Towards a More Democratic Mining in Bitcoins Goutam Paul R. C. Bose Centre for Cryptology & Security, Indian Statistical Institute Pratik Sarkar Indian.

Slides:



Advertisements
Similar presentations
An Alternative to Short Lived Certificates By Vipul Goyal Department of Computer Science & Engineering Institute of Technology Banaras Hindu University.
Advertisements

AUTHENTICATION AND KEY DISTRIBUTION
Secure Multiparty Computations on Bitcoin
Bitcoin: A New Internet Currency Stephen Clayton Senior Economic Education Specialist Federal Reserve Bank of Dallas The opinions expressed are solely.
Digital Signatures and Hash Functions. Digital Signatures.
COMS 486 Iowa State University Introduction to Bitcoin A P2P Electronic Cash System.
Bitcoin. What is Bitcoin? A P2P network for electronic payments Benefits: – Low fees – No middlemen – No central authority – Can be anonymous – Each payment.
Bitcoin Double Spending Attack Karame, Androulaki & Capkun Presented by Subhro Kar CSCE 715, Fall 2013.
Stefan Dziembowski Why do the cryptographic currencies need a solid theory? Forum Informatyki Teoretycznej, Warsaw
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
Cryptography Basic (cont)
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Introduction to Signcryption November 22, /11/2004 Signcryption Public Key (PK) Cryptography Discovering Public Key (PK) cryptography has made.
Freenet A Distributed Anonymous Information Storage and Retrieval System I Clarke O Sandberg I Clarke O Sandberg B WileyT W Hong.
BITCOIN An introduction to a decentralised and anonymous currency. By Andy Brodie.
Homework #5 Solutions Brian A. LaMacchia Portions © , Brian A. LaMacchia. This material is provided without.
SSH Secure Login Connections over the Internet
The world’s first decentralized digital currency Meni Rosenfeld Bitcoil 29/11/2012Written by Meni Rosenfeld1.
On Power Splitting Games in Distributed Computation: The case of Bitcoin Pooled Mining Loi Luu, Ratul Saha, Inian Parameshwaran, Prateek Saxena & Aquinas.
Bitcoin (what, why and how?)
BitCoin An overview. Why ? First crypto-currency.
02/22/2005 Joint Seminer Satoshi Koga Information Technology & Security Lab. Kyushu Univ. A Distributed Online Certificate Status Protocol with Low Communication.
Bitcoins and the Digital Economy Presented By: Matt Blackman.
Strong Security for Distributed File Systems Group A3 Ka Hou Wong Jahanzeb Faizan Jonathan Sippel.
1 Bitcoin A Digital Currency. Functions of Money.
Digital Signatures, Message Digest and Authentication Week-9.
Computer Science CSC 774 Adv. Net. Security1 Presenter: Tong Zhou 11/21/2015 Practical Broadcast Authentication in Sensor Networks.
Cryptographic Hash Functions and Protocol Analysis
SCP: A Computationally Scalable Byzantine Consensus Protocol for Blockchains Loi Luu, Viswesh Narayanan, Kunal Baweja, Chaodong Zheng, Seth Gilbert, Prateek.
Network Security Celia Li Computer Science and Engineering York University.
Bitcoin Tech Talk Zehady Abdullah Khan (Andy) Graduate Assistant, Computer Science Department, Purdue University.
Bitcoin is a cryptographic currency that has been in continuous operation over the last 3 years. It currently enjoys an exchange rate of $4.80 (as of April.
Section #9: Bitcoins. Digital currency Unique string of bits Use cryptography for security and privacy Not tied to names: hard to trace Finite set of.
Towards Reference Architecture for Cryptocurrencies: Bitcoin Architectural Analysis Israa Alqassem, Davor Svetinovic.
Secure Single Packet IP Traceback Mechanism to Identify the Source Zeeshan Shafi Khan, Nabila Akram, Khaled Alghathbar, Muhammad She, Rashid Mehmood Center.
Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.
Bitcoin Bitcoin is a cryptocurrency. The platform that hosts Bitcoin is a p2p system. Bitcoin can be abstracted as a digital file that records the account.
Block Chain 101 May 2017.
Motivation ✓ ✘ ? Bitcoin/Ideal Credit Card Works on Internet
Virtual currency? Crypto-currency? Internet Money? Property?
Bitcoin - a distributed virtual currency system
Bitcoin Mining by David Kopczyk.
Distributed Systems for Information Systems Management
Originally by Yu Yang and Lilly Wang Modified by T. A. Yang
So what is Blockchain anyway?
Blockchain Adrian Zaragoza.
Deanonymization of Clients in Bitcoin P2P Network

Zcash Mining – A Guide For Beginners. Zcash (also known as ZEC and seventeenth most valued cryptocurrency with market capitalization of $500 million)
Technical Overview of Bitcoin
Data Structures and Analysis (COMP 410)
Focus Group 3: Blockchain and digitalisation
Bitcoin: A New Internet Currency
Campbell R. Harvey Duke University and NBER
Bitcoin: Data flow.
Nonce Making Sense of Nonces.
Blockchain Concepts RISK FORUM 2017 Hash function (e.g. SHA-256)
Kai Bu 04 Blockchain Kai Bu
Wokshop SAIS 2018 Dr. Meg Murray Kennesaw state university
Faculty Seminar Series Blockchain Technology
Campbell R. Harvey Duke University and NBER
GAYATRI INSTITUTE OF COMPUTER AND MANAGEMENT HINJILICUT (GANJAM)
Majority is not Enough: Bitcoin Mining is Vulnerable
Bitcoin and Blockchain
Explore Txs, block, blockchain in Bitcoin
Author: Satoshi Nakamoto
Presentation transcript:

Towards a More Democratic Mining in Bitcoins Goutam Paul R. C. Bose Centre for Cryptology & Security, Indian Statistical Institute Pratik Sarkar Indian Institute of Engineering Science & Technology, Shibpur Sarbajit Mukerjee Department of Computer Science, Utah State University, U.S.A.

What is Bitcoin?  Bitcoin is an online payment system.  It works in a P2P network without any central organization to monitor the transactions.  The users verify the transactions among themselves.  Each user has a Bitcoin wallet which stores his Bitcoins in addresses and accounts.

Bitcoin Wallet  Wallet is an encrypted computer file where bitcoins are stored.  Wallet can live in almost any physical device.  The user’s identity is disguised (users employ pseudonyms).  The wallet contains user accounts with addresses. Bitcoin Wallet User Accounts Bitcoins Address es User Accounts Address es Bitcoins

Bitcoin Addresses  A Bitcoin address is an length alphanumeric string  Used for payments in Bitcoin system  Each address is the hash of a ECDSA public key.  The corresponding private key is required to spend the Bitcoins in that address.

Bitcoin Network Each user node runs the following algorithm:  New transactions are broadcast to all nodes.  Each node collects new transactions in a block.  Each node works on finding a proof-of-work for its block.

Bitcoin Network (contd.)  When a node finds a proof-of-work, it broadcasts the block to all nodes.  Other Nodes accept the block only if all transactions in it are valid and not already spent (check all the transactions).  Nodes express their acceptance by working on creating the next block in the chain, using the hash of the accepted block as the previous hash.

A Bitcoin Block

Bitcoin Mining  To verify the transactions, Bitcoin system relies on a network of miners who collectively work towards implementing a replicated ledger for keeping track of all the accounts in the system.  All the Bitcoin miners independently try to find the winning block by finding a hash lower than a particular target specified by the Bitcoin system.  The Bitcoin miners use proof-of-work protocol to find new blocks

Proof-of-Work Protocol  Proof-of-Work is a protocol used to artificially impose transaction costs.  The main goal is to “charge” the requester of a service with the efforts to provide a solution to a puzzle, which would be much harder to do than to be verified.  A Block contains transactions to be validated and previous hash value.

Proof-of-Work Protocol (contd.)  Pick a nonce such that Hash(prev hash, nonce, T x ) < E, where E is the difficulty of system  Work required is exponential in the number of zero bits required.  Upon successful generation of a block, a miner is granted a fixed amount of BTCs, known as coin-based transaction, plus the transaction fees from all the transactions that have been included in the block. Proof of Work Protocol

Problem being Addressed  Increasing hash rate of Bitcoin system  51% attack possibility  Block race and Selfish Mining  Remove variable coin generation

Increasing Hash Rate  Increasing difficulty of the Bitcoin system  Increasing hashing power for PoW protocol  Increases the requirement for higher computing power  We try to reduce the computing power requirement

51% Attack Suppose a single entity/group/pool contributes to the majority of the network’s mining hashrate. Then they would have full control of the network and can change the current blocks and the future blocks of the blockchain at will. They will be generating majority of the blocks and including the transactions in them.

51% Attack (contd...)  They could prevent transactions from gaining any confirmations  Prevent people from sending Bitcoins between addresses  Reverse transactions that happen when they generate the blocks (also allowing double spend transactions)  Prevent other miners from finding any blocks for a short period of time.

51% Attack (contd...)  Cannot generate new coins without following the proof-of-work protocol  Cannot steal coins from Bitcoins addresses  Cannot affect any past blocks or change any transaction recorded in them.

Defense against 51% Attack  On 14th June 2014, a particular mining pool was able to take control of 51% of Bitcoins processing power, thus extracting the maximum amount of profit for their work.  Mining pools generates majority of the blocks More than 75% of mining is controlled by pools Ghash.IO secured 51% of the mining rights, creating a 51% attack possibility  In this paper, we introduce a new defense against this 51% attack.

Prevent Selfish Mining  Block Races and Selfish Mining [1] : The mining pools can pursue selfish mining to prevent the blocks of other users from being added into the blockchain. This can lead to 51% attack.  We ensure a fair mining process and thus remove the chances of Block races and selfish mining. [1] Eyal, Ittay and Sirer, Emin Gῢn Sirer, “Majority is not enough: Bitcoin mining is Vulnerable”, Financial Cryptography 2014:

Guarantee Fixed Generation Rate  The Bitcoins are generated at an average of 10 minutes but it varies a lot.  Variable time can lead to problems like transaction malleability [2] which has lead to frauds.  This scheme guarantees a 10 minutes generation rate. [2]

Our Proposal  Modify the target achieving proof-of-work protocol by minimum hash generation by miner nodes across the Bitcoin network.  The user with the minimum hash after 10 minutes gets the mining rights.  The process is divided into 3 phases: Hash Generation Hash Broadcast Hash Verification

Changes Introduced  The present bitcoin header has been modified  The target field has been replaced by the Bitcoin address of the miner  Users do not have to meet a target  Bitcoin address of miner is required to identify the miner during hash verification

Name Byte Size Description Version (V)4 Block Version Number. Previous Hash (P h ) 32 This is the hash of the previous block header. Merkle Root (H t ) 32 The hash based on all the transactions present in the current block. Time (T)4 Current Timestamp in seconds (unix format). Target4 Target value in compact form. Nonce (R)4User adjusted value starting from 0. Present Block Header FormatProposed Block Header Format Name Byte Size Description Version (V)4 Block Version Number. Previous Hash (P h ) 32 This is the hash of the previous block header. Merkle Root (H t ) 32 The hash based on all the transactions present in the current block. Time (T)4 Current Timestamp in seconds (unix format). Bitcoin Address (U p ) 20 Hash of the Public key of the receiving address. Nonce (R)4User adjusted value starting from 0. Block Header Formats

Hash Generation Phase (cont.)  It continues for 2 minutes  Generate SHA-256 hashes H of the proposed Block Header fields by changing the Nonce value at different timestamps (T) H = SHA(SHA(V ||Hp||T ||Up||H t ||R||P)) ; P = Padding  Select the minimum Hash H min among generated hashes  Form Hash Message: Block Header and Hash H min  Each node contains two fields: STATE (denotes states of node)and M min (Contains minimum hash message)

Hash Generation Phase (cont.)  Call Initialize() with H min for each node N i  Update the M min to the message containing H min  Update STATE to ACTIVE  Start Hash Broadcasting phase

Hash Generation Phase (cont.) Procedure Initialize (Hash Message M); for all Nodes in the network do N i.M min = M, where M min is the minimum hash message at each node; N i.STATE = ACTIVE; end for

Hash Broadcasting Phase  Each leaf node starts this phase by broadcasting it M min to its parent and becomes PROCESSING (calls LeafSending() )  Each internal node receives the message: calls the Receiving_Active(M) function on receiving a message M from its neighbors. Processes the message by calling Process Message(M) If it has received from all neighbors except 1, then he forwards the M min with him to that one neighbor which becomes its parent and becomes PROCESSING

Hash Broadcasting Algorithm (Active Phase) Procedure LeafSending() for all Active Leaf Nodes in the network do parent ⇐ Neighbors; send N i.M min to parent; N i.STATE = PROCESSING; end for

Hash Broadcasting Algorithm (Active Phase) (cont.) Procedure Receiving_Active(M) for all Active Internal Nodes in the network do N i.M min = Process Message(M); Neighbors:= Neighbors - sender; if number of Neighbors = 1 then parent ⇐ Neighbors; send N i.M min to parent; N i.STATE = PROCESSING; end if end for

Hash Broadcasting Algorithm (Active Phase) (cont.) Procedure Process_Message(M) for all Nodes in the network do if N i.M min.H <M.H then return N i.M min ; else return M ; end if end for

Hash Broadcasting Phase(Processing Phase) (cont.)  When a node in PROCESSING state receives a message it becomes SATURATED by calling Receiving_Processing() and starts the hash verification stage by making M min public  The algorithm [3] states that exactly two nodes will be SATURATED and they will be neighbors. These two nodes will contain the same M min with them. [3] Santoro, Nikola. Design and Analysis of Distributed Algorithms (Wiley Series on Parallel and Distributed Computing). Wiley-Interscience, pages

Hash Broadcasting Algorithm (Processing Phase) (cont.) Procedure Receiving_Processing(M) for all Processing Nodes in the network do N i.STATE = SATURATED; N i.M min = Process_Message(M); Announce M; Start Verification stage; end for

Hash Verification Phase  Finds the true minimum hash of the system  The hash message chosen by the two saturated nodes is verified by the peers  Any node having lower hash message can claim his hash as: His message is verified The broadcasted hash message is discarded The owner of the message generates the next block  The hash broadcast and verification stage continues for 8 mins

Security Features  High computing power does not give additional advantage : Each node is independent Does not know about the hash of other nodes  The hashes are verified by the peer nodes and a hash will be discarded only if: The hash value does not match with the hash of the header fields It is bigger than some other hash, which has been verified  Evil nodes cannot affect the verification stage because they can discard a hash only if any of the above conditions hold

Message Complexity  Total number of active nodes = n  We used the saturation stage of [3]  The message complexity for this scheme is O(n). [3] Santoro, Nikola. Design and Analysis of Distributed Algorithms (Wiley Series on Parallel and Distributed Computing). Wiley-Interscience, pages

Greener Bitcoins  In the original Bitcoin scheme Hash generation occurs all the time. Mining process totally depends on computation power intensive work.  In our scheme Hash generation occurs only for 2 mins for every 10 mins. It uses up 1/5 th of the power. Mining process depends on luck, and not computing power intensive Greener Approach to mining.

Advantages  Generates Bitcoins at a fixed rate of 10 minutes which can be adjusted  Decentralizes the Bitcoin mining process from the hands of mining pools and introduces a luck factor in mining.  Reduces Power consumption by 1/5 th times the PoW protocol as only 2 minutes out of 10 minutes is used for hash generation

Conclusion  Analyzed the major weaknesses of the existing PoW protocol and proposed an alternative solution  Large computing power doesn't guarantee block generation  Generates the coins at a fixed rate  Mining is more environment friendly and democratic

Thank you