ICS 421 & ICS 690. Bitcoin & Blockchain. Assoc. Prof. Lipyeow Lim Information & Computer Sciences Department University of Hawai`i at Mānoa

Similar documents
Computer Security. 14. Blockchain & Bitcoin. Paul Krzyzanowski. Rutgers University. Spring 2019

Bitcoin (Part I) Ken Calvert Keeping Current Seminar 22 January Keeping Current 1

ENEE 457: E-Cash and Bitcoin

Introduction to Bitcoin I

Bitcoin and Blockchain

Problem: Equivocation!

Blockchain. CS 240: Computing Systems and Concurrency Lecture 20. Marco Canini

CS 4770: Cryptography. CS 6750: Cryptography and Communication Security. Alina Oprea Associate Professor, CCIS Northeastern University

Smalltalk 3/30/15. The Mathematics of Bitcoin Brian Heinold

Security Analysis of Bitcoin. Dibyojyoti Mukherjee Jaswant Katragadda Yashwant Gazula

Bitcoin. CS6450: Distributed Systems Lecture 20 Ryan Stutsman

P2P BitCoin: Technical details

CS 4770: Cryptography. CS 6750: Cryptography and Communication Security. Alina Oprea Associate Professor, CCIS Northeastern University

Consensus & Blockchain

Chapter 13. Digital Cash. Information Security/System Security p. 570/626

Biomedical Security. Cipher Block Chaining and Applications

University of Duisburg-Essen Bismarckstr Duisburg Germany HOW BITCOIN WORKS. Matthäus Wander. June 29, 2011

Biomedical Security. Some Security News 10/5/2018. Erwin M. Bakker

BLOCKCHAIN Blockchains and Transactions Part II A Deeper Dive

Blockchains & Cryptocurrencies

Ensimag - 4MMSR Network Security Student Seminar. Bitcoin: A peer-to-peer Electronic Cash System Satoshi Nakamoto

Blockchain Certification Protocol (BCP)

Burstcoin Technical information about mining and block forging

Mechanics of Bitcoin

Bitcoin, a decentralized and trustless protocol

A Gentle Introduction To Bitcoin Mining

Darkcoin: Peer to Peer Crypto Currency with Anonymous Blockchain Transactions and an Improved Proof of Work System

EECS 498 Introduction to Distributed Systems

Biomedical and Healthcare Applications for Blockchain. Tiffany J. Callahan Computational Bioscience Program Hunter/Kahn Labs

Technical Analysis of Established Blockchain Systems

Blockchain, Cryptocurrency, Smart Contracts and Initial Coin Offerings: A Technical Perspective

Applied cryptography

The Blockchain. Josh Vorick

Radix - Public Node Incentives

Jan Møller Co-founder, CTO Chainalysis

Blockchain Bitcoin & Ethereum

Cryptography and Cryptocurrencies. Intro to Cryptography and Cryptocurrencies

BITCOIN PROTOCOL & CONSENSUS: A HIGH LEVEL OVERVIEW

Ethereum Consortium Blockchain in Azure Marketplace Christine Avanessians Senior Program Manager

Bitcoin Transaction Fee Estimation Using Mempool State and Linear Perceptron Machine Learning Algorithm

ECC: Peer-to-Peer Electronic Cash with Trustless Network Services

Distributed Ledger With Secure Data Deletion

Lecture 3. Introduction to Cryptocurrencies

Software Security. Final Exam Preparation. Be aware, there is no guarantee for the correctness of the answers!

CS 251: Bitcoin and Crypto Currencies Fall 2015

Proof-of-Work & Bitcoin

Bitcoin, Security for Cloud & Big Data

Secure digital certificates with a blockchain protocol

SCP: A Computationally Scalable Byzantine Consensus Protocol for Blockchains

This tutorial is aimed to give you a crisp understanding of the process of building your own blockchain.

Ergo platform. Dmitry Meshkov

Introduction to Cryptography in Blockchain Technology. December 23, 2018

Reliability, distributed consensus and blockchain COSC412

Scalable overlay Networks

Who wants to be a millionaire? A class in creating your own cryptocurrency

Blockchain for Enterprise: A Security & Privacy Perspective through Hyperledger/fabric

Upgrading Bitcoin: Segregated Witness. Dr. Johnson Lau Bitcoin Core Contributor Co-author of Segregated Witness BIPs March-2016

FiiiCOIN. Yellow Paper. FiiiCOIN Yellow Paper v0.01. A versatile, scalable and energy efficient blockchain technology. Authors.

Bitcoin. Arni Par ov. December 17, 2013

BLOCKCHAIN The foundation behind Bitcoin

Bitcoin/Namecoin/*coin: On Bitcoin like protocols and their relation to other IT-Security issues

Privacy-Enabled NFTs: User-Mintable, Non-Fungible Tokens With Private Off-Chain Data

TOPPERCASH TOPPERCASH WHITEPAPER REFORM THE BEST OF BLOCKCHAIN

Let's build a blockchain!

About cryptocurrencies and blockchains part 1. Jyväskylä 17th of April 2018 Henri Heinonen

What is Bitcoin? How Bitcoin Works. Outline. Outline. Bitcoin. Problems with Centralization

Distributed Algorithms Bitcoin

Ergo platform overview

Technical White Paper of. MOAC Mother of All Chains. June 8 th, 2017

How Bitcoin achieves Decentralization. How Bitcoin achieves Decentralization

Transactions as Proof-of-Stake! by Daniel Larimer!

CCP: Conflicts Check Protocol for Bitcoin Block Security 1

Blockchain & Distributed Internet Infrastructure

EVALUATION OF PROOF OF WORK (POW) BLOCKCHAINS SECURITY NETWORK ON SELFISH MINING

The power of Blockchain: Smart Contracts. Foteini Baldimtsi

Yada. A blockchain-based social graph

Introducing. Bitcoin. A dilettante s guide to Bitcoin scalability. BIP-9000 (self-assigned) Quote It s kind of fun to do the impossible.

Ethereum. Campbell R. Harvey* Duke University and NBER. Ashwin Ramachandran Duke University. Brent Xu ConsenSys. Innovation and Cryptoventures

BYZANTINE CONSENSUS THROUGH BITCOIN S PROOF- OF-WORK

Lecture 6. Mechanics of Bitcoin

Catena: Preventing Lies with

Bitcoin/Blockchain. Workshop

CRUDE COINS.

Blockchain (a.k.a. the slowest, most fascinating database you ll ever see)

The security and insecurity of blockchains and smart contracts

CS 251: Bitcoin and Cryptocurrencies Fall 2016

Proof of Stake Made Simple with Casper

Realization and Addressing Analysis In Blockchain Bitcoin

DEV. Deviant Coin, Innovative Anonymity. A PoS/Masternode cr yptocurrency developed with POS proof of stake.

BlockFin A Fork-Tolerant, Leaderless Consensus Protocol April

The Technology behind Smart Contracts

Introduc)on to Bitcoin

A Review on Blockchain Application for Decentralized Decision of Ownership of IoT Devices

Whitepaper Rcoin Global

BITCOIN MECHANICS AND OPTIMIZATIONS. Max Fang Philip Hayes

International Journal of Computer Engineering and Applications, Volume XIII, Issue II, Feb. 19, ISSN

What is Proof of Work?

Security: Focus of Control

Anupam Datta CMU. Fall 2015

Technical White Paper. Cube Engine Version 1.0

Transcription:

ICS 421 & ICS 690 Bitcoin & Blockchain Assoc. Prof. Lipyeow Lim Information & Computer Sciences Department University of Hawai`i at Mānoa

Accepted by: Overstock.com Expedia.com Newegg.com Tigerdirect.com Exhange to other currencies at...

Basic Concepts P2P Overlay Networking, Data Replication, Digital Signatures, Cryptographic Hash

5 P2P as Overlay Networking P2P applications need to: Track identities & IP addresses of peers (join/leave) Route messages among peers - often multi-hop Overlay network Peers doing both naming and routing at application-level IP becomes just the low-level transport A P2P app maintains routing table with IP addresses for for A and C. B TCP/IP Network C

6 Early P2P: Flooding on Overlays xyz.mp3 search xyz.mp3? Flooding

7 Early P2P: Flooding on Overlays xyz.mp3 xyz.mp3? search Flooding

8 Early P2P: Flooding on Overlays transfer

9 Early P2P: Ultra/super peers Ultra-peers can be installed (KaZaA) or self-promoted (Gnutella)

Data Replication Data is stored redundantly (replicated) on multiple sites/peers How do we keep replicas consistent? ACID is too expensive How does an Eventual consistency update on the copy at B propagate to the copies at other nodes? A B C

Digital Signatures A method to ensure the following properties on messages Authentication - proves who the sender is Non-repudiation - proves that the message is from the sender Integrity - proves that the message has not been tempered

Digital Signatures : Operations Key Generation - Sender generates keys that identify him/her Signing - Sender signs the message with his/her private key Verification - Using the sender s public key, the receiver verifies the message Signature

Digital Signatures: Key Generation Key Generation Algorithm (eg. rsa in ssh-keygen) Public Key (PK) Sender shares with receiver. Private Key (SK) Sender keeps secret!

Private Key (SK) Public Key (PK) Example of a key pair generated by ssh-keygen ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCo+XF71qfUB18M9h66UXDE8f4fgtves6ydV2iMM8Ki9H+3qSv3WXRC ZKtxHAgq+xLocM92FM9PFwvGvj4Meb++ioqzpXXWKTgnFANIO5x0I66tDFieIeF6iAJQhcGwI+hG21LAcWDgtSoXs mmld2qfrfhcjkgc2wrbqq07ba4kutklxzkeyfs/dcc7aq9dsjtbwfmwexfsx+0rwniqqug6yn7vrnfbdzrliothj N3X9ZH2HhI6BUZT4gdLMcAXbHFMtIYUG3T1jJrWDrhNASvnZYpUldM1C8pA7Uud+f+xWeWs/m7W6iBO4Jz0zhx cjdafmb+wfqcbp6/hyjzy8hq5 lipyeow@lipyeows-mbp MIIEpAIBAAKCAQEAqPlxe9an1AdfDPYeulFwxPH+H4Lb3rOsnVdojDPCovR/t6kr91l0QmSrcRwIKvsS6HDPdhTPT xclxr4+dhm/voqks6v11ik4jxqdsducdcourqxynihheogcuixbscporttswhfg4luqf7jppxdqn63xwizbnnlqwa knowwucllzc185hmh7p3xhowepq0o021nzfnlxul/tk8dsekliomj+1utxwq2usyke4std1/wr9h4sogvgu +IHSzHAF2xxTLSGFBt09Yya1g64TQEr52WKVJXTNQvKQO1Lnfn/sVnlrP5u1uogTuCc9M4cXIw2n5gfsH0Agaev4c o2wpb6uqidaqabaoibaqcgdnbesyaypsh4jgm22knxvg3avjbltjjqgect6pquyb+53bmvh96+ldowryelygm1 01okWlomayhCosfjaev/pTZpVAnqwIT2K+B2vCRh17VLQRJFUqfqaGE9tQB3V+V94Z8DYm/zlocwibFbPyRuTrgQyf 0gDTWvMwl2HAl50foPL9xpB9BL02r/RUNdiQC1FUMnHZ6W/KSbYR4Lt/l1Lbnemz30m2bz9jKPTj2hxOWGh41+jZ hc+3xyg95l1uucitjc8tpkouukapdbrw+/ii9ccxhfdyf7s7soffvjc0xb8ltqb8gad3417tfda3qydkptqvdjkywr cpnbwwqbaogban06ooj6+ocjjm4+8qtpgbdjhmnod7buvc4loa0rl5oryd2gvigjuvochuj588d9lya5rtrxolr CGFoVwNfQSqxasSKZ+yPJS9rR3XTCwrE9O+D3HQkwie+bnbMAf07lfgpXq2Jq9M++P/uNV7Tu9V8bVcQXh+Io+A iarg0pchdbaogbamoitbss2l8gsoiuqqzmxo1bjlqdlfnw//va0lx0exagc6jcqbjmt9pkpezalz84ub6oxoso HqFjRl3FSgk8+zrReUOcQkvC8TADVfgCGy3vBfkdiiX9GtssW7J8K92dSajSDyDFtCKi1uzTzqOiHEqw3GCcOO8jSrj zxrcjf4/5aogaeaqdnlbepbkkexx/injrnr54kzmyyb9s719ujbj9dlqrr6jwklcf0uowqimuzu1r4cxvef1dvm5o 1tApQoxfiALrYSD6P85LeDWH/UmSkOObJMNP023Fcg/ssVt2y2nNdTGsfvqcbvxyybJprgnoEx9w5WQi98vgi38R2v bmr4ecgyaeips67j9j9nflk494bofk3ufrk4ie+ef12dr/i/inpran/vvittxjhbp7ttwrszmako1+xiupus24nwrijbghm 7QkTUt8Vlkhs/IafnIC7rhEvtqlZuloi+7UhOy/hxZeRAD10aAL7ZrugzsXsHrXgKKb2wO3CCqDf6PilOXQgQKBgQCGU 9Uwh2B+ook71c4VDVpXB0+P2AMGj6eWkvTlxf0N+oV09vL3Ny+AAto3l30kq/Q6vkBLg8OqLwL+NTwVxa94PAfLfb fbsqucf9i+mt6y8bwgm3naxnk7pfn06mbmekts21allqwgtcey1/j+tlggnnz/gt/oaxddfyd+gxjklg==

Digital Signatures: Signing & Verifying Often a hash or digest of the message is used as input Signing Algorithm Signature Private Key (SK) Public Key (PK) Signature Verification Algorithm Yes/No Actually anyone (not just the sender) can verify the message!

Cryptographic Hash Functions Message Cryptographic Hash Function Fixed size digest Five main properties: 1. 2. 3. 4. deterministic - same message same hash quick to compute infeasible to generate a message from its hash value a small change to a message should change the hash value extensively 5. infeasible to find two different messages with the same hash value

SHA1 Broken by Google Cloud (Feb 23, 2017) In 2013, Marc Stevens outlined a theoretical approach to create a SHA-1 collision. In 2017, google started by creating a PDF prefix specifically crafted to allow us to generate two documents with arbitrary distinct visual contents, but that would hash to the same SHA-1 digest. Leveraged Google s technical expertise and cloud infrastructure Nine quintillion (9,223,372,036,854,775,808) SHA1 computations in total 6,500 years of CPU computation to complete the attack first phase 110 years of GPU computation to complete the second phase

Bitcoin & Blockchain Overview Reference: https://bitcoin.org/en/developer-guide

Bitcoin Cryptocurrency & Payment System Invented in 2008 by anonymous person Satoshi Nakamoto Peer to peer -- no centralized authority! Can be exchanged for real currency Can be used to purchase both virtual and real goods and services

Bitcoin - Key Requirements To function like real money, the system has to: Manage how much money each user has Enable the transfer of money from one user to another Ensure no double spending -- just like a physical coin, one instance of a bitcoin can only belong to one user at any one time In fact, all we care about is recording the transfer transactions! Employer vendor Work Goods/ Services

Money Transfer Cash vs Electronic vs Bitcoin Records transaction transfering $ from A to B Records transaction transfering $ from A to B Authorizes transfer User A Checks transaction User B Authorizes transfer User A Bitcoin P2P System Checks transaction User B

Bitcoin Transactions

Bitcoin Transactions as Chain of Signatures Each owner transfers the coin to the next by digitally signing a hash of the previous transaction and the public key of the next owner and adding these to the end of the coin. A payee can verify the signatures to verify the chain of ownership.

Blockchain Distributed, P2P, replicated, public, database or ledger of transactions (from the beginning of the bitcoin system) Consensus among p2p nodes are achieved using a proof of work system - the hash is computationally expensive. Transactions are grouped into blocks and blocks are chained together. Consensus chain is the authoritative history of transactions! Hash Block Hash Block Hash Block Transaction Transaction Transaction Transaction Transaction Transaction Transaction Transaction Transaction Blocks & their hashes are published via broadcast

Functional Roles 3 Types of Computer Nodes 1. Miner - hashing blocks Txn 2. Peer - relay & store txn & blocks Txn 3. Wallet -store/release funds -manage keys Block Blockchain Ledger

A Mining Node txn 1. Miner -hashing blocks Block Gets new transactions from bitcoin P2P system (peers & wallets) Packages transactions into a block Computes Proof-of-Work (cryptographic hash that meets certain target threshold criteria) on the block Adds the new block to the block chain by broadcasting block with hash Gets rewarded with a bitcoin (recorded in first txn in the block) and/or a transaction fee.

A Wallet Node 3. Wallet -store/release funds -manage keys Generates private keys Derives the corresponding public keys Helps distribute those public keys as necessary Monitors (blockchain) for outputs spent to those public keys Creates and signs transactions spending those outputs Broadcasts the signed transactions.

When is a transaction committed? After a txn is broadcasted, mining nodes will try to incorporate that txn into a block and into the blockchain The blockchain can diverge like a tree, but the longest blockchain is chosen as the consensus The number of blocks chained to the block containing the txn is an indication of how securely entrenched An adversary changing the block will have to rehash all subsequent blocks. When more than 6 blocks have chained to the txn block, the txn can be considered committed

How to Prevent Double Spending? Double spend = two transactions trying to spend the same bitcoins succeeds Upon receiving txn, all bitcoin nodes check the validity of the input of the txn against the txn that is the source of funds in the block chain Now, we need to ensure two concurrent (double spend) txns x & y do not both succeed. Mining Node i Mining Node j Block k Block w Txn x Block k Block v Txn y Block u At some point the next block will get added and the longer block will dominate When the shorter chain is discarded, txn y will be rejected.

Compression of Transactions in a Block Earlier we said a block stores a set of transactions. In reality, the set of transactions are compressed using a Merkle Tree and only the tree root is stored in the block! (((A B ) (C D ) ) ((E E ) (E E ) ) ) ((A B ) (C D ) ) (A B ) ((E E ) (E E ) ) (C D ) Only the hash of the Merkle Tree root is stored in the block (E E ) Hash A B C D E Txns A B C D E To verify D was added to block, the client only needs C, (A B ), ((E E ) (E E ) ) and the root that is in the block

Bitcoin P2P Networking Who & where are my peers? Nodes/client programs have hardcoded IP addresses to DNS seed nodes. DNS seed nodes are maintained by Bitcoin community semi-automatically to store IP addresses of Bitcoin full nodes. Nodes/client query DNS seed nodes for full nodes that are accepting connections. Results are not authenticated! Once connected, full peer nodes will continuously provide updates on IP addresses of other peer nodes. Once P2P network connection is established, mining nodes can use additional higher speed network connections to speed up block propagation.

Initial Block Download (IBD) When a full node first joins the P2P system, it only has the hardcoded genesis block (block 0) it must download and validate all blocks from block 1 to the current tip of the best block chain. IBD also used any time the last block on its local best block chain has a block header time more than 24 hours in the past. It chooses a remote peer, called the sync node, and sends it the getblocks message

Bitcoin Nodes

The Devil is in the Details

Transactions: Input & Output Each transaction has at least one input and one output. Each input spends the satoshis paid to a previous output. Each output then waits as an Unspent Transaction Output (UTXO) until a later input spends it. Each transaction is prefixed by a four-byte transaction version number tells Bitcoin peers and miners which set of validation rules to use This lets developers create new rules for future transactions without invalidating previous transactions.

Transactions: Pubkey & Signature Scripts Anyone who can satisfy the conditions of that pubkey script can spend the satoshis. A signature script provides data parameters that satisfy the conditionals in the pubkey script. An output has an implied index based on its location in the txn. The output also has an amount in satoshis which it pays to a conditional pubkey script. An input uses a txn identifier (txid) and an output index to identify a particular output to be spent.

Alice pays Bob using Pay-To-Public-Key-Hash (P2PKH) Payee (Bob s) Bitocin address. Bob can later spend those satoshis using his private key. Elliptic Curve Digital Signature Algorithm (ECDSA) with the secp256k1 curve; Private keys are 256 bits Alice broadcasts the transaction and it is added to the block chain.balance. The Bitcoin network categorizes it as an Unspent Transaction Output (UTXO), and Bob s wallet software displays it as a spendable balance.

Spending the Previous Payment The output of the txn Alice created to pay Bob earlier. Bob creates an input which references the txn 1 hash, aka txid, and the specific output she used by its output index Bob creates a signature script ( scriptsigs ) - a collection of data parameters which satisfy the conditions Alice placed in the previous output s pubkey script. Pubkey & signature scripts combine secp256k1 pubkeys and signatures with conditional logic, creating a programmable authorization mechanism.

Peers: Upon Receiving a Txn Checks validity of txn (against its local copy of the blockchain) Peer Node Txn Txn Memory Local Blockchain Caches the unconfirmed txns in memory Forwards valid txns Never-mined unconfirmed txns tend to slowly disappear from the network as peers restart or as they purge some txns to make room in memory for others. As each newly mined block is added to the blockchain, any transactions it confirms are removed from the memory pool.

Mining Nodes: Requests Txns for Mining Constructs a block & the 80-byte block header (with Merkle root) Sends header & target threshold to ASIC BLK Request for Txns a set of Txns Mining Node ASIC Computes hash of the block header meeting target threshold. Broadcasts new block & header Miners get paid via a coinbase txn that gets added to the block Iterates through every possible value for the block header nonce and generates the corresponding hash (SHA256) - Proof of work -- typically using Application-Specific Integrated Circuit (ASIC)

Proof of Work Iterates the block header nonce in order to Create a hash of the block header which does not exceed a certain value. For example, if the maximum possible hash value is 2^256 1, you can prove that you tried up to two combinations by producing a hash value less than 2^255. Number of preceding zeroes New blocks will only be added to the block chain if their hash is at least as challenging as a difficulty value expected by the consensus protocol. The difficulty of the proof of work is what makes blocks scarce (& hence a bitcoin)!

Peers: Upon Receiving a Block Checks validity of BLK (against its local copy of the blockchain) Peer Node BLK Adds BLK to local blockchain Apparent Fork BLK Memory Local Blockchain Forwards valid BLK Multiple blocks can have the same block height (eg. when two or more miners each produce a block at the same time) Assuming a fork only contains valid blocks, normal peers always follow the the most difficult chain to recreate and throw away stale blocks belonging to shorter forks.

Blockchain Confirmations 0 confirmations: The transaction has been broadcast but is still not included in any block. 1 confirmation: The transaction is included in the latest block and double-spend risk decreases dramatically. 2 confirmations: The most recent block was chained to the block which includes the transaction. Two block replacements were exceedingly rare, and an attack will require expensive mining equipment. 6 confirmations: The network has spent about an hour working to protect the transaction against double spends and the transaction is buried under six blocks. Even a reasonably lucky attacker would require a large percentage of the total network hashing power to replace six blocks.

44 Putting it all together Txn Txn Blk Blk TCP/IP Network

Detecting Problems Misbehaving peers who take up bandwidth and computing resources by sending false information are banned. If a peer gets a banscore above the -banscore=<n> threshold, he will be banned for the number of seconds defined by -bantime=<n> (default = 86,400s=24 hrs.). Detecting Double Spend Attempts Connect to large numbers of Bitcoin peers to track how transactions and blocks differ from each other (eg. if any UTXO is used in multiple unconfirmed transactions) Stop payment until confirmation When multiple peers report differing block header hashes at the same block height. Your program can go into a safe mode.

Ethereum DAO Hard Fork Incident http://www.coindesk.com/ethereum-executes-blockchain-hard -fork-return-dao-investor-funds/ The compromise: a transaction was successfully added to the blockchain that stole funds from the DAO account A community of ethereum users/miners engineered a hard fork to reverse or undo the illegal transaction The decision to hard fork was initially met with resistance by some members of the ethereum community who were concerned it might undermine the perception that the blockchain was immutable, and that contract agreements, once settled to the blockchain, would be final.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback