BitCoinsCrypto in the service of electronic currency or just a fad?
Agenda for today• Definition• Cryptographic aspects• A peek into the market• Questions raised
How it all began• “Bitcoin: a peer-to-peer electronic cash system” – Satoshi Nakamoto (?), 24 May 2009
Philosophy• Commerce requires trust• Costs of mediation and dispute resolution increase transaction cost• Merchants become wary of their customers• Replace trust with cryptographic proof• Drop the need for a trusted third party
In a nutshell• P2P distributed timestamp server generates computational proof of the chronological order of transactions.• System is secure as long as honest parties have more CPU power than the attackers.
Electronic coin• An electronic coin is a chain of digital signatures.• To transfer a coin to the next owner: – Add a hash of the previous transaction. – Add the public key of the next owner. – Sign both with own private key.
The double spending problem• Payee can’t verify that no double spending occurred• In other words, payee wants to know that previous owners didn’t sign any earlier transactions• Usually a bank or mint is needed to verify that
Solution?• The only way to confirm the absence of a transaction is to be aware of all of them• Instead of the bank being aware of all transactions, they are publicly announced• Need a system where participants agree on a single history of the order in which transactions occurred• Payee needs proof that at time of purchase, the majority of participants agreed it was the first received
Timestamp server• Takes a block of items to be timestamped, adds a timestamp and publicly publishes the hash• Each timestamp contains the previous one.
Proof-of-work• Prove that CPU work was indeed spent• Used for example in Hashcash scheme against e-mail spam• Here, compute SHA256-square preimage for value with small numerical value (certain number of leading zeros)• Difficulty is calibrated to achieve a semi fixed rate of solutions• “One vote one CPU”
Putting it all together• New transactions broadcast to all nodes• Each node collects new transactions into a block• Each node works on finding a difficult proof-of-work for its block• When a node finds a proof-of-work, it broadcasts it to all nodes• Nodes accept the block only if all transactions in it are valid and are not already spent• Nodes express their acceptance of the block by working on the next block, using the hash of the accepted block
Incentives• First transaction in block can generate new coins to be owned by the creator of the block – Gold mining rate is controlled, can reach zero• Transaction fees can be collected by a difference between input value and output value• Powerful parties stand to gain more from collecting fees than from trying to defraud the scheme
Disk space usage• Once transactions are old enough, they can be discarded to save disk space• By using a Merkle Tree, we can include only the root hash in the block header• A block header is only about 80 bytes, with a block every 10 minutes this is 4.2MB per year
Anonymity• All transactions are public• But identities are kept secret: public keys are anonymous• To avoid linking transactions, one can use a new keypair with every transaction…
Problems• Unfair initial distribution• Technical complexity• Difficulty in defending the network• Fluctuation in exchange rates• Malware and theft• Criminal uses• Covert mining using botnets etc.