The world’s first decentralized digital currency Meni Rosenfeld Bitcoil 4/2/2013Written by Meni Rosenfeld1.

Slides:



Advertisements
Similar presentations
The easy answers to the hard questions! WHAT IS BITCOIN?
Advertisements

Secure Multiparty Computations on Bitcoin
Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
BITCOIN INTRODUCTION TECHNOLOGY AND TOOL *Various slides adapted from James D’Angelo’s “How the Constraints of Digital Define Bitcoin”
Digital Signatures and Hash Functions. Digital Signatures.
The world’s first decentralized digital currency Meni Rosenfeld Bitcoil 30/7/2013Written by Meni Rosenfeld1.
COMS 486 Iowa State University Introduction to Bitcoin A P2P Electronic Cash System.
Bitcoin. What is Bitcoin? A P2P network for electronic payments Benefits: – Low fees – No middlemen – No central authority – Can be anonymous – Each payment.
BITCOIN – 2014 John BlackSpring Digital Currency  Chaum’s ideas in the 1980’s  All ideas required a central bank or single point of trust  Chaum.
Michal Kriziak MA1N0218 Financial Management The Bitcoin Currency.
Bitcoin Double Spending Attack Karame, Androulaki & Capkun Presented by Subhro Kar CSCE 715, Fall 2013.
Towards a More Democratic Mining in Bitcoins Goutam Paul R. C. Bose Centre for Cryptology & Security, Indian Statistical Institute Pratik Sarkar Indian.
Stefan Dziembowski Why do the cryptographic currencies need a solid theory? Forum Informatyki Teoretycznej, Warsaw
CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)
Advanced Computer Communications PROFESSOR:STUDENT: PROF. DR. ING. BRAD REMUS STEFAN FEILMEIER FACULTATEA DE INGINERIE HERRMANN OBERTH MASTER-PROGRAM.
CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
1 CPSC156: The Internet Co-Evolution of Technology and Society Lectures 19,20, and 21: April 5, 10, and 12, 2007 Cryptographic Primitives.
BITCOIN An introduction to a decentralised and anonymous currency. By Andy Brodie.
Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.
Module 8 – Anonymous Digital Cash Blind Signatures DigiCash coins.
Electronic Payment Systems. Transaction reconciliation –Cash or check.
Computer Science Public Key Management Lecture 5.
Digital Signature Xiaoyan Guo/ Xiaohang Luo/
Public Key Cryptography July Topics  Symmetric and Asymmetric Cryptography  Public Key Cryptography  Digital Signatures  Digital Certificates.
Page 1 Secure Communication Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.
Lecture 15 Lecture’s outline Public algorithms (usually) that are each other’s inverse.
The world’s first decentralized digital currency Meni Rosenfeld Bitcoil 29/11/2012Written by Meni Rosenfeld1.
Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.
Bitcoin (what, why and how?)
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
Digital Signatures A primer 1. Why public key cryptography? With secret key algorithms Number of key pairs to be generated is extremely large If there.
Bitcoins and the Digital Economy Presented By: Matt Blackman.
4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.
Introduction1-1 Data Communications and Computer Networks Chapter 6 CS 3830 Lecture 31 Omar Meqdadi Department of Computer Science and Software Engineering.
23-1 Last time □ P2P □ Security ♦ Intro ♦ Principles of cryptography.
1 Bitcoin A Digital Currency. Functions of Money.
Cryptography (2) University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
Electronic Cash R. Newman. Topics Defining anonymity Need for anonymity Defining privacy Threats to anonymity and privacy Mechanisms to provide anonymity.
IS ANONYMOUS CURRENCY A GOOD IDEA? BY ADAM LASSWELL.
SCP: A Computationally Scalable Byzantine Consensus Protocol for Blockchains Loi Luu, Viswesh Narayanan, Kunal Baweja, Chaodong Zheng, Seth Gilbert, Prateek.
1 Cryptography Troy Latchman Byungchil Kim. 2 Fundamentals We know that the medium we use to transmit data is insecure, e.g. can be sniffed. We know that.
Bitcoin Tech Talk Zehady Abdullah Khan (Andy) Graduate Assistant, Computer Science Department, Purdue University.
Bitcoin is a cryptographic currency that has been in continuous operation over the last 3 years. It currently enjoys an exchange rate of $4.80 (as of April.
Section #9: Bitcoins. Digital currency Unique string of bits Use cryptography for security and privacy Not tied to names: hard to trace Finite set of.
How Bitcoin Achieves Decentralization
Bitcoin: Fake, Virtual and Real Partha Dasgupta Arizona State University Tempe, AZ, USA Note: “Current” numbers used are from mid-2015.
Bitcoin Bitcoin is a cryptocurrency. The platform that hosts Bitcoin is a p2p system. Bitcoin can be abstracted as a digital file that records the account.
Bitcoin A Basic Tutorial on Decentralized money
Passion for building stronger business
Bitcoin - a distributed virtual currency system
Distributed Systems for Information Systems Management
So what is Blockchain anyway?
protocollo e casi studio

Zcash Mining – A Guide For Beginners. Zcash (also known as ZEC and seventeenth most valued cryptocurrency with market capitalization of $500 million)
Keys Campbell R. Harvey Duke University, NBER and
Campbell R. Harvey Duke University and NBER
Nakamoto Consensus Marco Canini
Campbell R. Harvey Duke University and NBER
Bitcoin: A New Internet Currency
Kai Bu 04 Blockchain Kai Bu
Wokshop SAIS 2018 Dr. Meg Murray Kennesaw state university
Faculty Seminar Series Blockchain Technology
Campbell R. Harvey Duke University and NBER
GAYATRI INSTITUTE OF COMPUTER AND MANAGEMENT HINJILICUT (GANJAM)
Explore Txs, block, blockchain in Bitcoin
Presentation transcript:

The world’s first decentralized digital currency Meni Rosenfeld Bitcoil 4/2/2013Written by Meni Rosenfeld1

Bitcoin adoption (Jan 2013) Bitcoin “Market capitalization”: $200M Users: 100K Bitcoin-accepting businesses: 2000, including Wordpress.com Freelancers, server hosting, software, books, clothing, video games, electronics, groceries, car accessories, ad networks, restaurants… Accepting donations: FSF, Wikileaks, Internet Archive, xkcd… Academic research: WIS (Adi Shamir), Microsoft, Cornell, ETH Zurich… Reports: FBI, ECB… 4/2/2013Written by Meni Rosenfeld2

Bitcoin is a currency “Money can be exchanged for goods and services” Currency facilitates the trade of one good for another A good currency must be: Scarce, portable, durable, fungible, divisible, current Does not need to have “intrinsic” value The value of each unit of currency is determined by equilibrium between supply and demand Total value of a currency is proportional to total trade using it Value per unit = Total value / Number of units 4/2/2013Written by Meni Rosenfeld3

Bitcoin is digital Ownership of bitcoins is digital information Typically used with a computer and the internet Based on cryptography 4/2/2013Written by Meni Rosenfeld4

Bitcoin is decentralized There is no company “Bitcoin Ltd.” There is no central issuer or controller Based on a public protocol Run by a p2p network of computers running FLOSS Multiple parties are each “doing their own thing” Just like Linux! 4/2/2013Written by Meni Rosenfeld5

Bitcoin is the first! Plenty of physical currencies Gold, silver, seashells, rocks… Plenty of centralized digital currencies PayPal, WebMoney, e-gold, DigiCash, LR, WoW gold, SLL, EVE isk… Bitcoin is the world’s first decentralized digital currency Invented in 2008 by “Satoshi Nakamoto” (pseudonym) 4/2/2013Written by Meni Rosenfeld6

How to use? Install open-source client software Software generates “addresses”, which are like bank account numbers (e.g. 1BBsbEq8Q29JpQr4jygjPof7F7uphqyUCQ ) To receive bitcoins, let the sender know your address To send bitcoins, specify receiving address and amount, and click “send” 4/2/2013Written by Meni Rosenfeld7

How to use? 4/2/2013Written by Meni Rosenfeld8

Why? No need for 3 rd party Easy to send and receive money Almost no fees No single point of failure Secure Limited supply – no built-in long-term monetary and price inflation No chargebacks International Usable by weak/small countries Pseudonymous Public ledger Advanced applications 4/2/2013Written by Meni Rosenfeld9

Quantitative data No more than 21 million bitcoins will ever exist So far about 11 million bitcoins have been created Each bitcoin is currently worth roughly $20 Started at roughly half a cent, all-time high $32 Bitcoin amounts can be specified with 8 decimal places 2.1 quadrillion atomic units Monetary inflation rate is stepwise decaying exponential Creation rate is cut in half roughly every 4 years 4/2/2013Written by Meni Rosenfeld10

Inflation schedule 4/2/2013Written by Meni Rosenfeld11

Historic price chart 4/2/2013Written by Meni Rosenfeld12

Analogies Bitcoin is to money what… is to communication The WWW is to publishing Social networks are to socializing Bitcoin is an open source currency You can look under the hood You can hack it (but you can’t crack it) Bitcoin is a startup currency 4/2/2013Written by Meni Rosenfeld13

How does Bitcoin work? Meni Rosenfeld Bitcoil 4/2/2013Written by Meni Rosenfeld14

Public key cryptography Every user has a private key and a public key (numbers) Everyone knows user’s public key Private key is the user’s secret, never shared with anyone Public key is uniquely determined by the private key Virtually impossible to compute private key from public key Can be used for encryption and digital signatures 4/2/2013Written by Meni Rosenfeld15

Digital signatures User wants to send a message and prove that he wrote it Takes message and private key and performs a computation to create a signature Recipient compares the signature against the message and the user’s known public key Only the user who possesses the private key can sign messages, does not need to share the private key Examples: RSA, ECDSA 4/2/2013Written by Meni Rosenfeld16

Hash functions Example: SHA-256 Takes arbitrary data and transforms it to a 256-bit number Integer from 0 to Usually expressed as hexadecimal string IG46Us2X7EKc4Cn3 => 6fe47cd49392e511dac5ef335aaf3b... IG46Us2X7EKc4Cn4 => 3a9ee39ea060e2f94d5f9e a... Even the tiniest change can alter the hash in ways you can’t imagine The hash of random data is essentially a random number If highest possible hash is M, has probability X/M to be less than X 4/2/2013Written by Meni Rosenfeld17

Bitcoin system components A transaction structure for specifying and changing ownership A p2p network for propagating, verifying and storing transaction data A proof-of-work system (hashing, “mining”) for: Synchronizing transactions Determining initial distribution of coins 4/2/2013Written by Meni Rosenfeld18

Coins The fundamental building block of Bitcoin is a “coin” A coin is characterized by: Unique ID Quantity (denomination) – arbitrary number with 8 decimal places Owner 4/2/2013Written by Meni Rosenfeld

Coins Coins can be split and merged If Alice wants to send bitcoins to Bob, she will merge some of her coins and split the result between her and Bob 4/2/2013Written by Meni Rosenfeld

Transactions The owner of a coin is identified by an “address” Each address is associated with a private key To use a coin, the owner must provide a digital signature with the associated private key (ECDSA) The process where coins are merged and split is called a “transaction” Used to move bitcoins from one owner to another 4/2/2013Written by Meni Rosenfeld21

Transaction structure 4/2/2013Written by Meni Rosenfeld22 Input #1 Output ref.; signature Output #1 Receiving address; amount Output #2 Receiving address; amount Transaction tx hash - c a 3 c b f84078d31634a4077c bb4eea40b8abef4a47d Input #2 Output ref.; signature Input #3 Output ref.; signature Tx 5e082… #2 #1 Tx ca079… Tx d7e67…

Transaction structure A transaction can have any number of inputs and outputs An output specifies a receiving address and amount An input references a previous unspent output The total value of all inputs must be at least the total value of all outputs The transaction is identified by a hash of its data The hash must be signed by the private key corresponding to every input address An address is a hash of an ECDSA public key More generally, an output specifies a script with the conditions to allow spending it 4/2/2013Written by Meni Rosenfeld23

The Network 4/2/2013Written by Meni Rosenfeld24

Problem: Double spending Using the same output (“coin”) to pay 2 different recipients No agreement on who is the “true” recipient One recipient will be out of his coins (presumably after providing some product) Some way to determine order of transactions is needed Traditional solution: Central authority Naïve decentralized solutions have vulnerabilities The first working decentralized solution is the blockchain 4/2/2013Written by Meni Rosenfeld25

Tentative solution Suppose there was just one coin Two conflicting transactions: Only one transaction will be accepted Doesn’t matter which one As long as everyone agrees and it won’t change 4/2/2013Written by Meni Rosenfeld26 33

Tentative solution Each computer in the network: Chooses the transaction it thinks is correct Takes the transaction hash and concatenates random data Computes the hash of the result If hash is less than M/D, publish the result (probability 1/D) (tx hash, c5145e94) => 0000bbe9affcf9f93b Repeat Each published result is a confirmation for the transaction n confirmations prove that on average nD hashes have been computed – by nodes agreeing with this transaction 4/2/2013Written by Meni Rosenfeld27

Tentative solution The transaction with more confirmations is considered valid A more widely accepted tx will get new confirmations faster Eventually all nodes will converge on one of the transactions And continue adding more confirmations To switch to the other transaction, Mallory needs to compute hashes faster than everyone else combined 4/2/2013Written by Meni Rosenfeld28

Solution: The blockchain Transactions are grouped into blocks Blocks are confirmed with proof of work A transaction is considered final if it is included in a confirmed block Each block references a previous block to form a chain In case of conflict, the transaction with more compute power spent on confirmation wins Attacks require having more compute power than the rest of the network 4/2/2013Written by Meni Rosenfeld29

The Blockchain 4/2/2013Written by Meni Rosenfeld30 Block Block #208364: dbfec 54 7f 72b bc1663bda1c2bed045110fb Header Prev. block hash: …e3a23 Nonce: MetaData Merkle Root: e3b99 41b20dad4dbe10eb3dadd bdca47bcd746e2ef82c af3 Block #208363: …e3a23 Tx

Block structure Transactions are organized in a Merkle tree with a resulting root hash The block header consists of the Merkle root, the hash of the previous block, other metadata, and a nonce The block is identified by the SHA-256 hash of its header A block is valid only if its hash is lower than the target 4/2/2013Written by Meni Rosenfeld31

Proof of work A block with given data and nonce has a very low probability of being valid Miners try different nonces and compute the resulting hash (billions of tries per second) until they match the target, and release the resulting block The existence of a block which includes a transaction proves that computational work has been done by a node which considers this transaction valid Each block references the previous one. Each transaction gets increasingly more powerful proof of work In case of competing branches, the one with the most proof of work is selected 4/2/2013Written by Meni Rosenfeld32

Proof of work A transaction “buried” under several blocks is very hard to revert mistakenly or maliciously Reverting a transaction requires catching up with the computation of the honest network, which is unlikely without greater hashrate Any change to a transaction invalidates all proof of work Hash target is adjusted every 2016 blocks (roughly 2 weeks) so that on average one block is found every 10 minutes 4/2/2013Written by Meni Rosenfeld33

Creation of coins 4/2/2013Written by Meni Rosenfeld34

Questions? 4/2/2013Written by Meni Rosenfeld35

Thank you Meni Rosenfeld 1DdrvajpK221W9dTzo5cLoxMnaxu859QN6 4/2/2013Written by Meni Rosenfeld36