Computer Security. 14. Blockchain & Bitcoin. Paul Krzyzanowski. Rutgers University. Spring 2019

Similar documents
ENEE 457: E-Cash and Bitcoin

Smalltalk 3/30/15. The Mathematics of Bitcoin Brian Heinold

Chapter 13. Digital Cash. Information Security/System Security p. 570/626

CS 4770: Cryptography. CS 6750: Cryptography and Communication Security. Alina Oprea Associate Professor, CCIS Northeastern University

Bitcoin. CS6450: Distributed Systems Lecture 20 Ryan Stutsman

Security Analysis of Bitcoin. Dibyojyoti Mukherjee Jaswant Katragadda Yashwant Gazula

Introduction to Bitcoin I

Ensimag - 4MMSR Network Security Student Seminar. Bitcoin: A peer-to-peer Electronic Cash System Satoshi Nakamoto

Biomedical and Healthcare Applications for Blockchain. Tiffany J. Callahan Computational Bioscience Program Hunter/Kahn Labs

Problem: Equivocation!

ICS 421 & ICS 690. Bitcoin & Blockchain. Assoc. Prof. Lipyeow Lim Information & Computer Sciences Department University of Hawai`i at Mānoa

Bitcoin, a decentralized and trustless protocol

Blockchain. CS 240: Computing Systems and Concurrency Lecture 20. Marco Canini

University of Duisburg-Essen Bismarckstr Duisburg Germany HOW BITCOIN WORKS. Matthäus Wander. June 29, 2011

Bitcoin (Part I) Ken Calvert Keeping Current Seminar 22 January Keeping Current 1

Bitcoin. Arni Par ov. December 17, 2013

Jan Møller Co-founder, CTO Chainalysis

Bitcoin and Blockchain

Consensus & Blockchain

Bitcoin, Security for Cloud & Big Data

Security (and finale) Dan Ports, CSEP 552

Biomedical Security. Cipher Block Chaining and Applications

EECS 498 Introduction to Distributed Systems

Blockchains & Cryptocurrencies

Burstcoin Technical information about mining and block forging

CS 4770: Cryptography. CS 6750: Cryptography and Communication Security. Alina Oprea Associate Professor, CCIS Northeastern University

P2P BitCoin: Technical details

How Bitcoin achieves Decentralization. How Bitcoin achieves Decentralization

BITCOIN PROTOCOL & CONSENSUS: A HIGH LEVEL OVERVIEW

A Gentle Introduction To Bitcoin Mining

Let's build a blockchain!

SpaceMint Overcoming Bitcoin s waste of energy

Applied cryptography

Biomedical Security. Some Security News 10/5/2018. Erwin M. Bakker

SCP: A Computationally Scalable Byzantine Consensus Protocol for Blockchains

TOPPERCASH TOPPERCASH WHITEPAPER REFORM THE BEST OF BLOCKCHAIN

Whitepaper Rcoin Global

Proof-of-Stake Protocol v3.0

Proof-of-Work & Bitcoin

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

Blockchain Certification Protocol (BCP)

BLOCKCHAIN The foundation behind Bitcoin

BITCOIN MECHANICS AND OPTIMIZATIONS. Max Fang Philip Hayes

About cryptocurrencies and blockchains part 1. Jyväskylä 17th of April 2018 Henri Heinonen

Lecture 3. Introduction to Cryptocurrencies

Radix - Public Node Incentives

Analyzing Bitcoin Security. Philippe Camacho

Bitcoin: A Peer-to-Peer Electronic Cash System

CRUDE COINS.

Introduction to Cryptography in Blockchain Technology. December 23, 2018

Crypto tricks: Proof of work, Hash chaining

Reliability, distributed consensus and blockchain COSC412

Bitcoin (and why it uses SO much energy)

BYZANTINE CONSENSUS THROUGH BITCOIN S PROOF- OF-WORK

Blockchain for Enterprise: A Security & Privacy Perspective through Hyperledger/fabric

Bitcoin: A Peer-to-Peer Electronic Cash System

Blockchain, Cryptocurrency, Smart Contracts and Initial Coin Offerings: A Technical Perspective

Yada. A blockchain-based social graph

CS 251: Bitcoin and Crypto Currencies Fall 2015

Distributed Algorithms Bitcoin

Payment systems. Tuomas Aura CSE-C3400 Information security. Aalto University, autumn 2014

Privacy-Enabled NFTs: User-Mintable, Non-Fungible Tokens With Private Off-Chain Data

The game If you listen very carefully during the first 4 cards (or use the cheat sheet) you will get an advantage on the last 5 cards

Who wants to be a millionaire? A class in creating your own cryptocurrency

What is Bitcoin? How Bitcoin Works. Outline. Outline. Bitcoin. Problems with Centralization

What is Proof of Work?

Anupam Datta CMU. Fall 2015

Bitcoin. Tom Anderson

Introduction to Cryptocurrency Ecosystem. By Raj Thimmiah

Transactions as Proof-of-Stake! by Daniel Larimer!

primechain building blockchains for a better world

Zero-Knowledge proof of knowledge transfer. Perm summer school on blockchain 2018

Alternatives to Blockchains. Sarah Meiklejohn (University College London)

Upgrading Bitcoin: Segregated Witness. Dr. Johnson Lau Bitcoin Core Contributor Co-author of Segregated Witness BIPs March-2016

Digital Currencies: Algorithms and Protocols

Key Security Issues for implementation of Digital Currency, including ITU-T SG17 activities

BLOCKCHAIN Blockchains and Transactions Part II A Deeper Dive

International Journal of Computer Engineering and Applications, Volume XIII, Issue II, Feb. 19, ISSN

Megacoin: A Peer-to-Peer Electronic Cash System

Scalable overlay Networks

Cryptography and Cryptocurrencies. Intro to Cryptography and Cryptocurrencies

The power of Blockchain: Smart Contracts. Foteini Baldimtsi

New Cryptocurrency Protocol without Proof of Work

Proof of Stake Made Simple with Casper

BBc-1 : Beyond Blockchain One - An Architecture for Promise-Fixation Device in the Air -

Elphyrecoin (ELPH) a Private, Untraceable, ASIC-Resistant CryptoCurrency Based on CryptoNote

CS Paul Krzyzanowski

Computer Security Exam 2 Review. Paul Krzyzanowski. Rutgers University. Spring 2018

ILCOIN White Paper. In ILCOIN We Trust ILCOIN

Ergo platform. Dmitry Meshkov

Developing Blockchain Software

Using Chains for what They re Good For

Bitcoin a Peer-to-Peer payment solution

Bitcoin: An Empirical Study of Cryptocurrency

GRADUBIQUE: AN ACADEMIC TRANSCRIPT DATABASE USING BLOCKCHAIN ARCHITECTURE

Privacy Enhancing Technologies CSE 701 Fall 2017

Bitcoin and Cryptocurrency Technologies. Arvind Narayanan, Joseph Bonneau, Edward Felten, Andrew Miller, Steven Goldfeder

Darkcoin: Peer to Peer Crypto Currency with Anonymous Blockchain Transactions and an Improved Proof of Work System

Alternative Consensus Algorithms. Murat Osmanoglu

REM: Resource Efficient Mining for Blockchains

Transcription:

Computer Security 14. Blockchain & Bitcoin Paul Krzyzanowski Rutgers University Spring 2019 April 15, 2019 CS 419 2019 Paul Krzyzanowski 1

Bitcoin & Blockchain Bitcoin cryptocurrency system Introduced in 2009 anonymously by Satoshi Nakamoto First blockchain Designed to be public anyone can participate in the system & use it April 15, 2019 CS 419 2019 Paul Krzyzanowski 2

Traditional Payments Suppose Alice wants to pay Charles Send a message to the bank: Transfer $500 from Alice to Charles Bank is a trusted third party Owns register of activity & account balances Only the bank can manipulate the data Also banks control supply of money Request Bank You've got money! Alice Transaction Log Alice: $500 to Bob Charles ledger April 15, 2019 CS 419 2019 Paul Krzyzanowski 3

Centralized systems Transactions are simply modifications to the bank's database We can simply Subtract $500 from Alice's account Add $500 to Charles' account The log is just nice for auditing but not necessary April 15, 2019 CS 419 2019 Paul Krzyzanowski 4

Problems? This is a centralized system What if the bank disappears? What if the banker makes a mistake? What if the banker is corrupt? April 15, 2019 CS 419 2019 Paul Krzyzanowski 5

Decentralized Solution Bitcoin Blockchain = ledger = complete list of ALL transactions Since Bitcoin was started in January 2009 Complete copies of the ledger are replicated around the world Thousands of nodes all peers running identical software There is no master node or master version New systems can do a DNS query for well known peers Names hardcoded in source (DNS seeds) Return list of IP addresses of bitcoin nodes Then use peer discovery process to find others Node A Node B Node C Node D Alice: 0.1 to Bob Bob: 0.5 to Charles Alice: 0.01 to Emily Alice: 0.1 to Bob Bob: 0.5 to Charles Alice: 0.01 to Emily Alice: 0.1 to Bob Bob: 0.5 to Charles Alice: 0.01 to Emily Alice: 0.1 to Bob Bob: 0.5 to Charles Alice: 0.01 to Emily April 15, 2019 CS 419 2019 Paul Krzyzanowski 6

Identities Alice creates a {public, private} key pair that defines her wallet 256-bit Elliptic Curve Digital Signature Algorithm (ECDSA) used The wallet is just a place to store these keys Wallets may store a transaction list but that s just for user records the bitcoin network doesn t care Bitcoins are associated with keys, not users Users are anonymous A user s ID is the public key anonymous no association to name The user s identity is called their address Users may have multiple keys Every transaction created by a user is signed with a private key Transaction identifies the user by the public key and can be verified We know only the person with the corresponding private key could have created the request Nobody to call if you lose your private key! April 15, 2019 CS 419 2019 Paul Krzyzanowski 7

Transactions: Inputs If Alice wants to send some bitcoin to Bob She creates a transaction and sends it to one or more bitcoin nodes A node tells its peers about the transaction Within ~5 sec. ever beer on the network has it The transaction is currently unconfirmed A blockchain is NOT a database There are no accounts to query just lists of transactions Alice needs to provide links to previous transactions that will add up to at least the required amount these are inputs A node verifies inputs Make sure they have not been used by another transaction (this would be double spending) Make sure there is sufficient money in the inputs April 15, 2019 CS 419 2019 Paul Krzyzanowski 8

Transactions: Outputs A transaction identifies One or more inputs: transaction IDs & address where coin comes from Output: who the money goes to Every input must be completely spent Any excess change can be generated as another output Transaction contains: One or more inputs: identify transactions where coins come from Output: destination address & amount Change: owner s address & amount Transaction fee The amount of bitcoin you own is the set of transactions in the system that are outputs to your address (public key) but have NOT been used as inputs in any transaction April 15, 2019 CS 419 2019 Paul Krzyzanowski 9

Blocks Transactions are grouped into blocks Each block holds ~4,000 transactions and is ~1 MB in size Bitcoin ledger = linked list of chronologically-ordered blocks Approximately every 10 minutes, a new block of transactions is added to the blockchain Genesis block Block 0 Block 1 Block 2 Block 571,380 Each block has A link to the previous block SHA-256 hash of the previous block This creates the blockchain: hash pointers a tamper-evident log April 15, 2019 CS 419 2019 Paul Krzyzanowski 10

Transactions in blocks: Merkle trees Transactions within a block are stored in a Merkle tree Binary tree of hash pointers Using a tree makes it easy to find one of thousands of transactions A Merkle tree makes it easy to check if the transaction is valid Block N header Hash(prev_block) T ROOT = Hash(H 0,1 H 2,3 ) Timestamp Nonce H 0,1 = Hash(H 0 H 1 ) H 2,3 = Hash(H 2 H 3 ) H 0 =Hash(T 0 ) H 1 = Hash(T 1 ) H 2 = Hash(T 2 ) H 3 = Hash(T 3 ) T 0 T 1 T 2 T 3 April 15, 2019 CS 419 2019 Paul Krzyzanowski 11

Agreement & adding blocks Transactions can reach nodes in a different order Blockchains require all nodes to agree on the sequence of blocks Each node groups transactions into a block & can propose it as the next block in the blockchain To add a block to the chain, the hash of the block must meet a certain requirement April 15, 2019 CS 419 2019 Paul Krzyzanowski 12

Let's make in challenging: create a puzzle Suppose we want a hash output with a specific property? Example, starting with "0000"? No algorithmic way to do this Must try lots of variations of the input But once found it is easy for anyone to verify that the data hashes to the result April 15, 2019 CS 419 2019 Paul Krzyzanowski 13

Mining Solving this "puzzle" is called mining Have a 32-bit field in the block where we can try different numbers Try to get the block to hash to a desired output The resulting number is called the Proof of Work We demonstrate that work has been put into figuring out what the value should be to create the desired hash Everyone in the network can participate in this The first system that finds it announces the block to everyone else in the network Upon receiving an announcement Each system validates the Proof of Work number against the block A majority of systems must grant approval If they do, the block (with the Proof of Work) is made part of the blockchain April 15, 2019 CS 419 2019 Paul Krzyzanowski 14

What's the puzzle? Bitcoin uses hashcash (created in 1997) Hashcash searched for a hash(message, random #, N) where the leading k bits are 0 Random # 128-bit starting value to make it unlikely that two systems start tat the same point N the nonce: the number we vary until we get the hash we need Choice of k sets the difficulty of the problem Ensure that one node doesn't take credit for another's work 256-bit SHA-1 hash of B, transaction block, which includes hash pointer to previous block A, recipient's reward address (public key of who gets credit) N nonce: the number we vary until we get the hash we need Bitcoin uses a floating-point k to scale the work more precisely hash(b, A, N) < 2 n-k April 15, 2019 CS 419 2019 Paul Krzyzanowski 15

How much work is going on? Currently (April 2019), average 46.4 10 18 hashes per second Hash rate in 10 12 hashes per second See https://www.blockchain.com/charts/hash-rate April 15, 2019 CS 419 2019 Paul Krzyzanowski 16

Competing chains What if a malicious participants wants to modify an old transaction? Need to modify an old block Recompute the Proof of Work (which takes a lot of effort) for the block and each successive block (tons of work) This participant will be creating another chain in the blockchain April 15, 2019 CS 419 2019 Paul Krzyzanowski 17

Competing chains BUT One malicious participant will not be able to catch up with the cumulative work of all the others It is expected that some nodes will occasionally have different versions Length of chain = score If we observe two states of the blockchain, we select the one that was the hardest to generate (= longest chain) Blockchain rules state that The longest chain in the network is the correct one If a participant receives a higher-scoring version It overwrites its blockchain with the better data & transmits updates to peers Producing a longer ledger than the current one requires computing power that competes with the rest of the entire network April 15, 2019 CS 419 2019 Paul Krzyzanowski 18

51% Attack If the majority of participants decide to cheat, the protocol will fail Blockchain works only because of the assumption that the majority of participants are honest To double-spend a bitcoin You would need to rewrite the blockchain (change past transactions) An attacker would need to control more than 50% of computing capacity This is a lot: as of 12/17, The Economist estimates "bitcoin miners now have 13,000 times more combined number- crunching power than the world s 500 biggest supercomputers" Even if someone tried to do this attack, they'd likely only modify transactions in the past few blocks Keeping history of all transactions among all participants allows anyone to check for double spending April 15, 2019 CS 419 2019 Paul Krzyzanowski 19

Confirming transactions A transaction is confirmed after N number of additional blocks are added to the blockchain Large values of N are recommended for high-value transactions The more blocks are added after a transaction, the more difficult it is to modify it Bitcoin Confirmation Recommendations 1: Small payments <$1,000 3: Deposits and payments of $1,000-$10,000 6: Large payments $10k-$1M 60: Payments >$1M Higher values of N mean that an attacker will need to recompute N+1 Proof of Work values to modify the blockchain Computationally not feasible https://www.buybitcoinworldwide.com/confirmations/ April 15, 2019 CS 419 2019 Paul Krzyzanowski 20

Incentives Computing the Proof of Work takes a lot of work why do it? For bitcoin: First participant to compute the Proof of Work gets rewarded with bitcoin BUT only after another 99 blocks have been added to the ledger This gives miners an incentive to participate & validate transactions Reward is decreasing (assumption: bitcoins will be more valuable) 50 bitcoins for the first 4 years since 2008 25 bitcoins from 2012-2015 12.5 bitcoins from 2016-2019 Eventually there will be a maximum of ~21 million bitcoins There are also transaction fees April 15, 2019 CS 419 2019 Paul Krzyzanowski 21

Centralization Anyone can run a bitcoin node Requires a good chunk of disk space but is accessible Highly decentralized Mining Anyone can mine but requires a lot of computing power Not as decentralized as we'd like Software development/support Open but there's a core set of trusted developers not really decentralized In theory Teams of sneaky developers may be able to mount an attack Mining pools may try to mount a 51% attack Both scenarios highly unlikely today April 15, 2019 CS 419 2019 Paul Krzyzanowski 22

The end April 15, 2019 CS 419 2019 Paul Krzyzanowski 23

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback