPU cycles. Nowadays: often done on dedicated hardware.
Proofs of work Introduced by Dwork and Naor [Crypto 1992] as a countermeasure against spam. Basic idea: Force users to do some computational work: solve a moderately difficult “puzzle” (checking correctness of the solution has to be fast)
How to construct a PoW? A building block: hash functions. Practical examples of hash functions: MD5, SHA1, SHA256, SHA3,... Implemented in every operating system, for example in Unix: > echo Kfar Maccabiah | sha256sum c63594ddf2e1afbcd02fd83e6fed2a29b5baecea84f4ec 46ccab6d43e34f39cc > echo Kfar Maccabiah Hotel | sha256sum c09feca344512e61011d21b383cec39fb605db582d5857 5adbcac6753680a4be > echo KfarMaccabiah Hotel | sha256sum 86a8f1ec7dcd288b7ba6bcac61a9c172058086bb4e8a4a 9a6499b169958603e3 𝐇: 𝟎, 𝟏 ∗ → 𝟎, 𝟏 𝒕 is a hash function if it “behaves like a random function”
A simple hash-based PoW VerifierProver random x finds s such that H(s,x) starts with n zeros (in binary) s nonce “hardness parameter checks if H(s,x) starts with n zeros takes time 2n ⋅ TIME(H) takes time TIME(H) H -- a hash function whose computation takes time TIME(H)
Main idea The users participating in the scheme are called the “miners”. They maintain a chain of blocks: block0 block1 block2 block3 transactions from period 1 transactions from period 2 transactions from period 3 the “genesis block” created by Satoshi on 03/Jan/2009 ≈ 10 min. block size < 1MB, which translates to max 7 trans./sec.
Information about the state of the blockchain is propagated in the network blockchain blockchain new user 1. A new user can ask the other users what is the current state of the blockchain.
2. When a miner finds an extension he broadcast it to all the other users I extended the blockchain! Here is the new block
How to post on the board Just broadcast (over the internet) your transaction to the miners. And hope they will add it to the next block. Important: They never add an invalid transaction (e.g. double spending) transaction T the miners are incentivized to do it. a chain with an invalid transaction is itself not valid, so no rational miner would do it.
Main principles 1. It is computationally hard to extend the chain. 2. Once a miner finds an extension he broadcasts it to everybody. 3. The users will always accept “the longest chain” as the valid one. the system incentivizes them to do it
How are the PoWs used? Main idea: to extend the chain one needs to find nonce such that H(nonce, H(blocki),transactions) starts with some number n of zeros block0 block1 block2 block3 H – hash function H “hardness parameter” H H nonce nonce nonce transactions from period 1 transactions from period 2 transactions from period 3 more concretely in Bitcoin: H is SHA256.
In more details: H nonce 𝐬𝐢 transactions 𝐓𝟏 𝐢 , … , 𝐓𝐤 𝐢 from period i blocki-1: … … … blocki: H H(blocki-1) has to start with n zeros 𝐬𝐢 H(blocki-1) 𝐓𝟏 𝐢 , … , 𝐓𝐤 𝐢
The hardness parameter is periodically changed • The computing power of the miners changes. • The miners should generate the new block each 10 minutes (on average). • Therefore the hardness parameter is periodically adjusted to the mining power • This happens once each 2016 blocks. • Important: the hardness adjustment is automatic, and depends on how much time it took to generate last 2016 blocks. this is possible since every block contains a time- stamp produced by the miner who mined it
“Hashrate” = number of hashes computed per second Sep 17 2013 : 990,986 GH/s Sep 17 2014 : 280,257,530 GH/s Sep 17 2015 : 385,067,688 GH/s Note: ≈ 258 hash / second total hashrate over the last 2 years:
How it looks in real life Height Timestamp Transactions Size 414902 Jun 5, 2016 5:01:20 PM 386 171361 414901 Jun 5, 2016 4:58:57 PM 304 114339 414900 Jun 5, 2016 4:57:25 PM 1004 428715 414899 Jun 5, 2016 4:50:43 PM 739 384667 414898 Jun 5, 2016 4:45:29 PM 1388 999990 414897 Jun 5, 2016 4:41:19 PM 2187 999945 414896 Jun 5, 2016 4:23:42 PM 2743 998020
What if there is a “fork”? blocki blocki+1 blocki+2 block’1+2 blocki+3 blocki+4 block’1+3 this chain is valid fork For a moment let’s say: the “longest” chain counts.
Does it make sense to “work” on a shorter chain? No! blocki+1 blocki+2 block’i+2 blocki+3 blocki+4 block’i+3 Because everybody else is working on extending the longest chain. Recall: we assumed that the majority follows the protocol.
Consequence The system should quickly self-stabilize. If there is a fork then one branch will quickly die. Problem: what if your transaction ends up in a “dead branch”? Recommendation: to be sure that it doesn’t happen wait 6 blocks. ≈ 1 hour
Can transactions be “reversed”? T To reverse a transaction the adversary has to create a “fork in the past”. This looks very hard if he has a minority of computing power (the honest miners will always be ahead of him).
Since hardness is adjusted thus the following attack might be possible the “2016 blocks” periods . . . . . . . . . . . . . . . the adversary forks the chain: (2) the difficulty drops dramatically, so he can quickly produce a chain longer than the valid one, and publish it. (1) he computes (secretly) another chain with fake time- stamps (indicating that it took a lot of time to produce it)
Therefore In Bitcoin it’s not the longest chain but the strongest chain that matters. The strength of each block is 𝟐 𝐧. The strength of the chain is the sum of hardnesses of each block in it. 𝐧 – the hardness parameter in a given period
How are the miners incentivized to participate in this game? Short answer: they are paid (in Bitcoins) for this. We will discuss it in detail later…
An important feature Suppose everybody behaves according to the protocol then: every miner 𝐏𝐢 whose computing power is an 𝜶𝒊-fraction of the total computing power mines an 𝜶𝒊-fraction of the blocks. Intuitively this is because: 𝐏𝐢’s chances of winning are proportional to the number of times 𝐏𝐢 can compute 𝐇 in a given time frame. fraction of computing power fraction of revenue ≈
What is needed to decide which blockchain is valid? In theory: one needs to know only: • the initial rules of the game • the genesis block 𝐁 𝟎 Then from many “candidate chains” choose the one that • verifies correctly (starts 𝐁 𝟎 and is satisfies all the rules) • is the strongest. One doesn’t even need to have access to the communication history. In practice: it’s not that simple... This can take several hours. Note: as of June 2016: blockchain’s size is ≈ 𝟕𝟎𝐆B. we will talk about it in a moment
Freshness of the genesis block I didn’t know the genesis block before Bitcoin was launched (Jan 3, 2009) Here is a heuristic “proof”: Block0 contained a hash of a title from a front page of the London Times on Jan 3, 2009 A recent paper that shows how to generate the genesis block in a distributed way: [Andrychowicz, D., CRYPTO’15].
Why is this important? Otherwise Satoshi could “pre-mine” (mostly a theoretical threat today): 𝐁 𝟎 . . . . . . (1) secretly start mining in 1980, produce a very strong chain (2) honest miners start working on Jan 03, 2009. They have more computing power but less time. So, after 1 year their chain is still weaker than the one of Satoshi. (3) On Jan 03, 2010 publish your secret chain
Checkpoints Checkpoint – old block hash hardcoded into Bitcoin software. From the theoretical point of view: not needed. Moreover: they go against the “decentralized” spirit of Bitcoin. Still they have some practical advantages: • they prevent some DoS attacks (flooding nodes with unusable chains) • they prevent attacks involving isolating nodes and giving them fake chains, • they can be viewed as an optimization for the initial blockchain download.
Protocol updates The Bitcoin protocol can be updated. Proposals for the Bitcoin updates can be submitted to the Bitcoin foundation in the form of the Bitcoin Improvement Proposals (BIPs). Then the foundation puts them at vote. Only the miners can vote. The votes are included in the mined blocks. Currently it is required that a proposal gets a 75% approval in the mined blocks (over some period of time). Note: 75% of blocks ≈ 75% of computing power.
What needs to be discussed 1. How is the trusted bulletin-board maintained? 2. How are the users identified? 3. Where does the money come from? 4. What is the syntax of the transactions?
How to identify the users in the peer- to-peer networks? Use the digital signature schemes. ≈digital analogue of the handwritten signatures.
04:a0:15:32:a3:c0:90:00: 53:de:60:fb:ef:ef:cc:a5:87: 93:30:15:98:d3:08:b4:1e: signs the document everybody can verify the signature by looking at the Anna’s ID and the message Anna’s ID signs the document Anna’s public key de:32:a3:c0: ef:cc:a5:a6 everybody can verify the signature by looking at the Anna’s public key and the message 11:b5:73:7c:f9:d9:3f:17:c0:c b:1a:84:65:5d:39:95:a0:28:2 4:09:7e:ff:a5:ed:d8:ee:26:38: Anna’s private key “digital signature” handwritten signatures: digital signatures:
More formally: A digital signature scheme consists of algorithms Gen, Sign and Vrfy, where: Gen (secret key sk, public key pk) Sign signature σ(sk, message M) Vrfy yes/no(pk, M, σ) input: output: Correctness: for every (sk,pk) := Gen() and every M we have Vrfy(pk,M,Sign(sk,M)) = yes Security: “without knowing sk it is infeasible to compute σ such that Vrfy(pk,M,σ) = yes”
How to use the digital signatures? (sk, pk) := Gen() publish pk message M 𝝈 ≔ Sign(sk,M) (M, 𝝈) Vrfy(pk,𝐌, 𝝈)
Popular signature schemes • RSA (1970s) • ElGamal • DSA • ECDSABitcoin uses this
How to identify the users in the peer- to-peer networks? We use the digital signature schemes. (sk,pk) := Gen() publish pk The users are identified by their public keys. keep sk secret
Everybody can generate his own key pair announce pk1 keep sk1 secret announce pk2 keep sk2 secret announce pk3 keep sk3 secret (sk1 , pk1) := Gen() (sk2 , pk2) := Gen()(sk3 , pk3) := Gen()
Convenions Public key in Bitcoin are also called addresses. It is recommended not to reuse the addresses. In other words: for every new transaction one should use a new address (mostly: for security and anonymity). On these slides we often ignore this convention for the sake of simplicity.
What needs to be discussed 1. How is the trusted bulletin-board maintained? 2. How are the users identified? 3. Where does the money come from? 4. What is the syntax of the transactions?
Where does the money come from? A miner who finds a new block gets a “reward” in BTC: • for the first 210,000 blocks: 50 BTC • for the next 210,000 blocks: 25 BTC • for the next 210,000 blocks: 12.5 BTC, and so on… Note: 210,000 ⋅ (50 + 25 + 12.5 + ) → 21,000,000 ≈ 4 years current reward we will soon be here (currently the number of blocks is around 415000)
This is how it looks in detail “generation transaction” “coinbase”
More details Each block contains a transaction that transfers the reward to the miner. Advantages: 1. It provides incentives to be a miner. 2. It also makes the miners interested in broadcasting new block asap. this view was challenged in a recent paper: Ittay Eyal, Emin Gun Sirer Majority is not Enough: Bitcoin Mining is Vulnerable (we will discuss it later)
What needs to be discussed 1. How is the trusted bulletin-board maintained? 2. How are the users identified? 3. Where does the money come from? 4. What is the syntax of the transactions?
Bitcoin’s money mechanics Bitcoin is “transaction based”. Technically: there is no notion of a “coin” in Bitcoin. 25 BTC created by 𝐏𝟏 5 BTC sent to 𝐏𝟑 25 BTC sent to 𝐏𝟐 5 BTC sent to 𝐏𝟒 15 BTC sent to 𝐏𝟓 25 BTC created by 𝐏𝟔 15 BTC from 𝐏𝟓 plus 25 BTC from 𝐏𝟔 sent to 𝐏𝟗 5 BTC sent to 𝐏𝟖 5 BTC sent to 𝐏𝟕 𝐏𝟕 has 5 BTC 𝐏𝟖 has 5 BTC 𝐏𝟗 has 40 BTC time
Transaction syntax – simplified view T1 = (User P1 creates 25 BTC) T2 = (User P1 sends 25 BTC from T1 to P2 signature of P1 on [T2]) T3 = (User P2 sends 25 BTC from T2 to P3 signature of P2 on [T3]) 25 BTC 25BTC25BTC in the “mining process” P1 P2 P3 [T2] [T3] “value of T2“ We say that T3 redeems T2
How to “divide money”? Multi-output transactions: T2 = (User P1 sends 10 BTC from T1 to user P2 , User P1 sends 7 BTC from T1 to user P3 , User P1 sends 8 BTC from T1 to user P4 signature of P1 on [T2]) 7BTC[T2] P1 P2 P3 P4
Multiple inputs all signatures need to be valid! 8BTC T4 = (User P1 sends 10 BTC from T1 to user P4 , User P2 sends 7 BTC from T2 to user P4 , User P3 sends 8 BTC from T3 to user P4 signature of P1 on [T4], signature of P2 on [T4], signature of P3 on [T4]) [T4] P4 P3P1 P2
Time-locks It is also possible to specify time t when a transaction becomes valid. T2 = (User P1 sends 25 BTC from T1 to P2 if time t has passed) signature of P1 on [T2]) [T2] measured in: • real time, or • blocks.
Generalizations 1. All these features can be combined. 2. The total value of in-coming transactions can be larger that the value of the out-going transactions. (the difference is called a “fee” and goes to the miner) 1. The condition for redeeming a transaction can be more general (the so-called “strange transactions”) we will talk about it later
©2016 by Stefan Dziembowski. Permission to make digital or hard copies of part or all of this material is currently granted without fee provided that copies are made only for personal or classroom use, are not distributed for profit or commercial advantage, and that new copies bear this notice and the full citation.

Empfohlen

Smart contracts and applications part II
Smart contracts and applications part IISmart contracts and applications part II
Smart contracts and applications part IIvpnmentor
 
Mining pools and attacks
Mining pools and attacksMining pools and attacks
Mining pools and attacksvpnmentor
 
Smart contracts and applications part I
Smart contracts and applications part ISmart contracts and applications part I
Smart contracts and applications part Ivpnmentor
 
With a transaction fee market and without a block size limit in Bitcoin netwo...
With a transaction fee market and without a block size limit in Bitcoin netwo...With a transaction fee market and without a block size limit in Bitcoin netwo...
With a transaction fee market and without a block size limit in Bitcoin netwo...ijgttjournal
 
Fredericksburg LUG Bitcoin slides
Fredericksburg LUG Bitcoin slidesFredericksburg LUG Bitcoin slides
Fredericksburg LUG Bitcoin slidesAlex Akselrod
 
Ethereum VM and DSLs for Smart Contracts (updated on May 12th 2015)
Ethereum VM and DSLs for Smart Contracts (updated on May 12th 2015)Ethereum VM and DSLs for Smart Contracts (updated on May 12th 2015)
Ethereum VM and DSLs for Smart Contracts (updated on May 12th 2015)Zvi Avraham
 
Blockchain. A Guide For Beginners
Blockchain. A Guide For BeginnersBlockchain. A Guide For Beginners
Blockchain. A Guide For BeginnersElifTech
 
Bitcoin : A fierce Decentralized internet currency
Bitcoin : A fierce Decentralized internet currencyBitcoin : A fierce Decentralized internet currency
Bitcoin : A fierce Decentralized internet currencyShivek Khurana
 

Empfohlen

Smart contracts and applications part II
Smart contracts and applications part IISmart contracts and applications part II
Smart contracts and applications part IIvpnmentor
 
Mining pools and attacks
Mining pools and attacksMining pools and attacks
Mining pools and attacksvpnmentor
 
Smart contracts and applications part I
Smart contracts and applications part ISmart contracts and applications part I
Smart contracts and applications part Ivpnmentor
 
With a transaction fee market and without a block size limit in Bitcoin netwo...
With a transaction fee market and without a block size limit in Bitcoin netwo...With a transaction fee market and without a block size limit in Bitcoin netwo...
With a transaction fee market and without a block size limit in Bitcoin netwo...ijgttjournal
 
Fredericksburg LUG Bitcoin slides
Fredericksburg LUG Bitcoin slidesFredericksburg LUG Bitcoin slides
Fredericksburg LUG Bitcoin slidesAlex Akselrod
 
Ethereum VM and DSLs for Smart Contracts (updated on May 12th 2015)
Ethereum VM and DSLs for Smart Contracts (updated on May 12th 2015)Ethereum VM and DSLs for Smart Contracts (updated on May 12th 2015)
Ethereum VM and DSLs for Smart Contracts (updated on May 12th 2015)Zvi Avraham
 
Blockchain. A Guide For Beginners
Blockchain. A Guide For BeginnersBlockchain. A Guide For Beginners
Blockchain. A Guide For BeginnersElifTech
 
Bitcoin : A fierce Decentralized internet currency
Bitcoin : A fierce Decentralized internet currencyBitcoin : A fierce Decentralized internet currency
Bitcoin : A fierce Decentralized internet currencyShivek Khurana
 
Intro to Blockchain - And, by the way, what the heck is proof-of-work?
Intro to Blockchain - And, by the way, what the heck is proof-of-work?Intro to Blockchain - And, by the way, what the heck is proof-of-work?
Intro to Blockchain - And, by the way, what the heck is proof-of-work?Jim Flynn
 
Blockchain Technology
Blockchain TechnologyBlockchain Technology
Blockchain TechnologyShubhAm RaWat
 
Blockchain - a basic overview
Blockchain - a basic overviewBlockchain - a basic overview
Blockchain - a basic overviewSyed Rakib Al Hasan
 
bitcoin
bitcoinbitcoin
bitcoinAasimRasheed3
 
Build your own block chain
Build your own block chainBuild your own block chain
Build your own block chainBohdan Szymanik
 
Best practices to build secure smart contracts
Best practices to build secure smart contractsBest practices to build secure smart contracts
Best practices to build secure smart contractsGautam Anand
 
Crypto currency
Crypto currencyCrypto currency
Crypto currencyRushikesh Kulkarni
 
Bitcoin - Beyond the basics
Bitcoin - Beyond the basicsBitcoin - Beyond the basics
Bitcoin - Beyond the basicsChris DeRose
 
Kriptovaluták, hashbányászat és okoscicák
Kriptovaluták, hashbányászat és okoscicákKriptovaluták, hashbányászat és okoscicák
Kriptovaluták, hashbányászat és okoscicákhackersuli
 
Every thing bitcoin in baby language
Every thing bitcoin in baby languageEvery thing bitcoin in baby language
Every thing bitcoin in baby languageOssai Nduka
 
Consensus Algorithms - Nakov at CryptoBlockCon - Las Vegas (2018)
Consensus Algorithms - Nakov at CryptoBlockCon - Las Vegas (2018)Consensus Algorithms - Nakov at CryptoBlockCon - Las Vegas (2018)
Consensus Algorithms - Nakov at CryptoBlockCon - Las Vegas (2018)Svetlin Nakov
 
Intro to Blockchain Slides
Intro to Blockchain SlidesIntro to Blockchain Slides
Intro to Blockchain SlidesShannon Wells
 
02 hello smart contracts
02 hello smart contracts02 hello smart contracts
02 hello smart contractsBastianBlankenburg
 
Cryptocurrencies for Everyone (Dmytro Pershyn Technology Stream)
Cryptocurrencies for Everyone (Dmytro Pershyn Technology Stream)Cryptocurrencies for Everyone (Dmytro Pershyn Technology Stream)
Cryptocurrencies for Everyone (Dmytro Pershyn Technology Stream)IT Arena
 
Blockchain consensus algorithms
Blockchain consensus algorithmsBlockchain consensus algorithms
Blockchain consensus algorithmsAnurag Dashputre
 
Consensus Algorithms - Nakov @ jProfessionals - Jan 2018
Consensus Algorithms - Nakov @ jProfessionals - Jan 2018Consensus Algorithms - Nakov @ jProfessionals - Jan 2018
Consensus Algorithms - Nakov @ jProfessionals - Jan 2018Svetlin Nakov
 
Introduction to Lightning Network
Introduction to Lightning NetworkIntroduction to Lightning Network
Introduction to Lightning NetworkAlan Carbery
 
Alternative cryptocurrencies
Alternative cryptocurrencies Alternative cryptocurrencies
Alternative cryptocurrencies vpnmentor
 
How to verify computation in the blink of an eye
How to verify computation in the blink of an eyeHow to verify computation in the blink of an eye
How to verify computation in the blink of an eyeFacultad de Informática UCM
 
Blockchain architecture factsheet
Blockchain architecture factsheetBlockchain architecture factsheet
Blockchain architecture factsheetBenjamin Wang
 
Bitcoin presentation
Bitcoin presentationBitcoin presentation
Bitcoin presentationFrancis Pouliot
 
An in depth presentation of Cryptocurrency.
An in depth presentation of Cryptocurrency.An in depth presentation of Cryptocurrency.
An in depth presentation of Cryptocurrency.SanjeebSamanta1
 

Weitere ähnliche Inhalte

Was ist angesagt?

Intro to Blockchain - And, by the way, what the heck is proof-of-work?
Intro to Blockchain - And, by the way, what the heck is proof-of-work?Intro to Blockchain - And, by the way, what the heck is proof-of-work?
Intro to Blockchain - And, by the way, what the heck is proof-of-work?Jim Flynn
 
Blockchain Technology
Blockchain TechnologyBlockchain Technology
Blockchain TechnologyShubhAm RaWat
 
Build your own block chain
Build your own block chainBuild your own block chain
Build your own block chainBohdan Szymanik
 
Best practices to build secure smart contracts
Best practices to build secure smart contractsBest practices to build secure smart contracts
Best practices to build secure smart contractsGautam Anand
 
Bitcoin - Beyond the basics
Bitcoin - Beyond the basicsBitcoin - Beyond the basics
Bitcoin - Beyond the basicsChris DeRose
 
Kriptovaluták, hashbányászat és okoscicák
Kriptovaluták, hashbányászat és okoscicákKriptovaluták, hashbányászat és okoscicák
Kriptovaluták, hashbányászat és okoscicákhackersuli
 
Every thing bitcoin in baby language
Every thing bitcoin in baby languageEvery thing bitcoin in baby language
Every thing bitcoin in baby languageOssai Nduka
 
Consensus Algorithms - Nakov at CryptoBlockCon - Las Vegas (2018)
Consensus Algorithms - Nakov at CryptoBlockCon - Las Vegas (2018)Consensus Algorithms - Nakov at CryptoBlockCon - Las Vegas (2018)
Consensus Algorithms - Nakov at CryptoBlockCon - Las Vegas (2018)Svetlin Nakov
 
Intro to Blockchain Slides
Intro to Blockchain SlidesIntro to Blockchain Slides
Intro to Blockchain SlidesShannon Wells
 
Cryptocurrencies for Everyone (Dmytro Pershyn Technology Stream)
Cryptocurrencies for Everyone (Dmytro Pershyn Technology Stream)Cryptocurrencies for Everyone (Dmytro Pershyn Technology Stream)
Cryptocurrencies for Everyone (Dmytro Pershyn Technology Stream)IT Arena
 
Blockchain consensus algorithms
Blockchain consensus algorithmsBlockchain consensus algorithms
Blockchain consensus algorithmsAnurag Dashputre
 
Consensus Algorithms - Nakov @ jProfessionals - Jan 2018
Consensus Algorithms - Nakov @ jProfessionals - Jan 2018Consensus Algorithms - Nakov @ jProfessionals - Jan 2018
Consensus Algorithms - Nakov @ jProfessionals - Jan 2018Svetlin Nakov
 
Introduction to Lightning Network
Introduction to Lightning NetworkIntroduction to Lightning Network
Introduction to Lightning NetworkAlan Carbery
 
Alternative cryptocurrencies
Alternative cryptocurrencies Alternative cryptocurrencies
Alternative cryptocurrencies vpnmentor
 
Blockchain architecture factsheet
Blockchain architecture factsheetBlockchain architecture factsheet
Blockchain architecture factsheetBenjamin Wang
 

Was ist angesagt? (20)

Intro to Blockchain - And, by the way, what the heck is proof-of-work?
Intro to Blockchain - And, by the way, what the heck is proof-of-work?Intro to Blockchain - And, by the way, what the heck is proof-of-work?
Intro to Blockchain - And, by the way, what the heck is proof-of-work?
 
Blockchain Technology
Blockchain TechnologyBlockchain Technology
Blockchain Technology
 
Blockchain - a basic overview
Blockchain - a basic overviewBlockchain - a basic overview
Blockchain - a basic overview
 
bitcoin
bitcoinbitcoin
bitcoin
 
Build your own block chain
Build your own block chainBuild your own block chain
Build your own block chain
 
Best practices to build secure smart contracts
Best practices to build secure smart contractsBest practices to build secure smart contracts
Best practices to build secure smart contracts
 
Crypto currency
Crypto currencyCrypto currency
Crypto currency
 
Bitcoin - Beyond the basics
Bitcoin - Beyond the basicsBitcoin - Beyond the basics
Bitcoin - Beyond the basics
 
Kriptovaluták, hashbányászat és okoscicák
Kriptovaluták, hashbányászat és okoscicákKriptovaluták, hashbányászat és okoscicák
Kriptovaluták, hashbányászat és okoscicák
 
Every thing bitcoin in baby language
Every thing bitcoin in baby languageEvery thing bitcoin in baby language
Every thing bitcoin in baby language
 
Consensus Algorithms - Nakov at CryptoBlockCon - Las Vegas (2018)
Consensus Algorithms - Nakov at CryptoBlockCon - Las Vegas (2018)Consensus Algorithms - Nakov at CryptoBlockCon - Las Vegas (2018)
Consensus Algorithms - Nakov at CryptoBlockCon - Las Vegas (2018)
 
Intro to Blockchain Slides
Intro to Blockchain SlidesIntro to Blockchain Slides
Intro to Blockchain Slides
 
02 hello smart contracts
02 hello smart contracts02 hello smart contracts
02 hello smart contracts
 
Cryptocurrencies for Everyone (Dmytro Pershyn Technology Stream)
Cryptocurrencies for Everyone (Dmytro Pershyn Technology Stream)Cryptocurrencies for Everyone (Dmytro Pershyn Technology Stream)
Cryptocurrencies for Everyone (Dmytro Pershyn Technology Stream)
 
Blockchain consensus algorithms
Blockchain consensus algorithmsBlockchain consensus algorithms
Blockchain consensus algorithms
 
Consensus Algorithms - Nakov @ jProfessionals - Jan 2018
Consensus Algorithms - Nakov @ jProfessionals - Jan 2018Consensus Algorithms - Nakov @ jProfessionals - Jan 2018
Consensus Algorithms - Nakov @ jProfessionals - Jan 2018
 
Introduction to Lightning Network
Introduction to Lightning NetworkIntroduction to Lightning Network
Introduction to Lightning Network
 
Alternative cryptocurrencies
Alternative cryptocurrencies Alternative cryptocurrencies
Alternative cryptocurrencies
 
How to verify computation in the blink of an eye
How to verify computation in the blink of an eyeHow to verify computation in the blink of an eye
How to verify computation in the blink of an eye
 
Blockchain architecture factsheet
Blockchain architecture factsheetBlockchain architecture factsheet
Blockchain architecture factsheet
 

Ähnlich wie A research-oriented introduction to the cryptographic currencies (starting with Bitcoin).

An in depth presentation of Cryptocurrency.
An in depth presentation of Cryptocurrency.An in depth presentation of Cryptocurrency.
An in depth presentation of Cryptocurrency.SanjeebSamanta1
 
Bitcoin, Banking and the Blockchain
Bitcoin, Banking and the BlockchainBitcoin, Banking and the Blockchain
Bitcoin, Banking and the Blockchainseancarmody
 
Seminar Report On Bitcoin
Seminar Report On BitcoinSeminar Report On Bitcoin
Seminar Report On BitcoinTouroxy
 
Bits, Blocks, and Chains: A Concise Examination of Bitcoin and Cryptocurrency...
Bits, Blocks, and Chains: A Concise Examination of Bitcoin and Cryptocurrency...Bits, Blocks, and Chains: A Concise Examination of Bitcoin and Cryptocurrency...
Bits, Blocks, and Chains: A Concise Examination of Bitcoin and Cryptocurrency...Richard Givens
 
BlockChain for the Banker
BlockChain for the BankerBlockChain for the Banker
BlockChain for the BankerBohdan Szymanik
 
The Basic Theories of Blockchain
The Basic Theories of BlockchainThe Basic Theories of Blockchain
The Basic Theories of BlockchainSota Watanabe
 
2019 blockchain economy
2019 blockchain economy2019 blockchain economy
2019 blockchain economyHeung-No Lee
 
BLOCKCHAIN PPT.pptx
BLOCKCHAIN PPT.pptxBLOCKCHAIN PPT.pptx
BLOCKCHAIN PPT.pptxSohanaAmreen
 
Bitcoin and Ransomware Analysis
Bitcoin and Ransomware AnalysisBitcoin and Ransomware Analysis
Bitcoin and Ransomware AnalysisInderjeet Singh
 
Bitcoin and Ransomware Analysis
Bitcoin and Ransomware AnalysisBitcoin and Ransomware Analysis
Bitcoin and Ransomware Analysisinder_barara
 
Bitcoin- Technology beyond Politics
Bitcoin- Technology beyond PoliticsBitcoin- Technology beyond Politics
Bitcoin- Technology beyond PoliticsDr. Juan Trujillo
 
Introduction into blockchains and cryptocurrencies
Introduction into blockchains and cryptocurrenciesIntroduction into blockchains and cryptocurrencies
Introduction into blockchains and cryptocurrenciesSergey Ivliev
 
Cryptocurrency-Bitcoin
Cryptocurrency-BitcoinCryptocurrency-Bitcoin
Cryptocurrency-BitcoinSatwikaHotwani
 
Bitcoin story of programable currency
Bitcoin story of programable currencyBitcoin story of programable currency
Bitcoin story of programable currencyHossam Soffar
 
Understanding Proof of Work (PoW) and Proof of Stake (PoS) Algorithms
Understanding Proof of Work (PoW) and Proof of Stake (PoS) AlgorithmsUnderstanding Proof of Work (PoW) and Proof of Stake (PoS) Algorithms
Understanding Proof of Work (PoW) and Proof of Stake (PoS) AlgorithmsGautam Anand
 

Ähnlich wie A research-oriented introduction to the cryptographic currencies (starting with Bitcoin). (20)

Bitcoin presentation
Bitcoin presentationBitcoin presentation
Bitcoin presentation
 
An in depth presentation of Cryptocurrency.
An in depth presentation of Cryptocurrency.An in depth presentation of Cryptocurrency.
An in depth presentation of Cryptocurrency.
 
Bitcoin, Banking and the Blockchain
Bitcoin, Banking and the BlockchainBitcoin, Banking and the Blockchain
Bitcoin, Banking and the Blockchain
 
01 what is blockchain
01 what is blockchain01 what is blockchain
01 what is blockchain
 
Seminar Report On Bitcoin
Seminar Report On BitcoinSeminar Report On Bitcoin
Seminar Report On Bitcoin
 
Bits, Blocks, and Chains: A Concise Examination of Bitcoin and Cryptocurrency...
Bits, Blocks, and Chains: A Concise Examination of Bitcoin and Cryptocurrency...Bits, Blocks, and Chains: A Concise Examination of Bitcoin and Cryptocurrency...
Bits, Blocks, and Chains: A Concise Examination of Bitcoin and Cryptocurrency...
 
BlockChain for the Banker
BlockChain for the BankerBlockChain for the Banker
BlockChain for the Banker
 
The Basic Theories of Blockchain
The Basic Theories of BlockchainThe Basic Theories of Blockchain
The Basic Theories of Blockchain
 
2019 blockchain economy
2019 blockchain economy2019 blockchain economy
2019 blockchain economy
 
Bitcoin Internal
Bitcoin InternalBitcoin Internal
Bitcoin Internal
 
BLOCKCHAIN PPT.pptx
BLOCKCHAIN PPT.pptxBLOCKCHAIN PPT.pptx
BLOCKCHAIN PPT.pptx
 
Bitcoin and Ransomware Analysis
Bitcoin and Ransomware AnalysisBitcoin and Ransomware Analysis
Bitcoin and Ransomware Analysis
 
Bitcoin and Ransomware Analysis
Bitcoin and Ransomware AnalysisBitcoin and Ransomware Analysis
Bitcoin and Ransomware Analysis
 
Bitcoin
BitcoinBitcoin
Bitcoin
 
Bitcoin- Technology beyond Politics
Bitcoin- Technology beyond PoliticsBitcoin- Technology beyond Politics
Bitcoin- Technology beyond Politics
 
Bitcoin Talk at Rainbow
Bitcoin Talk at RainbowBitcoin Talk at Rainbow
Bitcoin Talk at Rainbow
 
Introduction into blockchains and cryptocurrencies
Introduction into blockchains and cryptocurrenciesIntroduction into blockchains and cryptocurrencies
Introduction into blockchains and cryptocurrencies
 
Cryptocurrency-Bitcoin
Cryptocurrency-BitcoinCryptocurrency-Bitcoin
Cryptocurrency-Bitcoin
 
Bitcoin story of programable currency
Bitcoin story of programable currencyBitcoin story of programable currency
Bitcoin story of programable currency
 
Understanding Proof of Work (PoW) and Proof of Stake (PoS) Algorithms
Understanding Proof of Work (PoW) and Proof of Stake (PoS) AlgorithmsUnderstanding Proof of Work (PoW) and Proof of Stake (PoS) Algorithms
Understanding Proof of Work (PoW) and Proof of Stake (PoS) Algorithms
 

Mehr von vpnmentor

On the Bit Security of Cryptographic Primitives. by Michael Walter
On the Bit Security of Cryptographic Primitives. by Michael Walter On the Bit Security of Cryptographic Primitives. by Michael Walter
On the Bit Security of Cryptographic Primitives. by Michael Walter vpnmentor
 
Homomorphic Lower Digit Removal and Improved FHE Bootstrapping by Kyoohyung Han
Homomorphic Lower Digit Removal and Improved FHE Bootstrapping by Kyoohyung HanHomomorphic Lower Digit Removal and Improved FHE Bootstrapping by Kyoohyung Han
Homomorphic Lower Digit Removal and Improved FHE Bootstrapping by Kyoohyung Hanvpnmentor
 
Michael schapira - Hebrew University Jeruslaem - Secure Internet Routing
Michael schapira - Hebrew University Jeruslaem - Secure Internet RoutingMichael schapira - Hebrew University Jeruslaem - Secure Internet Routing
Michael schapira - Hebrew University Jeruslaem - Secure Internet Routingvpnmentor
 
Review of Previous ETAP Forums - Deepak Maheshwari
Review of Previous ETAP Forums - Deepak MaheshwariReview of Previous ETAP Forums - Deepak Maheshwari
Review of Previous ETAP Forums - Deepak Maheshwarivpnmentor
 
India’s National Biometrics ID - Presented by Mr. Deepak Maheshwari
India’s National Biometrics ID - Presented by Mr. Deepak Maheshwari India’s National Biometrics ID - Presented by Mr. Deepak Maheshwari
India’s National Biometrics ID - Presented by Mr. Deepak Maheshwarivpnmentor
 
Alternative cryptocurrencies
Alternative cryptocurrenciesAlternative cryptocurrencies
Alternative cryptocurrenciesvpnmentor
 
Automated Analysis of TLS 1.3
Automated Analysis of TLS 1.3Automated Analysis of TLS 1.3
Automated Analysis of TLS 1.3vpnmentor
 
On the Security of TLS-DHE in the Standard Model
On the Security of TLS-DHE in the Standard ModelOn the Security of TLS-DHE in the Standard Model
On the Security of TLS-DHE in the Standard Modelvpnmentor
 
TLS: Past, Present, Future
TLS: Past, Present, FutureTLS: Past, Present, Future
TLS: Past, Present, Futurevpnmentor
 
On the Security of TLS 1.3 and QUIC Against Weaknesses in PKCS#1 v1.5 Encryption
On the Security of TLS 1.3 and QUIC Against Weaknesses in PKCS#1 v1.5 EncryptionOn the Security of TLS 1.3 and QUIC Against Weaknesses in PKCS#1 v1.5 Encryption
On the Security of TLS 1.3 and QUIC Against Weaknesses in PKCS#1 v1.5 Encryptionvpnmentor
 

Mehr von vpnmentor (10)

On the Bit Security of Cryptographic Primitives. by Michael Walter
On the Bit Security of Cryptographic Primitives. by Michael Walter On the Bit Security of Cryptographic Primitives. by Michael Walter
On the Bit Security of Cryptographic Primitives. by Michael Walter
 
Homomorphic Lower Digit Removal and Improved FHE Bootstrapping by Kyoohyung Han
Homomorphic Lower Digit Removal and Improved FHE Bootstrapping by Kyoohyung HanHomomorphic Lower Digit Removal and Improved FHE Bootstrapping by Kyoohyung Han
Homomorphic Lower Digit Removal and Improved FHE Bootstrapping by Kyoohyung Han
 
Michael schapira - Hebrew University Jeruslaem - Secure Internet Routing
Michael schapira - Hebrew University Jeruslaem - Secure Internet RoutingMichael schapira - Hebrew University Jeruslaem - Secure Internet Routing
Michael schapira - Hebrew University Jeruslaem - Secure Internet Routing
 
Review of Previous ETAP Forums - Deepak Maheshwari
Review of Previous ETAP Forums - Deepak MaheshwariReview of Previous ETAP Forums - Deepak Maheshwari
Review of Previous ETAP Forums - Deepak Maheshwari
 
India’s National Biometrics ID - Presented by Mr. Deepak Maheshwari
India’s National Biometrics ID - Presented by Mr. Deepak Maheshwari India’s National Biometrics ID - Presented by Mr. Deepak Maheshwari
India’s National Biometrics ID - Presented by Mr. Deepak Maheshwari
 
Alternative cryptocurrencies
Alternative cryptocurrenciesAlternative cryptocurrencies
Alternative cryptocurrencies
 
Automated Analysis of TLS 1.3
Automated Analysis of TLS 1.3Automated Analysis of TLS 1.3
Automated Analysis of TLS 1.3
 
On the Security of TLS-DHE in the Standard Model
On the Security of TLS-DHE in the Standard ModelOn the Security of TLS-DHE in the Standard Model
On the Security of TLS-DHE in the Standard Model
 
TLS: Past, Present, Future
TLS: Past, Present, FutureTLS: Past, Present, Future
TLS: Past, Present, Future
 
On the Security of TLS 1.3 and QUIC Against Weaknesses in PKCS#1 v1.5 Encryption
On the Security of TLS 1.3 and QUIC Against Weaknesses in PKCS#1 v1.5 EncryptionOn the Security of TLS 1.3 and QUIC Against Weaknesses in PKCS#1 v1.5 Encryption
On the Security of TLS 1.3 and QUIC Against Weaknesses in PKCS#1 v1.5 Encryption
 

Kürzlich hochgeladen

INDIVIDUAL ASSIGNMENT #3 CBG, PRESENTATION.
INDIVIDUAL ASSIGNMENT #3 CBG, PRESENTATION.INDIVIDUAL ASSIGNMENT #3 CBG, PRESENTATION.
INDIVIDUAL ASSIGNMENT #3 CBG, PRESENTATION.CarlotaBedoya1
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLimonikaupta
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)Damian Radcliffe
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebJames Anderson
 
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceDelhi Call girls
 
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...tanu pandey
 
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Sheetaleventcompany
 
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
CALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service Online
CALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service OnlineCALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service Online
CALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service Onlineanilsa9823
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...Neha Pandey
 
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.soniya singh
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445ruhi
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...Diya Sharma
 
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663Call Girls Mumbai
 

Kürzlich hochgeladen (20)

(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
 
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in DubaiRussian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
 
INDIVIDUAL ASSIGNMENT #3 CBG, PRESENTATION.
INDIVIDUAL ASSIGNMENT #3 CBG, PRESENTATION.INDIVIDUAL ASSIGNMENT #3 CBG, PRESENTATION.
INDIVIDUAL ASSIGNMENT #3 CBG, PRESENTATION.
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
 
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
 
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
 
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
 
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
 
CALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service Online
CALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service OnlineCALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service Online
CALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service Online
 
@9999965857 🫦 Sexy Desi Call Girls Laxmi Nagar 💓 High Profile Escorts Delhi 🫶
@9999965857 🫦 Sexy Desi Call Girls Laxmi Nagar 💓 High Profile Escorts Delhi 🫶@9999965857 🫦 Sexy Desi Call Girls Laxmi Nagar 💓 High Profile Escorts Delhi 🫶
@9999965857 🫦 Sexy Desi Call Girls Laxmi Nagar 💓 High Profile Escorts Delhi 🫶
 
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
 
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
 
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
 
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663
 

A research-oriented introduction to the cryptographic currencies (starting with Bitcoin).

  • 1. Introduction Stefan Dziembowski University of Warsaw Workshop on Bitcoin, Introduction to Cryptocurrencies, Kfar Maccabiah, Ramat Gan, Israel, June 6-7, 2016
  • 2. Goal of this tutorial Provide a research-oriented introduction to the cryptographic currencies (starting with Bitcoin). Our main focus: conceptual aspects of this field, and the new research directions. Disclaimer: we omit or simplify many technicalities.
  • 3. Outline 1. Introduction (2 hours) 2. Mining Pools and Attacks (2 hours) 3. Smart Contracts and Applications (1 hour) 4. Smart Contracts and Applications – cont. (1 hour) 5. Alternative Cryptocurrencies (2 hours) Today Tomorrow
  • 4. Bitcoin in a nutshell: a “digital analogue” of the paper money A digital currency introduced by “Satoshi Nakamoto” in 2008. Based on the assumption that ``the majority of the computing power is honest”. currency unit: Bitcoin (BTC) 1 BTC = 108 Satoshi as of Jul 6, 2016: Market cap ≈ 9 billion USD 1 BTC ≈ 575 USD
  • 5. Digital vs. paper currencies Paper: Digital: 16fab13fc6890 Very useful if is also digital.
  • 6. Traditional ways of paying “digitally” Alice’s credit card number Alice Bob Alice’s credit card number Alice Bob transfer money to Bob’s account transfer confirmation PROBLEMS 1. trusted server for each transaction is needed (money doesn’t “circulate”), 2. high transaction fees, 3. no anonymity.
  • 7. this was the situation until 2008... then in October 2008:
  • 8. Probably one of the most discussed cryptographic technologies ever!
  • 9. PROBLEMS WITH PREVIOUS APPROACHES 1. trusted server is needed (money doesn’t “circulate”), 2. high transaction fees, 3. no anonymity. Bitcoin in Bitcoin: low fees “pseudonymity” no trusted server, money circulates
  • 10. “no trusted server” – what does it mean? everybody can join the system the users are not “registered” by any authority they contact each other directly hence the name: peer-to-peer network
  • 11. “No trusted server” nobody “controls the money”, and therefore: • The amount of money that will ever be “printed” is fixed (to around 21 mln BTC)  no inflation • The exchange rate fluctuates:
  • 12. Really “no trusted server”? The client software is written by people who are in power to change the system. They contain so-called checkpoints (more on this later). For example, this is the list of “desktop clients”: The most popular client. (open source) The developers: Wladimir J. van der Laan, Gavin Andresen, Jeff Garzi, Gregory Maxwell, Pieter Wuille
  • 13. How to update the protocol if there is no governing body? • Updates have a form of Bitcoin Improvement Proposals (BIPs). • The Bitcoin community has a mechanism to vote on BIPs (weight of the vote on is proportional to the voter’s computing power), • the voting process is organized centrally: (“People wishing to submit BIPs, first should propose their idea or document to the mailing list. After discussion they should email Greg Maxwell <gmaxwell@gmail.com>. After copy-editing and acceptance, it will be published here.”) (we will later talk more about it)
  • 14. Bitcoin ≈ “real money”? Bitcoin value comes from the fact that: “people expect that other people will accept it in the future.” It’s like all the other currencies enthusiasts: sceptics: It’s a Ponzi scheme P. Krugman A. Greenspan Carlo Pietro Ponzi
  • 15. Some economists are more positive Ben Bernanke While these types of innovations may pose risks related to law enforcement and supervisory matters, there are also areas in which they may hold long-term promise, particularly if the innovations promote a faster, more secure and more efficient payment system.
  • 16. Why did Bitcoin become so popular (1/2)? • Seeming anonymity (anonymous enough for trading illegal goods?) • Good timing (in 2008 the “quantitative easing” in the US started). • Ideological reasons (crypto-anarchism).
  • 17. • Low transaction fees. • Hype? • Very popular in some non-democratic countries (until the government forbids to use it). Why did Bitcoin become so popular (2/2)?
  • 18. Downsides of decentralization (1/2) There are no “regulators”… MtGox (handling 70% of all Bitcoin transactions) shut down on Feb 2014 reporting 850,000 bitcoins (≈ 450 million USD) stolen.
  • 19. Downsides of decentralization (2/2) Nobody can reverse transactions, so finally hackers have good reasons to break into personal computers.
  • 21. Main problem with the digital money Double spending… 16fab13fc6890 16fab13fc6890 Bits are easier to copy than paper!
  • 22. Bitcoin idea (simplified): The users emulate a public trusted bulletin-board containing a list of transactions. A transaction is of a form: This prevents double spending. “User P1 transfers a coin #16fab13fc6890 to user P2” 16fab13fc6890 you’ve already spent this coin!
  • 23. What needs to be discussed 1. How is the trusted bulletin-board maintained? 2. How are the users identified? 3. Where does the money come from? 4. What is the syntax of the transactions?
  • 24. Trusted bulletin-board emulation Main difficulty: Some parties can cheat. the “ideal” world a protocol that implements the ideal world
  • 25. An idea Assume that the majority of the parties is honest. Then the bulletin board can be implemented by “voting”. dd8bbeabc093b91e4402df4ba... 0.08431821 BTC 54166c365fd6ef4dc22c23e72... 0.6905818 BTC 900852167a13629873ac6defd... 0.11825461 BTC 6e51eb9fbc68bad9b3f62cd4f... 0.00362128 BTC 2842d89b36bc6041c89902cc4... 0.07622 BTC e3bb90693a84b81384b0719f3... 0.0023 BTC 28a7953700f9dccadf779b194... 0.9998 BTC 008bfc174da83ac895636883c... 2.0698 BTC a02a15eea695a066a9d2db4f7... 0.30642891 BTC edb62013b99cb0162e2595fc6... 1.00491631 BTC “Is this the correct contents of the bulletin board?” ... yes yes yesnono “honest” = they always tell the truth transaction T Every transaction is broadcast to all the parties
  • 26. How to implement broadcast? A well-known problem in distributed computing. Standard solution in peer-to-peer networks: let the users relay the messages. message M
  • 27. Problem How to define “majority” in a situation where everybody can join the network?
  • 28. The Bitcoin solution Define the “majority” as the majority of the computing power Now creating multiple identities does not help!
  • 29. How is this verified? Main idea: • use Proofs of Work • incentivize honest users to constantly participate in the process The honest users can use their idle CPU cycles. Nowadays: often done on dedicated hardware.
  • 30. Proofs of work Introduced by Dwork and Naor [Crypto 1992] as a countermeasure against spam. Basic idea: Force users to do some computational work: solve a moderately difficult “puzzle” (checking correctness of the solution has to be fast)
  • 31. How to construct a PoW? A building block: hash functions. Practical examples of hash functions: MD5, SHA1, SHA256, SHA3,... Implemented in every operating system, for example in Unix: > echo Kfar Maccabiah | sha256sum c63594ddf2e1afbcd02fd83e6fed2a29b5baecea84f4ec 46ccab6d43e34f39cc > echo Kfar Maccabiah Hotel | sha256sum c09feca344512e61011d21b383cec39fb605db582d5857 5adbcac6753680a4be > echo KfarMaccabiah Hotel | sha256sum 86a8f1ec7dcd288b7ba6bcac61a9c172058086bb4e8a4a 9a6499b169958603e3 𝐇: 𝟎, 𝟏 ∗ → 𝟎, 𝟏 𝒕 is a hash function if it “behaves like a random function”
  • 32. A simple hash-based PoW VerifierProver random x finds s such that H(s,x) starts with n zeros (in binary) s nonce “hardness parameter checks if H(s,x) starts with n zeros takes time 2n ⋅ TIME(H) takes time TIME(H) H -- a hash function whose computation takes time TIME(H)
  • 33. Main idea The users participating in the scheme are called the “miners”. They maintain a chain of blocks: block0 block1 block2 block3 transactions from period 1 transactions from period 2 transactions from period 3 the “genesis block” created by Satoshi on 03/Jan/2009 ≈ 10 min. block size < 1MB, which translates to max 7 trans./sec.
  • 34. Information about the state of the blockchain is propagated in the network blockchain blockchain new user 1. A new user can ask the other users what is the current state of the blockchain.
  • 35. 2. When a miner finds an extension he broadcast it to all the other users I extended the blockchain! Here is the new block
  • 36. How to post on the board Just broadcast (over the internet) your transaction to the miners. And hope they will add it to the next block. Important: They never add an invalid transaction (e.g. double spending) transaction T the miners are incentivized to do it. a chain with an invalid transaction is itself not valid, so no rational miner would do it.
  • 37. Main principles 1. It is computationally hard to extend the chain. 2. Once a miner finds an extension he broadcasts it to everybody. 3. The users will always accept “the longest chain” as the valid one. the system incentivizes them to do it
  • 38. How are the PoWs used? Main idea: to extend the chain one needs to find nonce such that H(nonce, H(blocki),transactions) starts with some number n of zeros block0 block1 block2 block3 H – hash function H “hardness parameter” H H nonce nonce nonce transactions from period 1 transactions from period 2 transactions from period 3 more concretely in Bitcoin: H is SHA256.
  • 39. In more details: H nonce 𝐬𝐢 transactions 𝐓𝟏 𝐢 , … , 𝐓𝐤 𝐢 from period i blocki-1: … … … blocki: H H(blocki-1) has to start with n zeros 𝐬𝐢 H(blocki-1) 𝐓𝟏 𝐢 , … , 𝐓𝐤 𝐢
  • 40. The hardness parameter is periodically changed • The computing power of the miners changes. • The miners should generate the new block each 10 minutes (on average). • Therefore the hardness parameter is periodically adjusted to the mining power • This happens once each 2016 blocks. • Important: the hardness adjustment is automatic, and depends on how much time it took to generate last 2016 blocks. this is possible since every block contains a time- stamp produced by the miner who mined it
  • 41. “Hashrate” = number of hashes computed per second Sep 17 2013 : 990,986 GH/s Sep 17 2014 : 280,257,530 GH/s Sep 17 2015 : 385,067,688 GH/s Note: ≈ 258 hash / second total hashrate over the last 2 years:
  • 42. How it looks in real life Height Timestamp Transactions Size 414902 Jun 5, 2016 5:01:20 PM 386 171361 414901 Jun 5, 2016 4:58:57 PM 304 114339 414900 Jun 5, 2016 4:57:25 PM 1004 428715 414899 Jun 5, 2016 4:50:43 PM 739 384667 414898 Jun 5, 2016 4:45:29 PM 1388 999990 414897 Jun 5, 2016 4:41:19 PM 2187 999945 414896 Jun 5, 2016 4:23:42 PM 2743 998020
  • 43. What if there is a “fork”? blocki blocki+1 blocki+2 block’1+2 blocki+3 blocki+4 block’1+3 this chain is valid fork For a moment let’s say: the “longest” chain counts.
  • 44. Does it make sense to “work” on a shorter chain? No! blocki+1 blocki+2 block’i+2 blocki+3 blocki+4 block’i+3 Because everybody else is working on extending the longest chain. Recall: we assumed that the majority follows the protocol.
  • 45. Consequence The system should quickly self-stabilize. If there is a fork then one branch will quickly die. Problem: what if your transaction ends up in a “dead branch”? Recommendation: to be sure that it doesn’t happen wait 6 blocks. ≈ 1 hour
  • 46. Can transactions be “reversed”? T To reverse a transaction the adversary has to create a “fork in the past”. This looks very hard if he has a minority of computing power (the honest miners will always be ahead of him).
  • 47. Since hardness is adjusted thus the following attack might be possible the “2016 blocks” periods . . . . . . . . . . . . . . . the adversary forks the chain: (2) the difficulty drops dramatically, so he can quickly produce a chain longer than the valid one, and publish it. (1) he computes (secretly) another chain with fake time- stamps (indicating that it took a lot of time to produce it)
  • 48. Therefore In Bitcoin it’s not the longest chain but the strongest chain that matters. The strength of each block is 𝟐 𝐧. The strength of the chain is the sum of hardnesses of each block in it. 𝐧 – the hardness parameter in a given period
  • 49. How are the miners incentivized to participate in this game? Short answer: they are paid (in Bitcoins) for this. We will discuss it in detail later…
  • 50. An important feature Suppose everybody behaves according to the protocol then: every miner 𝐏𝐢 whose computing power is an 𝜶𝒊-fraction of the total computing power mines an 𝜶𝒊-fraction of the blocks. Intuitively this is because: 𝐏𝐢’s chances of winning are proportional to the number of times 𝐏𝐢 can compute 𝐇 in a given time frame. fraction of computing power fraction of revenue ≈
  • 51. What is needed to decide which blockchain is valid? In theory: one needs to know only: • the initial rules of the game • the genesis block 𝐁 𝟎 Then from many “candidate chains” choose the one that • verifies correctly (starts 𝐁 𝟎 and is satisfies all the rules) • is the strongest. One doesn’t even need to have access to the communication history. In practice: it’s not that simple... This can take several hours. Note: as of June 2016: blockchain’s size is ≈ 𝟕𝟎𝐆B. we will talk about it in a moment
  • 52. Freshness of the genesis block I didn’t know the genesis block before Bitcoin was launched (Jan 3, 2009) Here is a heuristic “proof”: Block0 contained a hash of a title from a front page of the London Times on Jan 3, 2009 A recent paper that shows how to generate the genesis block in a distributed way: [Andrychowicz, D., CRYPTO’15].
  • 53. Why is this important? Otherwise Satoshi could “pre-mine” (mostly a theoretical threat today): 𝐁 𝟎 . . . . . . (1) secretly start mining in 1980, produce a very strong chain (2) honest miners start working on Jan 03, 2009. They have more computing power but less time. So, after 1 year their chain is still weaker than the one of Satoshi. (3) On Jan 03, 2010 publish your secret chain
  • 54. Checkpoints Checkpoint – old block hash hardcoded into Bitcoin software. From the theoretical point of view: not needed. Moreover: they go against the “decentralized” spirit of Bitcoin. Still they have some practical advantages: • they prevent some DoS attacks (flooding nodes with unusable chains) • they prevent attacks involving isolating nodes and giving them fake chains, • they can be viewed as an optimization for the initial blockchain download.
  • 55. Protocol updates The Bitcoin protocol can be updated. Proposals for the Bitcoin updates can be submitted to the Bitcoin foundation in the form of the Bitcoin Improvement Proposals (BIPs). Then the foundation puts them at vote. Only the miners can vote. The votes are included in the mined blocks. Currently it is required that a proposal gets a 75% approval in the mined blocks (over some period of time). Note: 75% of blocks ≈ 75% of computing power.
  • 56. What needs to be discussed 1. How is the trusted bulletin-board maintained? 2. How are the users identified? 3. Where does the money come from? 4. What is the syntax of the transactions?
  • 57. How to identify the users in the peer- to-peer networks? Use the digital signature schemes. ≈digital analogue of the handwritten signatures.
  • 58. 04:a0:15:32:a3:c0:90:00: 53:de:60:fb:ef:ef:cc:a5:87: 93:30:15:98:d3:08:b4:1e: signs the document everybody can verify the signature by looking at the Anna’s ID and the message Anna’s ID signs the document Anna’s public key de:32:a3:c0: ef:cc:a5:a6 everybody can verify the signature by looking at the Anna’s public key and the message 11:b5:73:7c:f9:d9:3f:17:c0:c b:1a:84:65:5d:39:95:a0:28:2 4:09:7e:ff:a5:ed:d8:ee:26:38: Anna’s private key “digital signature” handwritten signatures: digital signatures:
  • 59. More formally: A digital signature scheme consists of algorithms Gen, Sign and Vrfy, where: Gen (secret key sk, public key pk) Sign signature σ(sk, message M) Vrfy yes/no(pk, M, σ) input: output: Correctness: for every (sk,pk) := Gen() and every M we have Vrfy(pk,M,Sign(sk,M)) = yes Security: “without knowing sk it is infeasible to compute σ such that Vrfy(pk,M,σ) = yes”
  • 60. How to use the digital signatures? (sk, pk) := Gen() publish pk message M 𝝈 ≔ Sign(sk,M) (M, 𝝈) Vrfy(pk,𝐌, 𝝈)
  • 61. Popular signature schemes • RSA (1970s) • ElGamal • DSA • ECDSABitcoin uses this
  • 62. How to identify the users in the peer- to-peer networks? We use the digital signature schemes. (sk,pk) := Gen() publish pk The users are identified by their public keys. keep sk secret
  • 63. Everybody can generate his own key pair announce pk1 keep sk1 secret announce pk2 keep sk2 secret announce pk3 keep sk3 secret (sk1 , pk1) := Gen() (sk2 , pk2) := Gen()(sk3 , pk3) := Gen()
  • 64. Convenions Public key in Bitcoin are also called addresses. It is recommended not to reuse the addresses. In other words: for every new transaction one should use a new address (mostly: for security and anonymity). On these slides we often ignore this convention for the sake of simplicity.
  • 65. What needs to be discussed 1. How is the trusted bulletin-board maintained? 2. How are the users identified? 3. Where does the money come from? 4. What is the syntax of the transactions?
  • 66. Where does the money come from? A miner who finds a new block gets a “reward” in BTC: • for the first 210,000 blocks: 50 BTC • for the next 210,000 blocks: 25 BTC • for the next 210,000 blocks: 12.5 BTC, and so on… Note: 210,000 ⋅ (50 + 25 + 12.5 + ) → 21,000,000 ≈ 4 years current reward we will soon be here (currently the number of blocks is around 415000)
  • 67. This is how it looks in detail “generation transaction” “coinbase”
  • 68. More details Each block contains a transaction that transfers the reward to the miner. Advantages: 1. It provides incentives to be a miner. 2. It also makes the miners interested in broadcasting new block asap. this view was challenged in a recent paper: Ittay Eyal, Emin Gun Sirer Majority is not Enough: Bitcoin Mining is Vulnerable (we will discuss it later)
  • 69. What needs to be discussed 1. How is the trusted bulletin-board maintained? 2. How are the users identified? 3. Where does the money come from? 4. What is the syntax of the transactions?
  • 70. Bitcoin’s money mechanics Bitcoin is “transaction based”. Technically: there is no notion of a “coin” in Bitcoin. 25 BTC created by 𝐏𝟏 5 BTC sent to 𝐏𝟑 25 BTC sent to 𝐏𝟐 5 BTC sent to 𝐏𝟒 15 BTC sent to 𝐏𝟓 25 BTC created by 𝐏𝟔 15 BTC from 𝐏𝟓 plus 25 BTC from 𝐏𝟔 sent to 𝐏𝟗 5 BTC sent to 𝐏𝟖 5 BTC sent to 𝐏𝟕 𝐏𝟕 has 5 BTC 𝐏𝟖 has 5 BTC 𝐏𝟗 has 40 BTC time
  • 71. Transaction syntax – simplified view T1 = (User P1 creates 25 BTC) T2 = (User P1 sends 25 BTC from T1 to P2 signature of P1 on [T2]) T3 = (User P2 sends 25 BTC from T2 to P3 signature of P2 on [T3]) 25 BTC 25BTC25BTC in the “mining process” P1 P2 P3 [T2] [T3] “value of T2“ We say that T3 redeems T2
  • 72. How to “divide money”? Multi-output transactions: T2 = (User P1 sends 10 BTC from T1 to user P2 , User P1 sends 7 BTC from T1 to user P3 , User P1 sends 8 BTC from T1 to user P4 signature of P1 on [T2]) 7BTC[T2] P1 P2 P3 P4
  • 73. Multiple inputs all signatures need to be valid! 8BTC T4 = (User P1 sends 10 BTC from T1 to user P4 , User P2 sends 7 BTC from T2 to user P4 , User P3 sends 8 BTC from T3 to user P4 signature of P1 on [T4], signature of P2 on [T4], signature of P3 on [T4]) [T4] P4 P3P1 P2
  • 74. Time-locks It is also possible to specify time t when a transaction becomes valid. T2 = (User P1 sends 25 BTC from T1 to P2 if time t has passed) signature of P1 on [T2]) [T2] measured in: • real time, or • blocks.
  • 75. Generalizations 1. All these features can be combined. 2. The total value of in-coming transactions can be larger that the value of the out-going transactions. (the difference is called a “fee” and goes to the miner) 1. The condition for redeeming a transaction can be more general (the so-called “strange transactions”) we will talk about it later
  • 76. ©2016 by Stefan Dziembowski. Permission to make digital or hard copies of part or all of this material is currently granted without fee provided that copies are made only for personal or classroom use, are not distributed for profit or commercial advantage, and that new copies bear this notice and the full citation.

Hinweis der Redaktion

  1. See: https://bitcoinwisdom.com/bitcoin/difficulty