Information Security and Privacy

An Introduction to Bitcoin and Blockchain – Part 2

Ravi Mittal
Acknowledgements

⚫ The contents for this lecture have been taken from following sources.
Thanks are due to authors who have prepared original contents and
presentations:
1. CS795: Blockchain Technologies, Class notes and slides, George Mason University, Prof
Foteini Baldimtsi, http://www.baldimtsi.com/teaching/cs795_sp17
2. Talk: Introduction to Cryptocurrencies, by Prof Stephen Dziembowski, Univ of Warsaw,
https://www.crypto.edu.pl/dziembowski-talks
3. CS419 Computer Security, Lecture Blockchain and Bitcoin, Prof Paul Krzyzanowski,
Rutgers University
4. https://learnmeabitcoin.com/beginners/getting-started
5. ECE/CS 598AM: Cryptocurrency Security, Fall 2016, Class presentation, Prof Andrew
Miller, http://soc1024.ece.illinois.edu/teaching/ece598am/fall2016/
6. http://blockchain.mit.edu/blockchain
7. Book: Bitcoin and Cryptocurrency Technologies, Arvind Narayanan, Joseph Bonneau,
Edward Felten, Andrew Miller, Steven Goldfeder
8. https://people.cs.rutgers.edu/~pxk/419/notes/bitcoin.html
9. Book: Mastering Bitcoin: Programming the open blockchain, Andreas M.Antonopoulos

2
In this class we will study
⚫ Decentralization Risks (self study)
⚫ Bitcoin Design Principles
⚫ Bitcoin - Identity Management
⚫ Where does the money come from?
⚫ Double Spending
⚫ No Stealing
⚫ Transactions and Transaction Table – Blockchain
⚫ Block Creation
⚫ Proof of Work
⚫ Process Steps – Self reading
⚫ Lecture Summary
⚫ More information on Bitcoin (Self reading)

3
4
5
Decentralization – Risks
Downsides of decentralization (1/2)

There are no regulators…

MtGox (handling 70% of all Bitcoin transactions) shut down on

Feb 2014 reporting 850,000 bitcoins (≈ 450 million USD) stolen.
Downsides of decentralization (2/2)

Nobody can reverse transactions, so finally hackers have good

reasons to break into personal computers.
Bitcoin Design Principles

9
Bitcoin Design Principles

Bitcoin – Identity Management

Identity in Bitcoin

⚫ There is no central entity (eg Government) who can issue an

Id card
⚫ Each entity is represented with a unique pair of
⚫ Public Key: PK
⚫ Private (Secret) Key: SK
⚫ Each entity is represented with a unique public key
⚫ A corresponding private key acts as a key to “unlock” the public key
and your money
⚫ Private key chosen at random, public key generated from
private key
⚫ Public key for receiving, private (Secret) key for redeeming and digital
signature
⚫ Private key is used for digital signatures on transactions
⚫ Digital signatures are required to spend funds
11
Identity in Bitcoin

⚫ Analogy
⚫ Public Key: Similar to bank account number
⚫ Private Key: Secret Pin to do a transaction

12
Everybody can generate his own key pair

keep sk1
secret

announce
pk1
keep sk3 keep sk2
secret secret
(sk1 , pk1) := Gen()
announce announce
pk3 pk2

(sk3 , pk3) := Gen() (sk2 , pk2) := Gen()

Addresses

⚫ Public key in Bitcoin are also called addresses

⚫ It is recommended not to reuse the addresses

⚫ In other words: for every new transaction one should use a

new address (mostly: for security and anonymity).
⚫ On these slides we often ignore this convention for the sake of
simplicity.
Identity – With Public and Private Keys

⚫ No personal information is required

⚫ Does this mean Bitcoin is anonymous?
⚫ No limit to how many accounts you can make
⚫ Does this affect the security of Bitcoin?
⚫ No restrictions on keys that have been taken
⚫ Does this mean someone can have the same private key as me?
⚫ Can I take multiple Keys?
⚫ Bitcoins are associated with keys, not users
⚫ Users may have multiple keys and multiple addresses
⚫ Every transaction is signed with the creator’s private key
⚫ Nobody to call if you lose your private key!
⚫ Loose private key → loose bitcoins
15
Generating Private Key from a random number
⚫ Keys size: 256 bits
⚫ Digital Keys (SK and PK) are created by a user
⚫ Keys are stored in a file or data base called wallet
⚫ Private key is generated by picking up a random number
between 1 and 2256
⚫ Bitcoin software uses the underlying operating system’s random
number generators
⚫ Can be achieved by H(large string) → 256 bit output
⚫ Example: 256 bit private key
⚫ 1E99423A4ED27608A15A2616A2B0E9E52CED330AC530EDCC32C8FFC
6A526AEDD
⚫ Public key is derived from private key
⚫ Using Elliptical Curve multiplication
⚫ Note: Private key can’t be derived from Public Key
16
 Bitcoin addresses (Self Reading)

⚫ Shared with everyone to

send you money
⚫ Derived from the Public Key
⚫ String of digits and characters
– 58 character long
⚫ Example:
1J7mdg5rbQyUHENYdx39WVW
K7fsLpEoXZy
⚫ SHA256 and RIPEMD: hash
functions

17

Ref: Book: Mastering Bitcoin by Andreas M.Antonopoulos

Address (Short form of Public Key)
⚫ Example:
256 bits

⚫ Public key is very long → difficult to use

⚫ We can make short (compressed) and call it address
⚫ Use SHA-256 and RIPEMD-160 hash + other actions

25-36 characters

In the rest of our discussion, we will restrict ourselves to Public Key only
18
(not compressed addresses)
Keys are generated by users – Can there be a clash?

⚫ Bitcoin is hidden in the large number of private keys

⚫ 2256
(115,792,089,237,316,195,423,570,985,008,687,907,853,269,984,
665,640,564,039,457,584,007,913,129,639,936 ) possible addresses
⚫ Practically impossible for anyone to overlap using random
generation of private key
⚫ Population of world: 8 billion
⚫ Every person could have about 2224 addresses all to themselves
⚫ Consider the following example
⚫ Grains of sands on earth: 263
⚫ Assume 2193 earths each with 263 gains of sands → 2256 total grains of
sands
⚫ Example: You go to Goa. Pick a grain of sand; Colour it. Ask your friend
to go to Goa and pick a grain randomly. What are the chance that he
picked up the same grain. 19
 Bitcoin Users

Anyone can participate in the Bitcoin network

Every user has to have two key: Public Key and Secret Key

Address
PK: hUK67H9fyg

SK: z4Pxc2kKn3

Alice

PK: p2Pknb7frT Recall Public Key

(Asymmetric)
SK: n52Hb9Klp Encryption

Bob

Ref: Lecture 1 CS795/ISA Spring 2017, Prof. Foteini Baldimtsi

Bitcoin Design Principles

Where does the money come from?

 Where does the money come from?

A miner who finds a new block gets a “reward” in BTC:

≈ 4 years
⚫ for the first 210,000 blocks: 50 BTC
⚫ for the next 210,000 blocks: 25 BTC

⚫ for the next 210,000 blocks: 12.5 BTC,

and so on… current reward

Note: 210,000 ⋅ (50 + 25 + 12.5 + ) → 21,000,000

More details (will discuss this later)

⚫ Each block contains a transaction that transfers the reward to

the miner

⚫ Advantages:
1. It provides incentives to be a miner
2. It also makes the miners interested in broadcasting new block asap
Bitcoin Design Principles

Double Spending
 Main problem: Double Spending

Double spending…

16fab13fc6890

16fab13fc6890

Bits are easier to copy than paper!

Ref: Presentation by Stefan Dziembowski, Univ of Warsaw
 Bitcoin idea – no double spending

The users emulate a public write-only bulletin-board containing a

list of transactions.
A transaction is of a form:

“User P1 transfers a coin #16fab13fc6890 to user P2”

This prevents double spending.

you’ve
already
spent this
coin!
16fab13fc6890

Ref: Presentation by Stefan Dziembowski, Univ of Warsaw

Bitcoin Design Principles
No Stealing
 Bitcoin Idea – No Stealing

A
C

No stealing: Only Alice can move her money

Trudy can’t move Alice’s money to anyone

Slide courtesy of Ittay Eyal 28

 Bitcoin idea – Fair Money Creation

A
C

Minting: Fair money creation

Slide courtesy of Ittay Eyal 29

 Key Ideas
Who runs the public
key infrastructure?

⚫ No stealing: Only Alice can move her

money
⚫ Cryptographic signatures Who maintains
the public ledger?
⚫ No double-spending: Alice cannot
duplicate her money
⚫ Global ledger Who gives money
⚫ Minting: Fair money creation for puzzles?

⚫ Mint for proof of work

Can this be decentralized?

30
Slide courtesy of Ittay Eyal
Bitcoin Design Principles

Transactions and Transaction Table -

Blockchain dd8bbeabc093b91e4402df4ba..
.
0.08431821 BTC

54166c365fd6ef4dc22c23e72... 0.6905818 BTC

900852167a13629873ac6defd..
0.11825461 BTC
.
6e51eb9fbc68bad9b3f62cd4f... 0.00362128 BTC
2842d89b36bc6041c89902cc4..
0.07622 BTC
.
e3bb90693a84b81384b0719f3..
0.0023 BTC
.
28a7953700f9dccadf779b194... 0.9998 BTC
008bfc174da83ac895636883c..
2.0698 BTC
.
a02a15eea695a066a9d2db4f7..
0.30642891 BTC
.
edb62013b99cb0162e2595fc6..
1.00491631 BTC
.
Transactions: Required Properties

⚫ Properties
⚫ Authentication
⚫ Signature – non-repudiation – Proof of ownership
⚫ Integrity

⚫ Other requirements
⚫ Available funds
⚫ No other transactions using the same funds

32
 Bitcoin Transactions
Based in digital signatures
Recall use of Private key for Digital Signature

Alice Bob
PK: hUK67H9fyg PK: p2Pknb7frT
hUK67H9fyg sends 1 to p2Pknb7frT ; H()
SK: z4Pxc2kKn3 SK: n52Hb9Klp

Transaction

Signed under Alice’s SK

H( ): Hash link to earlier transactions

A transaction is valid only if the
signature verifies
Ref: Lecture 1 CS795/ISA Spring 2017, Prof. Foteini Baldimtsi
Bitcoin User Transactions (moving Coins)

⚫ If Alice wants to send some bitcoins to Bob

⚫ She creates a transaction and sends it to one or more bitcoin nodes
⚫ A node tells its peers about the transaction
⚫ Within ~5 sec. every peer on the network has it
⚫ The transaction is currently unconfirmed
⚫ A transaction contains inputs and outputs
⚫ Inputs: Alice needs to provide links to previous transactions that will
add up to at least the required amount
⚫ Output: Destination address and amount – whom the money goes to
⚫ Change: The transaction owner’s address and bitcoin amount
⚫ Every input must be completely spent. Any excess is generated as another
output to the owner of the transaction
▪ If Alice has 2 BTC and she sends 1 BTC to Bob, the remaining 1 BTC must by spent;
It is sent to Alice

34
When a bitcoin node receives a transaction, it
performs several checks
⚫ Validate the signature using Alice’s public key (in the
transaction)
⚫ This proves that whoever created the signature has the private key
corresponding to the public key
⚫ The transactions listed in the inputs are validated to make
sure that those transactions have not been used by any other
transaction
⚫ This ensures there will be no double spending

35
 Transaction Table (Blockchain)
The users emulate a public trusted bulletin-board containing a
list of transactions.

A transaction is of a form:

“User P1 transfers a coin #16fab13fc6890 to user P2”

This prevents double spending.

Ref: Presentation by Stefan Dziembowski, Univ of Warsaw

Blocks Contents

⚫ Each system keeps a complete copy of the entire ledger

(blockchain), which records all transactions from the very first
one
⚫ Currently the bitcoin ledger is about 527 GB
⚫ Transactions are grouped into a block
⚫ A block is just a partial list of transactions
⚫ A block
⚫ holds ~2,220 transactions
⚫ Each transaction approx. 250 bytes
⚫ Block Size: 1.25 MB
⚫ Approximately every 10 minutes, a new block of transactions
is added to the blockchain

37
 Transaction table: the Bitcoin Blockchain

Time t
Stores every transaction and checks
Alice sends 1 to Bob users balances

Alice sends 0.7 to Chris You can see the complete blockchain
since Satoshi created the first block –
Bob sends 1.2 to Dave
All bitcoin transactions happened so
... far

Dave sends 0.2 to Chris Visit: www.blockchain.com

Time t+1

Ref: Lecture 1 CS795/ISA Spring 2017, Prof. Foteini Baldimtsi

 Transaction table: the Bitcoin Blockchain

Time t
Stores every transaction and checks
Alice sends 1 to Bob users balances

Alice sends 0.7 to Chris

example:
Bob sends 1.2 to Dave
Time t
...
Dave sends 0.2 to Chris 2 5

Time t+1
Alice Bob

Ref: Lecture 1 CS795/ISA Spring 2017, Prof. Foteini Baldimtsi

 Transaction table: the Bitcoin Blockchain

Time t
Stores every transaction and checks
Alice sends 1 to Bob users balances

Alice sends 0.7 to Chris

example:
Bob sends 1.2 to Dave
Time t Time t+1
...
2 5 0.3 4.8
Dave sends 0.2 to Chris

Time t+1
Alice Bob Alice Bob

Ref: Lecture 1 CS795/ISA Spring 2017, Prof. Foteini Baldimtsi

 Transaction table: the Bitcoin Blockchain

Time t
Stores every transaction and checks
Alice sends 1 to Bob users balances

Alice sends 0.7 to Chris

Bob sends 1.2 to Dave Required properties:

... • Append only

• Cannot revise existing blocks
Dave sends 0.2 to Chris
(Persistency) – achieved by replication
• Distributed
• Liveness
Time t+1
• Open – anyone can participate

Ref: Lecture 1 CS795/ISA Spring 2017, Prof. Foteini Baldimtsi

 Who maintains the Bitcoin Blockchain?
Miners: special type of user

...
Time t
Alice sends 1 to Bob

Alice sends 0.7 to Chris

Bob sends 1.2 to Dave

...
Dave sends 0.2 to Chris

Time t+1
Alice sends 1 to Bob

Alice sends 0.7 to Chris

Bob sends 1.2 to Dave

...
Dave sends 0.2 to Chris

...
peer-to-peer
Anyone can have full copy of the blockchain
Ref: Lecture 1 CS795/ISA Spring 2017, Prof. Foteini Baldimtsi
Blockchain: Trusted Bulletin-board Emulation
the “ideal” world a protocol that
implements the
ideal world

Main difficulty: Some parties can cheat

However, if majority are honest, it will work
Ref: Presentation by Stefan Dziembowski, Univ of Warsaw
Bitcoin Design Principles
Block Creation
 Each Miner has a copy of Blockchain
Miners: special type of user

peer-to-peer

Ref: Lecture 1 CS795/ISA Spring 2017, Prof. Foteini Baldimtsi

 How to add a block to the blockchain?

...
Time t
Alice sends 1 to Bob
Alice sends 0.7 to Chris
1 block A block is added every 10 minutes and
Bob sends 1.2 to Dave
... has size < 1MB
Dave sends 0.2 to Chris

Time t+1
Alice sends 1 to Bob
Alice sends 0.7 to Chris
Bob sends 1.2 to Dave
...
Dave sends 0.2 to Chris

...

Ref: Lecture 1 CS795/ISA Spring 2017, Prof. Foteini Baldimtsi

 How to add a block to the blockchain?

...
Time t
Alice sends 1 to Bob
Alice sends 0.7 to Chris
1 block A block is added every 10 minutes and
Bob sends 1.2 to Dave
... has size < 1MB
Dave sends 0.2 to Chris

Time t+1
Alice sends 1 to Bob
Alice sends 0.7 to Chris
Bob sends 1.2 to Dave
...
Dave sends 0.2 to Chris

...
 Blockchain

Miners maintain a chain of blocks that is moderately hard to

extend

block size < 1MB,

which translates to
the “genesis block” created by Satoshi on 03/Jan/2009
max
7 trans./sec.

block0 block1 block2 block3

transactions transactions transactions

from period 1 from period 2 from period 3

Ref: Presentation by Stefan Dziembowski, Univ of Warsaw

Alice wants to send a bitcoin to Bob

⚫ Alice broadcasts the transaction to all bitcoin peer-to-peer

nodes (Bob’s machine may or may not be there)
⚫ H( ) is Hash pointers to previous blocks showing where Alice
got paid
⚫ To prove that she is not spending more than what she has
⚫ If Bob sends someone a bitcoin, his transaction will show
Hash pointer to Alice’s transaction
49
 How to add a transaction to a block?

Alice sends 1 to Bob

Alice Broadcast

Miners

And hope they will add it to the next block. the miners are incentivized
to do it.
Important:
They never add an invalid
transaction (e.g. double spending) a chain with an invalid transaction
is itself not valid, so no rational
miner would do it.
 How to add a transaction to a block?

Alice sends 1 to Bob

Alice Broadcast

Miners

Miners compete on who will make the next block. They receive new transactions. Then solve PoW.

Alice sends 1 to Bob

Time t

...
Alice sends 1 to Bob
Alice sends 0.7 to Chris
Bob sends 1.2 to Dave
Dave sends 1 to Bob ...
= Dave sends 0.2 to Chris

solve a proof - of - work

Transactions not yet on New block
blockchain
Ref: Lecture 1 CS795/ISA Spring 2017, Prof. Foteini Baldimtsi
Addition of a new block to Blockchain

⚫ A server (miner) receives all transactions – these are grouped

into a block
⚫ This block is not immediately added to the blockchain
⚫ For addition of the block, it needs to win Proof of work
⚫ And other miners need to verify it

52
Main principles – Block addition

1. It is computationally hard to extend

the chain

2. Once a miner finds an extension

(block) he/she broadcasts it to
everybody the system
incentivizes
3. The users will always accept the them to do it
longest chain as the valid one.
 When a new block is mined:

I extended the
blockchain!
Here is the new
block

Ref: Presentation by Stefan Dziembowski, Univ of Warsaw

Acceptance of new block by miners

... Is this the right view of the blockchain?

Time t
Alice sends 1 to Bob
Alice sends 0.7 to Chris
Voting -> majority wins
Bob sends 1.2 to Dave
... Yes No Yes Yes Yes
Dave sends 0.2 to Chris

Time t+1
Alice sends 1 to Bob
Alice sends 0.7 to Chris
Bob sends 1.2 to Dave
...
Dave sends 0.2 to Chris

...
Acceptance of new block by miners

... Is this the right view of the blockchain?

Time t
Alice sends 1 to Bob
Alice sends 0.7 to Chris
Voting -> majority wins
Bob sends 1.2 to Dave
... Yes No Yes Yes Yes
Dave sends 0.2 to Chris

Time t+1
Alice sends 1 to Bob
Alice sends 0.7 to Chris
Bob sends 1.2 to Dave
...
Dave sends 0.2 to Chris

...

Works well if users are all honest but this is not the case in
practice!
New block is added to the blockchain

Time t-1 Time t Time t+1

...
Alice sends 1 to Bob Alice sends 1 to Bob Alice sends 1 to Bob

Alice sends 0.7 to Chris Alice sends 0.7 to Chris Alice sends 0.7 to Chris

Bob sends 1.2 to Dave Bob sends 1.2 to Dave Bob sends 1.2 to Dave

... ... ...

Dave sends 0.2 to Chris Dave sends 0.2 to Chris Dave sends 0.2 to Chris

New block
 How are blocks added to chain? - Another view

blockchain

I am the
signed leader
6.25 BTC
skA verify
verify block
block
skB

skC
 How are blocks added to chain? – Another view

blockchain

…
I am the
6.25 BTC leader
skA

skB

6.25 BTC
skC
Bitcoin Design Principles

Proof of Work (PoW)

 We have a problem!

What does majority mean in a system that everyone is free to participate?

Sybils: Multiple identities

belonging to the same (malicious)
user - multiple copies of oneself

A Sybil attack - a small number of entities counterfeiting multiple peer

identities so as to compromise a disproportionate share of the system.

Ref: Lecture 1 CS795/ISA Spring 2017, Prof. Foteini Baldimtsi

 Bitcoin solution

Majority is defined as the majority of computational power!

Sybil creation doesn’t increase attackers computational power !

Ref: Lecture 1 CS795/ISA Spring 2017, Prof. Foteini Baldimtsi

 How to check majority of computational
power?

Proof of work

In order to measure a user’s computational power I ask him to

solve a puzzle:

• puzzle should be difficult to solve

• but, a solution should be easily verifiable

The puzzle used in Bitcoin is based on cryptographic hash functions

f(x) = y

Puzzle: Given y find x

Ref: Lecture 1 CS795/ISA Spring 2017, Prof. Foteini Baldimtsi

 A Simple hash-based PoW (Self reading)
H -- a hash function whose
computation takes time TIME(H)

random x

Prover s Verifier
finds s such that checks if
H(s,x) starts with n zeros (in binary) H(s,x) starts
with n zeros
nonce “hardness parameter

takes time TIME(H)

Ref: Presentation by Stefan Dziembowski, Univ of Warsaw
Proof of Work

⚫ Incentivize honest users to constantly participate in the

process
⚫ The honest users can use their idle CPU cycles.

⚫ Nowadays: often done on dedicated hardware.

Consensus: Proof of work

⚫ Making it expensive to cast a vote

⚫ Need to spend something scarce in order to participate in the decision-
making process
⚫ Tying up voting power not to identity but to resources – computational
power → Proof of the work → evidence of spent resources
⚫ Proof is a solution to a hash puzzle – which can only be solved by
spending resources.

66
Consensus: Proof of work (summary)
⚫ Not everyone is allowed to add blocks to the blockchain
⚫ People who create and propose blocks are called miners
⚫ In order to propose a block, a miner must include Proof-of-
Work - solution to a hash puzzle
⚫ Hash puzzle can only be solved using brute-force
computation, which spends resources
⚫ Hash puzzle: The hash of the new block (which includes the hash of
blocks, so far). Ex: the hashed output must start with 33 zero bits
⚫ Miners to include a random number in the block (say, Nonce). This
number increments thus hash changes until the proof of the work is
solved
⚫ Once a miner solves a proof of work, it includes all
transactions it heard about after checking that they are
correct
67
 How are the PoWs used?
H – hash function more concretely in Bitcoin: H is SHA256.

nonce nonce nonce

block0 H block1 H block2 H block3

transactions transactions transactions

from period 1 from period 2 from period 3

Main idea: to extend the chain one needs to find nonce such that
H(nonce, H(blocki),transactions) starts with some number n of zeros

“hardness parameter”

Ref: Presentation by Stefan Dziembowski, Univ of Warsaw

Process – Steps (summary)
Self-reading
 Alice wants to send a bitcoin to Bob

⚫ Alice broadcasts the transaction to all bitcoin peer-to-peer

nodes (Bob’s machine may or may not be there)
⚫ H( ) is Hash pointers to previous blocks showing where Alice
got paid
⚫ To prove that she is not spending more than what she has
⚫ If Bob sends someone a bitcoin, his transaction will show Hash pointer
to Alice’s transaction

70

Book: Book: Bitcoin and Cryptocurrency Technologies, Arvind Narayanan etal.

Process Steps

⚫ Miners listen to all transactions

⚫ Miners compete to add new block containing new
transactions
⚫ A Miner checks correctness of all transactions to be included
in the proposed block
⚫ A miner solves Proof-of-Work (hash puzzle) and broadcasts
new block to all miners
⚫ Miners check correctness of received block and participate in
voting
⚫ If majority agree, the received block is included in the
blockchain (kept with each miner)
⚫ Note that each miner maintains a copy of the blockchain

71
Lecture Summary

⚫ Bitcoin – A currency system that doesn’t not rely on central

authority (eg Banks)
⚫ Bitcoin has gained acceptance; Now becoming popular
⚫ Technology based on
⚫ Public Key Cryptography: Use of Secret and Public Keys
⚫ Private Key – for Digital Signature
⚫ Public Key (or compressed Public Key) for Address
⚫ Transactions
⚫ Users sign transactions with Digital Signature
⚫ Each transaction must reference previous transactions to identify a source
of money
⚫ Public Ledger (Block chain)
⚫ Hash Chain – linked list where each node contains the hash of previous
node
⚫ Append only structure 72
Lecture Summary

⚫ Proof of Work
⚫ The blockchain only accepts blocks for which proof of work is
completed at the earliest
⚫ Based on consensus from miners

73
Backup Slides
Information about the state of the blockchain is
propagated in the network

A new user can ask the other users what is the current state of
the blockchain.

blockchain blockchain
new user
 In more details:
H(blocki-1)
has to start with n
zeros

blocki-1: blocki:

H H
H(blocki-1)

Ref: Presentation by Stefan Dziembowski, Univ of Warsaw

 The hardness parameter is periodically changed
⚫ The computing power of the miners changes.
⚫ The miners should generate the new block each 10 minutes (on
average).
⚫ Therefore the hardness parameter is periodically adjusted to the
mining power
⚫ This happens once each 2016 blocks.
⚫ Important: the hardness adjustment is automatic, and depends
on how much time it took to generate last 2016 blocks.

this is possible since every block contains a time-stamp

produced by the miner who mined it

Ref: Presentation by Stefan Dziembowski, Univ of Warsaw

 Information about the state of the blockchain is propagated in
the network

A new user can ask the other users what is the current
state of the blockchain.

blockchain blockchain
new user

Ref: Presentation by Stefan Dziembowski, Univ of Warsaw

 What if there is a “fork”?

For a moment let’s say: the “longest” chain

counts.
blocki

blocki+1
fork
blocki+2 block’1+2

blocki+3 block’1+3

blocki+4 this chain is valid

Ref: Presentation by Stefan Dziembowski, Univ of Warsaw
 Does it make sense to “work” on a shorter chain?

No! blocki+1

blocki+2 block’i+2

blocki+3 block’i+3

blocki+4

Because everybody else is working on

extending the longest chain.
Recall: we assumed that the majority
follows the protocol.
Ref: Presentation by Stefan Dziembowski, Univ of Warsaw
 Consequence
The system should quickly self-stabilize.

If there is a fork then one branch will quickly die.

Ref: Presentation by Stefan Dziembowski, Univ of Warsaw

Bitcoin and Ethics

⚫ Bitcoin is used for illegal transactions

⚫ Drug dealing
⚫ Money laundering
⚫ Illegal gambling
⚫ Hiring hitmen
⚫ Ransomware and extortion
⚫ Bitcoin has no central authority to block illegal transactions
⚫ Bitcoin is the most effective way to make illegal transactions
⚫ Alternatives: Electronic money service with very few restrictions
⚫ Liberty Reserve: Shut down by the United States in 2013
⚫ WebMoney: Only available in Russia
⚫ Green Dot: Implemented more fraud protection
Economics of Bitcoin: Volatility

⚫ Volatile currency: The value changes quickly

⚫ The value of Bitcoin changes far more often than standard currency
⚫ Bitcoin is vulnerable to price shocks
⚫ Price shock: An extremely sudden change in value
⚫ When there are more transactions than the block capacity, prices
increase
⚫ Users are competing for a limited number of transactions
⚫ Unknown attacks have also caused price shocks
⚫ Result: Bitcoin behaves more like stock than currency
⚫ Users keep Bitcoin to try and grow their investment when the value of
Bitcoin increases
Economics of Bitcoin: Speculation

⚫ Speculation: Buying something so that you can sell it later for

more money
⚫ You don’t buy Bitcoin because owning Bitcoin helps you make money
⚫ You buy Bitcoin because you hope to sell it later for more money
⚫ Relies on short-term price changes and not long-term value
⚫ Speculation results in a bubble
⚫ Bubble: Something sells for more than its true value
⚫ As more people buy Bitcoin to try and make a profit, the price of
Bitcoin also increases
⚫ Bubbles always burst: Eventually the price returns to its original value,
leading to huge economic losses
Economics of Bitcoin: Currency Exchange
⚫ Companies and people prefer to keep money in a more stable currency
⚫ To buy a product in Bitcoin, the buyer converts their standard currency to
Bitcoin
⚫ The seller receives the Bitcoin and immediately converts it back to standard
currency
⚫ Users should be able to exchange Bitcoin for other currency (e.g. dollars)
⚫ Buying and selling Bitcoin is difficult
⚫ Recall: Bitcoin transactions are irreversible
⚫ The buyer must trust that the seller will transfer the Bitcoin
⚫ The seller must trust that the buyer will pay when the Bitcoin is transferred
⚫ Ways to buy Bitcoin
⚫ Use another irreversible payment (e.g. cash)
⚫ Have a trusted relationship with the seller
⚫ Send a deposit first
 Bitcoin is only pseudonymous

Public Key Address

133GT5661q8RuSKrrv8q2Pb4RwS

146KL5461d8KuSPxvv8q2Nd6K2q Posted on the

Blockchain
Alice ...
122NB5426d8Lau3Kbbf8q2L7g89h

If anyone is ever able to link your Bitcoin address to your real world identity,
then all of your transactions — past, present, and future — will have been
linked back to your identity.
De-anonymizing Bitcoin users

Address
PK: hUK67H9fyg All transactions and correspond public
keys are published on the blockchain
SK: z4Pxc2kKn3

Alice
Bitcoin scalability

How many transactions per second are

supported by the visa/mastercard
network?

~46000

How many transactions per second are

supported by bitcoin?

~7
Can transactions be “reversed”?

To reverse a transaction the adversary has to create a “fork in the

past”.
This looks very hard if he has a minority of computing power (the
honest miners will always be ahead of him).
Where does the money come from?

current reward

we are here since July 2016

How are the miners incentivized to
participate in this game?

Short answer: they are paid (in Bitcoins) for this.

Can I mine Bitcoin?

Special
hardware

Huge mining
pools
How many cryptocurrencies do we have?

~3000
How to store Bitcoin?
Cold storage

keeping a reserve of Bitcoins offline.

This is often a necessary security

precaution,
especially dealing with large amounts
of Bitcoin.
How to store Bitcoins?
 Bitcoin attacks

Mining attacks

Network attacks
98
©2017 by Stefan Dziembowski. Permission to make digital or hard copies
of part or all of this material is currently granted without fee provided that
copies are made only for personal or classroom use, are not distributed
for profit or commercial advantage, and that new copies bear this notice
and the full citation.