bitcoin
DESCRIPTION
Bitcoin - Descentralised Open-Source Peer-to-Peer CryptocurrencyTRANSCRIPT
Bitcoin - Decentralised Open-Source Peer-to-Peer
Cryptocurrency
Bogdan Suvar, David Gureya
Instituto Superior Tecnico
{bogdan.suvar, david.gureya}@ist.utl.pt
December 9, 2013
Bogdan Suvar, David Gureya (EMDC) Bitcoin December 9, 2013 1 / 19
Overview
1 IntroductionMotivationBackground
2 ProtocolWalletTransactionsBlocksNetwork
3 Advantages and Disadvantages
4 Alternative Cryptocurrencies
Bogdan Suvar, David Gureya (EMDC) Bitcoin December 9, 2013 2 / 19
Outline
1 IntroductionMotivationBackgroundWalletTransactionsBlocksNetwork
Bogdan Suvar, David Gureya (EMDC) Bitcoin December 9, 2013 3 / 19
Motivation
Popular P2P and first cryptocurrency
Pseudonimity and Anonymity (with Tor)
Decentralised
Limitations and vulnerabilities
Alternatives
Bogdan Suvar, David Gureya (EMDC) Bitcoin December 9, 2013 3 / 19
Motivation
Figure: Interest by Google searches over the past 3 years
Bogdan Suvar, David Gureya (EMDC) Bitcoin December 9, 2013 4 / 19
Motivation
Figure: Regional interest from Google queries for bitcoin
Bogdan Suvar, David Gureya (EMDC) Bitcoin December 9, 2013 5 / 19
Background
Proof Of Work systemsChallenge-response CPU-bound computation. Initially used for DOS,spam
Asymmetric cryptographyUsed for transactions. Transactions represent bitcoins. Private keysare used to sign transactions, public keys are used for destination
Cryptographic hash functionsGenerate a hash that starts with a certain number of 0s (difficulty).Easy to validate, hard to find
Bogdan Suvar, David Gureya (EMDC) Bitcoin December 9, 2013 6 / 19
Background
Proof Of Work systemsChallenge-response CPU-bound computation. Initially used for DOS,spam
Asymmetric cryptographyUsed for transactions. Transactions represent bitcoins. Private keysare used to sign transactions, public keys are used for destination
Cryptographic hash functionsGenerate a hash that starts with a certain number of 0s (difficulty).Easy to validate, hard to find
Bogdan Suvar, David Gureya (EMDC) Bitcoin December 9, 2013 6 / 19
Background
Proof Of Work systemsChallenge-response CPU-bound computation. Initially used for DOS,spam
Asymmetric cryptographyUsed for transactions. Transactions represent bitcoins. Private keysare used to sign transactions, public keys are used for destination
Cryptographic hash functionsGenerate a hash that starts with a certain number of 0s (difficulty).Easy to validate, hard to find
Bogdan Suvar, David Gureya (EMDC) Bitcoin December 9, 2013 6 / 19
Outline
MotivationBackground
2 ProtocolWalletTransactionsBlocksNetwork
Bogdan Suvar, David Gureya (EMDC) Bitcoin December 9, 2013 7 / 19
Wallet
Contents
keypairs for each of the addresses
transactions done to/from
key pool
default keys
user preferences
accounts
Security
Physical: paper, hardware
Back-up
Password
One wallet per installation
Bogdan Suvar, David Gureya (EMDC) Bitcoin December 9, 2013 7 / 19
Transactions
Definition
A signed part of data that is broadcasted to the network and collected intoblocks. It references a previous transaction and a certain number ofbitcoins to (one or more) public key(s).
How it works
1 Digitally sign:
output of the previous transactionrecipient’s public key hashvalue (satoshi’s)
2 Broadcast it on the network
3 Wait to be included in a block ( 10 minutes)
4 Add block of transactions to the ledger
Bogdan Suvar, David Gureya (EMDC) Bitcoin December 9, 2013 8 / 19
Blocks
Definition
The blocks permanently record all the Bitcoin transactions on the network- similar to a ledger. New blocks are added at the end of the record, to ablock chain
Contents
List of transactions
Nonce (see POW)
Header
Mining
Generate a new hash of the block header + nonce until the right one wasfound. Reward = 25 BTC and it halves every 4 years. A new block iscreated every 10 minutes.
Bogdan Suvar, David Gureya (EMDC) Bitcoin December 9, 2013 9 / 19
Network Overview
Communication via TCP
Ports: default 8333, but CLI configurable
IPv6 support
Node bootstraping:1 Send messages to a hardcoded list of nodes (seed nodes)2 (default) DNS request to a list of hostnames
Heartbeat: keepalive message every 30 min; connection closes after90 min
Bogdan Suvar, David Gureya (EMDC) Bitcoin December 9, 2013 10 / 19
Node Discovery
Node steps:
1 Discover their external IP address (via dyndns.org or showmyip.com)
2 Receive callback addresses of nodes that connect to them
3 DNS requests for IP addresses
4 Use the ”seed” (hardcoded) addresses
5 Exchange addresses with other nodes
6 Store (timestamped) addresses in a database for startup
7 Enter new, custom, addresses from the command line
8 Read addresses from user provided text file on startup
Bogdan Suvar, David Gureya (EMDC) Bitcoin December 9, 2013 11 / 19
Node Discovery
Node steps:
1 Discover their external IP address (via dyndns.org or showmyip.com)
2 Receive callback addresses of nodes that connect to them
3 DNS requests for IP addresses
4 Use the ”seed” (hardcoded) addresses
5 Exchange addresses with other nodes
6 Store (timestamped) addresses in a database for startup
7 Enter new, custom, addresses from the command line
8 Read addresses from user provided text file on startup
Bogdan Suvar, David Gureya (EMDC) Bitcoin December 9, 2013 11 / 19
Node Discovery
Node steps:
1 Discover their external IP address (via dyndns.org or showmyip.com)
2 Receive callback addresses of nodes that connect to them
3 DNS requests for IP addresses
4 Use the ”seed” (hardcoded) addresses
5 Exchange addresses with other nodes
6 Store (timestamped) addresses in a database for startup
7 Enter new, custom, addresses from the command line
8 Read addresses from user provided text file on startup
Bogdan Suvar, David Gureya (EMDC) Bitcoin December 9, 2013 11 / 19
Node Discovery
Node steps:
1 Discover their external IP address (via dyndns.org or showmyip.com)
2 Receive callback addresses of nodes that connect to them
3 DNS requests for IP addresses
4 Use the ”seed” (hardcoded) addresses
5 Exchange addresses with other nodes
6 Store (timestamped) addresses in a database for startup
7 Enter new, custom, addresses from the command line
8 Read addresses from user provided text file on startup
Bogdan Suvar, David Gureya (EMDC) Bitcoin December 9, 2013 11 / 19
Node Discovery
Node steps:
1 Discover their external IP address (via dyndns.org or showmyip.com)
2 Receive callback addresses of nodes that connect to them
3 DNS requests for IP addresses
4 Use the ”seed” (hardcoded) addresses
5 Exchange addresses with other nodes
6 Store (timestamped) addresses in a database for startup
7 Enter new, custom, addresses from the command line
8 Read addresses from user provided text file on startup
Bogdan Suvar, David Gureya (EMDC) Bitcoin December 9, 2013 11 / 19
Node Discovery
Node steps:
1 Discover their external IP address (via dyndns.org or showmyip.com)
2 Receive callback addresses of nodes that connect to them
3 DNS requests for IP addresses
4 Use the ”seed” (hardcoded) addresses
5 Exchange addresses with other nodes
6 Store (timestamped) addresses in a database for startup
7 Enter new, custom, addresses from the command line
8 Read addresses from user provided text file on startup
Bogdan Suvar, David Gureya (EMDC) Bitcoin December 9, 2013 11 / 19
Node Discovery
Node steps:
1 Discover their external IP address (via dyndns.org or showmyip.com)
2 Receive callback addresses of nodes that connect to them
3 DNS requests for IP addresses
4 Use the ”seed” (hardcoded) addresses
5 Exchange addresses with other nodes
6 Store (timestamped) addresses in a database for startup
7 Enter new, custom, addresses from the command line
8 Read addresses from user provided text file on startup
Bogdan Suvar, David Gureya (EMDC) Bitcoin December 9, 2013 11 / 19
Node Discovery
Node steps:
1 Discover their external IP address (via dyndns.org or showmyip.com)
2 Receive callback addresses of nodes that connect to them
3 DNS requests for IP addresses
4 Use the ”seed” (hardcoded) addresses
5 Exchange addresses with other nodes
6 Store (timestamped) addresses in a database for startup
7 Enter new, custom, addresses from the command line
8 Read addresses from user provided text file on startup
Bogdan Suvar, David Gureya (EMDC) Bitcoin December 9, 2013 11 / 19
Address request handling
Upong receiving a node’s request for addresses:
1 Count all the addresses in the past 3 hours
2 If there are more than 2500, select the first 2500 randomly
3 Return addresses to the requestor
Bogdan Suvar, David Gureya (EMDC) Bitcoin December 9, 2013 12 / 19
Address request handling
Upong receiving a node’s request for addresses:
1 Count all the addresses in the past 3 hours
2 If there are more than 2500, select the first 2500 randomly
3 Return addresses to the requestor
Bogdan Suvar, David Gureya (EMDC) Bitcoin December 9, 2013 12 / 19
Address request handling
Upong receiving a node’s request for addresses:
1 Count all the addresses in the past 3 hours
2 If there are more than 2500, select the first 2500 randomly
3 Return addresses to the requestor
Bogdan Suvar, David Gureya (EMDC) Bitcoin December 9, 2013 12 / 19
Vulnerabilities
Bogdan Suvar, David Gureya (EMDC) Bitcoin December 9, 2013 13 / 19
Vulnerabilities
SniffingNo encryption, since all transaction data is visible to all nodes.Attacker could monitor all incoming and outgoing data and latertarget specific users.
Bogdan Suvar, David Gureya (EMDC) Bitcoin December 9, 2013 13 / 19
Vulnerabilities
SniffingNo encryption, since all transaction data is visible to all nodes.Attacker could monitor all incoming and outgoing data and latertarget specific users.DoS attackModerate protection exists: Client accepts only Transaction messages.Malicious node may use Transaction messages for DoS - costs a lot ofcoins. Result: the node could be disconnected from the network orhamper other trans. to be sent.
Bogdan Suvar, David Gureya (EMDC) Bitcoin December 9, 2013 13 / 19
Vulnerabilities
SniffingNo encryption, since all transaction data is visible to all nodes.Attacker could monitor all incoming and outgoing data and latertarget specific users.DoS attackModerate protection exists: Client accepts only Transaction messages.Malicious node may use Transaction messages for DoS - costs a lot ofcoins. Result: the node could be disconnected from the network orhamper other trans. to be sent.SegmentationNodes handle disputes on data integerity. Transactions could appearconfirmed in one segment then, upon joining the other segment, beinvalidated.
Bogdan Suvar, David Gureya (EMDC) Bitcoin December 9, 2013 13 / 19
Vulnerabilities
SniffingNo encryption, since all transaction data is visible to all nodes.Attacker could monitor all incoming and outgoing data and latertarget specific users.DoS attackModerate protection exists: Client accepts only Transaction messages.Malicious node may use Transaction messages for DoS - costs a lot ofcoins. Result: the node could be disconnected from the network orhamper other trans. to be sent.SegmentationNodes handle disputes on data integerity. Transactions could appearconfirmed in one segment then, upon joining the other segment, beinvalidated.51% AttacksComputationally unfeasible: attacker must have 51% more computingpower than all the other miners combined. Reason: control blockhistory.
Bogdan Suvar, David Gureya (EMDC) Bitcoin December 9, 2013 13 / 19
Scalability
Transactions
Visa: avg. 2000 tps, peak: 4k tps; holiday: avg 8k tps; burst>10kPaypall: avg. 46 tps, peak: 100 tps;Bitcoin (today): (artificially) limited to 7 tps
CPU
Node verifies (SHA256) a trans. which it doesn’t have. Hashing 1MBtakes 10 miliseconds = 4k tps achievable in mainstream CPUs (i7s) [3]
Network
For 2k tps, trans.= 0.5 kb;((2k * 512)/1024)/1024 = 0.97MBs (7.8Mbps)
Storage
Blocks can be over 0.5 GB for high tps. Pruning is possible.
Bogdan Suvar, David Gureya (EMDC) Bitcoin December 9, 2013 14 / 19
Outline
MotivationBackgroundWalletTransactionsBlocksNetwork
3 Advantages and Disadvantages
Bogdan Suvar, David Gureya (EMDC) Bitcoin December 9, 2013 15 / 19
Advantages
Bogdan Suvar, David Gureya (EMDC) Bitcoin December 9, 2013 15 / 19
Advantages
Computationally unfeasible to abuse/cheat
Bogdan Suvar, David Gureya (EMDC) Bitcoin December 9, 2013 15 / 19
Advantages
Computationally unfeasible to abuse/cheat
Highly flexible protocol (script modification)
Bogdan Suvar, David Gureya (EMDC) Bitcoin December 9, 2013 15 / 19
Advantages
Computationally unfeasible to abuse/cheat
Highly flexible protocol (script modification)
Descentralised
Bogdan Suvar, David Gureya (EMDC) Bitcoin December 9, 2013 15 / 19
Advantages
Computationally unfeasible to abuse/cheat
Highly flexible protocol (script modification)
Descentralised
Incetivised availability
Bogdan Suvar, David Gureya (EMDC) Bitcoin December 9, 2013 15 / 19
Advantages
Computationally unfeasible to abuse/cheat
Highly flexible protocol (script modification)
Descentralised
Incetivised availability
Open-source
Bogdan Suvar, David Gureya (EMDC) Bitcoin December 9, 2013 15 / 19
Disadvantages
Bogdan Suvar, David Gureya (EMDC) Bitcoin December 9, 2013 16 / 19
Disadvantages
1 Too transparent
Bogdan Suvar, David Gureya (EMDC) Bitcoin December 9, 2013 16 / 19
Disadvantages
1 Too transparent
2 Limited supply of bitcoins
Bogdan Suvar, David Gureya (EMDC) Bitcoin December 9, 2013 16 / 19
Disadvantages
1 Too transparent
2 Limited supply of bitcoins
3 Scalability (storage limitations)
Bogdan Suvar, David Gureya (EMDC) Bitcoin December 9, 2013 16 / 19
Disadvantages
1 Too transparent
2 Limited supply of bitcoins
3 Scalability (storage limitations)
4 Useless mining
Bogdan Suvar, David Gureya (EMDC) Bitcoin December 9, 2013 16 / 19
Disadvantages
1 Too transparent
2 Limited supply of bitcoins
3 Scalability (storage limitations)
4 Useless mining
5 Fluctuating evaluation
Bogdan Suvar, David Gureya (EMDC) Bitcoin December 9, 2013 16 / 19
Disadvantages
1 Too transparent
2 Limited supply of bitcoins
3 Scalability (storage limitations)
4 Useless mining
5 Fluctuating evaluation
6 Benefiting early adopters/investors in specialised hardware
Bogdan Suvar, David Gureya (EMDC) Bitcoin December 9, 2013 16 / 19
Disadvantages
1 Too transparent
2 Limited supply of bitcoins
3 Scalability (storage limitations)
4 Useless mining
5 Fluctuating evaluation
6 Benefiting early adopters/investors in specialised hardware
7 Redemption of lost bitcoins
Bogdan Suvar, David Gureya (EMDC) Bitcoin December 9, 2013 16 / 19
Disadvantages
1 Too transparent
2 Limited supply of bitcoins
3 Scalability (storage limitations)
4 Useless mining
5 Fluctuating evaluation
6 Benefiting early adopters/investors in specialised hardware
7 Redemption of lost bitcoins
8 Susceptible to criminal usage (Silk Road)
Bogdan Suvar, David Gureya (EMDC) Bitcoin December 9, 2013 16 / 19
Disadvantages
1 Too transparent
2 Limited supply of bitcoins
3 Scalability (storage limitations)
4 Useless mining
5 Fluctuating evaluation
6 Benefiting early adopters/investors in specialised hardware
7 Redemption of lost bitcoins
8 Susceptible to criminal usage (Silk Road)
9 Slow transaction times (mining)
Bogdan Suvar, David Gureya (EMDC) Bitcoin December 9, 2013 16 / 19
Outline
MotivationBackgroundWalletTransactionsBlocksNetwork
4 Alternative Cryptocurrencies
Bogdan Suvar, David Gureya (EMDC) Bitcoin December 9, 2013 17 / 19
Alternatives
Currency POWCurrency
Units
Block
Every...
Difficulty
Adjustment
Initial
Reward
Mkt.
Cap.Distinguishing features
Bitcoin SHA-256d 21M 10 min 2016 50 10B First cryptocurrency created 2009
Litecoin scrypt 84M 2.5 min 2016 50 238M Faster transactions, memory-hard mining
Peercoin SHA-256+POS 2B 1 min 45M Proof of stake, steady inflation, centralized checkpoint
Namecoin SHA-256d 21M 10 min 2016 50 19.5M descentralized DNS (.bit TLDs)
Primecoin Cunningham 10 min 1 999diff 2 7M
Useful mining, Smooth difficulty adjustmentFast confirmations, Self-adjusting block reward
Bogdan Suvar, David Gureya (EMDC) Bitcoin December 9, 2013 17 / 19
References
Satoshi Nakamoto (2008)
Bitcoin: A peer-to-peer electronic cash system
Piotr Piasecki (2012)
Design and security analysis of Bitcoin infrastructure using application deployed onGoogle App Engine
Technical University of Gdansk
Bitcoin Wiki(2013)
Bitcoin - Scalability
Karl Whelan (2013)
So What’s So Special About Bitcoin?
Forbes
Vitalkin Buterin (2013)
Primecoin: The cryptocurrency whose mining is actually useful
Bitcoin Magazine
Bogdan Suvar, David Gureya (EMDC) Bitcoin December 9, 2013 18 / 19
Questions ?
Bogdan Suvar, David Gureya (EMDC) Bitcoin December 9, 2013 19 / 19