Bitcoin and Blockchain Technology: Addresses, Transactions, and Blocks. Ferdinando M. Ametrano
|
|
- Rosamund Small
- 5 years ago
- Views:
Transcription
1 Bitcoin and Blockchain Technology: Addresses, Transactions, and Blocks Ferdinando M. Ametrano
2 Table of Contents 1. Addresses and Wallet Import Formats 2. TxIns, TxOs, UTxOs 3. Bitcoin Script Language 4. Transaction Scripts 5. Odds and Sods 6. Blocks 7. Historical Transactions 2/108
3 Bitcoin Base58 Encoding Binary digits: 01 Decimal digits: Hexadecimal digits: ABCDEF Base58 digits: all alphanumeric characters (numbers, uppercase, and lowercase) omitting 0 (zero), O (capital o), I (capital i) and l (lower case L) ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijk mnopqrstuvwxy 3/108
4 Parsimonious Large Number Representation Larger digit set available less digits required to represent large numbers e.g. 16^5-2: Binary Decimal FFFFE Hex 6Nhs Base58 4/108
5 Base58Check Encoding 1. Payload 2. [Prefix +] Payload [+ Suffix] = ExtPayload 3. ExtPayload + Checksum 4. Base58 encoding Double SHA256 Checksum Calculation a. ExtPayload b. SHA256(ExtPayload) c. SHA256(SHA256(ExtPayload)) d. Checksum = first 4 bytes of the previous step The Base58Check decoding stage will first use the checksum to detect possible errors in ExtPayload before actual decoding 5/108
6 Base58 Representation of Public/private Keys Base58 is used for compact representation of Bitcoin Public/private keys: Address: Q in Base58 representation Wallet Import Format: q in Base58 representation 6/108
7 From Uncompressed Public Key to Address (1/4) Given the private key 0x18E14A7B6A307F426A94F E7C8E774E7F9A47E2C2035DB29A Start from the associated Public Key point in uncompressed representation (65 bytes: 1 byte for the x04 prefix, 32 bytes for the X coordinate, 32 bytes for the Y coordinate) AD64A87AE8A2FE83C1AF1A8403CB53F53E486D8511DAD8A04887E5B2352 2CD A299FA9E ABC11A1DF38855ED6F2EE187E9C582BA6 7/108
8 From Uncompressed Public Key to Address (2/4) 2. Perform SHA256 hashing on the Public Key 600FFE422B4E00731A59557A5CCA46CC A447BDB2D98D4B Perform RIPEMD160 hashing on the result of SHA D E5E39F86A0D273BEE Note: step 2-3 are often defined as HASH160 HASH160(PubKey) := SHA256(RIPEMD160(PubKey)) 4. Add version byte in front of HASH160 (0x00 for Main Network) to obtain the extended HASH D E5E39F86A0D273BEE The leading zeros, while irrelevant digits for a number, are retained through the following conversions and will lead to a leading 1 in the resulting address 8/108
9 From Uncompressed Public Key to Address (3/4) Base58Check encoding steps: 5. SHA256 hash on the extended HASH C7A8007A93D BB320A8FE2DEBD2AE1B47F0F50BC10BAE845C SHA256 hash on the result of the previous step D61967F63C7DD183914A4AE452C9F6AD5D462CE3D B107615C1A8A30 7. Take the first 4 bytes of the second SHA256 hash as address checksum D61967F6 9/108
10 From Uncompressed Public Key to Address (4/4) 8. Add the 4 checksum bytes from stage 7 at the end of extended HASH D E5E39F86A0D273BEED61967F6 9. Convert into a base58 string using Base58 encoding 16UwLL9Risc3QfPqBUvKofHmBQ7wMtjvM The bitcoin address is the Base58 encoding of the HASH160 of a Public key; it starts with 1 because of the 0x00 prefix. 10/108
11 From Compressed Public Key to Address Using the same private key as in the previous slide 0x18E14A7B6A307F426A94F E7C8E774E7F9A47E2C2035DB29A Start from the associated Public Key in compressed representation (33 bytes: 1 byte x02 or x03, 32 bytes corresponding to the X coordinate) AD64A87AE8A2FE83C1AF1A8403CB53F53E486D8511DAD8A04887E5B2352 Arrive to a Base58 encoded address 1PMycacnJaSqwwJqjawXBErnLsZ7RkXUAs Again: the address is the Base58 encoding of the HASH160 of a Public key; it starts with 1 because of the 0x00 prefix. 11/108
12 Private Key (Uncompressed) WIF Given a private key 0x0C28FCA386C7A227600B2FE50B7CAE11EC86D3BF1FBE471BE89827E19D72AA1D 1. Extended private key (80 prefix, no suffix) 0x800C28FCA386C7A227600B2FE50B7CAE11EC86D3BF1FBE471BE89827E19D72AA1D 2. 4 bytes checksum added 0x800C28FCA386C7A227600B2FE50B7CAE11EC86D3BF1FBE471BE89827E19D72AA1D507A5B8D 3. Base58 encode is 51 characters; it always starts with 5, because of the 0x80 prefix 5HueCGU8rMjxEXxiPuD5BDku4MkFqeZyd4dZ1jvhTVqvbTLvyTJ The uncompressed property does not refer to the private key: it is the public key point derived from uncompressed WIF that must be uncompressed 12/108
13 Private Key (Compressed) WIF Using the same private key as in the previous slide 0x0C28FCA386C7A227600B2FE50B7CAE11EC86D3BF1FBE471BE89827E19D72AA1D 1. Extended private key (0x80 prefix, 0x01 suffix) 0x800C28FCA386C7A227600B2FE50B7CAE11EC86D3BF1FBE471BE89827E19D72AA1D bytes checksum added 0x800C28FCA386C7A227600B2FE50B7CAE11EC86D3BF1FBE471BE89827E19D72AA1D01A62019D2 3. Base58 encode is 52 characters (longer than uncompressed WIF because of the 0x01 suffix); it always starts with K or L, because of the 0x80 prefix KwdMAjGmerYanjeui5SHS7JkmpZvVipYvB2LJGU1ZxJwYvP98617 The compressed property does not refer to the private key: it is the public key derived from compressed WIF that must be compressed 13/108
14 Addresses/Keys Version Types Network Usage Version type Leading symbol(s) Mainnet Pubkey hash (address) 00 1 Mainnet prvkey (uncompressed WIF) 80 5 Mainnet prvkey (compressed WIF) 80 K or L Testnet Pubkey hash (address) 6F m or n Testnet prvkey (uncompressed WIF) EF 9 Testnet prvkey (compressed WIF) EF c 14/108
15 Relation Between Keys, Addresses, and WIF 1. prvkey < Base58Encoding > WIF 2. prvkey EC Multiplication > PubKey 3. PubKey HASH160 > PubKeyHash 4. PubKeyHash < Base58Encoding > address EC multiplication and hash functions are one-way Quantum computers will be able to factor private keys from public keys, but not to invert hash functions 15/108
16 Homework With the private key obtained with the previous homework: 1. Calculate the uncompressed WIF 2. Calculate the compressed WIF 3. Calculate the address from uncompressed Public key 4. Calculate the address from compressed Public key Check PrvKeyToWIFCompressed.py, PrvKeyToWIFUncompressed.py, and PubKeyToAddress.py in the scripts folder at Verify your results at (Wallet Details) 16/108
17 Table of Contents 1. Addresses and Wallet Import Formats 2. TxIns, TxOs, UTxOs 3. Bitcoin Script Language 4. Transaction Scripts 5. Odds and Sods 6. Blocks 7. Historical Transactions 17/108
18 Transactions Txs can be created by any means, even offline Txs can be propagated to the network even by non secure channels Nodes will validate Txs before propagating them further Txs consume one or more transaction inputs (TxIns) and generate one or more transaction outputs (TxOs) Coinbase transactions have no TxIns 18/108
19 TxOs and UTxO Pool TxOs are amount of bitcoins, recorded on the blockchain and associated to addresses Blockchain has neither accounts nor balances A given address usually has its associated bitcoins as (possibly many) TxOs scattered over (possibly many) blocks TxOs can only be spent once and fully as indivisible chunks bitcoins only exist as unspent TxOs (UTxOs) The UTxO pool is the LevelDB database cache used to record all current UTxOs 19/108
20 Unspent TxOs: Electrum Testnet 2 UTxO (2BTC + 1BTC) on the address tb1qhd92h3tac67u2merxvyu3nen6cgf5y2k8q24hd 1 UTxO each ( and ) on two other addresses Balance includes all of them 20/108
21 TxIns reference and spend UTxOs Software can empower the user with coin control, i.e. picking TxIns 21/108
22 TxOs Locking Puzzle Every TxO is locked by a mathematical puzzle (encumbrance) To spend the TxO, the corresponding TxIn must provide the solution to (i.e. unlock) the puzzle Unlocking a TxO puzzle usually involves a digital signature using the private key related to the address the TxO is associated to 22/108
23 TxIns Each TxIn must hold: the reference to the UTxO being spent: hash pointer to the previous Tx (TxPrev) where the UTxO has been created zero-based index identifying the UTxO among those created in TxPrev the unlocking solution of the UTxO mathematical puzzle (usually including private key signature) 23/108
24 nlocktime Earliest time that a transaction is valid and can be relayed on the network or added to the blockchain A transaction is finalized when its nlocktime has been reached nlocktime < 500,000,000 it is interpreted as block number nlocktime > 500,000,000 it is interpreted as Unix Epoch timestamp (number of second since 00:00:00UTC Jan 1, 1970) A TxIn include a sequence number used to override a transaction prior to the expiration of its (nonzero) lock-time (nlocktime is ignored when the sequence numbers of all TxIns are set to UINT_MAX) 24/108
25 Transaction Validity 1. can be finalized (i.e. it is not time locked) 2. TxIns reference UTxOs only 3. Each TxIn provides the unlocking solution for the mathematical puzzle of its referenced UTxO 4. The amounts of the newly generated TxOs is less than or equal to the amount of TxIns /108
26 TxIns, TxOs, and Fees σ TxO i σ TxIn i : the amounts of the newly generated TxOs must be less than or equal to the amount of TxIns σ TxO i + Fee = σ TxIn i : the difference between TxIns and TxOs is collected as additional fee reward in the coinbase transaction If the amount referenced by the used TxIns is greater than the amount of the intended transaction, a change must be sent to a change address The fee cannot not be a TxO because the winning miner is not known at transaction time 26/108
27 Transaction Fees A minimum fee of BTC is used as disincentive against "spam" transactions or system abuse Fees are an incentive for miners to prioritize a transaction for inclusion in the next block, especially if blocks are full Fees depend on the size of the transaction in kilobytes, not the transaction value in BTC The way transaction fees are calculated and the effect they have on transaction prioritization has been evolving according to market forces 27/108
28 Transaction Fees 28/108
29 29/108
30 Table of Contents 1. Addresses and Wallet Import Formats 2. TxIns, TxOs, UTxOs 3. Bitcoin Script Language 4. Transaction Scripts 5. Odds and Sods 6. Blocks 7. Historical Transactions 30/108
31 Stack Data Structure Based on the Last In First Out (LIFO) principle Operators push data on the top of the stack or pop out data from the top of the stack Conditional operators evaluate a condition, pushing a TRUE/FALSE result on the top of the stack 31/108
32 Script Language A very simple Forth-like language that uses reverse-polish notation 1. no loops or complex flow control capabilities 2. ensure termination, i.e. finite time execution (implied by 1) 3. memory access is stack-based: there are no variables, calculations are performed on the stack Script is purposefully stateless and not Turing-complete Limited flexibility is a deliberate security feature, preventing vulnerability from the transaction validation mechanism 32/108
33 Verify 2+3=5 Using Script 2 3 OP_ADD 5 OP_EQUAL Stack 2 3 OP_ADD 5 OP_EQUAL 33/108
34 Verify 2+3=5 Using Script 2 3 OP_ADD 5 OP_EQUAL Stack 2 3 OP_ADD 5 OP_EQUAL 2 34/108
35 Verify 2+3=5 Using Script 2 3 OP_ADD 5 OP_EQUAL Stack 2 3 OP_ADD 5 OP_EQUAL /108
36 Verify 2+3=5 Using Script 2 3 OP_ADD 5 OP_EQUAL Stack 2 3 OP_ADD 5 OP_EQUAL 5 36/108
37 Verify 2+3=5 Using Script 2 3 OP_ADD 5 OP_EQUAL Stack 2 3 OP_ADD 5 OP_EQUAL /108
38 Verify 2+3=5 Using Script 2 3 OP_ADD 5 OP_EQUAL Stack 2 3 OP_ADD 5 OP_EQUAL TRUE 38/108
39 Interactive Script Playgrounds Bitcoin Debug Script Execution convert Script to JavaScript 39/108
40 Operators 256 opcodes total (15 disabled, 75 reserved) Arithmetic If/then Logic/data handling Crypto Hashes Signature verification Multi-signature verification 40/108
41 Operators OP_DUP duplicates the top stack value OP_HASH160 performs double hashing of the top stack value, first using SHA256 and then RIPEMD160 OP_HASH256 performs double hashing of the top stack value using SHA256 OP_EQUAL returns TRUE if the two top stack values are exactly equal, FALSE otherwise OP_VERIFY marks transaction as invalid if top stack value is not TRUE. The top stack value is removed. OP_EQUALVERIFY is equivalent to OP_EQUAL followed by OP_VERIFY OP_CHECKSIG checks that the input signature is a valid signature using the input public key for the hash of the current transaction OP_RETURN marks transaction as invalid. A standard way of attaching extra data to transactions is to add a zero-value TxO with a <scriptpubkey> consisting of OP_RETURN followed by exactly one pushdata operator 41/108
42 Table of Contents 1. Addresses and Wallet Import Formats 2. TxIns, TxOs, UTxOs 3. Bitcoin Script Language 4. Transaction Scripts 5. Odds and Sods 6. Blocks 7. Historical Transactions 42/108
43 Transaction Script TxOs include a <scriptpubkey> locking mathematical puzzle (usually including, in some way, the bitcoin address or the public key) The puzzle must be solved in order to spend the UTxO The spending TxIn provides <scriptsig> unlocking solution (usually including, in some way, the private key signature) 43/108
44 Script Evaluation The Unlock+Lock script (<scriptsig>+<scriptpubkey>) is evaluated If the script fails or its result is FALSE then the TxIn is invalid A UTxO is unaffected by failed attempts to spend it A TxIn that satisfies the UTxO conditions does spend it: the TxO remains in the blockchain, but it is removed from the UTxO pool 44/108
45 Script Execution Scripts are not really concatenated anymore: executed separately for security reason, stack being transferred between the two 45/108
46 Standard Transactions Many different scripts are possible, but for security reason a transaction is usually relayed only if IsStandard(), i.e. does not violate good network behavior rules its scripts match a small set of believed-to-be-safe templates: pay-to-public-key (P2PK, the easiest and oldest) pay-to-public-key-hash (P2PKH, the most common) null data (OP_RETURN) multi-signature (limited to 15 keys) pay-to-script-hash (P2SH, the most versatile) {SegWit transactions} Valid non-standard transactions, if included in blocks, are accepted 46/108
47 Pay-To-Public-Key (P2PK) The first transaction type was Pay-To-Public-Key (P2PK) In the early days of Bitcoin coins were assigned to uncompressed Public keys spent using DER signatures 47/108
48 Pay-To-Public-Key (P2PK) <scriptsig> + <scriptpubkey> <sig> <pubkey> OP_CHECKSIG TX_PUBKEY Stack 48/108
49 Pay-To-Public-Key (P2PK) <scriptsig> + <scriptpubkey> <sig> <pubkey> OP_CHECKSIG TX_PUBKEY Stack <sig> 49/108
50 Pay-To-Public-Key (P2PK) <scriptsig> + <scriptpubkey> <sig> <pubkey> OP_CHECKSIG TX_PUBKEY Stack <pubkey> <sig> 50/108
51 Pay-To-Public-Key (P2PK) <scriptsig> + <scriptpubkey> <sig> <pubkey> OP_CHECKSIG TX_PUBKEY Stack TRUE 51/108
52 Quantum Resistance Problem: to publish a public key on the blockchain is not quantum resistant, as such it is not future proof Solution: pay to the hash of the public key, publishing only the public key hash (i.e. the address) on the blockchain 52/108
53 Pay-To-Public-Key-Hash (P2PKH) <scriptsig> + <scriptpubkey> <sig> <pubkey> OP_DUP OP_HASH160 <pubkeyhash?> OP_EQUALVERIFY OP_CHECKSIG TX_PUBKEYHASH Stack 53/108
54 Pay-To-Public-Key-Hash (P2PKH) <scriptsig> + <scriptpubkey> <sig> <pubkey> OP_DUP OP_HASH160 <pubkeyhash?> OP_EQUALVERIFY OP_CHECKSIG TX_PUBKEYHASH Stack <sig> 54/108
55 Pay-To-Public-Key-Hash (P2PKH) <scriptsig> + <scriptpubkey> <sig> <pubkey> OP_DUP OP_HASH160 <pubkeyhash?> OP_EQUALVERIFY OP_CHECKSIG TX_PUBKEYHASH Stack <pubkey> <sig> 55/108
56 Pay-To-Public-Key-Hash (P2PKH) <scriptsig> + <scriptpubkey> <sig> <pubkey> OP_DUP OP_HASH160 <pubkeyhash?> OP_EQUALVERIFY OP_CHECKSIG TX_PUBKEYHASH Stack <pubkey> <pubkey> <sig> 56/108
57 Pay-To-Public-Key-Hash (P2PKH) <scriptsig> + <scriptpubkey> <sig> <pubkey> OP_DUP OP_HASH160 <pubkeyhash?> OP_EQUALVERIFY OP_CHECKSIG TX_PUBKEYHASH Stack <pubkeyhash> <pubkey> <sig> 57/108
58 Pay-To-Public-Key-Hash (P2PKH) <scriptsig> + <scriptpubkey> <sig> <pubkey> OP_DUP OP_HASH160 <pubkeyhash?> OP_EQUALVERIFY OP_CHECKSIG TX_PUBKEYHASH Stack <pubkeyhash?> <pubkeyhash> <pubkey> <sig> 58/108
59 Pay-To-Public-Key-Hash (P2PKH) <scriptsig> + <scriptpubkey> <sig> <pubkey> OP_DUP OP_HASH160 <pubkeyhash?> OP_EQUALVERIFY OP_CHECKSIG TX_PUBKEYHASH Stack <pubkey> <sig> 59/108
60 Pay-To-Public-Key-Hash (P2PKH) <scriptsig> + <scriptpubkey> <sig> <pubkey> OP_DUP OP_HASH160 <pubkeyhash?> OP_EQUALVERIFY OP_CHECKSIG TX_PUBKEYHASH Stack TRUE 60/108
61 Pay-To-Public-Key-Hash (P2PKH) Public keys are revealed at redemption time only Problem: multiple UTxOs associated to the same address would see their common public key revealed when the first UTxO is spent Solution: use a different address (i.e. public key) for each TxO! 61/108
62 Blockchain for Data Unrelated to Transactions The 20-byte destination address can be used to store any data in the blockchain, e.g. file hash for proof-of-existence of the file on the transaction date Blockchain as distributed and time-stamped ledger system for digital notary services, stock certificates, smart contracts, etc. Blockchain abuse or clever use? Waste: if the address does not correspond to a private key the UTxO can never be spent, associated bitcoins are lost Bloat: blockchain disk storage, UTxO cache RAM 62/108
63 A Better Approach: OP_RETURN 80 bytes of nonpayment data are allowed after OP_RETURN OP_RETURN forces the failure of any script including it; the associated TxO cannot be spent As such, its TxO is provably unspendable: it is stored in the blockchain but prunable from the UTxO pool (limited bloat) The TxO can have zero bitcoin associated (no waste) see and 63/108
64 OP_RETURN TX_NULL_DATA <scriptsig> + <scriptpubkey> Stack <WHATEVER> OP_WHATEVER OP_RETURN <data> OP_RETURN makes the TxO unspendable 64/108
65 Multisignature (M-of-N) Transaction TX_MULTISIG <scriptsig> + <scriptpubkey> OP_0 <sig1> <sigm> <M> <pubkey1> <pubkeyn> <N> OP_CHECKMULTISIGVERIFY Stack 65/108
66 Multisignature (M-of-N) Transaction TX_MULTISIG <scriptsig> + <scriptpubkey> Fast forward here OP_0 <sig1> <sigm> <M> <pubkey1> <pubkeyn> <N> OP_CHECKMULTISIGVERIFY Stack N <pubkeyn> <pubkey1> M <sigm> <sig1> 0 OP_CHECKMULTISIGVERIF Y bug: it consumes one extra ignored data element 66/108
67 Multisignature (M-of-N) Transaction TX_MULTISIG <scriptsig> + <scriptpubkey> Stack OP_0 <sig1> <sigm> <M> <pubkey1> <pubkeyn> <N> OP_CHECKMULTISIGVERIFY TRUE 67/108
68 From TX_MULTISIG To TX_SCRIPTHASH TX_MULTISIG: up to 15-of-15 (1650 bytes signature script limit) Problems: Public keys are published on the blockchain A multisig <scriptpubkey> is bigger than the P2PKH one Expensive for the sender, beneficial for the receiver Solution: create a new type of UTxO that shifts the burden into the redemption <scriptsig> 68/108
69 From TX_MULTISIG To TX_SCRIPTHASH This 65*3+3 bytes <redeem script> <2 pubk1 pubk2 pubk3 3 OP_CHECKMULTISIG> Can be represented by its much shorter 20 bytes HASH160: <redeem script 20-byte Hash160> Lock the transaction with: OP_HASH160 <redeem script 20-byte Hash160> OP_EQUAL Unlock with: <Sig2> <Sig3> <2 pubk1 pubk2 pubk3 3 OP_CHECKMULTISIG> 69/108
70 BIP16 Pay-To-Script-Hash (P2SH) pay to a script matching this hash, a script that will be presented to spend this output in the future: the sender does not handle complexity, the recipient will Scripts are coded as addresses: complex scripts are replaced by shorter fingerprints in the TxO A future spending TxIn will contain the redeem script whose hash is contained in the UTxO: the fee cost for a complex script is shifted from the current sender to the recipient at future redemption time Smaller <scriptpubkey> in the (present) UTxO set, larger <scriptsig> in the (future) blockchain Public keys are revealed at redemption time only 70/108
71 BIP16 Pay-To-Script-Hash (P2SH) P2SH transactions can contain any valid script allowing for experimentation with new and complex types of transactions Transactions that redeem P2SH TxO are considered standard if the redeem script is, itself, one standard transaction type A TxO locked with the hash of an invalid script is valid, but cannot be spent with a valid TxIn P2SH specification is not recursive Redeem script cannot include OP_RETURN 71/108
72 P2SH Addresses (BIP16) Base58Check encode of a P2SH use version prefix of 5 (instead of 0), resulting in an address starting with a 3 (instead of 1 ) P2SH 3 addresses designate the beneficiary of a bitcoin transaction as the hash of a script Bitcoins sent to 3 P2SH addresses require something more than the presentation of one public key (hash) and one private key signature to be spent Requirements are designated at the time the address is created, within the script 72/108
73 P2SH Example: One Signature Required <scriptsig> + <scriptpubkey> Stack <sig> {[pubkey] OP_CHECKSIG} OP_HASH160 [20-byte-hash of {[pubkey] OP_CHECKSIG}] OP_EQUAL 73/108
74 P2SH Example: Hash of P2PK <scriptsig> + <scriptpubkey> Stack <sig> {[pubkey] OP_CHECKSIG} OP_HASH160 [20-byte-hash of {[pubkey] OP_CHECKSIG}] OP_EQUAL <sig> 74/108
75 P2SH Example: Hash of P2PK <scriptsig> + <scriptpubkey> Stack <sig> {[pubkey] OP_CHECKSIG} OP_HASH160 [20-byte-hash of {[pubkey] OP_CHECKSIG}] OP_EQUAL {[pubkey] OP_CHECKSIG} <sig> 75/108
76 P2SH Example: Hash of P2PK <scriptsig> + <scriptpubkey> Stack <sig> {[pubkey] OP_CHECKSIG} OP_HASH160 [20-byte-hash of {[pubkey] OP_CHECKSIG}] OP_EQUAL [20-byte-hash of {[pubkey] OP_CHECKSIG}] <sig> 76/108
77 P2SH Example: Hash of P2PK <scriptsig> + <scriptpubkey> Stack <sig> {[pubkey] OP_CHECKSIG} OP_HASH160 [20-byte-hash of {[pubkey] OP_CHECKSIG}] OP_EQUAL [20-byte-hash of {[pubkey] OP_CHECKSIG}] [20-byte-hash of {[pubkey] OP_CHECKSIG}] <sig> 77/108
78 P2SH Example: Hash of P2PK <scriptsig> + <scriptpubkey> Stack <sig> {[pubkey] OP_CHECKSIG} OP_HASH160 [20-byte-hash of {[pubkey] OP_CHECKSIG}] OP_EQUAL <sig> 78/108
79 P2SH Example: Hash of P2PK Now keep validating using the current stack and the redeem script as <scriptpubkey> [pubkey] OP_CHECKSIG <scriptpubkey> Stack <sig> 79/108
80 P2SH Example: Hash of P2PK <scriptpubkey> Stack [pubkey] OP_CHECKSIG [pubkey] <sig> 80/108
81 P2SH Example: Hash of P2PK <scriptpubkey> Stack [pubkey] OP_CHECKSIG TRUE 81/108
82 Pay-to-script-hash (P2SH) 82/108
83 Homework (1/2) Create a Hashlock transaction, i.e. an output locking script <scriptpubkey> including a hash value, spendable with an input unlocking script <scriptsig> composed only by the hash pre-image Preferably use the hash value with seven leading zero you obtained in the first lesson homework (hint: use OP_HASH265 and OP_EQUAL) Check the result with online script engines or python code Why is such a transaction not secure? (hint: who see your spending transaction? What attack could be performed? Why do we usually rely on asymmetric cryptography?) 83/108
84 Homework (2/2) See also: d1db51ff3100d285956a40cc0e4f8c8c2c4a80559 b1 Study the script logic at: 363d1db51ff3100d285956a40cc0e4f8c8c2c4a80 559b1:0 84/108
85 Table of Contents 1. Addresses and Wallet Import Formats 2. TxIns, TxOs, UTxOs 3. Bitcoin Script Language 4. Transaction Scripts 5. Odds and Sods 6. Blocks 7. Historical Transactions 85/108
86 TxIn signature <scriptsig> Hash Type Which of the newly created TxOs are covered by the TxIns signature 1. SIGHASH_ALL (default): modifying any TxO in a transaction would require all the TxIns to be signed again 2. SIGHASH_NONE: any TxO in the transaction can be changed 3. SIGHASH_SINGLE: the TxO of the same index as the TxIn cannot be changed 2-3 does allow other TxIns to update their sequence numbers, 1 does not SIGHASH_ANYONECANPAY is combined with the previous ones to indicate which TxIn is covered: the current TxIn if TRUE, all TxIns if FALSE 86/108
87 Malleability Transaction signature does not cover all the data in a transaction that is hashed to create the transaction hash A transaction s hash can be manipulated without altering TxIn, TxOut, and spendibility conditions; e.g. DER-encoded ASN.1 octet representation for every ECDSA signature (r, s), the signature (r, N-s) is a valid signature of the same message the <scriptsig> is not signed and can be manipulated with additional data then removed with OP_DROP, etc. 87/108
88 Segregated Witness (SegWit) "witness" is a solution to a cryptographic puzzle, e.g.: <scriptsig> every TxIn in a transaction is followed by the witness data that unlocks its corresponging TxO. Segregated Witness moves the <scriptsig> outside of the transaction data structure, into a separate witness data structure that complements the transaction Clients may request transaction data with or without the accompanying witness data. 88/108
89 SegWit Benefits Transaction malleability fix Signature verification optimization (linear scaling of sighash operations) Increased security for multisig via pay-to-script-hash (P2SH) Script versioning Network and storage scaling Offline signing improvement 89/108
90 Empty <scriptpubkey> Anyone can spend an empty <scriptpubkey> with a <scriptsig> consisting of OP_TRUE only <scriptsig>+<scriptpubkey> = OP_TRUE 90/108
91 Transaction Chaining and Orphan Transactions Transaction chaining: child transaction spends the outputs of the parent transaction The child might arrive before the parent: it is put it in the orphan transaction pool while waiting for the arrival of its parent There is a limit MAX_ORPHAN_TRANSACTIONS to the number of orphan transactions stored in memory, to prevent a denial-of-service attack If a transaction is stuck because of a low fee, child-pay-for-parent means that a child transaction can pay enough fee for prioritizing both parent and child 91/108
92 Replace By Fee - BIP 125 RBF allows replacing a 0-confirmations transaction by transmitting another transaction with a higher fee RBF is opt-in 92/108
93 Table of Contents 1. Addresses and Wallet Import Formats 2. TxIns, TxOs, UTxOs 3. Bitcoin Script Language 4. Transaction Scripts 5. Odds and Sods 6. Blocks 7. Historical Transactions 93/108
94 Transaction Bundling Transactions are bundled in blocks for practical reasons (shorter chain, single unit of work for validators, faster history validation) nonce prev_hash Tx Tx Tx nonce prev_hash Tx Tx Tx nonce prev_hash Tx Tx Tx nonce prev_hash Tx Tx Tx nonce prev_hash Tx Tx Tx Transactions in a block are actually packaged in a Merkle Tree 94/108
95 Hash chain of blocks Block Structure prev: H( ) trans: H( ) prev: H( ) trans: H( ) prev: H( ) trans: H( ) H( ) H( ) Hash tree (Merkle tree) of transactions in each block H( ) H( ) H( ) H( ) transaction transaction transaction transaction 95/108
96 Block structure Block structure Block size 4 bytes Block header 80 bytes Number of Transactions 1-9 bytes Transactions Variable bytes The average block contains more than 2000 transactions. The maximum block size, as fixed in Bitcoin Core, is 1MB 96/108
97 Block header Field Description Updated when Size Block structure Block size 4 bytes Block header 80 bytes Number of Transactions 1-9 bytes Transactions Variable bytes Version Previous block hash Merkle root Timestamp Block version number Reference to the hash of the previous block Hash of the root of the Merkle tree of the block s transaction Block time creation time (seconds from Unix Epoch) New software is released A new block comes in A transaction is accepted Every few seconds 4 bytes 32 bytes 32 bytes 4 bytes Difficulty target Every 2160 blocks 4 bytes Nonce Number used for the proof-of-work Partial Inversion Hash Puzzle is solved 4 bytes 97/108
98 Block structure: example 98/108
99 99/108
100 100/108
101 Homework First halving: provide block height and hash pointer of the first 25BTC coinbase transaction Last halving: provide block height and hash pointer of the last halving coinbase transaction Hint: use or any other block explorer 101/108
102 Table of Contents 1. Addresses and Wallet Import Formats 2. TxIns, TxOs, UTxOs 3. Bitcoin Script Language 4. Transaction Scripts 5. Odds and Sods 6. Blocks 7. Historical Transactions 102/108
103 Genesis Block 103/108
104 Genesis Block Number Of Transactions: 1; Difficulty: 1; Nonce: ; Block Reward: 50 BTC Hash: d6689c085ae165831e934ff763ae46a2a6c172b3f1b60a8ce26f Merkle Root: 4a5e1e4baab89f3a32518a88c31bc87f618f76673e2cc77ab2127b7afdeda33b The genesis block reward can't be spent due to a quirk in the way that the genesis block is expressed in the code. It is not known if this was intentional or an accident /108
105 First Transaction, From Satoshi to Hal Finney 105/108
106 First Purchase: Pizza Transaction msg1 106/108
107 First Purchase: Pizza Transaction 107/108
108 Bibliography A. Narayanan, et al., Bitcoin and Cryptocurrency Technologies, chapter 3 Pedro Franco, Understanding Bitcoin, Wiley, chapter 6 Andreas Antonopoulos, Mastering Bitcoin, O'Reilly, chapters 2, 4, 6, /108
Mechanics of Bitcoin
Mechanics of Bitcoin Minsoo Ryu Hanyang University Outline Bitcoin Transactions Bitcoin Scripts Bitcoin Blocks Bitcoin Network Limitations and Improvements For more information, visit https://bitcoin.org/en/developer-reference#
More informationBLOCKCHAIN Blockchains and Transactions Part II A Deeper Dive
BLOCKCHAIN Blockchains and Transactions Part II A Deeper Dive www.blockchaintrainingalliance.com Blockchain Page 3 Blockchain is NOT Bitcoin Page 4 Transactions Page 5 Multi-Signature Addresses An Address
More informationLecture 6. Mechanics of Bitcoin
Lecture 6 Mechanics of Bitcoin Bitcoin transactions time An account-based ledger (not Bitcoin) Create 25 coins and credit to Alice ASSERTED BY MINERS SIMPLIFICATION: only one transaction per block time
More informationBitcoin/Blockchain. Workshop
Prev : H() nonce: 2009 Prev : H() nonce: 13514 Prev : H() nonce: 80724 data data data Bitcoin/Blockchain Workshop Prashanth.B Founder, CEO, lastbit pb@lastbit.io Overview (Day 1 Hour 1) 1. An Introduction
More informationUpgrading Bitcoin: Segregated Witness. Dr. Johnson Lau Bitcoin Core Contributor Co-author of Segregated Witness BIPs March-2016
Upgrading Bitcoin: Segregated Witness Dr. Johnson Lau Bitcoin Core Contributor Co-author of Segregated Witness BIPs 141-143 16-March-2016 Topics A short introduction to Bitcoin transactions What is transaction
More informationUniversity of Duisburg-Essen Bismarckstr Duisburg Germany HOW BITCOIN WORKS. Matthäus Wander. June 29, 2011
University of Duisburg-Essen Bismarckstr. 90 47057 Duisburg Germany HOW BITCOIN WORKS June 29, 2011 Overview Electronic currency system Decentralized No trusted third party involved Unstructured peer-to-peer
More informationSKBI Cryptocurrency Technical Seminar Series Seminar 1: Basics: Cryptography and Transactions
SKBI Cryptocurrency Technical Seminar Series Seminar 1: Basics: Cryptography and Transactions Zhiguo Wan Sim Kee Boon Institute for Financial Economics Singapore Management University Schedule of bitcoin
More informationBitcoin (Part I) Ken Calvert Keeping Current Seminar 22 January Keeping Current 1
Bitcoin (Part I) Ken Calvert Keeping Current Seminar 22 January 2014 2014.01.22 Keeping Current 1 Questions What problem is Bitcoin solving? Where did it come from? How does the system work? What makes
More informationErgo platform. Dmitry Meshkov
Ergo platform Dmitry Meshkov Prehistory Motivation Theory Practice Provably secure 1000 currencies New features Ad-hoc solutions Impractical Security issues Motivation Theory Provably secure New features
More informationTechnical Analysis of Established Blockchain Systems
Technical Analysis of Established Blockchain Systems Florian Haffke, 20.11.2017, Munich Chair of Software Engineering for Business Information Systems (sebis) Faculty of Informatics Technische Universität
More informationWhat is Bitcoin? How Bitcoin Works. Outline. Outline. Bitcoin. Problems with Centralization
What is Bitcoin? How Bitcoin Works Kai Brünnler Research Institute for Security in the Information Society Bern University of Applied Sciences Bitcoin an open-source software a peer-to-peer network a decentralized
More informationFiiiCOIN. Yellow Paper. FiiiCOIN Yellow Paper v0.01. A versatile, scalable and energy efficient blockchain technology. Authors.
FiiiCOIN A versatile, scalable and energy efficient blockchain technology Yellow Paper Authors Sylvester Lee CTO & Founder John Liu Solutions Architect 1 P a g e Abstract FiiiCoin is a transaction network
More informationRealization and Addressing Analysis In Blockchain Bitcoin
IOP Conference Series: Materials Science and Engineering PAPER OPEN ACCESS Realization and Addressing Analysis In Blockchain Bitcoin To cite this article: Raja Sakti Arief Daulay et al 2017 IOP Conf. Ser.:
More informationAnalysis of the Bitcoin UTXO set*
Analysis of the Bitcoin UTXO set* Sergi Delgado-Segura, Cristina Pérez-Solà, Guillermo Navarro-Arribas, Jordi Herrera-Joancomartí Department of Information Engineering and Communications, Universitat Autònoma
More informationBlockchain Bitcoin & Ethereum
Blockchain Bitcoin & Ethereum Pascal.Urien@Telecom-ParisTech.fr Pascal Urien 1 "Bitcoin: A Peer-to-Peer Electronic Cash System." Satoshi Nakamoto In this paper, we propose a solution to the double-spending
More informationVisualizing and Tracing Bitcoin Transactions
Visualizing and Tracing Bitcoin Transactions Matthew Consterdine & Dennis Parchkov & Altay Adademir Abstract This project demonstrates the ability to visualize, and trace transactions through the Bitcoin
More informationConsensus & Blockchain
Consensus & Blockchain S P Suresh Chennai Mathematical Institute Formal Methods Update Meeting IIT Mandi July 17, 2017 The Bitcoin revolution is upon us What is Bitcoin? Bitcoin: an exciting new currency
More informationICS 421 & ICS 690. Bitcoin & Blockchain. Assoc. Prof. Lipyeow Lim Information & Computer Sciences Department University of Hawai`i at Mānoa
ICS 421 & ICS 690 Bitcoin & Blockchain Assoc. Prof. Lipyeow Lim Information & Computer Sciences Department University of Hawai`i at Mānoa Accepted by: Overstock.com Expedia.com Newegg.com Tigerdirect.com
More informationBitcoin and Blockchain
Bitcoin and Blockchain COS 418: Distributed Systems Lecture 18 Zhenyu Song [Credit: Selected content adapted from Michael Freedman. Slides refined by Chris Hodsdon and Theano Stavrinos] Why Bitcoin? All
More informationAnupam Datta CMU. Fall 2015
Anupam Datta CMU Fall 2015 A rational reconstruction of Bitcoin 1. Start with straw man design 2. Identify weaknesses 3. Augment design and iterate Alice: I, Alice, am giving Bob one coin Alice digitally
More informationComputer Security. 14. Blockchain & Bitcoin. Paul Krzyzanowski. Rutgers University. Spring 2019
Computer Security 14. Blockchain & Bitcoin Paul Krzyzanowski Rutgers University Spring 2019 April 15, 2019 CS 419 2019 Paul Krzyzanowski 1 Bitcoin & Blockchain Bitcoin cryptocurrency system Introduced
More informationBlockchain, Cryptocurrency, Smart Contracts and Initial Coin Offerings: A Technical Perspective
SESSION ID: LAB3-R09 Blockchain, Cryptocurrency, Smart Contracts and Initial Coin Offerings: A Technical Perspective Tom Plunkett Consulting Solutions Director Oracle Captain Brittany Snelgrove United
More informationIntroduction to Bitcoin I
Introduction to Bitcoin I P Peterlongo 1 A Tomasi 1 1 University of Trento Department of Mathematics June 10, 2013 Outline 1 Fiat and online payments Functions of Online payments and cost of clearing 2
More informationViacoin Whitepaper. Viacoin Dev Team September 12, Abstract
Viacoin Dev Team September 12, 2017 Last updated on March 17, 2018 Abstract Viacoin is an open source crypto-currency created in 2014, derived from the [bitcoin2008]bitcoin protocol that supports embedded
More informationMicropayments, Now! Probabilistic Micropayments in Bitcoin
Micropayments, Now! Probabilistic Micropayments in Bitcoin Jeremy Rubin November 26, 2015 In this paper, I introduce a probabilistic micropayments scheme which works without any modification to the Bitcoin
More informationSmalltalk 3/30/15. The Mathematics of Bitcoin Brian Heinold
Smalltalk 3/30/15 The Mathematics of Bitcoin Brian Heinold What is Bitcoin? Created by Satoshi Nakamoto in 2008 What is Bitcoin? Created by Satoshi Nakamoto in 2008 Digital currency (though not the first)
More informationBlockchain. CS 240: Computing Systems and Concurrency Lecture 20. Marco Canini
Blockchain CS 240: Computing Systems and Concurrency Lecture 20 Marco Canini Credits: Michael Freedman and Kyle Jamieson developed much of the original material. Bitcoin: 10,000 foot view New bitcoins
More informationBitcoin Script 2.0 and Strengthened Payment Channels
Bitcoin Script 2.0 and Strengthened Payment Channels Johnson Lau, Bitcoin protocol developer Olaoluwa Osuntokun, Co-founder Lightning Labs Presented at Scaling Bitcoin 2017 Stanford, CA November 4th 2017
More informationJan Møller Co-founder, CTO Chainalysis
Jan Møller Co-founder, CTO Chainalysis How Does Bitcoin Actually Work? This talk is not about the poli:cal or economical impact of Bitcoin. This talk is not about how to buy, sell, spend, or secure your
More informationAnupam Datta CMU. Spring 2017
Anupam Datta CMU Spring 2017 A rational reconstruction of Bitcoin 1. Start with straw man design 2. Identify weaknesses 3. Augment design and iterate Alice: I, Alice, am giving Bob one coin Alice digitally
More informationWorking on scripts with logical opcodes. Thomas Kerin
Working on scripts with logical opcodes Thomas Kerin 1 Thanks to the speakers committee and conference organizers! 2 Logical opcodes Script has logical opcodes - IF/NOTIF/ELSE/ENDIF. Allows for different
More informationProblem: Equivocation!
Bitcoin: 10,000 foot view Bitcoin and the Blockchain New bitcoins are created every ~10 min, owned by miner (more on this later) Thereafter, just keep record of transfers e.g., Alice pays Bob 1 BTC COS
More informationENEE 457: E-Cash and Bitcoin
ENEE 457: E-Cash and Bitcoin Charalampos (Babis) Papamanthou cpap@umd.edu Money today Any problems? Cash is cumbersome and can be forged Credit card transactions require centralized online bank are not
More informationGame Monetization based on Cryptocurrencies and Blockchains
Game Monetization based on Cryptocurrencies and Blockchains Luciano Silva Universidade Presbiteriana Mackenzie Laboratório de Computação Visual (LCV) Faculdade de Computação e Informática São Paulo Brasil
More informationEmulation of Hash-Time-Locked Contracts of the Lightning network by a trusted, but publically auditable escrow service
Emulation of Hash-Time-Locked Contracts of the Lightning network by a trusted, but publically auditable escrow service C. J. Plooy (cjp@ultimatestunts.nl) April 19, 2015 Contents 1 Introduction 2 2 Bi-directional
More informationIntroducing. Bitcoin. A dilettante s guide to Bitcoin scalability. BIP-9000 (self-assigned) Quote It s kind of fun to do the impossible.
Introducing Bitcoin 9000 A dilettante s guide to Bitcoin scalability. BIP-9000 (self-assigned) Quote It s kind of fun to do the impossible. Walt Disney Goal Safely scale Bitcoin to process over 9000 transactions.
More informationBitcoin Transaction Fee Estimation Using Mempool State and Linear Perceptron Machine Learning Algorithm
San Jose State University SJSU ScholarWorks Master's Projects Master's Theses and Graduate Research Spring 2018 Bitcoin Transaction Fee Estimation Using Mempool State and Linear Perceptron Machine Learning
More informationAbout cryptocurrencies and blockchains part 1. Jyväskylä 17th of April 2018 Henri Heinonen
About cryptocurrencies and blockchains part 1 Jyväskylä 17th of April 2018 Henri Heinonen (henri.t.heinonen@jyu.fi) What is a blockchain? BitTorrent is a famous example of a peer-to-peer network (P2P)
More informationThe Technology behind Smart Contracts
The Technology behind Smart Contracts Florian Glaser, Chair of E-Finance, Information Systems Department Goethe University 01.09.2016 > Agenda Transactions in detail
More informationZEN: Technical notes on a financial engine
ZEN: Technical notes on a financial engine Nathan Cook July 18th 2017 Summary We describe the Zen Protocol, the basis for a decentralized financial platform. This paper assumes more technical knowledge
More informationCS 251: Bitcoin and Crypto Currencies Fall 2015
CS 251: Bitcoin and Crypto Currencies Fall 2015 Final Exam The exam is open book and open notes. You have 2 hours. Please answer all five questions. All questions are weighted equally. You may use course
More informationWhitepaper Rcoin Global
Whitepaper Rcoin Global SUMMARY 1. Introduction 2. What is Rcoin Global? 3. Transactions 4. Hybrid Network Concept 5. Keepers 6. Incentive 7. Smart Contract Token 8. Token Distribution 9. Rcoin Global
More informationSecurity Analysis of Bitcoin. Dibyojyoti Mukherjee Jaswant Katragadda Yashwant Gazula
Security Analysis of Bitcoin Dibyojyoti Mukherjee Jaswant Katragadda Yashwant Gazula Security Analysis of Bitcoin Introduction How Bitcoin works? Similar peer-to-peer systems Vulnerabilities and solutions
More informationBlockchain distributed DNS without trust:
Aalto University School of Science Master s Programme in Computer, Communication and Information Sciences Jukka Rasi Blockchain distributed DNS without trust: Publishing IOT device addresses and verifying
More informationDistributed Ledger With Secure Data Deletion
Distributed Ledger With Secure Data Deletion Vitalii Demianets (norbloc AB), Astyanax Kanakakis (norbloc AB) Revision 1.4, November 2016 Abstract One of the core attributes of distributed ledgers, the
More informationBlockchain Certification Protocol (BCP)
Blockchain Certification Protocol (BCP) Fu Yong Quah fuyong@fyquah.me www.fyquah.me Abstract. A semi-decentralized certification system built above the existing 1 Bitcoin network, an innovative peer-to-peer
More informationCatena: Preventing Lies with
November 28th, 2016 Catena: Preventing Lies with Alin Tomescu alinush@mit.edu MIT CSAIL Srinivas Devadas devadas@mit.edu MIT CSAIL New England Security Day (NESD), Fall '16 The problem: Equivocation The
More informationSyscoin: A Peer-to-Peer Electronic Cash System with Blockchain-Based Services for E-Business
Syscoin: A Peer-to-Peer Electronic Cash System with Blockchain-Based Services for E-Business Jagdeep Sidhu, Msc. Syscoin Core Developer Blockchain Foundry Inc. Email: jsidhu@blockchainfoundry.co Abstract
More informationCS 4770: Cryptography. CS 6750: Cryptography and Communication Security. Alina Oprea Associate Professor, CCIS Northeastern University
CS 4770: Cryptography CS 6750: Cryptography and Communication Security Alina Oprea Associate Professor, CCIS Northeastern University April 9 2018 Schedule HW 4 Due on Thu 04/12 Programming project 3 Due
More informationCS 4770: Cryptography. CS 6750: Cryptography and Communication Security. Alina Oprea Associate Professor, CCIS Northeastern University
CS 4770: Cryptography CS 6750: Cryptography and Communication Security Alina Oprea Associate Professor, CCIS Northeastern University March 30 2017 Outline Digital currencies Advantages over paper cash
More informationKDC COIN WHITEPAPER KDC COIN WHITEPAPER.
KDC COIN WHITEPAPER Contents 1.Introduction 2.Key technologies 2.1 Proof-of-stake 2.1.1 Comparison of POW and DPOS 2.1.2 Encryption 2.1.3 Blocks and block creation 2.1.4 Coins and forging process 2.1.5
More informationBiomedical and Healthcare Applications for Blockchain. Tiffany J. Callahan Computational Bioscience Program Hunter/Kahn Labs
Biomedical and Healthcare Applications for Blockchain Tiffany J. Callahan Computational Bioscience Program Hunter/Kahn Labs Network Analysis Working Group 01.25.2018 Outline Introduction to bitcoin + blockchain
More informationBurstcoin Technical information about mining and block forging
Burstcoin Technical information about mining and block forging Table of contents 1. Introduction 2. Algorithms and Acronyms 3. Mining process 4. Block forging process Introduction With most cryptocurrencies
More informationPlease go to for some instructions on installing the programming environment needed for this course.
Please go to http://bit.ly/suss_segwit for some instructions on installing the programming environment needed for this course. Segregated Witness and Lightning Network: Implications on the Future of Payment
More informationSecurity Analysis of the Lightning Network
Security Analysis of the Lightning Network Laolu Osuntokun @roasbeef Lightning Labs BPASE 2017 State of the Hash-Lock In-progress Lightning Network specifications (lighting-rfc) Basis of Lightning Technology
More informationBlockchain (a.k.a. the slowest, most fascinating database you ll ever see)
Blockchain (a.k.a. the slowest, most fascinating database you ll ever see) GOTO Amsterdam 13 June, 2017 Stefan Tilkov, @stilkov I don t know Blockchain and so can you 1. Bitcoin > Practical application
More informationCOPYRIGHTED MATERIAL. Index
51% attack, 41 A addresses change addresses, 177 181 Ethereum, 190 191 clusters, 181 182, 184 ether value, 155 Ethereum, change addresses, 190 191 filtering multiple, 151 Googling, 188 graphing, 183 history,
More informationErgo platform overview
December 2018 Dmitry Meshkov Ergo platform overview Outline Ergo vision Decentralization Survivability Applicability Roadmap 2 Part 1 Ergo vision 3 History Research and Scorex framework development Testnet
More informationChapter 13. Digital Cash. Information Security/System Security p. 570/626
Chapter 13 Digital Cash Information Security/System Security p. 570/626 Introduction While cash is used in illegal activities such as bribing money laundering tax evasion it also protects privacy: not
More informationIntroduction to Cryptoeconomics
Introduction to Cryptoeconomics What is cryptoeconomics? Cryptoeconomics is about... Building systems that have certain desired properties Use cryptography to prove properties about messages that happened
More informationFrom One to Many: Synced Hash-Based Signatures
From One to Many: Synced Hash-Based Signatures Santi J. Vives Maccallini santi@jotasapiens.com jotasapiens.com/research Abstract: Hash-based signatures use a one-time signature (OTS) as its main building
More informationWho wants to be a millionaire? A class in creating your own cryptocurrency
DEVNET-3626 Who wants to be a millionaire? A class in creating your own cryptocurrency Tom Davies, Sr. Manager, DevNet Sandbox Vallard Benincosa, Software Engineer Cisco Spark How Questions? Use Cisco
More informationSmartPool: practical decentralized pool mining. Loi Luu, Yaron Velner, Jason Teutsch, and Prateek Saxena August 18, 2017
SmartPool: practical decentralized pool mining Loi Luu, Yaron Velner, Jason Teutsch, and Prateek Saxena August 18, 2017 Mining pools Miners role in cryptocurrencies Definition: A cryptocurrency is a decentralized
More informationA Decentralized Trusted Timestamping Based on Blockchains
IEEJ Journal of Industry Applications Vol.6 No.4 pp.252 257 DOI: 10.1541/ieejjia.6.252 A Decentralized Trusted Timestamping Based on Blockchains Yuefei Gao a) Non-member, Hajime Nobuhara Member (Manuscript
More informationTechnical White Paper. Cube Engine Version 1.0
Technical White Paper Cube Engine Version 1.0 Last Updated: Feb 06. 2018 1 Contents 1. Summary 1) Introduction 2) Overview 2. Features of Cube Chain 1) Cubing 2) Indexing Block 3) Statistics Block 4) Escrow
More informationUsing Chains for what They re Good For
Using Chains for what They re Good For Andrew Poelstra usingchainsfor@wpsoftware.net Scaling Bitcoin, November 5, 2017 1 / 14 On-Chain Smart Contracting Bitcoin (and Ethereum, etc.) uses a scripting language
More informationSCP: A Computationally Scalable Byzantine Consensus Protocol for Blockchains
SCP: A Computationally Scalable Byzantine Consensus Protocol for Blockchains Loi Luu, Viswesh Narayanan, Kunal Baweja, Chaodong Zheng, Seth Gilbert, Prateek Saxena National University of Singapore Bitcoin
More informationHow Bitcoin achieves Decentralization. How Bitcoin achieves Decentralization
Centralization vs. Decentralization Distributed Consensus Consensus without Identity, using a Block Chain Incentives and Proof of Work Putting it all together Centralization vs. Decentralization Distributed
More informationBitcoin, a decentralized and trustless protocol
Bitcoin, a decentralized and trustless protocol Thomas Sibut-Pinote Inria Saclay February 12, 2015 Thomas Sibut-Pinote Bitcoin, a decentralized and trustless protocol 1 / 42 Introduction Questions 1 Introduction
More informationSTRUCTURING MULTI TRANSACTION CONTRACTS IN BITCOIN. Jeremy Rubin
STRUCTURING MULTI TRANSACTION CONTRACTS IN BITCOIN Jeremy Rubin Is Cash Bitcoin s Killer App? Ethereum does smart contracts! like the DAO *Betteridge s Law Safe Contract Extensions for Bitcoin Contracts
More informationDistributed Algorithms Bitcoin
Distributed Algorithms Bitcoin Alberto Montresor Università di Trento 2018/12/18 Acknowledgment: Joseph Bonneau, Ed Felten, Arvind Narayanan This work is licensed under a Creative Commons Attribution-ShareAlike
More informationMatt Howard and Ajay Patel CIS 556: Cryptography University of Pennsylvania Fall DriveCoin: A Proof of Space Cryptocurrency
CIS 556: Cryptography University of Pennsylvania Fall 2015 : A Proof of Space Cryptocurrency Abstract We present an implementation of a cryptocurrency based on the newlytheorized and studied Proof of Space
More informationBitcoin (and why it uses SO much energy)
Bitcoin (and why it uses SO much energy) David Malone Hamilton Institute / Dept Maths&Stats Maynooth University. 2018-11-08 Bitcoin Background Bitcoin is a cryptocurrency that started around 2008 2009.
More informationCatena: Efficient Non-equivocation via Bitcoin
Catena: Efficient Non-equivocation via Bitcoin Alin Tomescu MIT CSAIL Srinivas Devadas MIT CSAIL Abstract We present Catena, an efficiently-verifiable Bitcoin witnessing scheme. Catena enables any number
More informationCryptography and Cryptocurrencies. Intro to Cryptography and Cryptocurrencies
Intro to Cryptographic Hash Functions Hash Pointers and Data Structures Block Chains Merkle Trees Digital Signatures Public Keys and Identities Let s design us some Digital Cash! Intro to Cryptographic
More informationTOPPERCASH TOPPERCASH WHITEPAPER REFORM THE BEST OF BLOCKCHAIN
TOPPERCASH TOPPERCASH WHITEPAPER REFORM THE BEST OF BLOCKCHAIN ABSTRACT A PEER-TO-PEER CRYPTO-CURRENCY DESIGN DERIVED FROM SATOSHI NAKAMOTO S BITCOIN. PROOF- OF-STAKE REPLACES PROOF-OF- WORK TO PROVIDE
More informationIntroduction to Cryptography in Blockchain Technology. December 23, 2018
Introduction to Cryptography in Blockchain Technology December 23, 2018 What is cryptography? The practice of developing protocols that prevent third parties from viewing private data. Modern cryptography
More informationEthereum. Campbell R. Harvey* Duke University and NBER. Ashwin Ramachandran Duke University. Brent Xu ConsenSys. Innovation and Cryptoventures
Innovation and Cryptoventures Ethereum Campbell R. Harvey* Duke University and NBER Ashwin Ramachandran Duke University Brent Xu ConsenSys February 12, 2018 1 2 Overview Ethereum Basics Under the hood
More informationWhat is Proof of Work?
What is Proof of Work? Educational Series September 18, 2018 Overview There are many protocols that regulate how nodes on a blockchain achieve consensus, and currently the most popular is proof-of-work.
More information(51) Int Cl.: G06F 21/10 ( ) G06F 21/60 ( ) G06F 21/51 ( )
(19) TEPZZ 9 ZB_T (11) EP 3 29 30 B1 (12) EUROPEAN PATENT SPECIFICATION (4) Date of publication and mention of the grant of the patent: 11.07.18 Bulletin 18/28 (21) Application number: 1772464.1 (22) Date
More informationA Lightweight Blockchain Consensus Protocol
A Lightweight Blockchain Consensus Protocol Keir Finlow-Bates keir@chainfrog.com Abstract A lightweight yet deterministic and objective consensus protocol would allow blockchain systems to be maintained
More informationSoftware Security. Final Exam Preparation. Be aware, there is no guarantee for the correctness of the answers!
Software Security Final Exam Preparation Note: This document contains the questions from the final exam on 09.06.2017. Additionally potential questions about Combinatorial Web Security Testing and Decentralized
More informationProof-of-Work & Bitcoin
CS 220: Introduction to Parallel Computing Proof-of-Work & Bitcoin Lecture 19 Bitcoin: Mining for Heat https://qz.com/1117836/bitcoin-mining-heatshomes-for-free-in-siberia/ 4/25/18 CS 220: Parallel Computing
More informationBitcoin/Namecoin/*coin: On Bitcoin like protocols and their relation to other IT-Security issues
: On Bitcoin like protocols and their relation to other IT-Security issues Aljosha Judmayer ajudmayer@sba-research.org 2014-11-07 SBA Research Area 1 (GRC): Governance, Risk and Compliance P1.1: Risk Management
More informationWOLFCOIN MASTERNODE MANUAL
WOLFCOIN MASTERNODE MANUAL Contents Introduction... 3 About Wolfcoin Blockchain... 3 Download the Wolfcoin Wallet... 4 Installation of your Wallet... 5 Make a receiving address... 12 Closing the Wolfcoin
More informationHyperledger fabric: towards scalable blockchain for business
Marko Vukolić, IBM Research - Zurich Hyperledger fabric: towards scalable blockchain for business Trust in Digital Life The Hague, Netherlands, June 17 2016 Blockchain shared, replicated, ledger Consensus
More informationApplied cryptography
Applied cryptography Electronic Cash Andreas Hülsing 29 November 2016 1 / 61 Classical Cash - Life Cycle Mint produces money (coins / bank notes) Sent to bank User withdraws money (reduces account balance)
More informationBITCOIN MECHANICS AND OPTIMIZATIONS. Max Fang Philip Hayes
1 BITCOIN MECHNICS ND OPTIMIZTIONS Max Fang Philip Hayes 1 Cryptocurrency Mining: Proof-of-Work Consensus Nadir khtar LECTURE OUTLINE 2 1 Intro and Terminology 2 Bitcoin and Consensus 3 Bitcoin Concepts
More informationErgo platform: from prototypes to a survivable cryptocurrency
January 2019 Dmitry Meshkov Ergo platform: from prototypes to a survivable cryptocurrency Outline Ergo Consensus Light Storage vision protocol clients fee Voting Smart Monetary Roadmap system contracts
More informationBitcoin Mining. A high-level technical introduction. Konstantinos Karasavvas
Bitcoin Mining A high-level technical introduction Konstantinos Karasavvas Outline PoW / Hashcash Transaction propagation Block mining Block propagation Mining Profitability Proof of Work From wikipedia:
More informationECC: Peer-to-Peer Electronic Cash with Trustless Network Services
ECC: Peer-to-Peer Electronic Cash with Trustless Network Services Greg Griffith October 2017 (griffith@cryptounited.io) https://www.ecc.network ECC: Peer-to-Peer Electronic Cash with Trustless Network
More informationThis tutorial is aimed to give you a crisp understanding of the process of building your own blockchain.
i About the Tutorial Blockchain is the current buzz that is dominating the software development trends. The development and designing of Blockchain involves three major components: client, miner and blockchain.
More informationBitCoin Project. 1 Description. 1.1 Version exchange. 1.2 Ping-Pong. CMSC 417 Computer Networks Fall 2013
CMSC 417 Computer Networks Fall 2013 BitCoin Project Assigned: Nov 20th Due: around Dec 16th 1 Description In this project you will develop a rudimentary BitCoin client. As your initial codebase you will
More informationEnsimag - 4MMSR Network Security Student Seminar. Bitcoin: A peer-to-peer Electronic Cash System Satoshi Nakamoto
Ensimag - 4MMSR Network Security Student Seminar Bitcoin: A peer-to-peer Electronic Cash System Satoshi Nakamoto wafa.mbarek@ensimag.fr halima.myesser@ensimag.fr 1 Table of contents: I- Introduction: Classic
More informationGENESIS VISION NETWORK
GENESIS VISION NETWORK Contents 1. Description of the problem 7 11. Trust management 15 2. The problem with smart contracts 8 12. GVN Token 16 3. Centralised exchanges against decentralised 8 13. Deposit
More informationReliability, distributed consensus and blockchain COSC412
Reliability, distributed consensus and blockchain COSC412 Learning objectives Encourage you to always design for failure Appreciate how decentralised consensus is useful to support principles of security
More informationIntroduction to Cryptocurrency Ecosystem. By Raj Thimmiah
Introduction to Cryptocurrency Ecosystem By Raj Thimmiah How does a normal payment system work? Normal payment systems (generally) use ledgers Easy for servers to then check if someone is committing double
More informationProof of Stake Made Simple with Casper
Proof of Stake Made Simple with Casper Olivier Moindrot ICME, Stanford University olivierm@stanford.edu Charles Bournhonesque ICME, Stanford University cbournho@stanford.edu Abstract We study the recent
More informationWHITEPAPER Revision 1 / June 8, 2017
WHITEPAPER Revision 1 / June 8, 2017 Contents Contents 1. Abstract 2. Key technologies 2.1. Proof-of-stake 2.1.1. Comparison with POW and DPOS 2.1.2. Encryption 2.1.3. Blocks and block creation 2.1.4.
More informationNew Cryptocurrency Protocol without Proof of Work
Copyright c 2016 The Institute of Electronics, Information and Communication Engineers SCIS 2016 2016 Symposium on Cryptography and Information Security Kumamoto, Japan, Jan. 19-22, 2016 The Institute
More information