Post on 17-Aug-2020
ETHZurich – DistributedComputingGroup
RogerWattenhofer
Cryptocurrenciesbitcoin,blockchain &beyond
Cryptocurrencies
What is Bitcoin?
+ + =
Technology
The Bank of Bitcoin
User Balance
A 2
B 5
C 8
TXB �! A
User Balance
A 2 4
B 5 3
C 8
The Bank of Bitcoin
User Balance
A 2
B 5
C 8
TXB �! A
User Balance
A 2 4
B 5 3
C 8
The Bank of Bitcoin
User Balance
A 2
B 5
C 8
TXB �! A
User Balance
A 2 4
B 5 3
C 8
The Bank of Bitcoin
User Balance
A 2
B 5
C 8
TXB �! A
User Balance
A 2 4
B 5 3
C 8
Opening an Account in Bitcoin
Private Key Public Key Address
Transferring Bitcoins
TX: 41b221
B
0.1
A
4.798
A
4.899
Inputs OutputsFee
0.001
Prev. TX:
a1a53743
4.899
0
C
...
1
|Outputs
Transferring Bitcoins
TX: 41b221
B
0.1
A
4.798
A
4.899
Inputs OutputsFee
0.001
Prev. TX:
a1a53743
4.899
0
C
...
1
|Outputs
Transferring Bitcoins
TX: 41b221
B
0.1
A
4.798
A
4.899
Inputs OutputsFee
0.001
Prev. TX:
a1a53743
4.899
0
C
...
1
|Outputs
Transferring Bitcoins
TX: 41b221
B
0.1
A
4.798
A
4.899
Inputs OutputsFee
0.001
Prev. TX:
a1a53743
4.899
0
C
...
1
|Outputs
Transferring Bitcoins
TX: 41b221
B
0.1
A
4.798
A
4.899
Inputs Outputs
Fee
0.001
Prev. TX:
a1a53743
4.899
0
C
...
1
|Outputs
Transferring Bitcoins
TX: 41b221
B
0.1
A
4.798
A
4.899
Inputs OutputsFee
0.001
Prev. TX:
a1a53743
4.899
0
C
...
1
|Outputs
Transferring Bitcoins
TX: 41b221
B
0.1
A
4.798
A
4.899
Inputs OutputsFee
0.001
Prev. TX:
a1a53743
4.899
0
C
...
1
|Outputs
Distributing the Bank
User Balance
A 2
B 5
C 8
TX
TX
Distributing the Bank
TX
Distributing the Bank
TX
Distributing the Bank
TX
Distributing the Bank
TX
Distributing the Bank
TX
Let’s Buy a Snack
[Bamert, Decker, Elsen, W, Welten, 2013]
Doublespending
TX B
1
A
1
1
Inputs
Outputs
TX’ A
1
1
✓
Doublespending
TX B
1
A
1
1
Inputs
Outputs
TX’ A
1
1
✓
Doublespending
TX B
1
A
1
1
Inputs
Outputs
TX’ A
1
1
✓
Transaction Conflicts
TX
TX
Transaction Conflicts
TX
TX
Transaction Conflicts
TX
TX
Transaction Conflicts
TX
TX
Resolving Conflicts
Green!
Resolving Conflicts
Green!
Resolving Conflicts
Green!
How to Choose a Leader?
Proof-of-Work
Block
H(Previous Block)
TX TX TX TX
I H(Block|0) ! 094d66aa7c844a9dbb516a41259b5877. . .
I H(Block|1) ! f2496854af8bf989171587a9259f634f. . .
I H(Block|2) ! aec87c0ca2e5eb3f23111092f1089ada. . .
I H(Block|3) ! 777f75b2a8ecfdc8026c236fc1d2↵a0. . ....
I H(Block|961127) ! 0000014823419622d4c133672a7d657e. . .
Proof-of-Work
Block
H(Previous Block)
TX TX TX TX
I H(Block|0) ! 094d66aa7c844a9dbb516a41259b5877. . .
I H(Block|1) ! f2496854af8bf989171587a9259f634f. . .
I H(Block|2) ! aec87c0ca2e5eb3f23111092f1089ada. . .
I H(Block|3) ! 777f75b2a8ecfdc8026c236fc1d2↵a0. . ....
I H(Block|961127) ! 0000014823419622d4c133672a7d657e. . .
Proof-of-Work
Block
H(Previous Block) TX TX TX TX
I H(Block|0) ! 094d66aa7c844a9dbb516a41259b5877. . .
I H(Block|1) ! f2496854af8bf989171587a9259f634f. . .
I H(Block|2) ! aec87c0ca2e5eb3f23111092f1089ada. . .
I H(Block|3) ! 777f75b2a8ecfdc8026c236fc1d2↵a0. . ....
I H(Block|961127) ! 0000014823419622d4c133672a7d657e. . .
Proof-of-Work
Block
H(Previous Block) TX TX TX TX
I H(Block) ! fd2e2055f117bfa261b5a6c7e11df367. . .
I H(Block|0) ! 094d66aa7c844a9dbb516a41259b5877. . .
I H(Block|1) ! f2496854af8bf989171587a9259f634f. . .
I H(Block|2) ! aec87c0ca2e5eb3f23111092f1089ada. . .
I H(Block|3) ! 777f75b2a8ecfdc8026c236fc1d2↵a0. . ....
I H(Block|961127) ! 0000014823419622d4c133672a7d657e. . .
Proof-of-Work
Block
H(Previous Block) TX TX TX TX Nonce
I H(Block|0) ! 094d66aa7c844a9dbb516a41259b5877. . .
I H(Block|1) ! f2496854af8bf989171587a9259f634f. . .
I H(Block|2) ! aec87c0ca2e5eb3f23111092f1089ada. . .
I H(Block|3) ! 777f75b2a8ecfdc8026c236fc1d2↵a0. . ....
I H(Block|961127) ! 0000014823419622d4c133672a7d657e. . .
Proof-of-Work
Block
H(Previous Block) TX TX TX TX Nonce
I H(Block|0) ! 094d66aa7c844a9dbb516a41259b5877. . .
I H(Block|1) ! f2496854af8bf989171587a9259f634f. . .
I H(Block|2) ! aec87c0ca2e5eb3f23111092f1089ada. . .
I H(Block|3) ! 777f75b2a8ecfdc8026c236fc1d2↵a0. . ....
I H(Block|961127) ! 0000014823419622d4c133672a7d657e. . .
Proof-of-Work
Block
H(Previous Block) TX TX TX TX Nonce
I H(Block|0) ! 094d66aa7c844a9dbb516a41259b5877. . .
I H(Block|1) ! f2496854af8bf989171587a9259f634f. . .
I H(Block|2) ! aec87c0ca2e5eb3f23111092f1089ada. . .
I H(Block|3) ! 777f75b2a8ecfdc8026c236fc1d2↵a0. . ....
I H(Block|961127) ! 0000014823419622d4c133672a7d657e. . .
Proof-of-Work
Block
H(Previous Block) TX TX TX TX Nonce
I H(Block|0) ! 094d66aa7c844a9dbb516a41259b5877. . .
I H(Block|1) ! f2496854af8bf989171587a9259f634f. . .
I H(Block|2) ! aec87c0ca2e5eb3f23111092f1089ada. . .
I H(Block|3) ! 777f75b2a8ecfdc8026c236fc1d2↵a0. . ....
I H(Block|961127) ! 0000014823419622d4c133672a7d657e. . .
The Blockchain
Time
The Blockchain
Time
Is Bitcoin stable?
The Blockchain
Time
The Blockchain
Time
Propagation Speed
[Decker, W, 2013]http://bitcoinstats.com
Propagation Speed
[Decker, W, 2013]http://bitcoinstats.com
Blockchain Forks
1.69%
[Decker, W, 2013]
Aside: Mining Evolution
Aside: Mining Evolution
Aside: Mining Evolution
500 MW
Summary
TX
Green!
Block
H(Previous Block) TX TX TX TX Nonce
Time
Stories
How to Lose 500M
Addressing Transaction Malleability: MtGox has detected
unusual activity on its Bitcoin wallets and performed
investigations during the past weeks.
The MtGox Incident
I July 2010: First trade on MtGox
I May 2011: Transaction malleability identified as low priority issue
I February 7, 2014: MtGox halts withdrawals
I February 10, 2014: MtGox announces loss of 850,000 bitcoins (620millio USD) and cites transaction malleability as root cause
I February 28, 2014: MtGox files for bankruptcy
I March 7 2014: MtGox finds 200,000 bitcoins
I August 2015: MtGox CEO is arrested
Signatures
00 00
61 af bb 4d e9 f8 b8 74 86 1e
There are multiple ways to serialize a signature:
I Multiple push operations (1 byte, 2 byte, 4 byte)
I Non-canonical DER encodings
I Padding
I . . .
Signatures
00 00 61 af bb 4d e9 f8 b8 74 86 1e
There are multiple ways to serialize a signature:
I Multiple push operations (1 byte, 2 byte, 4 byte)
I Non-canonical DER encodings
I Padding
I . . .
Transaction Malleability Attack
TX
TX
TX
TX
TX
Red!
TX?Refund
Transaction Malleability Attack
TX
TX
TX
TX
TX
Red!
TX?Refund
Transaction Malleability Attack
TX
TX
TX
TX
TX
Red!
TX?Refund
Transaction Malleability Attack
TX
TX
TX
TX
TX
Red!
TX?Refund
Transaction Malleability Attack
TX
TX
TX
TX
TX
Red!
TX?
Refund
Transaction Malleability Attack
TX
TX
TX
TX
TX
Red!
TX?
Refund
Incident Timeline
386 BTC
[Decker, W, 2014]
Incident Timeline
386 BTC
[Decker, W, 2014]
Is Bitcoin Secure?
Securing Your Bitcoins
[Bamert, Decker, W, 2013]
Does Bitcoin Scale?
The Bitcoin Ecosystem is Growing
Scalability Limits
I Disk space: < 500 transactions per second
I Processing power: < 200 transactions per second
I Network bandwidth: < 100 transactions per second
I Artificial 1MB limit: < 3 transactions per second
Today:
I Bitcoin: 1 transaction per second
I Credit Cards: > 10, 000 transactions per second
Scalability Limits
I Disk space: < 500 transactions per second
I Processing power: < 200 transactions per second
I Network bandwidth: < 100 transactions per second
I Artificial 1MB limit: < 3 transactions per second
Today:
I Bitcoin: 1 transaction per second
I Credit Cards: > 10, 000 transactions per second
Scalability Limits
I Disk space: < 500 transactions per second
I Processing power: < 200 transactions per second
I Network bandwidth: < 100 transactions per second
I Artificial 1MB limit: < 3 transactions per second
Today:
I Bitcoin: 1 transaction per second
I Credit Cards: > 10, 000 transactions per second
Scalability Limits
I Disk space: < 500 transactions per second
I Processing power: < 200 transactions per second
I Network bandwidth: < 100 transactions per second
I Artificial 1MB limit: < 3 transactions per second
Today:
I Bitcoin: 1 transaction per second
I Credit Cards: > 10, 000 transactions per second
Scalability Limits
I Disk space: < 500 transactions per second
I Processing power: < 200 transactions per second
I Network bandwidth: < 100 transactions per second
I Artificial 1MB limit: < 3 transactions per second
Today:
I Bitcoin: 1 transaction per second
I Credit Cards: > 10, 000 transactions per second
Payment Network
Payment Network
Payment Network
Micropayment Channels
5
5
T=100 5
5
0
4
1
3
2
Micropayment Channels
5 5
T=100 5
5
0
4
1
3
2
Micropayment Channels
5 5
T=100 5
5
0
4
1
3
2
Micropayment Channels
5 5
T=100 5
5
0
4
1
3
2
Micropayment Channels
5 5
T=100 5
5
0
4
1
3
2
Micropayment Channels
5 5
T=100 5
5
0
4
1
3
2
Micropayment Channels
5 5
T=100 5
5
0
4
1
3
2
Micropayment Channels
5 5
T=100 5
5
0
4
1
3
2
Micropayment Channels
5 5
T=100 5
5
0
4
1
3
2
Duplex Micropayment Channels
Setup Invalidation Tree Micropayment Channels
T = 100 T = 100 T = 100
T = 99 T = 100 T = 100
T = 99 T = 100
T = 99
Summary
Red!
TX?Refund
T = 100 T = 100 T = 100
T = 99 T = 100 T = 100
T = 99 T = 100
T = 99
Economy
BTC in USD
Inflation
Fungibility
=?
Improving Bitcoin?
saver miner
payer payee
relay
What is Money?
What is Money?
Summary
Thank You!Questions & Comments?
www.disco.ethz.ch
Thanks to my co-authorChristian Decker