Bitcoin: Our Best Tool for Privacy and Identity on the Internet
Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money...
Transcript of Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money...
![Page 1: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/1.jpg)
Cryptography lecture 12Bitcoin and friends
Jonathan Jogenfors
![Page 2: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/2.jpg)
Our money versus the Internet
Many everyday things have moved to the Internet.Communications, relations, entertainment. . . but not money.
Why do we still need these?
![Page 3: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/3.jpg)
But what about credit cards?
Credit cards are inherently insecure.Entire model is backwards:
1. Merchant takes the customer’s CC number2. Merchant goes to the bank3. Merchant gives CC number to the customer’s bank4. Bank gives money from the customer’s account to the
merchant.
Something like this would be better:1. Customer tells bank to give money to merchant2. That’s it!
![Page 4: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/4.jpg)
Making money digital
Why not create a currency based on cryptography?Our design goals should1 be a currency with the followingproperties:
1. Secure transfer in computer networks2. Cannot be copied and reused3. Anonymity4. Offline transactions5. Can be transferred to others6. Can be subdivided
1Okamoto and Ohta 1991.
![Page 5: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/5.jpg)
Textbook example of digital cash
The course textbook (Ch. 11) contains an example of digitalcash (not part of the course).
Note the difference:• Digital cash: Electronic version of existing currency (USD)• Digital currency: Entirely new currency (i.e. Bitcoin)
The textbook example is a centralized system, where a bank isneeded for everything to work.
![Page 6: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/6.jpg)
The failure of electronic cash
There have been several proposals for digital money.
Until a few years ago, all had failed.
No gain over existing systems:• Still need a central point of trust• Privacy: Who monitors the system?• Can we entrust a bank with managing an entire currency?
![Page 7: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/7.jpg)
There is no need for centralization
With cryptography we can actually create something betterthan “electronic cash”.
This is not in the textbook; it’s too new.
A currency that is peer-to-peer.
All functions of a bank can be taken over by the network.
In essence, we create a system with distributed consensus.
![Page 8: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/8.jpg)
Bitcoin
The Bitcoin protocol was proposed2 in 2008.
Takes care of:• Creation of new currency• Secure transactions• Protection against double-spending• Anybody can be a “merchant” or a “customer”.• Pseudo-anonymity
2Nakamoto 2008.
![Page 9: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/9.jpg)
We will now create Bitcoin from scratch
Step by step, we create a peer-to-peer currency.
In each step we discuss strengths and weaknesses.
Let’s call one unit of currency “Southfork”.
Southfork = the protocol
southfork = the currency
![Page 10: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/10.jpg)
Southfork version 1: Public, signed transactions
Alice publishes a signed message: “I, Alice, send one southforkto Bob”
Good stuff:• Bob can verify the signature as being from Alice.• The transaction cannot be undone
Bad stuff:• No account balances• Infinite number of southfork. Very incomplete. . .
![Page 11: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/11.jpg)
Southfork version 2: Serial numbers
“I, Alice, send southfork no. 856034 to Bob”
Duplicate transactions are easily spotted.
How are the serial numbers created?
The (too) easy solution: Serial numbers generated by a trustedsource, like a bank.
![Page 12: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/12.jpg)
A bank works, but. . .
This is where Nakamoto put the stroke of genius
![Page 13: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/13.jpg)
No central point of trust, instead a blockchain
We remove the central point of trust.
Instead, we establish a list of all transactions ever made.
Computing an account balance is done by summing over allprevious transactions for that account.
This list is called the blockchain and is shared by all users.
![Page 14: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/14.jpg)
Southfork version 3: The blockchain
Bob checks his blockchain before accepting the transaction
If he sees that the southfork in question is owned by Alice, heaccepts it.After the transaction is complete, Bob broadcasts hisacceptance.As soon as the other peers hear this broadcast, they will notallow double-spending.
![Page 15: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/15.jpg)
Double-spending is still possible
He he
Alice can perform a double-spend before the acceptancebroadcast is heard by enough peers
To solve this problem, we make Bob ask everybody else if atransaction is valid.Double-spending will be noticed before payment is accepted.
![Page 16: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/16.jpg)
Double-spending is still possible
He he
Alice can perform a double-spend before the acceptancebroadcast is heard by enough peers
To solve this problem, we make Bob ask everybody else if atransaction is valid.Double-spending will be noticed before payment is accepted.
![Page 17: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/17.jpg)
Double-spending is still possible
He he
Alice can perform a double-spend before the acceptancebroadcast is heard by enough peers
To solve this problem, we make Bob ask everybody else if atransaction is valid.Double-spending will be noticed before payment is accepted.
![Page 18: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/18.jpg)
Asking the network about the transaction
How many answers should Bob require? How can the answersbe trusted?
A “majority vote” is impossible, what if Alice spams Bob withfalse confirmations?
There is no way to perform traditional authentication.
But Southfork won’t work if transactions can’t be reliablyverified. . .
![Page 19: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/19.jpg)
Southfork version 4 (final): Proof of work
The finished Southfork protocol uses Proof of Work (PoW).
Basic idea: We only trust solutions that are accompanied by aproof of someone having committed a large amount ofresources to a problem.
That is, we don’t authenticate a user, but we authenticate thefact that time/money/energy/etc. has been spent.
In order for Alice to make a double-spend, she first has to spendenergy before Bob trusts her.
Even better: We turn proof-of-work into a competition.
![Page 20: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/20.jpg)
Constructing the PoW challenge
We want a problem that. . .• . . . is difficult to solve• . . . has solution(s) that are easy to verify• . . . has scalable difficulty (will be discussed later)
Remember lecture eight? A one-way hash function h(x) has thefollowing properties:
• Easy to calculate h(x) from x• Given h(x), it is hard to find x′ so that h(x′) = h(x).
Finding preimages is the perfect proof of work!
![Page 21: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/21.jpg)
Constructing the PoW challenge
We want a problem that. . .• . . . is difficult to solve• . . . has solution(s) that are easy to verify• . . . has scalable difficulty (will be discussed later)
Remember lecture eight? A one-way hash function h(x) has thefollowing properties:
• Easy to calculate h(x) from x• Given h(x), it is hard to find x′ so that h(x′) = h(x).
Finding preimages is the perfect proof of work!
![Page 22: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/22.jpg)
The verifications are done by miners
Alice’s transaction message m is broadcast:“I, Alice, transfer southfork no. 3869303 to Bob”.
A miner selects a random k and computes h(m + k).
If h(m + k) > T the miner chooses a new k and tries again.
After a long time we get h(m + k) < T and the minerbroadcasts k.
Bob receives k and checks that h(m + k) < T .
We will talk more about T at the end of the lecture.
![Page 23: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/23.jpg)
A simple example of Proof of Work
Let the threshold T be so that the hash value h(m + k) needsfive leading zeros and let m =“AAA”.
m + k h(k + m)
AAA0 802dbe2e69. . .
AAA1 bbfce0d522. . .AAA2 7bb4db476f. . .. . . . . .AAA770239 00000921ac. . .
k = 770239 is a valid solution
Note that in the normal case, k is chosen randomly.There are several solutions k to the problem h(m + k) < T .
![Page 24: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/24.jpg)
A simple example of Proof of Work
Let the threshold T be so that the hash value h(m + k) needsfive leading zeros and let m =“AAA”.
m + k h(k + m)
AAA0 802dbe2e69. . .AAA1 bbfce0d522. . .
AAA2 7bb4db476f. . .. . . . . .AAA770239 00000921ac. . .
k = 770239 is a valid solution
Note that in the normal case, k is chosen randomly.There are several solutions k to the problem h(m + k) < T .
![Page 25: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/25.jpg)
A simple example of Proof of Work
Let the threshold T be so that the hash value h(m + k) needsfive leading zeros and let m =“AAA”.
m + k h(k + m)
AAA0 802dbe2e69. . .AAA1 bbfce0d522. . .AAA2 7bb4db476f. . .
. . . . . .AAA770239 00000921ac. . .
k = 770239 is a valid solution
Note that in the normal case, k is chosen randomly.There are several solutions k to the problem h(m + k) < T .
![Page 26: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/26.jpg)
A simple example of Proof of Work
Let the threshold T be so that the hash value h(m + k) needsfive leading zeros and let m =“AAA”.
m + k h(k + m)
AAA0 802dbe2e69. . .AAA1 bbfce0d522. . .AAA2 7bb4db476f. . .. . . . . .AAA770239 00000921ac. . .
k = 770239 is a valid solution
Note that in the normal case, k is chosen randomly.There are several solutions k to the problem h(m + k) < T .
![Page 27: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/27.jpg)
Mining is a competition to find a solution
Transaction
!!
19395?
5536233?
64203?
260394?
116534?
423787?
298360?
372983?
7239345?
8890153!!
372983?
7239345?
Charlie is the lucky winner
Bob can trust the acknowledgment from Charlie.
![Page 28: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/28.jpg)
Mining is a competition to find a solution
Transaction !!
19395?
5536233?
64203?
260394?
116534?
423787?
298360?
372983?
7239345?
8890153!!
372983?
7239345?
Charlie is the lucky winner
Bob can trust the acknowledgment from Charlie.
![Page 29: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/29.jpg)
Mining is a competition to find a solution
Transaction !!
19395?
5536233?
64203?
260394?
116534?
423787?
298360?
372983?
7239345?
8890153!!
372983?
7239345?
Charlie is the lucky winner
Bob can trust the acknowledgment from Charlie.
![Page 30: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/30.jpg)
Mining is a competition to find a solution
Transaction !!
19395?
5536233?
64203?
260394?
116534?
423787?
298360?
372983?
7239345?
8890153!!
372983?
7239345?
Charlie is the lucky winner
Bob can trust the acknowledgment from Charlie.
![Page 31: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/31.jpg)
Mining is a competition to find a solution
Transaction !!
19395?
5536233?
64203?
260394?
116534?
423787?
298360?
372983?
7239345?
8890153!!
372983?
7239345?
Charlie is the lucky winner
Bob can trust the acknowledgment from Charlie.
![Page 32: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/32.jpg)
Mining is a competition to find a solution
Transaction !!
19395?
5536233?
64203?
260394?
116534?
423787?
298360?
372983?
7239345?
8890153!!
372983?
7239345?
Bob can trust the acknowledgment from Charlie.
![Page 33: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/33.jpg)
A block is a large number of transactions
Alice 1 southfork to BobCharlie 500 southfork to MalloryAlice 50 southfork to MalloryVictor 4 southfork to TrentPeggy 7000 southfork to VictorEve 15 southfork to AliceBob 100 southfork to Peggy
2015-10-14 13:44:17
Previous hash value Nonce k
Block #236434
A block is only valid if its hash value is less than T .
![Page 34: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/34.jpg)
A block is a large number of transactions
Alice 1 southfork to BobCharlie 500 southfork to MalloryAlice 50 southfork to MalloryVictor 4 southfork to TrentPeggy 7000 southfork to VictorEve 15 southfork to AliceBob 100 southfork to Peggy
2015-10-14 13:44:17
Previous hash value Nonce k
Block #236434
A block is only valid if its hash value is less than T .
![Page 35: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/35.jpg)
A block is a large number of transactions
Alice 1 southfork to BobCharlie 500 southfork to MalloryAlice 50 southfork to MalloryVictor 4 southfork to TrentPeggy 7000 southfork to VictorEve 15 southfork to AliceBob 100 southfork to Peggy
2015-10-14 13:44:17
Previous hash value Nonce k
Block #236434
A block is only valid if its hash value is less than T .
![Page 36: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/36.jpg)
A block is a large number of transactions
Alice 1 southfork to BobCharlie 500 southfork to MalloryAlice 50 southfork to MalloryVictor 4 southfork to TrentPeggy 7000 southfork to VictorEve 15 southfork to AliceBob 100 southfork to Peggy
2015-10-14 13:44:17
Previous hash value
Nonce k
Block #236434
A block is only valid if its hash value is less than T .
![Page 37: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/37.jpg)
A block is a large number of transactions
Alice 1 southfork to BobCharlie 500 southfork to MalloryAlice 50 southfork to MalloryVictor 4 southfork to TrentPeggy 7000 southfork to VictorEve 15 southfork to AliceBob 100 southfork to Peggy
2015-10-14 13:44:17
Previous hash value Nonce k
Block #236434
A block is only valid if its hash value is less than T .
![Page 38: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/38.jpg)
A block is a large number of transactions
Alice 1 southfork to BobCharlie 500 southfork to MalloryAlice 50 southfork to MalloryVictor 4 southfork to TrentPeggy 7000 southfork to VictorEve 15 southfork to AliceBob 100 southfork to Peggy
2015-10-14 13:44:17
Previous hash value Nonce k
Block #236434
A block is only valid if its hash value is less than T .
![Page 39: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/39.jpg)
Transactions are verified by miners
The process of turning transactions into blocks is mining.
The blocks are numbered and form a long chain, blockchain.
(abandoned)
If two miners find a valid block simultaneously, the resolutionstrategy is to randomize and then work on the longest chain.
![Page 40: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/40.jpg)
Transactions are verified by miners
The process of turning transactions into blocks is mining.
The blocks are numbered and form a long chain, blockchain.
(abandoned)
If two miners find a valid block simultaneously, the resolutionstrategy is to randomize and then work on the longest chain.
![Page 41: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/41.jpg)
Transactions are verified by miners
The process of turning transactions into blocks is mining.
The blocks are numbered and form a long chain, blockchain.
(abandoned)
If two miners find a valid block simultaneously, the resolutionstrategy is to randomize and then work on the longest chain.
![Page 42: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/42.jpg)
Transactions are verified by miners
The process of turning transactions into blocks is mining.
The blocks are numbered and form a long chain, blockchain.
(abandoned)
If two miners find a valid block simultaneously, the resolutionstrategy is to randomize and then work on the longest chain.
![Page 43: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/43.jpg)
Transactions are verified by miners
The process of turning transactions into blocks is mining.
The blocks are numbered and form a long chain, blockchain.
(abandoned)
If two miners find a valid block simultaneously, the resolutionstrategy is to randomize and then work on the longest chain.
![Page 44: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/44.jpg)
Transactions are verified by miners
The process of turning transactions into blocks is mining.
The blocks are numbered and form a long chain, blockchain.
(abandoned)
If two miners find a valid block simultaneously, the resolutionstrategy is to randomize and then work on the longest chain.
![Page 45: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/45.jpg)
Each block gives security to the previous ones
Hash
TX Hash
TX Hash
TX Hash
TX Hash
Bob waits a number of blocks before accepting Alice’stransaction.
![Page 46: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/46.jpg)
This is how Bitcoin works!
Southfork now essentialy works like Bitcoin.
Digital signatures initiate the transaction
Miners verify the transactions
Bob accepts the transaction after six successive blocks (takesone hour).
New currency is created by rewarding miners.
![Page 47: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/47.jpg)
Everybody has the blockchain
All transactions are in the blockchain.
Anybody can see all transactions
Today, the blockchain takes up more than 135 gigabyte.
![Page 48: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/48.jpg)
Security analysis
The only way for Alice to cheat is the following:1. Buy a supercomputer2. Save up money for the electric bill3. Broadcast an invalid transaction m to Bob4. Let the supercomputer search for a block containing m.5. The computer must be faster than everybody else’s,
combined.6. Even if she manages to solve an “illegal” block, no other
miner will accept it.Alice has a hard time cheating Bob.Even if she has 1 % of the hashing power, the chance of miningsix blocks in a row is (0.01)6 = 1 × 10−12.
![Page 49: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/49.jpg)
Sending and receiving bitcoin
Private key:E9873D79C6D87DC0FB6A5778633389F4453213303DA61F20BD67FC233AA33262
ECDSA
RIPEMD-160
base58
Address:3J98t1WpEZ73CNmQviecrnyiWrnqRhWNLy
![Page 50: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/50.jpg)
Sending and receiving bitcoin
Private key:E9873D79C6D87DC0FB6A5778633389F4453213303DA61F20BD67FC233AA33262
ECDSA
RIPEMD-160
base58
Address:3J98t1WpEZ73CNmQviecrnyiWrnqRhWNLy
![Page 51: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/51.jpg)
Sending and receiving bitcoin
Private key:E9873D79C6D87DC0FB6A5778633389F4453213303DA61F20BD67FC233AA33262
ECDSA
RIPEMD-160
base58
Address:3J98t1WpEZ73CNmQviecrnyiWrnqRhWNLy
![Page 52: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/52.jpg)
Sending and receiving bitcoin
Private key:E9873D79C6D87DC0FB6A5778633389F4453213303DA61F20BD67FC233AA33262
ECDSA
RIPEMD-160
base58
Address:3J98t1WpEZ73CNmQviecrnyiWrnqRhWNLy
![Page 53: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/53.jpg)
Sending and receiving bitcoin
Private key:E9873D79C6D87DC0FB6A5778633389F4453213303DA61F20BD67FC233AA33262
ECDSA
RIPEMD-160
base58
Address:3J98t1WpEZ73CNmQviecrnyiWrnqRhWNLy
![Page 54: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/54.jpg)
Detailed view of a transaction
![Page 55: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/55.jpg)
Sending and receiving bitcoin
A bitcoin wallet
![Page 56: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/56.jpg)
Bitcoin trading
Today: 1 B ≈ 42 000 SEK.Bitcoin can be bought and sold like any other currency.Bitcoin ATM in Stockholm.
![Page 57: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/57.jpg)
Volatility is a big problem
![Page 58: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/58.jpg)
![Page 59: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/59.jpg)
Adresses are global and fast
A bitcoin address: 12bs44bxxe2k3ax2c9pQHtodUhPSrbJqbeBuilt-in check code.Fits well with QR codes:
![Page 60: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/60.jpg)
Only an address is needed
This sign was shown on ESPN, giving 24 000 USD
![Page 61: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/61.jpg)
Only an address is needed
This sign was shown on ESPN, giving 24 000 USD
![Page 62: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/62.jpg)
Bitcoin for merchants
![Page 63: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/63.jpg)
Bitcoin and trust
In Bitcoin, the users only need to trust the algorithm, nothingelse.
In contrast, with traditional currency trust in the central bank,The Bitcoin protocol is a system without inherent trust.
You don’t even need to trust the initial creator, Nakamoto.
![Page 64: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/64.jpg)
Bitcoin mining is big business
Whenever a miner finds a valid block, he or she is rewarded.
Industrial-scale mining. Photo from KnC Miner
![Page 65: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/65.jpg)
Bitcoin mining has scalable difficulty
Bitcon dynamically scales the mining difficulty.
The goal is one mined block per 10 minutes, globally.
Smaller T gives higher difficulty.
Currently, you need hash values beginning with ≥ 20 (!) zeros.
000000000000000000af0d5752187e109c477ea70bb96c5c5aa8f92c6a6c8b02
![Page 66: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/66.jpg)
Extreme competition in bitcoin mining
Note the logarithmic scale!Today: Hash rate is more than 7 × 1018 hash/s.
![Page 67: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/67.jpg)
Specialized ASIC miners are expensive
The Swedish miner KnC Neptune costs thousands of dollars andperforms 3 × 106 hashes per second.
![Page 68: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/68.jpg)
Bitcoin 2.0: Digital contracts
A Bitcoin transaction between two parties; a “digital contract”.
Digital contracts can do much more than just money.
Currently in development: Ethereum.
Turing-complete money!
• Contract for difference• Multisignature escrows• Peer to peer gambling
![Page 69: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/69.jpg)
Simple example of a digital contract
Alice sets up a savings account.
She is quite lazy, so she hire Bob to manage her money.
Bob and Alice don’t fully trust each other.
They establish a contract with the following rules:1. Alice alone can withdraw 1 % per day.2. Bob alone can withdraw 0.05 % per day.3. Alice and Bob together can withdraw all the money right
away.
![Page 70: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/70.jpg)
The savings account
Alice only needs small amounts of money every day.
If she needs more, she can ask Bob for permission.
If Bob turns out to be evil, Alice can withdraw money 20 timesas fast.
If Alice’s key is compromised, she can run to Bob and theymove the money to a new contract.
If Alice loses her key, Bob can eventually help her get hermoney back.
![Page 71: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/71.jpg)
Digital contracts: Beyond currencies
A digital contract has a life on its ownAn autonomous agent that enforces the rules in the network.Similar to secret sharing, but better.Digital contracts are even beyond currencies:
• Distributed, incentivized Dropbox storage• Anonymous, encrypted message distribution• Web of trust• . . .
Digital contracts: Very new and paving way for new, previouslyunthinkable innovations.
![Page 72: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/72.jpg)
More reading if you are interested
After this course you have the neccessary background tounderstand Bitcoin.
The Bitcoin whitepaper: Read it!https://bitcoin.org/bitcoin.pdf
How the Bitcoin protocol actually works:http://www.michaelnielsen.org/ddi/how-the-bitcoin-protocol-actually-works/
More detailed explanation of transaction and keys:http://www.righto.com/2014/02/bitcoins-hard-way-using-raw-bitcoin.html
(These slides will be on the homepage shortly)
![Page 73: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/73.jpg)
Quantum Bitcoin
Jonathan Jogenfors (2016). “Quantum Bitcoin: An Anonymousand Distributed Currency Secured by the No-Cloning Theoremof Quantum Mechanics”. arXiv: 1604.01383 [quant-ph].url: http://arxiv.org/abs/1604.01383.
![Page 74: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/74.jpg)
Another selfless plug
November 17th 2017: My PhD defense.• Ada Lovelace, 13:00• Hacking quantum cryptography• Arguing with fellow scientists, trying to make them
understand their QKD protocol is broken.• Quantum Bitcoin
• Smorgastarta is served afterwards
![Page 75: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/75.jpg)
Another selfless plug
November 17th 2017: My PhD defense.• Ada Lovelace, 13:00• Hacking quantum cryptography• Arguing with fellow scientists, trying to make them
understand their QKD protocol is broken.• Quantum Bitcoin• Smorgastarta is served afterwards
![Page 76: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/76.jpg)
Summary of methods
Transactions are signed with digital signatures: ECDSA
The elliptic curve used in Bitcoin is secp256k1.
E : y2 = x3 + 7 mod p
where
p = 2256 − 232 − 29 − 28 − 27 − 26 − 24 − 1.
Transactions are verified collectively by finding preimages ofhash functions.
![Page 77: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/77.jpg)
The challenges
As a currency, bitcoin is very young.
Transactions are safe, storage is not.
If Alice loses her key, she loses her money.
If Eve finds Alice’s key, she can take her money and gets awaywith it.
Many questions remain: Taxation? Volatility? Illicit trade?
![Page 78: Cryptography lecture 12 - Bitcoin and friends · Bitcoin and friends Jonathan Jogenfors. Our money versus the Internet Many everyday things have moved to the Internet. Communications,](https://reader033.fdocuments.in/reader033/viewer/2022042218/5ec45ac918d4b923cf72a957/html5/thumbnails/78.jpg)
Summary
Bitcoin: Peer-to-peer, decentralized.
Ethereum: Digital, autonomous contracts
Extreme development, stay tuned!
Jonathan Jogenfors, [email protected]