Slide 1

Stefan Dziembowski Why do the cryptographic currencies need a solid theory? Forum Informatyki Teoretycznej, Warsaw 30.1.2015

Slide 2

Digital vs. paper currencies Paper: Digital: 16fab13fc6890 Very useful if is also digital.

Slide 3

Traditional ways of paying digitally Alices credit card number Alice Bob Alices credit card number Alice Bob transfer money to Bobs account transfer confirmation PROBLEMS 1. trusted server for each transaction is needed (money doesnt circulate), 2. high transaction fees, 3. no anonymity.

Slide 4

Bitcoin a digital analogue of the paper money

Slide 5

Probably one of the most discussed cryptographic technologies ever!

Slide 6

PROBLEMS WITH PREVIOUS APPROACHES 1. trusted server is needed (money doesnt circulate), 2. high transaction fees, 3. no anonymity. Bitcoin in Bitcoin: low fees pseudonymity no trusted server, money circulates

Slide 7

No trusted server nobody controls the money, and therefore: The amount of money that will ever be printer is fixed (to around 21 mln BTC) no inflation The exchange rate fluctuates:

Slide 8

Bitcoin value comes from the fact that: people expect that other people will accept it in the future. Its like all the other currencies enthusiasts: sceptics: Its a Ponzi scheme P. KrugmanA. Greenspan

Slide 9

Main problem with the digital money Double spending 16fab13fc6890 Bits are easier to copy than paper!

Slide 10

Bitcoin idea (simplified): The users emulate a public trusted bulletin-board containing a list of transactions. A transaction is of a form: This prevents double spending. User P 1 transfers a coin #16fab13fc6890 to user P 2 16fab13fc6890 youve already spent this coin!

Slide 11

How is this bulletin-board maintained? A technology called block-chain. Secure under the assumption that the majority of the computing power is controlled by honest users.

Slide 12

How is this verified? Basic principles: use Proofs of Work incentivize honest users to constantly participate in the process The honest users can use their idle CPU cycles. Nowadays: often done on dedicated hardware.

Slide 13

Main idea The users participating in the scheme are called the miners. They maintain a chain of blocks: block 0 block 1 block 2 block 3 transactions from period 1 transactions from period 2 transactions from period 3 the genesis block created by Satoshi on 03/Jan/2009

Slide 14

But is this secure?

Slide 15

Possible attack goals double spending, get more money from mining than you should, short selling bet that the price of BTC will drop and then destroy the system (to make the price of BTC go to zero), someone (government?) interested in shutting Bitcoin down

Slide 16

Selfish mining Ittay Eyal, Emin Gun Sirer Majority is not Enough: Bitcoin Mining is Vulnerable basic idea: when you mine a new block keep it to yourself.

Slide 17

Another clever attack Lear Bahack Theoretical Bitcoin Attacks with less than Half of the Computational Power The Difficulty Raising Attack exploits the way the difficulty is adjusted in Bitcoin.

Slide 18

Our view These attacks were unnoticed for a long time, because Bitcoin was never formally analyzed. There is no: security proof, or even a formal security definition of Bitcoin Observation: more unexpected attacks are possible.

Slide 19

Research program for the cryptocurrencies Define security (may involve game theory) Analyze Bitcoin security in this model Propose improved cryptocurrencies.

Slide 20

Thank you!

Slide 21

TCC 2015 in Warsaw March 22-25, 2015 Early registration deadline: February 19 Web-page: www.iacr.org/workshops/tcc2015/