Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mechanics of Bitcoin Part I

Published byDamon Gibbs Modified over 6 years ago

Similar presentations

Presentation on theme: "Mechanics of Bitcoin Part I"— Presentation transcript:

1 Mechanics of Bitcoin Part I
Tyler Moore, CS 7403, University of Tulsa Slides adapted from Arvind Narayanan, Joseph Bonneau, Edward Felten, Andrew Miller, Princeton University

2 Recap: Bitcoin consensus
Bitcoin consensus gives us: Append-only ledger Decentralized consensus Miners to validate transactions assuming a currency exists to motivate miners! But what rules? Need to clarify what “append-only” means

3 3.1: Bitcoin transactions

4 An account-based ledger (not Bitcoin)
time might need to scan backwards until genesis! Create 25 coins and credit to AliceASSERTED BY MINERS Transfer 17 coins from Alice to BobSIGNED(Alice) Transfer 8 coins from Bob to CarolSIGNED(Bob) Transfer 5 coins from Carol to AliceSIGNED(Carol) is this valid? Transfer 15 coins from Alice to DavidSIGNED(Alice) SIMPLIFICATION: only one transaction per block

5 A transaction-based ledger (Bitcoin)
1 Inputs: Ø Outputs: 25.0→Alice time we implement this with hash pointers change address 2 Inputs: 1[0] Outputs: 17.0→Bob, 8.0→Alice SIGNED(Alice) finite scan to check for validity 3 Inputs: 2[0] Outputs: 8.0→Carol, 9.0→Bob SIGNED(Bob) 4 Inputs: 2[1] Outputs: 6.0→David, 2.0→Alice SIGNED(Alice) is this valid? This is called a “change address” SIMPLIFICATION: only one transaction per block

6 SIMPLIFICATION: only one transaction per block
Merging value time 1 Inputs: ... Outputs: 17.0→Bob, 8.0→Alice SIGNED(Alice) ... Inputs: 1[1] Outputs: 6.0→Carol, 2.0→Bob SIGNED(Carol) 2 ... 3 Inputs: 1[0], 2[1] Outputs: 19.0→Bob SIGNED(Bob) SIMPLIFICATION: only one transaction per block

7 SIMPLIFICATION: only one transaction per block
Joint payments time Inputs: ... Outputs: 17.0→Bob, 8.0→Alice SIGNED(Alice) 1 ... 2 Inputs: 1[1] Outputs: 6.0→Carol, 2.0→Bob SIGNED(Carol) ... 3 Inputs: 2[0], 2[1] Outputs: 8.0→David SIGNED(Carol), SIGNED(Bob) two signatures! SIMPLIFICATION: only one transaction per block

8 The real deal: a Bitcoin transaction
{ "hash":"5a42590fbe0a90ee8e d6c84f0db1a3a24e8f1b95b10c9e050990b8b6b", "ver":1, "vin_sz":2, "vout_sz":1, "lock_time":0, "size":404, "in":[ { "prev_out":{ "hash":"3be4ac9728a0823cf5e2deb2e86fc0bd2aa503a91d307b42ba76117d ", "n": }, "scriptSig":" " }, { "prev_out":{ "hash":"7508e6ab259b4df0fd5147bab0c949d81473db4518f81afc5c3f52f91ff6b34e", "n": }, "scriptSig":"3f3a4ce81...." } ], "out":[ { "value":" ", "scriptPubKey":"OP_DUP OP_HASH160 69e02e18b5705a05dd6b28ed517716c894b3d42e OP_EQUALVERIFY OP_CHECKSIG" } ] } metadata input(s) output(s)

9 The real deal: transaction metadata
{ "hash":"5a b8b6b", "ver":1, "vin_sz":2, "vout_sz":1, "lock_time":0, "size":404, ... } transaction hash housekeeping “not valid before” housekeeping

10 The real deal: transaction inputs
"in":[ { "prev_out":{ "hash":"3be ", "n": }, "scriptSig":" f3a4ce81" }, ], previous transaction signature (more inputs)

11 The real deal: transaction outputs
{ "value":" ", "scriptPubKey":"OP_DUP OP_HASH160 69e...3d42e OP_EQUALVERIFY OP_CHECKSIG" }, ... ] output value recipient address?? more on this soon... (more outputs)

12 3.2: Bitcoin scripts

13 Output “addresses” are really scripts
OP_DUP OP_HASH160 69e02e18... OP_EQUALVERIFY OP_CHECKSIG

14 Input “addresses” are also scripts
0467d2c9... scriptSig OP_DUP OP_HASH160 69e02e18... OP_EQUALVERIFY OP_CHECKSIG scriptPubKey TO VERIFY: Concatenated script must execute completely with no errors

15 Bitcoin scripting language (“Script”)
Design goals Built for Bitcoin (inspired by Forth) Simple, compact Support for cryptography Stack-based Limits on time/memory No looping I am not impressed image via Jessie St. Amand

16 Common Script Operations
OP_DUP Duplicates the top item on the stack OP_HASH160 Hashes twice: first using SHA-256 and then RIPEMD-160 OP_EQUALVERIFY Returns true if the inputs are equal. Returns false and marks the transaction as invalid if they are unequal OP_CHECKSIG Checks that the input signature is a valid signature using the input public key for the hash of the current transaction OP_CHECKMULTISIG Checks that the k signatures on the transaction are valid signatures from k of the specified public keys.

17 Bitcoin script execution example
<pubKeyHash?> <pubKeyHash> <pubKey> <pubKey> <sig> true <sig> <pubKey> OP_DUP OP_HASH160 <pubKeyHash?> OP_EQUALVERIFY OP_CHECKSIG

18 Bitcoin script instructions
256 opcodes total (15 disabled, 75 reserved) Arithmetic If/then Logic/data handling Crypto! Hashes Signature verification Multi-signature verification

19 Built-in support for joint signatures Specify n public keys Specify t
OP_CHECKMULTISIG Built-in support for joint signatures Specify n public keys Specify t Verification requires t signatures BUG ALERT: Extra data value popped from the stack and ignored

20 Bitcoin scripts in practice (as of 2014)
Most nodes whitelist known scripts 99.9% are simple signature checks ~0.01% are MULTISIG ~0.01% are Pay-to-Script-Hash Remainder are errors, proof-of-burn More on this soon

21 Proof-of-burn nothing’s going to redeem that ☹ OP_RETURN
<arbitrary data> Uses: spam/griefing. Transfer to another cryptocurrency. Fidelity bond

22 Should senders specify scripts?
Big Box I’m ready to pay for my purchases! Cool! Well we’re using MULTISIG now, so include a script requiring 2 of our 3 account managers to approve. Don’t get any of those details wrong. Thanks for shopping at Big Box!

23 Idea: use the hash of redemption script
<signature> <<pubkey> OP_CHECKSIG> <signature> OP_HASH160 <hash of redemption script> OP_EQUAL <pubkey> OP_CHECKSIG “Pay to Script Hash”

24 Pay to script hash Big Box I’m ready to pay for my purchases!
Great! Here’s our address: 0x3454

Download ppt "Mechanics of Bitcoin Part I"

Similar presentations

Secure Multiparty Computations on Bitcoin

Secure Multiparty Computations on Bitcoin
BITCOIN – 2014 John BlackSpring 2014. Digital Currency  Chaum’s ideas in the 1980’s  All ideas required a central bank or single point of trust  Chaum.

BITCOIN – 2014 John BlackSpring Digital Currency  Chaum’s ideas in the 1980’s  All ideas required a central bank or single point of trust  Chaum.
Advanced Computer Communications PROFESSOR:STUDENT: PROF. DR. ING. BRAD REMUS STEFAN FEILMEIER - 10.04.2014 - FACULTATEA DE INGINERIE HERRMANN OBERTH MASTER-PROGRAM.

Advanced Computer Communications PROFESSOR:STUDENT: PROF. DR. ING. BRAD REMUS STEFAN FEILMEIER FACULTATEA DE INGINERIE HERRMANN OBERTH MASTER-PROGRAM.
The world’s first decentralized digital currency Meni Rosenfeld Bitcoil 29/11/2012Written by Meni Rosenfeld1.

The world’s first decentralized digital currency Meni Rosenfeld Bitcoil 29/11/2012Written by Meni Rosenfeld1.
Comp 245 Data Structures Stacks. What is a Stack? A LIFO (last in, first out) structure Access (storage or retrieval) may only take place at the TOP NO.

Comp 245 Data Structures Stacks. What is a Stack? A LIFO (last in, first out) structure Access (storage or retrieval) may only take place at the TOP NO.
Bitcoin Transaction Scripting Andy Ofiesh Senior Software Engineer Armory Technologies, Inc. MIT Bitcoin Expo, May 3rd, 2014 © Armory Technologies, Inc.

Bitcoin Transaction Scripting Andy Ofiesh Senior Software Engineer Armory Technologies, Inc. MIT Bitcoin Expo, May 3rd, 2014 © Armory Technologies, Inc.
1 Bitcoin A Digital Currency. Functions of Money.

1 Bitcoin A Digital Currency. Functions of Money.
Bitcoin 101 and Beyond Jonathan Levin VP Business Development, Chainalysis GmbH.

Bitcoin 101 and Beyond Jonathan Levin VP Business Development, Chainalysis GmbH.
Class 15: Scripting Transactions Cryptocurrency Cabal cs4501 Fall 2015 David Evans and Samee Zahur University of Virginia.

Class 15: Scripting Transactions Cryptocurrency Cabal cs4501 Fall 2015 David Evans and Samee Zahur University of Virginia.
Demystifying incentives in the consensus computer Loi Luu, Jason Teutsch, Raghav Kulkarni, Prateek Saxena National University of Singapore.

Demystifying incentives in the consensus computer Loi Luu, Jason Teutsch, Raghav Kulkarni, Prateek Saxena National University of Singapore.
Section #9: Bitcoins. Digital currency Unique string of bits Use cryptography for security and privacy Not tied to names: hard to trace Finite set of.

Section #9: Bitcoins. Digital currency Unique string of bits Use cryptography for security and privacy Not tied to names: hard to trace Finite set of.
Intro to Cryptocurrencies & Review of Relevant Crypto Tyler Moore, CS 7403, University of Tulsa Slides adapted from Arvind Narayanan, Joseph Bonneau, Edward.

Intro to Cryptocurrencies & Review of Relevant Crypto Tyler Moore, CS 7403, University of Tulsa Slides adapted from Arvind Narayanan, Joseph Bonneau, Edward.
How Bitcoin Achieves Decentralization

How Bitcoin Achieves Decentralization
How to Store and Use Bitcoins Tyler Moore, CS 7403, University of Tulsa Slides adapted from Arvind Narayanan, Joseph Bonneau, Edward Felten, Andrew Miller,

How to Store and Use Bitcoins Tyler Moore, CS 7403, University of Tulsa Slides adapted from Arvind Narayanan, Joseph Bonneau, Edward Felten, Andrew Miller,
Bitcoin’s new Era OP_CSV, Segregated Witness And how it relates to Bitcoin at Visa’s scale.

Bitcoin’s new Era OP_CSV, Segregated Witness And how it relates to Bitcoin at Visa’s scale.
Bitcoin Bitcoin is a cryptocurrency. The platform that hosts Bitcoin is a p2p system. Bitcoin can be abstracted as a digital file that records the account.

Bitcoin Bitcoin is a cryptocurrency. The platform that hosts Bitcoin is a p2p system. Bitcoin can be abstracted as a digital file that records the account.
Digital vs. paper currencies Paper: Digital: 16fab13fc6890 Very useful if is also digital.

Digital vs. paper currencies Paper: Digital: 16fab13fc6890 Very useful if is also digital.
Alexander Bernauer What is Bitcoin?

Alexander Bernauer What is Bitcoin?
Block Chain 101 May 2017.

Block Chain 101 May 2017.
these are protocols used for changing the bitcoin network protocols

these are protocols used for changing the bitcoin network protocols

Similar presentations

Ads by Google