YOW 2016 How the Bitcoin Protocol Actually Works · • White paper published November 2008 by...
Transcript of YOW 2016 How the Bitcoin Protocol Actually Works · • White paper published November 2008 by...
Jan Møller Co-founder, CTO Chainalysis
HowDoesBitcoinActuallyWork?
• Thistalkisnotaboutthepoli:caloreconomicalimpactofBitcoin.
• Thistalkisnotabouthowtobuy,sell,spend,orsecureyourbitcoins.
• ThistalkisabouthowBitcoinactuallyworks.…youknow…nerdystuff!
HowitStarted
• WhitepaperpublishedNovember2008bySatoshiNakamoto
“Bitcoin:APeer-to-PeerElectronicCashSystem”
“I'vebeenworkingonanewelectroniccashsystemthat’sfullypeer-to-peer,withnotrustedthirdparty.”
• Workingimplementa:onpublished3monthslaterasan
opensourceproject.
ABrief[FUN]History• FirstBitcoinTransac:on January2009
• 2Pizzas10.000BTC May2010
• 1BTCSuprassesUSD1 February2011
• 1CessnaAircra[10.000BTC June2011• 1BTCSurpassesUSD100 April2013
• 1BTCSurpassesUSD200 April2013
• 1BTCSurpassesUSD1000 November2013
• 1BTCDowntoUSD245 June2015
Today1bitcoinisaboutUSD750
WhatisBitcoin?
• Bitcoinisthenameofap2pprotocolAllowsanetworkofcomputerstogovernalltherulesofBitcoin
• BitcoinisaunitofaccountLikeEuro,AustralianDollar,orWoWgoldcoins
• BitcoinisapaymentSystemYoucansendvaluebetweenaccountsintheBitcoinnetwork
Proper:esofCommonDigitalPaymentSystems
• NoCounterfei:ngYOUcan'tincreasemoneysupplyatwill
• NoDoubleSpendingYOUcan'tspendthesamevaluemorethanonce
• Transac:onirreversibilityYOUcan'tundoatransac:on
Proper:esofBitcoin
• NoCounterfei:ngNOBODYcanincreasemoneysupplyatwill
• Transac:onirreversibilityNOBODYcanundoatransac:on
• NoDoubleSpendingNOBODYcanspendthesamevaluemorethanonce
BitcoinSolvesTwoThings
• EliminatestrustinacentralauthorityYoutrusttherulesofaprotocolenforcedbymathema:csandcryptography
• Distribu:onoffundsHowtodistributevaluewhenyoucreateanewcurrency?
Distribu:onofFunds
• Every10minutessinceincep:ona“random”nodeintheBitcoinnetworkreceivesareward.
• Therewardstartedat50bitcoins,andhalvesevery4years
TheBlockchain• Thebiginven:onthatmakesBitcoinwork
• Theblockchainisadatabasecontaininghistoricalrecordsofallthetransac:onsthateveroccurredinthenetwork.
• Everyfullnodeinthenetworkhasacopythattheykeepuptodateandverify.
• Somenodesextendtheblockchain,theyarecalledminers.
Block0
GenesisBlock
Block1
...
BlockN-1
BlockN
Thinkofitasabigaccoun:ngbook.Everyblockisapageinthebook.
Anyonecantrytoaddapagetothebooktogetareward…butitiscomputa:onallyhardtodoso
Problem:Wewantanewblocktoappearevery10minutesonaverage.
IntroducingSHA-256
• Cryptographicallysecureone-wayhashfunc:on.
• Takesanyinputandproducesa32byteoutput.
• Flippingonebitintheinputgivesadifferentrandomlydistributedoutput.
Sha256(“YOW”) = 990d7204316fe2907f55cb22d7b66fe9 e1f7e26dca2b61041cc3d3eec303d6a7
Sha256(“WOY”) = cab9db6bcb5b96f48fb3e5f11cc43008
a9eee6b168127ee7422f7218877751ff
Block0
GenesisBlock
Block1
...
BlockN-1
BlockN
VersionPreviousBlockHashMerkleRootTimeStampBitsNonce
80byteheaderBlockHash=Sha256(Sha256(Header))Butthereisacatch…
BlockHeader
Transac:onsPayload Variablesize
Howtocreateanewblock?
VersionPreviousBlockHashMerkleRootTimeStampBitsNonce
1createheader2makenoncerandom3calculateblockhash4isitbelowthetarget?5Jwearedone6Lgoto2Transac:ons
Blockhashmustbebelowthetargetdifficulty
0000000000000000038cc0f7bcdbb451ad34a458e2d535764f835fdeb896f29b
Block#440000~2,000,000,000GH/s
TheDifficultyAdapts
BlockPropaga:on
...
BlockN-2
BlockN-1
ForksareNormal(1)
BlockN’’
BlockN’
...
BlockN-2
BlockN-1
ForksareNormal(2)
BlockN’’
BlockN’ BlockN+1
Thelongestchainwins!
Distribu:onofFundsSummary
• Fundsaredistributedbysolvingblocks
• Difficultyadaptsover:me
• Thelongestchainwins
BitcoinPublic/PrivateKeys
• ABitcoinusesEllip:cCurvecryptography• Aprivatekeyis32randombytes• Apublickeyiscomputedfromaprivatekey• Thereisnoencryp:oninBitcoin,onlysigning
BitcoinAddresses
• ABitcoinaddressesisabitlikeabankaccount.1Kk18SN6WRPTEXbXBm3dZSzEw7NdbChyc9
• Calculatedfromapublickey RIPEMD-160(Sha256(publickey))
• Nobodyknowswhoownswhichaddresses
• Valueismovedbetweenaddressesusingtransac:ons.
Transac:ons(simplified)
• ABitcointransac:onsendsvaluefromonesetofaddressestoanother
InputsOutputs
5BTC
3BTC
4BTC
10BTC
2BTCTransac:onHash=Sha256(Sha256(Transac:onData))
InputsOutputs
10BTC
Transac:on
Crea:ngaTransac:on(1/7)
InputsOutputs
10BTC
Transac:on
InputsOutputs
1BTC
5BTC
InputsOutputs
4BTC
2BTC
InputsOutputs
7BTC
3BTC
Crea:ngaTransac:on(2/7)
InputsOutputs
10BTC
2BTC
Transac:on
InputsOutputs
1BTC
5BTC
InputsOutputs
4BTC
2BTC
InputsOutputs
7BTC
3BTC
Crea:ngaTransac:on(4/7)
InputsOutputs
10BTC
1.9999BTC
Transac:on
InputsOutputs
1BTC
5BTC
InputsOutputs
4BTC
2BTC
InputsOutputs
7BTC
3BTC Transac:onFee=0.0001BTC
Crea:ngaTransac:on(4/7)
InputsOutputs
10BTC
1.9999BTC
Transac:on
InputsOutputs
1BTC
5BTC
InputsOutputs
4BTC
2BTC
InputsOutputs
7BTC
3BTC Transac:onFee=0.0001BTC
Crea:ngaTransac:on(5/7)
InputsOutputs
10BTC
1.9999BTC
Transac:on
InputsOutputs
1BTC
5BTC
InputsOutputs
4BTC
2BTC
InputsOutputs
7BTC
3BTC Transac:onFee=0.0001BTC
Crea:ngaTransac:on(6/7)
InputsOutputs
10BTC
1.9999BTC
Transac:on
InputsOutputs
1BTC
5BTC
InputsOutputs
4BTC
2BTC
InputsOutputs
7BTC
3BTC
Crea:ngaTransac:on(7/7)
BitcoinNetwork
Transac:onRelaying
• Receivetransac:onfrompeer
• Verifica:on(simplified):– Verifythatthesignaturesaresound– Verifythattheinputsareunspent– Verifythatthesumofoutputs<=sumofinputs
• Relaytransac:ontootherpeers
Block0
GenesisBlock
Block1
...
BlockN-1
BlockN
UnconfirmedTransac:ons
placeholderVersionPreviousBlockHashMerkleRootTimeStampBitsNonce
BlockN+1
Transac:ons
...
BlockN-2
BlockN-1
Transac:onsinForks(1)
BlockN’’
BlockN’
MyTransac:on
MyTransac:on
...
BlockN-2
BlockN-1
Transac:onsinForks(2.1)
BlockN’’
BlockN’
MyTransac:on
...
BlockN-2
BlockN-1
Transac:onsinForks(2.2)
BlockN’’
BlockN’ BlockN+1
Thelongestchainwins!
MyTransac:on
Proper:esofBitcoin(1/3)
NoCounterfei:ng“NOBODY”canincreasemoneysupplyatwill
Youarecompe:ngwiththebiggestdistributedcomputertheworldhasseen.Ifyoucanbeatit,itjustgetsharder.
Block0
GenesisBlock
Block1
...
BlockN-1
BlockN
Proper:esofBitcoin(2/3)
Transac:onirreversibility“NOBODY”canundoatransac:on
Requiresa51%avack
...
BlockN-2
BlockN-1
BlockN’’
BlockN’ BlockN+1
OriginalTransac:on
ReversedTransac:on
Proper:esofBitcoin(3/3)
NoDoubleSpendingNOBODYcanspendthesamevaluemorethanonce
...
BlockN-2
BlockN-1
BlockN
Twotransac:onsspendingthesameoutputs
BlockchainTechisNew
Trustlessdecentralizedorderingofevents
• DecentralizedDNSwithNamecoin– Adecentralizedopensourceinforma:onregistra:onandtransfersystem.
• DecentralizedStockExchange– Coloredcoins.orgisoneofseveralsolu:onsthatallowyoutoissueandtrackdigitalassetsontopoftheBitcoinblockchain.
Wecandostuffthatwasn’tpossiblebefore
WanttoKnowMore?
Jan Møller Co-founder, CTO Chainalysis