Ensimag - 4MMSR Network Security Student Seminar Bitcoin: A peer-to-peer Electronic Cash System Satoshi Nakamoto wafa.mbarek@ensimag.fr halima.myesser@ensimag.fr 1
Table of contents: I- Introduction: Classic electronic payement systems II- Bitcoin, an alternative for the traditional electronic payment III- Optimizations of the system IV- Vulnerabilities & Counter-measures V- Limitations & Critics VI- Conclusion 2
Introduction Classic electronic payment systems http://www.electronicpaymentscoalition.org/what-is-interchange/ 3
Introduction Disadvantages of going through the banking system Additional cost : About 1% for each transaction limits the possibility of small transactions. Slow system : Checking services take days to complete. No anonymity. Accounts can be frozen (ex: Wikileaks) If fraudulent use of credit card, the seller has to pay a fee charged by the banking company. 4
Bitcoin: Digital currency created by Satoshi Nakamoto in 2009. Peer-to-peer system : no central authority Creation of money and transactions are managed collectively by the network. Advantages: No third party can prevent or control your transactions Transactions fees are much lower Bitcoin is free software No inflation risk, coin s creation is limited 5
Transferring a coin Alice wants to send coins to Bob. Transaction that provides these coins to Alice Transaction Hash of previous transaction Alice s public key Hash Bob s public key Hash Charlie s private key Charlie s signature Alice s signature Alice s private key public key = Bitcoin address. 6
Transferring a coin Owner 0 s signature Owner 1 s signature Owner n s signature 1 Coin = A chain of digital signatures -keypairs for each address -transactions from/to your addresses -user preferences Wallet 7
Double-Spending Protection 1 New transactions is broadcasted to all nodes New transactions are broadcast to all nodes. Alice Bob To maintain the privacy of users involved in a payment, the public keys are anonymous. Bitcoin : A peer-to-peer Electronic Cash System M'BAREK Wafa - MYESSER Halima 18-04-2012 8
Double-Spending Protection 2 Each node collect new transactions into a block Block 1 Block 2 Tx Tx Tx Tx Tx Tx Transactions are accepted if their block is validated. The chain contains all the transactions done by the network. Each node has a full copy of the growing chain of blocks. It is called a timestamp server. 9
Double-Spending Protection 3 To validate a block, each node works on resolving a difficult proof-of-work Proof-of-work = Finding the nonce that enables to calculate a block s hash beginning with the required number of zero bits. Block Previous Hash Nonce Tx Tx Tx Target Hash(Transactions hash &Nonce)=0...0xxxxxxxxxxxxxxxx Use the CPU power to calculate the right nonce. 10
Double-Spending Protection 4 The first node that finds the proof-of-work sends the block to the rest of the network. I have solved the proof-ofwork!!! + 50 coins! 11
Double-Spending Protection 5 Acceptance of a block - Is the transaction s signature valid? - Does the nonce verify the proof-of-work? If the block is accepted, the node starts building the next block of the chain. If not, the node continues working with the longest chain. If multiple blocks arrive simultaneously Two versions of chain of blocks only the longest one is selected. 12
Double-Spending Protection The double-spending attack: An attacker can t create money or take the money that never belonged to him He can only try to change his own previous transactions. Block 1 Block 2 Block 3 Block 4 Tx z blocks to catch up Block 5 Block 3 Block 4 Block 5 1- Modify a previous transaction 2- Redo the proof-of-work of the block 3- Redo the proof-of-work of all the next blocks CPU power s attacker > CPU of all the honest nodes combined Tx 13
Double-Spending Protection Probability of success : p = probability an honest node finds the next block q = probability the attacker finds the next block qz = probability the attacker will ever catch up from z blocks behind If p>q : qz follows a Poisson distribution with : λ=z * q/p The probability of success decreases exponentially with the number of blocks that have to be re-worked. Example: q=0,3 z= 2 => qz=5% z= 5 => qz=0,09% 14
Bitcoin Mining 2 ways to encourage people to spend their CPU time and electricity : 1- Be the first to resolve the proof-of-work It is the only way to create bitcoins. One block can be generated every 10 minutes => Limit inflation. The amount of bitcoins in circulation is fixed at 21millions. 2- The block producer benefits from the fees of the transactions included in this block. 15
System s optimization Disk space optimization Merkle trees : Binary trees of transactions hashes. Use Double SHA-256. - 1 block header = 80 bytes - 1 block generated every 10min Chain of blocks = 4,2 MB per year 16
System s optimization Simplified payment verification Check a transaction without being a mining node - Is the transaction in a block header? => By verifying the header hash - Has another block been added after this block? If yes, payment verified 17
Vulnerabilities & Counter-measures Vulnerability The wallet stored unencrypted Connect identities to addresses Fill the network by cancer nodes Example Impact A virus recovers the file wallet.data and sends it to the attacker The attacker collects the keypairs Signs the transactions by the user s name Google a Bitcoin address to see if anyone used it to sign (ex: in Bitcoin forum) Tracing a coin's history Lose anonymity Connect 100,000 IP addresses to the IRC bootstrap channel Be connected only to attacker nodes. He can refuse to relay your blocks or your transactions Be open to double spending attacks Countermeasures Wallet encryption in new Bitcoin versions -Use ewallet services -Don t leave personal information Limit the number of IP addresses that is possible to connect to one IRC channel 18
Limitations & Critics Bitcoins are not widely accepted. No physical form. Transactions are irreversible. Bitcoin valuation fluctuates. Built in Deflation : Maximal number of bitcoins is fixed at 21 million. Difficulty to associate Bitcoin addresses with real-life identities => Encourage illegal traffic. 19
Conclusion Bitcoin is an emerging technical and economic phenomenon. Bitcoin's future is uncertain: High level of volatility Various security incidents : - Theft of half million dollars in Bitcoin in june 2011 ¹ - An attacker has gained access to the Bitcoin s database and modified the number of Bitcoin available on the market(2 million false bitcoins added)². 1: http://www.h-online.com/security/news/item/bitcoin-theft-half-a-million-dollars-gone-1261306.html 2: http://bit-coin.fr/crash-de-la-valeur-du-bitcoin-piratage-de-mtgox/ 20
Thank you for your attention References: http://bitcoin.org/bitcoin.pdf http://www-cs-faculty.stanford.edu/~eroberts/cs181/projects/2010-11/digitalcurrencies/index.html http://www.weusecoins.com/ https://en.bitcoin.it/wiki/main_page 21