Your SlideShare is downloading. ×

Intro to Bitcoin

1,699

Published on

Intro to Bitcoin on GDG March 2013 …

Intro to Bitcoin on GDG March 2013

http://www.meetup.com/GDG-Tel-Aviv/events/107511362/

Published in: Technology
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,699
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
36
Comments
0
Likes
3
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Bitcoins are valuable objects that can be owned and sent. As such they can act as a medium of exchange – one can work or offer goods and services and get bitcoins in return, and then use those bitcoins to pay for the goods and services he needs.
  • Data on ownership is stored by every computer on the network. For an individual to claim ownership of his coins (and send them to another party) he needs a piece of information called a “private key”. Private keys are typically stored on a computer and handled by a client software, but they can be stored anywhere – e.g., paper wallets and physical bitcoins.
  • Satoshi Nakamoto published the Bitcoin whitepaper (http://bitcoin.org/bitcoin.pdf) in 2008, and probably started working on it in 2007. The first version of the client software started running in January 2009.
  • There are many software clients available following the Bitcoin protocol, all of them free open-source software (though nothing in principle prevents a proprietary software adhering to the protocol). The standard software is available at http://bitcoin.org/.There are also web wallets and hybrid wallets.When the software is run it generates (using the machine’s pseudo-random number generator) ECDSA private-public key pairs and stores them locally. The private keys are used to claim coins sent to the associated addresses.
  • Bitcoins can be stored and sent without needing a bank or services like PayPal or a credit card, allowing a more autonomous existence and protecting from deficiencies in the quality of such services.Sending an receiving can be done with the click of a button – no need to fill out forms or apply for merchant accounts.Fees are currently up to half a cent per transaction, and in the future shouldn’t be much higher than the marginal resource cost.There is no single entity which could create a loss of service by failing.Unlike traditional payment solutions, payment is based on digital signatures rather than passwords (which need to be shared). Additional security can obtained with wallet backups, multi-signature transactions and so on.Total number of bitcoins is capped at 21 million rather than being inflatable arbitrarily. This makes them a viable long-term store of value.Bitcoin payments cannot be reversed by fraudulent buyers; merchants no longer need to worry about fraud, allowing them to lower their prices.Not being beholden to any country, they can be used internationally – adding stability, and obviating the trouble and significant costs of currency conversion.Consequently, they can be used as a stable medium of exchange for countries with a weak economy and start-up countries.Users on the Bitcoin network are identified by addresses, which needn’t be linked to their identities. This allows maintaining privacy and resisting oppressive regimes.All transactions are recorded in the public pseudonymous blockchain, thus there can be no conflict whether a payment was sent or not.Bitcoin can be used in various advanced applications – smart property, assurance contracts, escrow, off-chain transactions, colored coins and so on. The technology can be used for other decentralized applications, such as the alternative DNS system Namecoin.
  • Bitcoins can be stored and sent without needing a bank or services like PayPal or a credit card, allowing a more autonomous existence and protecting from deficiencies in the quality of such services.Sending an receiving can be done with the click of a button – no need to fill out forms or apply for merchant accounts.Fees are currently up to half a cent per transaction, and in the future shouldn’t be much higher than the marginal resource cost.There is no single entity which could create a loss of service by failing.Unlike traditional payment solutions, payment is based on digital signatures rather than passwords (which need to be shared). Additional security can obtained with wallet backups, multi-signature transactions and so on.Total number of bitcoins is capped at 21 million rather than being inflatable arbitrarily. This makes them a viable long-term store of value.Bitcoin payments cannot be reversed by fraudulent buyers; merchants no longer need to worry about fraud, allowing them to lower their prices.Not being beholden to any country, they can be used internationally – adding stability, and obviating the trouble and significant costs of currency conversion.Consequently, they can be used as a stable medium of exchange for countries with a weak economy and start-up countries.Users on the Bitcoin network are identified by addresses, which needn’t be linked to their identities. This allows maintaining privacy and resisting oppressive regimes.All transactions are recorded in the public pseudonymous blockchain, thus there can be no conflict whether a payment was sent or not.Bitcoin can be used in various advanced applications – smart property, assurance contracts, escrow, off-chain transactions, colored coins and so on. The technology can be used for other decentralized applications, such as the alternative DNS system Namecoin.
  • The smallest denomination of Bitcoin with the current protocol is a “satoshi”, equal to 10^(-8)bitcoins. Each bitcoin can be divided to 100 million satoshis. Unlike the association of “coins” may suggest, satoshis aren’t accounted for individually – a transaction specifies how many satoshis are to be sent as an integer variable.When people first hear about Bitcoin, a common reaction is “21 million bitcoins aren’t enough”. But since bitcoins are divisible essentially infinitely, this is not an issue at all and the number 21 million is completely arbitrary.Illustration of inflation rate and price history are on the next slides.
  • Half of the total 21 million bitcoins (10.5 million) are to be created within the first (roughly) 4 years, at a constant rate (roughly 7200 per day); then the creation rate is halved, so that half of the remaining coins (5.25 million) are to be created within the next 4 years (at a rate of 3600 per day); and so on.
  • The exchange rate was about half a cent per BTC in May 2010. Mtgox trading started at July 2010 at a rate of $0.05. By March 2011 it was around $1, and from April quickly climbed up to the all-time high of $32 on June 8, 2011. Then it declined to $2 in November 2011, stayed around $5 from March to June 2012, and as of November 2012 is around $12.The exchange rate is very volatile – a change of 20% within a day is considered normal.
  • This is just an incomplete description of the spirit of transactions. More accurate details are to follow.
  • As explained in the next slide, a transaction is a collection of inputs and outputs. An output specifies a receiver and amount. An input is a reference to some unspent output of an earlier transaction. The transaction hash must be digitally signed by the private key corresponding to each input.The fundamental unit of account in Bitcoin is an output. Contrary to popular myth, transaction inputs don’t reference addresses, they reference outputs. “Having X bitcoins” really means “there are unspent outputs which I can authorize in a transaction because I have the corresponding private key, with a total value of X bitcoins between them”.The requirement of having digital signatures means you can authorize a payment without handing out the data needed to authorize payments.
  • Each computer with the standard software installed is a node in the peer-to-peer network, receiving transaction data from other nodes, verifying it, storing it, and propagating it to other nodes.The standard software also acts as a wallet: Generates private keys and associated addresses, and uses the keys to sign transactions to send coins received to these addresses.
  • This is a synchronization problem. It doesn’t matter which transaction (in a conflicting pair) is considered valid, as long as some transaction is eventually chosen, everyone agrees on this transaction, and it is clear when we can be sure that the decision is final.One naïve solution is that each node will consider the first transaction (in a conflicting pair) as valid, unless it is convinced to switch by a majority vote. However:Every node is connected to a different subset of nodes, and thus different nodes will see a different majority.As such, there is no guarantee of convergence – the network could stagnate in a fork or oscillate.Identifying yourself as a node is cheap – an attacker could run many nodes and distort the decision.Even without many nodes, an attacker can influence nodes with a “divide and conquer” approach – isolating nodes one by one and causing them to flip.In one variant, a node will cement its choice and not agree to switch it after some time has passed. This alleviates some of these problems, but intensifies others. An isolated node which cemented on a transaction other than the rest of the network will be forever stuck on the wrong version, not changing even after being exposed to the larger network. Also, it is impossible for a new node joining the network to get an accurate history of what earlier transpired.“Proof of stake” is a family of proposals which give synchronization power to holders of bitcoins. These methods, however, also rely on Bitcoin’s hash-based blockchain.
  • Every block includes a list of transactions, organized in a “Merkle Tree” which results in a Merkle root. The block header contains the version number, hash of the previous block in the chain, Merkle root, timestamp, hash target (expressed in “bits” format), nonce and an unused tx count.The SHA-256 hash of the block header is the block hash which identifies it. The hash must be lower than the target for the block to be valid.
  • In principle, an attacker with less than 50% of the network hashrate can try to establish an alternative history, but his probability of success becomes lower the more subsequent blocks in the chain there are. The standard clients considers 6 confirmations (5 blocks after the block which includes the transaction) to be sufficient to make the probability of success of an attacker with typical hashrate to be very low. Since “typical hashrate” and “very low” are ill-defined, this number is completely arbitrary.The more computational resources are dedicated to hashing according to protocol, the harder it is for attackers to perform a hashrate-based attack, and hence the more secure the network.
  • Since Bitcoin is digital and decentralized, the initial distribution of coins must be computational and internal – it cannot refer to “outside world” things such as ID numbers, as there is no service authorized to verify them. Distribution according to the amount of computational work done is pretty much the only objective and robust method.The same work done for synchronizing transactions, is used for determining the initial distribution. It is not mandatory that these two issues are married, but it is natural and efficient. It provides an incentive for people to secure the network during its early stages.As time goes by, less new bitcoins are generated per block and rewarded to miners, and transaction fees paid by users will be required to incentivize keeping the network secure. The dynamics of that era are an interesting open problem.
  • Since Bitcoin is digital and decentralized, the initial distribution of coins must be computational and internal – it cannot refer to “outside world” things such as ID numbers, as there is no service authorized to verify them. Distribution according to the amount of computational work done is pretty much the only objective and robust method.The same work done for synchronizing transactions, is used for determining the initial distribution. It is not mandatory that these two issues are married, but it is natural and efficient. It provides an incentive for people to secure the network during its early stages.As time goes by, less new bitcoins are generated per block and rewarded to miners, and transaction fees paid by users will be required to incentivize keeping the network secure. The dynamics of that era are an interesting open problem.
  • Since Bitcoin is digital and decentralized, the initial distribution of coins must be computational and internal – it cannot refer to “outside world” things such as ID numbers, as there is no service authorized to verify them. Distribution according to the amount of computational work done is pretty much the only objective and robust method.The same work done for synchronizing transactions, is used for determining the initial distribution. It is not mandatory that these two issues are married, but it is natural and efficient. It provides an incentive for people to secure the network during its early stages.As time goes by, less new bitcoins are generated per block and rewarded to miners, and transaction fees paid by users will be required to incentivize keeping the network secure. The dynamics of that era are an interesting open problem.
  • Since Bitcoin is digital and decentralized, the initial distribution of coins must be computational and internal – it cannot refer to “outside world” things such as ID numbers, as there is no service authorized to verify them. Distribution according to the amount of computational work done is pretty much the only objective and robust method.The same work done for synchronizing transactions, is used for determining the initial distribution. It is not mandatory that these two issues are married, but it is natural and efficient. It provides an incentive for people to secure the network during its early stages.As time goes by, less new bitcoins are generated per block and rewarded to miners, and transaction fees paid by users will be required to incentivize keeping the network secure. The dynamics of that era are an interesting open problem.
  • Transcript

    • 1. The world’s first decentralized digital currency Ron Gross ron.gross@bitcoil.co.il Adapted from slides by Meni Rosenfeld meni@bitcoil.co.il 1
    • 2. Adoption (March 2013) “Market capitalization”: $500M Users: ~ 150-200K Bitcoin-accepting businesses: > 3000, including  Wordpress.com  Reddit.com  Namecheap  … Donations: Wikileaks, Internet Archive, xkcd… Academic research: WIS (Adi Shamir), Microsoft, Cornell, ETH Zurich… Reports: FBI, European Central Bank… 2
    • 3. Bitcoin is a currency Facilitates the trade of one good for another Has all properties of a currency Does not need to have “intrinsic” value The value is determined by supply and demand 3
    • 4. Bitcoin is digital Ownership of bitcoins is digital information Typically used on the internet  But not only (e.g. smartphones / physical bitcoins) Based on cryptography 4
    • 5. Bitcoin is decentralized No company “Bitcoin Ltd.” No central issuer or controller Based on a public protocol A p2p network of nodes running open source software Multiple parties are each “doing their own thing” 5
    • 6. Bitcoin is the first! Plenty of physical currencies (commodities)  Gold, silver, seashells, rocks … Plenty of centralized digital currencies  PayPal, WebMoney, e-gold, WoW gold, Second Life, … Bitcoin is the first decentralized digital currency Invented in 2008 by “Satoshi Nakamoto” 6
    • 7. How to use? Install one of the open-source clients Client generates “addresses”, which are like bank accounts e.g. 1BBsbEq8Q29JpQr4jygjPof7F7uphqyUCQ To receive bitcoins, let the sender know your address To send bitcoins, specify receiving address and amount, and click “send” 7
    • 8. Why? No need for 3rd party Easy to send and receive money Almost no fees No single point of failure 8
    • 9. Why? Limited supply – no arbitrary printing of money No chargebacks International Pseudonymous 9
    • 10. Numbers Max money supply = 21 million BTC  Currently, 11 million Each bitcoin is currently worth roughly $45 Bitcoins can be specified with 8 decimal places  2.1 1015 atomic units (“satoshis”)  0.003 BTC per person alive today Monetary inflation rate is decaying exponent 10
    • 11. Inflation schedule 11
    • 12. Historic price chart bitcoincharts.com 12
    • 13. How does Bitcoin work? 13
    • 14. Public key cryptography Every user has a private key and a public key Public key is uniquely determined by the private key Virtually impossible to compute private key from public key Can be used for encryption and digital signatures 14
    • 15. Digital signatures User wants to send a message and prove that he wrote it Gets (message, private key) and computes a signature Recipient verifies the signature using the known public key Only the user who possesses the private key can sign Examples: RSA, ECDSA 15
    • 16. Hash functions Example: SHA-256 Transforms any data to a 256-bit number  Any input change significantly alters the output  Very hard to reverse The hash output behaves like a random function 16
    • 17. Bitcoin system components A transaction structure for managing ownership A p2p network for propagating, verifying and storing transaction data A proof-of-work system (hashing, “mining”) for:  Synchronizing transactions  Determining initial distribution of coins 17
    • 18. Coins The fundamental building block of Bitcoin is a “coin” A coin is characterized by:  Unique ID  Quantity (denomination) – arbitrary number with 8 decimal places  Owner 6.3 2.4 18
    • 19. Coins Coins can be split and merged If Alice wants to send bitcoins to Bob, she will merge some of her coins and split the result between her and Bob 6 2 2.5 8.5 1.5 7 19
    • 20. Transactions The owner of a coin is identified by an “address” Each address is associated with a private key To send a coin, the owner signs a message “this coin now belongs to address XYZ” The process is is called a “transaction” 20
    • 21. Transaction structure Transaction Input #1 Output ref.; signature Output #1 Receiving address; amount Input #2 Output ref.; signature Output #2 Receiving address; amount Input #3 Output ref.; signature 21
    • 22. Transaction rules Inputs are “unspent outputs” of previous TX Total coins in <= Total coins out Voluntary TX fee = Coins In – Coins Out Miners include a special “generating TX” 22
    • 23. The Network 23
    • 24. Problem: Double spending Using the same coin to pay 2 different recipients  No agreement on who is the “true” recipient  One recipient will be out of his coins  Some way to enforce ordering is needed Traditional solution: Central authority Prior decentralized solutions have vulnerabilities The first working decentralized solution is the blockchain 24
    • 25. Preventing double spends Suppose there was just one coin Two conflicting transactions: Only one transaction will be accepted Doesn’t matter which one (if everyone agree eventually) 25
    • 26. Solution: The blockchain Transactions are grouped into blocks Blocks are confirmed with proof of work (= hashing) A transaction is final if it is included in a block Each block references a previous block to form a chain In case of conflict: the TX with more confirms wins 26
    • 27. The Blockchain Block Block Block Block Block Block Block 208364 Nonce Prev. block hash Metadata Transactions: Tx Tx Tx Tx Tx Tx Tx Tx 27
    • 28. Conflicts4/2/2013 Written by Meni Rosenfeld 28
    • 29. Evolution of MiningCPU FPGA ASIC GPU 29
    • 30. Possible Futures 30
    • 31. Failure Bitcoin is hacked Bitcoin is outlawed / over-regulated People lose interest… Value drops close to $0 31
    • 32. Stagnation Usage remains at current levels / drops Remains “the geek currency” Value stabilizes somewhere in $1-100 32
    • 33. Bitcoin Wins! Network effect keeps Bitcoin in the lead More business and users accept it Fiat currencies inflate to zero value Bitcoin becomes 1-100% of the world’s market 1 BTC > $10,000-100,000 33
    • 34. Questions? 34
    • 35. Thank you Meni Rosenfeld  meni@bitcoil.co.il  https://bitcoil.co.il  1DdrvajpK221W9dTzo5cLoxMnaxu859QN6 Ron Gross  ron@bitcoil.co.il  http://ripper234.com/  1dTGdZcckzX5cdjigZBzwFtuWmio2jtWa 35

    ×