What Is Bitcoin? Launched in 2009 A p2p Electronic Cash System Built on concept of “proof of work” Depend on a distributed leger system “blockchain” Bitcoin is a decentralized peer-to-peer digital currency based on public-key cryptography , fully operated in 2009. Different from other traditional financial currencies, willing parties make secure transactions relying on cryptographic protocols rather than trust on third parties (e.g, VISA) Reason for adopting bitcoin: Traditional trusted-based payment model lose the ability to make completely non-reversible transaction Seller delivers, buyer pays, but the buyer makes a claim. VISA refunds; the payment is reversed. Either the seller is penalized and/or VISA charges more fee to handle these cases. Some behaviors are fraudulent. BitCoin gets rid of this trusted middleman, by being able to directly show the cryptographic proof that the money is transferred. It is secure. For digital cash schemes, double spending is a common attack. However, in Bitcoin, it can be avoided by validating Bitcoin transaction in public. Broadcast to all nodes. In addition, Bitcoin can prevent this attack if the hash function and digital signature algorithm is secure enough. 3. Partially anonymous. Although all transactions are publicly known, it is possible for users to use Bitcoin addresses as pseudonyms. Also it encourages that for one particular user in different transactions, different Bitcoin addresses should be used. This way can maintain the anonymity in some degree Members: Wong Chun Kwok , 1001677003 Tang Kwok Wa, 1155081261 Lung Wing Ho, 1155068798

Bitcoin Architecture - Blockchain Main Components Transaction Block Blockchain Node Bitcoin depends on a distributed ledger system known as the blockchain Algorithm: 1. New transactions are broadcast to all nodes. 2. Each node collects new transactions into a block. 3. Each node works on finding a proof-of-work for its block. 4. When a node finds a proof-of-work, it broadcasts the block to all nodes. 5. Nodes accept the block only if all transactions in it are valid (digital signature checking) and not already spent (check all the transactions 6. Nodes express their acceptance by working on creating the next block in the chain, using the hash of the accepted block as the previous hash. A blockchain’s database isn’t held in a single location, which could be infiltrated or controlled by a single party, but rather it is hosted by numerous (in the case of Bitcoin, tens of thousands of) computers all at once.  

Bitcoin Challenges to Cryptographers Is the coin double-spent? Can an attacker reverse or change transactions? Am I paying the right person? Not some other impersonator? Confidentiality Through the distributed nature of this ledger, the transactions on the blockchain are verified by the consensus of every member, offering security and trust without a third-party overseer. Groups of this data are known as “blocks,” and as these blocks are cryptographically chained together, the pieces of data get buried and harder to manipulate. Altering any piece of data on the blockchain would require a huge amount of computing power. Public Key Crypto: Digital Signatures. Bitcoin addresses are derived from public keys, and these Bitcoin addresses are shared. it can only be used to send bitcoins. A private key is what allows users to take bitcoins from a wallet or to send them to others, and it is what must be protected to keep a user’s bitcoins safe. There is range of options available for securing bitcoin wallet private keys Since there are no central authorities to keep records of transactions, they are confirmed by consensus procedure and stored in a distributed manner. Thus, privacy of users in public transactions is protected using pseudonyms called Bitcoin addresses. It encourages that for one particular user in different transactions, different Bitcoin addresses should be used. This way can maintain the anonymity in some degree.

Digital Signature In Bitcoin transaction, two cryptographic primitives are used to prevent malicious users breaking the system. A digital signature is used to make sure that the information is signed by the claimed person as well as to test whether the information is modified by some malicious people. The signature process contains signature generation and signature verification. Given a message, the signatory generates a signature by using his private key, and the verifier can use signatory’s public key to verify the message’s authenticity. Figure 2.3 [35] shows the whole process. In fact, instead of signing on the message directly, a cryptographic hash function is applied to the original message to produce a message digest for performance reason. Digital Signature Algorithm (DSA) was the first digital signature scheme accepted legally by government [31] and proposed by NIST in August 1991. This algorithm is a variant of ElGamal Signature Algorithm. ECDSA is a digital signature scheme based on public key cryptosystem ECC (Section 2.2), instead of working in a subgroup of Zp ⇤ in DSA, ECDSA works in the group of elliptic curveE(Zp). It has been standardized by many standard committees such as ISO, ANSI, IEEE and FIPS [30]. The specific signing and verification of ECDSA will be detail in Section 3.1.3.

Cryptographic Hash Functions Consistent: hash(X) always yields same result One-way: given Y, hard to find X s.t. hash(X) = Y Collision resistant: given hash(W) = Z, hard to find X such that hash(X) = Z Hash function is any function that maps data with arbitrary length to a fixed-size, hardto-inverse value. A little modification on the inputs will produce outputs with big di↵erence. Therefore, hash functions can be used to ensure data integrity Hash functions are adopted by Bitcoin system mainly in 1) Bitcoin addresses generation and 2) transactions and blocks generation. Bitcoin addresses are generated by hashing the public key of ECDSA using hash algorithms SHA2561 and RIPEMD1602 , while RIPEMD160 is used after SHA256. As for Bitcoin transaction and blocks generation, two consecutive SHA256 hashes are used. What is more, SHA13 is also used in transaction signature generation and verification with ECDSA algorithms. Hash Fn Message of arbitrary length Fixed Size Hash

Transactions Transaction in Bitcoin is the process of transferring Bitcoin ownership from one Bitcoin address to another. A Bitcoin address is a 160-bit hash of ECDSA public key and stored in Bitcoin wallet together with its related private key. Bitcoin wallet stores one or more Bitcoin addresses and each one can be used only once. One Bitcoin transaction contains zero or more inputs and outputs. An input is reference to outputs of another previous transactions, and the values of transactions are added up and used in the current transaction. An input normally contains three parts: Previous tx is hash of previous transaction, Index is referenced transaction output, and ScriptSig contains a signature and a public key. The ECDSA signature is generated by signing the hash of the transaction, and public key belongs to the payer. Both the signature and public key prove the transaction is created by the owner of the Bitcoin address. An output has two parts: one is value, which is the number of Satoshis that are to be transferred, the other is scriptPubKey, specifying Bitcoin addresses of the one of more payees. Satoshi gave a simplified description of how transaction functions, shown in Figure 2.5 [49]. Considering the middle transaction from owner 1 to owner 2, owner 1 uses his private key sign over the hash value of previous transaction together with owner 2’s public key to create owner 1’s signature. The signature can be verified using owner 1’s public key. Once validated, the transaction is confirmed and put into the block.

Transactions Bitcoin Address RIPEMD160( SHA256(public key of ECDSA) ) Transaction generation and verification SHA1 ECDSA algorithms

Mining Process of adding transaction records (blocks) to the blockchain Difficult to write, easy to verify "Proof of work" - Solution of a Computationally-Difficult Problem Miners (Nodes) compete to solve the problem Announce the block with "Proof of work" when solution is found Winner can get rewards (additional coin + transaction fees) Hashcash proof of work function Difficult to write => blockchain is a public distributed ledger => writing to blockchain must follow some consensus rules. - Why is it called 'Mining'?  => Because the 'Miner' who can successfully added the block to the block chain can earn additional coins

Mining (Graphical illustration) Transactions broadcast to different nodes and group together to become a block In order to write the new block into block chain, each node has to solve a puzzle (compute for the “proof of work”)  When a node found a solution, the new block together with the “proof of work” will broadcast to other nodes  Other nodes verified the transactions inside the new block and the “proof of work” of the new block, add to blockchain if it is valid  Information of the “rewards” is included in the new block, but only possible to be spent after 100-block maturation time 

What is inside a block? Transactions broadcast to different nodes and group together to become a block In order to write the new block into block chain, each node has to solve a puzzle (compute for the “proof of work”)  When a node found a solution, the new block together with the “proof of work” will broadcast to other nodes  Other nodes verified the transactions inside the new block and the “proof of work” of the new block, add to blockchain if it is valid  Information of the “rewards” is included in the new block, but only possible to be spent after 100-block maturation time 

Hashcash A "Proof of Work" system used in Bitcoin Hard to invert (one-way) y = H(x) is easy, (easy for others to verify) hard to find x given only y (computationally infeasible) Bitcoin is using two hash iterations (SHA256^2) SHA256(SHA256(block header)) Complexity is adjustable Target 10-minutes per solution in average  SHA256(SHA256(block header))  < 2^(n-k)

Proof of work (Example) IN: IEMS5710-1 OUT: 8a25c817b2182a86de833a488d15e8e4479b70ffd8eb8c2aea9d4306f8f665ca IN: IEMS5710-2 OUT: 5558ae2f42cc74c8757206f742fc85a5d6f2d8f9a38b6ec19c24b4afac8c92b8 IN: IEMS5710-3 OUT: a612d58fd7bd81853792656f7253c547ff17cdf7974876e6e03a84820abaf951 ...  IN: IEMS5710-105135 OUT: 000062c806ddcbfb778d44d6d955f51f0e5fbfce4d6ecb4bab6f7f8a68a33ae2  Data: "IEMS5710-" Nonce: From 1 to 50000000 Difficulty: with prefix "0000" import hashlib, binascii​ ​ m = hashlib.sha256()​ for i in range(1, 50000000):​     s = "IEMS5710-%d" % i​     m.update(s)​     bs = binascii.hexlify(m.digest())​     if (bs.startswith("0000")):​         print i, bs​         break

Proof of work (Example Con't) Data: "IEMS5710-" Nonce: From 1 to 50000000 Difficulty: with prefix "0000" Data: "IEMS5710-"  Nonce: From 1 to 50000000 Difficulty: with prefix "00000" OUT: 000062c806ddcbfb778d44d6d955f51f0e5fbfce4d6ecb4bab6f7f8a68a33ae2 Elapsed Time:  1.83537697792 OUT: 00000d165f5f55024f92e7aa821dd6f9d550566aa6616867cbc67d94778b58ca Elapsed Time:  4.89683198929 Complexity can be adjusted easily => SHA256(SHA256(block header))  < 2^(n-k)

References Satoshi Nakamoto satoshin@gmx.com “Bitcoin: A Peer-to-Peer Electronic Cash System” Simon Barber, Xavier Boyen, Elaine Shi and Ersin Uzun University of California, Berkeley “Bitter to Better—How to Make Bitcoin a Better Currency” DI WANG, “Secure Implementation of ECDSA Signatures in Bitcoin”, September 17, 2014 Matthäus Wander, University of Duisburg-Essen , HOW BITCOIN WORKS, June 29, 2011 EE324 Distributed Systems, “L24-BitCoin and Security” Joseph Bonneau, Andrew Miller, Jeremy Clark, Arvind Narayanan, Joshua A. Kroll, Edward W. Felten, Princeton University, Stanford University, Electronic Frontier Foundation, University of Maryland, Concordia University, “SoK: Research Perspectives and Challenges for Bitcoin and Cryptocurrencies”