Bitcoin/Blockchain. Workshop

Size: px

Start display at page:

Download "Bitcoin/Blockchain. Workshop"

Meghan Lilian Davis
5 years ago
Views:

1 Prev : H() nonce: 2009 Prev : H() nonce: Prev : H() nonce: data data data Bitcoin/Blockchain Workshop Prashanth.B Founder, CEO, lastbit pb@lastbit.io

2 Overview (Day 1 Hour 1) 1. An Introduction to crypto-currency 2. Distributed systems 3. Bitcoin

3 An Introduction to Cryptocurrency

4 History of Currency Before 1971 Today

5 Bitcoin vs. Banks Decentralized Centralized 100,000,000 Satoshi =

6 Source: bitcoin.org

7 Distributed Systems

8 Introduction

9 Fault Tolerance & State Replication COMMENTS A -> Good weather B -> No it s terrible A -> The glass is half full B -> It s half empty COMMENTS A -> Good weather B -> No it s terrible A -> The glass is half full B -> It s half empty COMMENTS A -> Good weather B -> It s half empty A -> The glass is half full B -> No it s terrible

10 Naïve Client-Server Protocol Client sends command one at a time to server Client-Server Protocol with ACK (Eg: TCP) Client sends command one at a time to server Server sends ACK If ACK not received within a reasonable time, resend command. Tip: Add sequence number, to prevent same command from being executed multiple times

11 The impossibility of consensus The impossibility of consensus. Example : Two friends Meet at 7pm? Sure. ACK receipt. Ok. ACK(ACK (ACK receipt)) Bob Alice

12 Consensus Definition: Distributed consensus The protocol terminates and all correct nodes agree upon the same value that was originally proposed by a correct node. A node that can have ANY imaginable arbitrary behavior is called Byzantine

13 Hash Functions x H(x) X Hello SHA256( Hello ) 2CF24DBA5FB0A30E26E83B2AC5B9E29E1B161E5C1FA7425E B9824 X Hallo SHA256( Hallo ) D3751D33F9CD5049C4AF2B E4D3BAF130BCBB87F389E349FBAEB20B9 Analogous to a digital fingerprint Source: Bitcoin: A peer to peer electronic cash system Satoshi Nakomoto

14 Properties of Hash Functions Collision Free If H(x) = H(y) => x = y Hiding Given H(x) it is infeasible to compute x X Hello SHA256( Hello ) 2CF24DBA5FB0A30E26E83B2AC5B9E29E1B161E5C1FA7425E B9824

15 Byzantine General s Problem Let s attack on Sunday No I have a date on Sunday. Let s attack on Monday.

16 X = Let s attack on Sunday H(X) = 00000efa2 Y = No I have a date on Sunday. Let s attack on Monday H(X) = 00000ab23

17 X = Let s attack on Sunday, Monday, Tuesday Y = Let s attack on Monday H(X) = efa2 H(y) = ab23

18 Bitcoin

19 A Distributed Ledger Block N Block Height Block N-1 Block N-2 Blockchain Block 2 Block 1 Block 0 Genesis Block

20 Mining Very difficult! Very easy!

22 Basic digital cash Signed by Alice s K p Pay to K p Bob Signed by Goofy s K p Pay to K p Alice Coin 1 Goofycoin Signed by Goofy s K p CreateCoin[1]

23 Double Spending Signed by Alice s K p Pay to K p Bob Signed by Alice s K p Pay to K p Charlie Signed by Goofy s K p Goofycoin Pay to K p Alice Signed by Goofy s K p CreateCoin[1]

24 Double Spending Solution ScroogeCoin Signed by Scrooge Previous ID : 69 Transaction Previous : H( ) ID : 70 Transaction Previous ID : 71 Transaction

25 What s in a Block? Block Hash Previous Block Hash Merkle Root Nonce Difficulty Block Size: x kb Number of Transactions: n <Transactions> b3fa19b9610b326b11ef8c6d150bac0be5fbe9 af9d6b ca1d9de981f2f79eeb6a8b41fedcdc6d69c c678e2e ec88a3581bb2e1b1bffd9e47a233f8dae92d fa1d744f9acf Nonce: Difficulty: 4,143,878,474, Block Size: kb Number of Transactions: 1788 <Transactions>

27 <Demo> github.com/prashb94 -> Blockchain_Java_Demonstration

28 Overview (Day 1 Hour 2) 1. Keys 2. Wallets 3. Transactions

29 Bitcoin Keys Private Key (256 bits) Pick a number between 1 and n-1, where n is slightly less than Example: 64-bit hex encoded (64 * 4 = 256) 2368fa8dd9eeff910631dedb5fef297ae3b5a92948bcbc5a238fecf4d4 b6c68d Private Key WIF KxQYUNbiXYCubtMam7VjRQVRmKyS3dZE36trm1QHrzcgTVUER8 Ns

30 Public Key Public Key - K = k * G G is fixed, defined by secp256k1 standard K is a point (x,y) on the curve. Given K it is infeasible to compute k

31 ECC x = y y 2 mod p = (x 3 + 7) mod p

32 Multiplication on the Elliptic Curve kp = P + P +. + P (k times) -2G G -4G 4G -8G 2G And so on until we get kg

33 Addresses k = Private Key 2368fa8dd9eeff910631dedb5fef297ae3b5a92948bcbc5a238fecf4d4b6c68d K = k* G K = Public Key 035b2dee61996d9d305dd7a5b8212f2fd07d65b4d92bcef4b9e1df271a2d tk = SHA256(K) pubkeyhash = RIPEMD(tK) (20 bytes/160 bits) Address = Base58CheckEncode(pubKeyHash) 1PbVVETY8NBNY9L7V8iqzmyM5zFWsHAGq3

34 Compressed and Uncompressed Keys X = F028892BAD7ED57D2FB57BF33081D5CFCF6F9ED3D3D7F159C2E2FFF579DC341A Y = 07CF33DA18BD734C600B96A72BBC4749D5141C90EC8AC328AE52DDFE2E505BDB K (520 bits) = 04 F028892BAD7ED57D2FB57BF33081D5CFCF6F9ED3D3D7F159C2E2FFF579DC341A 07CF33DA18BD734C600B96A72BBC4749D5141C90EC8AC328AE52DDFE2E505BDB y 2 mod p = (x 3 + 7) mod p K (264 bits) = 03F028892BAD7ED57D2FB57BF33081D5CFCF6F9ED3D3D7F159C2E2FFF579DC341A ~50% reduction in size!

35 Key Generation P K K p A Elliptic Curve Multiplication Hash function Private Key Public Key Address L1yodjsu78NMy4yaXx8SawvQA2zsHUikhxifuan7HbNtTQfvUVBF 1NuRkdFFqKHxURW1PiK3gzBaZHwys2k2P4

36 Wallets Non Deterministic Wallets

37 Wallets Deterministic Wallets (Type 1) Seed

38 Wallets Hierarchial Deterministic Wallets (BIP 32/44) Master Key m/ 0 Seed m m/ 1 m/ 2 Child Keys Grand-child Keys

39 BIP 39 Seeds & Mnemonics Seed - 0C1E24E D297E14D45F14E1A1A Mnemonic - army van defense carry jealous true garbage claim echo media make crunch Word list 2048 words Process Generate Entropy, Split into 11 bit equal partitions. Each partition corresponds to an index in the 2048 word list.

40 Example Entropy input (128 bits) Mnemonic (12 words) Passphrase Seed (512 bits) 0c1e24e d297e14d45f14e1a1a army van defense carry jealous true garbage claim echo media make crunch SuperDuperSecret 3b5df16df cfdd a5e170c e3afe6c 88defeefb0818c793dbb28ab3ab091897d dc8a18358f80b79d49acf64142ae57037d1d54 Entropy input (256 bits) Mnemonic (24 words) Passphrase Seed (512 bits) caff939d32d574753fe684d3c947c dd8423e74abcf8c cake apple borrow silk endorse fitness top denial coil riot stay wolf luggage oxygen faint major edit measure invite love trap field dilemma oblige (none) 3269bce2674acbd188d4f120072b13b088a0ecf87c6e4ca e41657a0bb78f5315b33b3a04356e53d062e5 5f1e0deaa082df8d df848a6ad7e

41 Key Formats Type Prefix Example Raw None (256 bits) Hex None fecf4d4b6c68d (64 hex digits) WIF 5 5J3mBbAH58CpQ3Y5RNJp UKPE62SQ5tfcvU2Jpbnkey hfsyb1jcn WIF Compressed K or L KxQYUNbiXYCubtMam7VjR QVRmKyS3dZE36trm1QHrz cgtvuer8ns

42 Paper Wallet example Address Private Key Download the Mycelium Testnet Wallet application from the Google Play Store Install the app and press the button circled below.

43 Select Advanced Scan your private key This is your address. Paste it into any block explorer to view complete data. Or select a transaction and click on the hash Example: testnet.blockchain.info

44 Anatomy of a Transaction Inputs Amount Outputs Amount BTC BTC BTC BTC Input 1 Input 2 From Alice, signed by Alice Output 1 To Bob Output 2 To Joe Total BTC Total BTC Difference = 0.05 BTC (Implied transaction fee)

45 Source: Mastering Bitcoin (O'Reilly Media)

46 { "version": 1, "locktime": 0, "vin": [ { "txid": "7957a35fe64f80d234d76d83a2a8f1a0d8149a41d81de548f0a65a8a999f6f18", "vout": 0, "scriptsig" : " d142d86652a3f47ba4746ec719bbfbd040a570b1deccbb6498c75c4ae24cb02204b9f039ff08df09cbe9f6addac960298cad530a863ea8f53982c09db8f 6e3813[ALL] 0484ecc0d46f1918b30928fa0e4ed99f16a0fb4fde0735e7ade8416ab9fe423cc d172787ec3457eee41c04f4938de5cc17b4a10fa336a8d752adf", "sequence": } ], "vout": [ { }, { "value": , "scriptpubkey": "OP_DUP OP_HASH160 ab c3dbd2f7b92a94e0581f5d50f654e7 OP_EQUALVERIFY OP_CHECKSIG" "value": , "scriptpubkey": "OP_DUP OP_HASH160 7f9b1a7fb68d60c536c2fd8aeaa53a8f3cc025a8 OP_EQUALVERIFY OP_CHECKSIG", } ] }

47 Bitcoin Scripts Turing incomplete Stateless verification Stack based language Example OP_ADD 20 OP_EQUAL

48 P2PKH (Pay To Public Key Hash) Transaction output is locked with a script Anyone who can present a signature corresponding to the public key in the script can spend that output Standard P2PKH locking script OP_DUP OP_HASH160 <Public Key Hash> OP_EQUALVERIFY OP_CHECKSIG Standard P2PKH unlocking script <Signature> <Public Key>

49 <Sig> <PublicKey> OP_DUP OP_HASH160 <Public Key Hash> OP_EQUALVERIFY OP_CHECKSIG <sig> <PubK> <sig> <Sig> <PublicKey> OP_DUP OP_HASH160 <Public Key Hash> OP_EQUALVERIFY OP_CHECKSIG <PubK> <PubK> <sig> <Sig> <PublicKey> OP_DUP OP_HASH160 <Public Key Hash> OP_EQUALVERIFY OP_CHECKSIG

50 <PubKHash> <PubK> <sig> <Sig> <PublicKey> OP_DUP OP_HASH160 <Public Key Hash> OP_EQUALVERIFY OP_CHECKSIG <PubKHash> <PubKHash> <PubK> <sig> <Sig> <PublicKey> OP_DUP OP_HASH160 <Public Key Hash> OP_EQUALVERIFY OP_CHECKSIG <PubK> <sig> <Sig> <PublicKey> OP_DUP OP_HASH160 <Public Key Hash> OP_EQUALVERIFY OP_CHECKSIG <Sig> <PublicKey> OP_DUP OP_HASH160 <Public Key Hash> OP_EQUALVERIFY OP_CHECKSIG TRUE

51 Digital Signatures Sign Hello World! P K Private Key M Message K p Public Key Signature 732fe6c8c6c616fbe90133f491beb831ba0c61c3072a1ab11ded1a53770c459e 1074e1d0cfc3127cf2f717bb20c4310ac29e20aa83aaf43a4809bfe8bab825e5 Verify Yes/No

52 Properties of DSA P K Private Key K p Public Key Hello Goofy f49..1beb8 Hello Goofy n 01fda...9af211 Hello Goofy n+1 51afde ef2315a Verify Yes/No

53 <Demo>

54 Overview (Day 2 Hour 1) 1. Advanced Transactions 2. Merkle Trees 3. Applications

55 Multisignature Scripts Locking Script : M <PubKey 1> <PubKey 2>..<PubKey N> N CHECKMULTISIG Unlocking Script : <Signature 1> <Signature 2> Validation Script : 0 <Signature 1> <Signature 2> M <PubKey 1> <PubKey 2>..<PubKey N> N CHECKMULTISIG

56 Standard Locking Script 2 04C16B8698A9ABF84250A7C3EA7EEDEF9897D1C8C6ADF47F06CF73370D74DCCA01CDCA79DCC5C395 D7EEC6984D83F1F50C900A24DD47F569FD4193AF5DE762C58704A D8655D6A935BEAF2CA23E3 FB87A3495E7AF308EDF08DAC3C1FCBFC2C75B4B0F4D0B1B70CD C0C2B1D5CE65C97D78D0 E E8B49047E63248B75DB7379BE9CDA8CE5751D16485F431E46117B9D0C1837C9D F3 93DA7D4420D7E1A9162F0279CFC10F1E8E8F3020DECDBC3C0DD389D D65CBD7149B ED7F78E EE6FDA162A187543A9D85BAAA93A4AB3A8F044DADA618D ABE8A35D A8C5B73997AD343BE5C2AFD94A AFA1ECED3C68D446BCAB69AC0BA7DF50D56231BE0AAB F1FDEEC78A6A45E394BA29A1EDF518C022DD618DA774D207D137AAB59E0B000EB7ED238F4D800 5 CHECKMULTISIG P2SH Locking Script HASH160 54c557e07dde5bb6cb791c7a540e0a4796f5e97e EQUAL

57 P2SH (Pay To Script Hash) Without P2SH Locking Script Unlocking Script 2 PubKey1 PubKey2 PubKey3 PubKey4 PubKey5 5 CHECKMULTISIG Sig1 Sig2 With P2SH Redeem Script Locking Script Unlocking Script 2 PubKey1 PubKey2 PubKey3 PubKey4 PubKey5 5 CHECKMULTISIG HASH160 <20-byte hash of redeem script> EQUAL Sig1 Sig2 <redeem script>

58 Bitcoin Transaction Malleability Mt.Gox - 850,000 bitcoins stolen

59 OP_RETURN OP_RETURN <data> "asm" : "OP_DUP OP_HASH160 b8268ce4d481413c4e848ff353cd c45b OP_EQUALVERIFY OP_CHECKSIG" "asm" : "OP_RETURN c c6f "

60 Merkle Trees Merkle Root H ABCD Hash(H AB + H CD ) H AB Hash(H A + H B ) H CD Hash(H C + H D ) H A Hash(Tx A) H B Hash(Tx B) H C Hash(Tx C) H D Hash(Tx D)

61 Merkle Path Merkle Root H ABCD Hash(H AB + H CD ) H AB Hash(H A + H B ) H CD Hash(H C + H D ) H A Hash(Tx A) H B Hash(Tx B) H C Hash(Tx C) H D Hash(Tx D)

62 Merkle Tree Efficiency Number of transactions Approx. size of block Path size (hashes) Path size (bytes) 4 transactions 1 kilobyte 3 hashes 96 bytes 16 transactions 4 kilobytes 4 hashes 128 bytes 512 transactions 128 kilobytes 9 hashes 288 bytes 2048 transactions 512 kilobytes 11 hashes 352 bytes 65,535 transactions 16 megabytes 16 hashes 512 bytes

63 SPV Nodes Only downloads block headers Merkle trees used extensively to verify if a tx is included in a block Less than 1 kilobyte of data for the entire merkle path

64 Takeaway As block size increases, merkle path size increases much slower Nodes can download just the 80 byte block headers instead of storing the entire blockchain (SPV nodes)

65 Secure Timestamping Data e21

66 Colored Coins Add secondary value to Bitcoin Store ANY asset on the BITCOIN blockchain

67 You cannot prove Clairvoyance

68 Overview (Day 2 Hour 2) 1. Anonymity 2. Scaling 3. Ethereum

69 Blind Signatures Original Message Original Message Carbon paper lined envelope Remove envelope

70 Zk-SNARKS

71 Micropayment Channels

72 HTLC H = Hash(R) IF # Payment if you have the secret R HASH160 <H> EQUALVERIFY ELSE # Refund after timeout. <locktime> CHECKLOCKTIMEVERIFY DROP <Payer Public Key> CHECKSIG ENDIF

73 Lightning Network

75 Ethereum

76 Decentralized Applications 1 Ether = 1,000,000,000,000,000,000 Wei (10 18 )

77 Gas Account based protocol unlike UTXO based in Bitcoin

78 UTXO vs. Accounts

79 Transactions

80 Nonces Replay attack

81 Eg: Tell me all instances of an event of type X (eg. a crowdfunding contract reaching its goal) emitted by this address in the past 30 days

82 Smart Contracts Externally Owned Accounts (EOA) and Contract Accounts Controlled by P k No P k Solidity/Serpent Turing Complete

83 DAO

The DAO Hard Fork July 18 2016 Recursive call bug, 3.

84 The DAO Hard Fork July Recursive call bug, 3.6 MM ETH stolen 89% of community voted for hard fork

85 Parity Hack Line 215 and Line ,000$ frozen in multisig wallets Hacked by mistake

87 References Mastering Bitcoin Andreas M. Antonopoulos, O Reilly Media. Distributed Ledger Technology Roger. M. Wattenhofer, ETH Zurich.

Bitcoin and Blockchain Technology: Addresses, Transactions, and Blocks. Ferdinando M. Ametrano

Bitcoin and Blockchain Technology: Addresses, Transactions, and Blocks Ferdinando M. Ametrano https://www.ametrano.net/about/ Table of Contents 1. Addresses and Wallet Import Formats 2. TxIns, TxOs, UTxOs