SlideShare a Scribd company logo

Bitcoin, the Protocol

G-J van Rooyen
G-J van Rooyen

After four years of quiet growth and development, the Bitcoin cryptocurrency leaped into prominence during 2013. Much of the current discourse around Bitcoin focuses on its viability as currency and its valuation. However, to appreciate its potential as the “Internet of ownership transfer”, a deeper understanding of its technical underpinnings is needed. In this colloquium, Prof G-J van Rooyen gives a technological primer on the nuts and bolts of the cryptocurrency. The talk will demonstrate how the cunning use of hashes makes it possible to transfer ownership in such a way that cheating (double-spending) is impossible in a correctly functioning network. This is shown to be the most successful solution to the long-standing Byzantine Generals Problem, and a breakthrough in distributed information management. The talk will also show how the Bitcoin peer-to-peer network forms the first widespread use of triple-entry accounting, and consider the applications of such technology. We will briefly dip into the scripting language built into the protocol: “DUP HASH160 EQUALVERIFY CHECKSIG” turns the Bitcoin protocol into Bitcoin the currency. More advanced scripts can make arbitrarily complex contracts and interactions possible.

Economy & FinanceTechnology
1 of 44
Download to read offline
the Protocol G-J van Rooyen 20 February 2014
“With e-currency based on cryptographic proof, without the need to trust a third-party middleman, money can be secure and transactions effortless.” ! – Satoshi Nakamoto
“We can laugh at Bitcoin, but real guys, in real basements, are losing real fake money right now.” ! – David Clinch
This talk is not about… • …is Bitcoin “real” money? • …is Bitcoin a good investment? • …will Bitcoin replace the dollar/rand/yen? • …is Dogecoin/Litecoin better than Bitcoin? • …exchange volatility
We will talk about… • …difficulty of trust-free agreement in a decentralised P2P network (Byzantine Generals) • …triple-entry accounting • …how Bitcoin transactions are built and verified • …the scripting language built into the protocol • …scripted contracts (“Bitcoin 2.0”)
Abstraction, Level 1
Abstraction, Level 2
Abstraction, Level 3 BANKING EFT BITCOIN
Byzantine Generals • N generals need to coordinate an attack • Messages are passed amongst each other • Traitorous generals may pass on false messages • Consensus very difficult • Lamport: solution for 2/3 trust (later > 50%)
Nakamoto’s Solution • Scenario: generals have to agree on time to attack • A random general proposes a time and distributes the message • Other generals “sign off” (agree) on time adding a hash that’s computationally difficult to compute (but trivial to verify) • A chain of time-plus-hashes builds up and is distributed • Over time, the generals become convinced that the majority of the computational power of the network has reached consensus. • If an attacker injects a fake time to spread confusion, the network selects the chain with the longest sequence of valid hashes
Proof-of-work
Application to ownership transfer • I can sign a “cheque” giving away money I own • Everyone can verify the transaction is valid • A double-spend of money is always invalid • People who “audited” the transaction sign it off by proof-of-work
Single-entry accounting • “Write down income and expenses” • If you leave out a number, no-one will know • Bookkeeper always has plausible deniability (it was an honest mistake!) • Limited businesses to family and crown
Double-entry accounting • Florence, late 13th century • Much more difficult to “cook books” • Gave rise to the modern enterprise
Bitcoin as triple-entry • Alice debits her wallet, and credits Bob’s
 (double-entry) • Ivan audits transaction • Ivan commits it to the public ledger
 (third entry) • No central authority • Non-repudiable transaction
The basics of Bitcoin Back to Abstraction, Level 2
E The basics of Bitcoin:
 Private keys Import Format) Private Key (Wallet • Each “account”
 = random 256-bit number • Private key, must be kept secret • SECRET Need not be stored digitally
 – can be on paper or memorised ZLtyuu1z to open an account?
 • Want Guess a number! QR code representation of the private key! x3qRcMD5FyogomtVnABuToGCoVVDC9HvPMwDgARWBqzzzNte 5KQx3qRcMD5FyogomtVnABuToGCoVVDC9HvPMwDgARWBqzzzNte le pairing of a Bitcoin address with its corresponding Bitcoin private
The basics of Bitcoin:
 Public keys and addresses Bitcoin Address • ECDSA is used to generate a public key from the PrivKey • The PubKey can be used to verify transactions signed using the PrivKey • 64-byte PubKeys are unwieldy, and are hashed down to 20-byte addresses SH 1MZhiFUaJSLpUyrCj8de7 QR code representation of the address! 1MZhiFUaJSLpUyrCj8de7d5UMvZLtyuu1z
Crypto-primer: Hashes • Hashing: D = H(M) • D is usually much shorter than M • It is impossible to get back to M just from D • SHA256 and RIPEMD-160 used in Bitcoin
Crypto-primer: Signatures • Hashing: D = H(M) • Signing: σ = S(D, Pr)! • Verification: ß = V(D, σ, Pu) • Only the owner of the private key can sign a message (transaction) • Anyone who knows a user’s public key can verify that she signed it • ECDSA used in Bitcoin
Bitcoin transactions
Signing inputs
A full transaction Field Description Version # Currently 1 In-counter Positive integer Size! [b] 4 1-9 References to outputs of previous List of inputs transactions Out-counter Positive integer 1-9 Values of outputs, and scripts dictating List of outputs how they may be claimed Lock time Time stamp when transaction becomes final (default 0 = immediately) 4
A sample transaction Input:! Previous tx: f5d8ee39a430901c91a5917b9f2dc19d6d1a0e9cea205b009ca73dd04 470b9a6! Index: 0! scriptSig: 304502206e21798a42fae0e854281abd38bacd1aeed3ee3738d9e1446 618c4571d1090db022100e2ac980643b0b82c0e88ffdfec6b64e3e6ba 35e7ba5fdd7d5d6cc8d25c6b241501! ! Output:! Value: 5000000000! scriptPubKey: OP_DUP OP_HASH160 404371705fa9bd789a2fcd52d2c580b65d35549d! OP_EQUALVERIFY OP_CHECKSIG
The output script • Each output has a script specifying how it may be claimed • FORTH-like scripting language • Deliberately Turing-incomplete • Can specify anything: • “anyone can have this” • pay to specific address • highly complex contracts (e.g. “pay out when I die”)
The simplest script • Pay-to-PubkeyHash (give money to an address) • scriptPubKey: OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG • scriptSig: <sig> <pubKey> • scriptSig and scriptPubKey are combined, and then stack processing is done operation-by-operation
The simplest script: Step 1 STACK • scriptSig and scriptPubKey are combined • Unprocessed script:
 <sig> <pubKey> OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG (empty)
The simplest script: Step 2 STACK • The constants <sig> and <pubKey> are added to the stack • Unprocessed script:
 <sig> <pubKey> OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG <pubKey> <sig>
The simplest script: Step 3 STACK • The top stack item is duplicated • Unprocessed script:
 <sig> <pubKey> OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG <pubKey> <pubKey> <sig>
The simplest script: Step 4 • The top stack item is hashed! • This calculates and address from the claimant’s public key • (we must ensure this is the same as the TXout’s address) • Unprocessed script:
 <sig> <pubKey> OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG STACK <pubHashA> <pubKey> <sig>
The simplest script: Step 5 STACK • • Another constant (the previous output’s destination address) is added to the stack Unprocessed script:
 <sig> <pubKey> OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG <pubKeyHash> <pubHashA> <pubKey> <sig>
The simplest script: Step 6 • Verify that the claimant’s public key actually matches the previous transaction’s output address! • If false, the transaction is rejected an not distributed further • Unprocessed script:
 <sig> <pubKey> OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG STACK <pubKey> <sig>
The simplest script: Step 7 • Verify that the claimant’s public key confirms the transaction’s signature! • If false, the transaction is rejected an not distributed further • Unprocessed script:
 <sig> <pubKey> OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG STACK (empty)
We just used 4 opcodes… enum  opcodetype   {          //  push  value          OP_0  =  0x00,          OP_FALSE  =  OP_0,          OP_PUSHDATA1  =  0x4c,          OP_PUSHDATA2  =  0x4d,          OP_PUSHDATA4  =  0x4e,          OP_1NEGATE  =  0x4f,          OP_RESERVED  =  0x50,          OP_1  =  0x51,          OP_TRUE=OP_1,          OP_2  =  0x52,          OP_3  =  0x53,          OP_4  =  0x54,          OP_5  =  0x55,          OP_6  =  0x56,          OP_7  =  0x57,          OP_8  =  0x58,          OP_9  =  0x59,          OP_10  =  0x5a,          OP_11  =  0x5b,          OP_12  =  0x5c,          OP_13  =  0x5d,          OP_14  =  0x5e,          OP_15  =  0x5f,          OP_16  =  0x60,   !        //  control          OP_NOP  =  0x61,          OP_VER  =  0x62,          OP_IF  =  0x63,          OP_NOTIF  =  0x64,          OP_VERIF  =  0x65,          OP_VERNOTIF  =  0x66,          OP_ELSE  =  0x67,          OP_ENDIF  =  0x68,          OP_VERIFY  =  0x69,          OP_RETURN  =  0x6a,   !        //  stack  ops          OP_TOALTSTACK  =  0x6b,          OP_FROMALTSTACK  =  0x6c,          OP_2DROP  =  0x6d,          OP_2DUP  =  0x6e,          OP_3DUP  =  0x6f,          OP_2OVER  =  0x70,          OP_2ROT  =  0x71,          OP_2SWAP  =  0x72,          OP_IFDUP  =  0x73,          OP_DEPTH  =  0x74,          OP_DROP  =  0x75,          OP_DUP  =  0x76,          OP_NIP  =  0x77,          OP_OVER  =  0x78,          OP_PICK  =  0x79,          OP_ROLL  =  0x7a,          OP_ROT  =  0x7b,          OP_SWAP  =  0x7c,          OP_TUCK  =  0x7d,          //  numeric          OP_1ADD  =  0x8b,          OP_1SUB  =  0x8c,          OP_2MUL  =  0x8d,          OP_2DIV  =  0x8e,          OP_NEGATE  =  0x8f,          OP_ABS  =  0x90,          OP_NOT  =  0x91,          OP_0NOTEQUAL  =  0x92,   !        OP_ADD  =  0x93,          OP_SUB  =  0x94,          OP_MUL  =  0x95,          OP_DIV  =  0x96,          OP_MOD  =  0x97,          OP_LSHIFT  =  0x98,          OP_RSHIFT  =  0x99,   ! !        OP_BOOLAND  =  0x9a,          OP_BOOLOR  =  0x9b,          OP_NUMEQUAL  =  0x9c,          OP_NUMEQUALVERIFY  =  0x9d,          OP_NUMNOTEQUAL  =  0x9e,          OP_LESSTHAN  =  0x9f,          OP_GREATERTHAN  =  0xa0,          OP_LESSTHANOREQUAL  =  0xa1,          OP_GREATERTHANOREQUAL  =          OP_MIN  =  0xa3,          OP_MAX  =  0xa4,   !        //  crypto          OP_RIPEMD160  =  0xa6,          OP_SHA1  =  0xa7,          OP_SHA256  =  0xa8,          OP_HASH160  =  0xa9,          OP_HASH256  =  0xaa,          OP_CODESEPARATOR  =  0xab,   !        //  splice  ops          OP_CAT  =  0x7e,          OP_SUBSTR  =  0x7f,          OP_LEFT  =  0x80,          OP_RIGHT  =  0x81,          OP_SIZE  =  0x82,          //  bit  logic          OP_INVERT  =  0x83,          OP_AND  =  0x84,          OP_OR  =  0x85,          OP_XOR  =  0x86,          OP_EQUAL  =  0x87,          OP_EQUALVERIFY  =  0x88,          OP_RESERVED1  =  0x89,          OP_RESERVED2  =  0x8a,   !        OP_WITHIN  =  0xa5,   !        OP_CHECKSIG  =  0xac,          OP_CHECKSIGVERIFY  =  0xad,          OP_CHECKMULTISIG  =  0xae,          OP_CHECKMULTISIGVERIFY  =   !        //  expansion          OP_NOP1  =  0xb0,          OP_NOP2  =  0xb1,          OP_NOP3  =  0xb2,          OP_NOP4  =  0xb3,          OP_NOP5  =  0xb4,          OP_NOP6  =  0xb5,          OP_NOP7  =  0xb6,          OP_NOP8  =  0xb7,          OP_NOP9  =  0xb8,          OP_NOP10  =  0xb9,   ! ! !        //  template  matching  params          OP_SMALLDATA  =  0xf9,          OP_SMALLINTEGER  =  0xfa,          OP_PUBKEYS  =  0xfb,          OP_PUBKEYHASH  =  0xfd,          OP_PUBKEY  =  0xfe,   !        OP_INVALIDOPCODE  =  0xff,   };  
Mining • “Auditors” collect transactions into a “block”
 (up to 1 Mb) • Each transaction in the block is verified for validity • The miner then does a proof-of-work calculation to “sign off” the block and add it to the blockchain • Difficult hash calculation takes +/- 10 min regardless of number of miners in the network
Advanced mining • A miner who successfully finds a suitable hash for a block, gets reward (currently 25 XBT = 625 USD) • Each transaction has optional transaction fees (difference between sum of inputs and outputs) that also go to the miner • Hash difficulty: number of “leading zeros” in hash • Adjusted dynamically, aims for 1 block in 10 mins
More interesting contracts • Scripting language can be used to enforce arbitrary constraints on how outputs are spent • Entire financial applications involving transfer of ownership can be built using the Bitcoin protocol
Dispute mediation • Third party (escrow / arbiter) may optionally be called in to sign off on a transaction if something goes wrong. • Script:
 2 <K1> <K2> <K3> 3 OP_CHECKMULTISIGVERIFY! • 2 out of 3 parties must agree on the outcome of the transaction in order to spend the output • The output may be spent as a payment or a refund
Micropayment channels • Each Bitcoin transaction carries a transaction cost (or processing delay), so normal transactions aren’t ideal for micropayments • Client send rapid adjustments in what it is willing to transfer to the server, directly to the server • These transactions aren’t broadcast until the session ends, when the final payment is made.
Oracle conditions • E.g. script to pass on an inheritance: • • <hash> OP_DROP2 <son’s pubkey>
 <oracle’s pubkey> CHECKMULTISIG Uses an external, trusted oracle who will only sign off when predetermined condition is met, e.g. • if (has_died(‘G-J van Rooyen’, id=‘7609257364083’)) return (10.0, 1MZhiFUaJSLpUyrCj8de7d5UMvZLtyuu1z)
Colored coins • From “wallet point-of-view”, Bitcoins are fungible • However, transaction outputs are traceable • 0.00000001 XBT outputs can be used to trace ownership of associated digital or physical goods in the real world • Software, movies, stocks, cars, houses can be traded without intermediaries
In Conclusion • The Bitcoin protocol is brilliant, subtle, intricate and (in some places) horribly complex • Proof-of-ownership protocol with built-in scripting language • Currency (“pay-to-address”) is the “Hallo, world!” of Bitcoin applications • Understand the protocol. Then go understand traditional financial systems
Questions are welcome Also, 5KQx3qRcMD5FyogomtVnABuToGCoVVDC9HvPMwDgARWBqzzzNte
Private Key (Wallet Import Format) ET

Recommended

Introduction to bitcoin
Introduction to bitcoinIntroduction to bitcoin
Introduction to bitcoinWolf McNally
 
Blockchain technology
Blockchain technologyBlockchain technology
Blockchain technologyhellygeorge
 
Blockchain
BlockchainBlockchain
BlockchainÃlîshã Upãdhãyãy
 
Understanding Blockchain
Understanding BlockchainUnderstanding Blockchain
Understanding BlockchainOgilvy Consulting
 
Introduction to Decentralized Finance (DeFi)
Introduction to Decentralized Finance (DeFi)Introduction to Decentralized Finance (DeFi)
Introduction to Decentralized Finance (DeFi)101 Blockchains
 
Ethereum Blockchain explained
Ethereum Blockchain explainedEthereum Blockchain explained
Ethereum Blockchain explainedEthWorks
 
Blockchain and bitcoin fundamentals (usages and applications)
Blockchain and bitcoin fundamentals (usages and applications)Blockchain and bitcoin fundamentals (usages and applications)
Blockchain and bitcoin fundamentals (usages and applications)Amir Rafati
 
An Introduction to Blockchain Technology
An Introduction to Blockchain Technology An Introduction to Blockchain Technology
An Introduction to Blockchain Technology Niuversity
 

Recommended

Introduction to bitcoin
Introduction to bitcoinIntroduction to bitcoin
Introduction to bitcoinWolf McNally
 
Blockchain technology
Blockchain technologyBlockchain technology
Blockchain technologyhellygeorge
 
Blockchain
BlockchainBlockchain
BlockchainÃlîshã Upãdhãyãy
 
Understanding Blockchain
Understanding BlockchainUnderstanding Blockchain
Understanding BlockchainOgilvy Consulting
 
Introduction to Decentralized Finance (DeFi)
Introduction to Decentralized Finance (DeFi)Introduction to Decentralized Finance (DeFi)
Introduction to Decentralized Finance (DeFi)101 Blockchains
 
Ethereum Blockchain explained
Ethereum Blockchain explainedEthereum Blockchain explained
Ethereum Blockchain explainedEthWorks
 
Blockchain and bitcoin fundamentals (usages and applications)
Blockchain and bitcoin fundamentals (usages and applications)Blockchain and bitcoin fundamentals (usages and applications)
Blockchain and bitcoin fundamentals (usages and applications)Amir Rafati
 
An Introduction to Blockchain Technology
An Introduction to Blockchain Technology An Introduction to Blockchain Technology
An Introduction to Blockchain Technology Niuversity
 
Blockchain Technology
Blockchain TechnologyBlockchain Technology
Blockchain TechnologyPalakGulati10
 
Blockchain and Banking
Blockchain and BankingBlockchain and Banking
Blockchain and BankingHyperTrends Global Inc.
 
Blockchain
BlockchainBlockchain
BlockchainVenkatesh Jambulingam
 
Blockchain Digital Transformation Presentation
Blockchain Digital Transformation PresentationBlockchain Digital Transformation Presentation
Blockchain Digital Transformation Presentation101 Blockchains
 
Bitcoin & Bitcoin Mining
Bitcoin & Bitcoin MiningBitcoin & Bitcoin Mining
Bitcoin & Bitcoin MiningAbdullah Khan Zehady
 
Blockchain Technology Fundamentals
Blockchain Technology FundamentalsBlockchain Technology Fundamentals
Blockchain Technology FundamentalsExperfy
 
Blockchain technology
Blockchain technologyBlockchain technology
Blockchain technologyAayt Bahaa
 
Blockchain Technology
Blockchain TechnologyBlockchain Technology
Blockchain TechnologyRashi Singh
 
Cryptocurrency
CryptocurrencyCryptocurrency
CryptocurrencyMZain17
 
Blockchain 101 by imran bashir
Blockchain 101 by imran bashirBlockchain 101 by imran bashir
Blockchain 101 by imran bashirImran Bashir
 
All about Bitcoins!
All about Bitcoins!All about Bitcoins!
All about Bitcoins!Prajakta Nimje
 
What is DeFi ? | Decentralized Finance
What is DeFi ? | Decentralized Finance What is DeFi ? | Decentralized Finance
What is DeFi ? | Decentralized Finance zaarahary
 
Bit coin
Bit coinBit coin
Bit coinAnkan Biswas
 
Blockchain consensus algorithms
Blockchain consensus algorithmsBlockchain consensus algorithms
Blockchain consensus algorithmsAnurag Dashputre
 
what is bitcoin, its history and detail
what is bitcoin, its history and detailwhat is bitcoin, its history and detail
what is bitcoin, its history and detailSelf-employed
 
Qu'est-ce que la blockchain ?
Qu'est-ce que la blockchain ?Qu'est-ce que la blockchain ?
Qu'est-ce que la blockchain ?Jedha Bootcamp
 
Blockchain use cases
Blockchain use casesBlockchain use cases
Blockchain use casesSoftware Infrastructure
 
Bitcoin history
Bitcoin historyBitcoin history
Bitcoin historyBitcoinWiki
 
Blockchain basics
Blockchain basicsBlockchain basics
Blockchain basicsRomit Bose
 
Bitcoin
BitcoinBitcoin
BitcoinHimanshu Gupta
 
Ethereum VM and DSLs for Smart Contracts (updated on May 12th 2015)
Ethereum VM and DSLs for Smart Contracts (updated on May 12th 2015)Ethereum VM and DSLs for Smart Contracts (updated on May 12th 2015)
Ethereum VM and DSLs for Smart Contracts (updated on May 12th 2015)Zvi Avraham
 
A simplified Bitcoin Implementation in GO
A simplified Bitcoin Implementation in GOA simplified Bitcoin Implementation in GO
A simplified Bitcoin Implementation in GOBrian Yap
 

More Related Content

What's hot

Blockchain Technology
Blockchain TechnologyBlockchain Technology
Blockchain TechnologyPalakGulati10
 
Blockchain Digital Transformation Presentation
Blockchain Digital Transformation PresentationBlockchain Digital Transformation Presentation
Blockchain Digital Transformation Presentation101 Blockchains
 
Blockchain Technology Fundamentals
Blockchain Technology FundamentalsBlockchain Technology Fundamentals
Blockchain Technology FundamentalsExperfy
 
Blockchain technology
Blockchain technologyBlockchain technology
Blockchain technologyAayt Bahaa
 
Blockchain Technology
Blockchain TechnologyBlockchain Technology
Blockchain TechnologyRashi Singh
 
Cryptocurrency
CryptocurrencyCryptocurrency
CryptocurrencyMZain17
 
Blockchain 101 by imran bashir
Blockchain 101 by imran bashirBlockchain 101 by imran bashir
Blockchain 101 by imran bashirImran Bashir
 
What is DeFi ? | Decentralized Finance
What is DeFi ? | Decentralized Finance What is DeFi ? | Decentralized Finance
What is DeFi ? | Decentralized Finance zaarahary
 
Blockchain consensus algorithms
Blockchain consensus algorithmsBlockchain consensus algorithms
Blockchain consensus algorithmsAnurag Dashputre
 
what is bitcoin, its history and detail
what is bitcoin, its history and detailwhat is bitcoin, its history and detail
what is bitcoin, its history and detailSelf-employed
 
Qu'est-ce que la blockchain ?
Qu'est-ce que la blockchain ?Qu'est-ce que la blockchain ?
Qu'est-ce que la blockchain ?Jedha Bootcamp
 
Blockchain basics
Blockchain basicsBlockchain basics
Blockchain basicsRomit Bose
 

What's hot (20)

Blockchain Technology
Blockchain TechnologyBlockchain Technology
Blockchain Technology
 
Blockchain and Banking
Blockchain and BankingBlockchain and Banking
Blockchain and Banking
 
Blockchain
BlockchainBlockchain
Blockchain
 
Blockchain Digital Transformation Presentation
Blockchain Digital Transformation PresentationBlockchain Digital Transformation Presentation
Blockchain Digital Transformation Presentation
 
Bitcoin & Bitcoin Mining
Bitcoin & Bitcoin MiningBitcoin & Bitcoin Mining
Bitcoin & Bitcoin Mining
 
Blockchain Technology Fundamentals
Blockchain Technology FundamentalsBlockchain Technology Fundamentals
Blockchain Technology Fundamentals
 
Blockchain technology
Blockchain technologyBlockchain technology
Blockchain technology
 
Blockchain Technology
Blockchain TechnologyBlockchain Technology
Blockchain Technology
 
Cryptocurrency
CryptocurrencyCryptocurrency
Cryptocurrency
 
Blockchain 101 by imran bashir
Blockchain 101 by imran bashirBlockchain 101 by imran bashir
Blockchain 101 by imran bashir
 
All about Bitcoins!
All about Bitcoins!All about Bitcoins!
All about Bitcoins!
 
What is DeFi ? | Decentralized Finance
What is DeFi ? | Decentralized Finance What is DeFi ? | Decentralized Finance
What is DeFi ? | Decentralized Finance
 
Bit coin
Bit coinBit coin
Bit coin
 
Blockchain consensus algorithms
Blockchain consensus algorithmsBlockchain consensus algorithms
Blockchain consensus algorithms
 
what is bitcoin, its history and detail
what is bitcoin, its history and detailwhat is bitcoin, its history and detail
what is bitcoin, its history and detail
 
Qu'est-ce que la blockchain ?
Qu'est-ce que la blockchain ?Qu'est-ce que la blockchain ?
Qu'est-ce que la blockchain ?
 
Blockchain use cases
Blockchain use casesBlockchain use cases
Blockchain use cases
 
Bitcoin history
Bitcoin historyBitcoin history
Bitcoin history
 
Blockchain basics
Blockchain basicsBlockchain basics
Blockchain basics
 
Bitcoin
BitcoinBitcoin
Bitcoin
 

Similar to Bitcoin, the Protocol

Ethereum VM and DSLs for Smart Contracts (updated on May 12th 2015)
Ethereum VM and DSLs for Smart Contracts (updated on May 12th 2015)Ethereum VM and DSLs for Smart Contracts (updated on May 12th 2015)
Ethereum VM and DSLs for Smart Contracts (updated on May 12th 2015)Zvi Avraham
 
A simplified Bitcoin Implementation in GO
A simplified Bitcoin Implementation in GOA simplified Bitcoin Implementation in GO
A simplified Bitcoin Implementation in GOBrian Yap
 
Mobile Bitcoin Wallet Security - Andras Mendik
Mobile Bitcoin Wallet Security - Andras MendikMobile Bitcoin Wallet Security - Andras Mendik
Mobile Bitcoin Wallet Security - Andras MendikBitcoin Barcamp
 
Zero-Downtime Rebalancing and Data Migration of a Mature Multi-Shard Platform
Zero-Downtime Rebalancing and Data Migration of a Mature Multi-Shard PlatformZero-Downtime Rebalancing and Data Migration of a Mature Multi-Shard Platform
Zero-Downtime Rebalancing and Data Migration of a Mature Multi-Shard PlatformFlorian Weingarten
 
Hacklu11 Writeup
Hacklu11 WriteupHacklu11 Writeup
Hacklu11 Writeupnkslides
 
Beyond php - it's not (just) about the code
Beyond php - it's not (just) about the codeBeyond php - it's not (just) about the code
Beyond php - it's not (just) about the codeWim Godden
 
Beyond php - it's not (just) about the code
Beyond php - it's not (just) about the codeBeyond php - it's not (just) about the code
Beyond php - it's not (just) about the codeWim Godden
 
Atm hacking and cracking to steal money with atm backdoor default master pass...
Atm hacking and cracking to steal money with atm backdoor default master pass...Atm hacking and cracking to steal money with atm backdoor default master pass...
Atm hacking and cracking to steal money with atm backdoor default master pass...FREDDY KEKANA
 
#2 Case study Tachyon & ICOVO App by Yoshikazu Nishimura, ICOVO's CTO
#2 Case study Tachyon & ICOVO App by Yoshikazu Nishimura, ICOVO's CTO#2 Case study Tachyon & ICOVO App by Yoshikazu Nishimura, ICOVO's CTO
#2 Case study Tachyon & ICOVO App by Yoshikazu Nishimura, ICOVO's CTOICOVO
 
Bitcoin, the Blockchain, and Open Source
Bitcoin, the Blockchain, and Open SourceBitcoin, the Blockchain, and Open Source
Bitcoin, the Blockchain, and Open SourceAll Things Open
 
Shabakat Pitch Deck
Shabakat Pitch DeckShabakat Pitch Deck
Shabakat Pitch DeckCryptoware
 
Build your own block chain
Build your own block chainBuild your own block chain
Build your own block chainBohdan Szymanik
 
DEF CON 24 - Patrick Wardle - 99 problems little snitch
DEF CON 24 - Patrick Wardle - 99 problems little snitchDEF CON 24 - Patrick Wardle - 99 problems little snitch
DEF CON 24 - Patrick Wardle - 99 problems little snitchFelipe Prado
 
ITCamp 2018 - David Wong - A deal with the devil: breaking smart contracts
ITCamp 2018 - David Wong - A deal with the devil: breaking smart contractsITCamp 2018 - David Wong - A deal with the devil: breaking smart contracts
ITCamp 2018 - David Wong - A deal with the devil: breaking smart contractsITCamp
 
Zn task - defcon russia 20
Zn task - defcon russia 20Zn task - defcon russia 20
Zn task - defcon russia 20DefconRussia
 
Devcon4 - Smart Contracts Approach with Caution by Jake Craige
Devcon4 - Smart Contracts Approach with Caution by Jake CraigeDevcon4 - Smart Contracts Approach with Caution by Jake Craige
Devcon4 - Smart Contracts Approach with Caution by Jake Craigejakecraige
 

Similar to Bitcoin, the Protocol (20)

Ethereum VM and DSLs for Smart Contracts (updated on May 12th 2015)
Ethereum VM and DSLs for Smart Contracts (updated on May 12th 2015)Ethereum VM and DSLs for Smart Contracts (updated on May 12th 2015)
Ethereum VM and DSLs for Smart Contracts (updated on May 12th 2015)
 
A simplified Bitcoin Implementation in GO
A simplified Bitcoin Implementation in GOA simplified Bitcoin Implementation in GO
A simplified Bitcoin Implementation in GO
 
Mobile Bitcoin Wallet Security - Andras Mendik
Mobile Bitcoin Wallet Security - Andras MendikMobile Bitcoin Wallet Security - Andras Mendik
Mobile Bitcoin Wallet Security - Andras Mendik
 
Zero-Downtime Rebalancing and Data Migration of a Mature Multi-Shard Platform
Zero-Downtime Rebalancing and Data Migration of a Mature Multi-Shard PlatformZero-Downtime Rebalancing and Data Migration of a Mature Multi-Shard Platform
Zero-Downtime Rebalancing and Data Migration of a Mature Multi-Shard Platform
 
Hacklu11 Writeup
Hacklu11 WriteupHacklu11 Writeup
Hacklu11 Writeup
 
Beyond php - it's not (just) about the code
Beyond php - it's not (just) about the codeBeyond php - it's not (just) about the code
Beyond php - it's not (just) about the code
 
Cipher block modes
Cipher block modesCipher block modes
Cipher block modes
 
Inside Winnyp
Inside WinnypInside Winnyp
Inside Winnyp
 
Beyond php - it's not (just) about the code
Beyond php - it's not (just) about the codeBeyond php - it's not (just) about the code
Beyond php - it's not (just) about the code
 
Atm hacking and cracking to steal money with atm backdoor default master pass...
Atm hacking and cracking to steal money with atm backdoor default master pass...Atm hacking and cracking to steal money with atm backdoor default master pass...
Atm hacking and cracking to steal money with atm backdoor default master pass...
 
#2 Case study Tachyon & ICOVO App by Yoshikazu Nishimura, ICOVO's CTO
#2 Case study Tachyon & ICOVO App by Yoshikazu Nishimura, ICOVO's CTO#2 Case study Tachyon & ICOVO App by Yoshikazu Nishimura, ICOVO's CTO
#2 Case study Tachyon & ICOVO App by Yoshikazu Nishimura, ICOVO's CTO
 
Bitcoin, the Blockchain, and Open Source
Bitcoin, the Blockchain, and Open SourceBitcoin, the Blockchain, and Open Source
Bitcoin, the Blockchain, and Open Source
 
Shabakat Pitch Deck
Shabakat Pitch DeckShabakat Pitch Deck
Shabakat Pitch Deck
 
Marat-Slides
Marat-SlidesMarat-Slides
Marat-Slides
 
3
33
3
 
Build your own block chain
Build your own block chainBuild your own block chain
Build your own block chain
 
DEF CON 24 - Patrick Wardle - 99 problems little snitch
DEF CON 24 - Patrick Wardle - 99 problems little snitchDEF CON 24 - Patrick Wardle - 99 problems little snitch
DEF CON 24 - Patrick Wardle - 99 problems little snitch
 
ITCamp 2018 - David Wong - A deal with the devil: breaking smart contracts
ITCamp 2018 - David Wong - A deal with the devil: breaking smart contractsITCamp 2018 - David Wong - A deal with the devil: breaking smart contracts
ITCamp 2018 - David Wong - A deal with the devil: breaking smart contracts
 
Zn task - defcon russia 20
Zn task - defcon russia 20Zn task - defcon russia 20
Zn task - defcon russia 20
 
Devcon4 - Smart Contracts Approach with Caution by Jake Craige
Devcon4 - Smart Contracts Approach with Caution by Jake CraigeDevcon4 - Smart Contracts Approach with Caution by Jake Craige
Devcon4 - Smart Contracts Approach with Caution by Jake Craige
 

Recently uploaded

VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130
VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130
VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130Suhani Kapoor
 
20240417-Calibre-April-2024-Investor-Presentation.pdf
20240417-Calibre-April-2024-Investor-Presentation.pdf20240417-Calibre-April-2024-Investor-Presentation.pdf
20240417-Calibre-April-2024-Investor-Presentation.pdfAdnet Communications
 
High Class Call Girls Nashik Maya 7001305949 Independent Escort Service Nashik
High Class Call Girls Nashik Maya 7001305949 Independent Escort Service NashikHigh Class Call Girls Nashik Maya 7001305949 Independent Escort Service Nashik
High Class Call Girls Nashik Maya 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
Quarter 4- Module 3 Principles of Marketing
Quarter 4- Module 3 Principles of MarketingQuarter 4- Module 3 Principles of Marketing
Quarter 4- Module 3 Principles of MarketingMaristelaRamos12
 
Vip Call US 📞 7738631006 ✅Call Girls In Sakinaka ( Mumbai )
Vip Call US 📞 7738631006 ✅Call Girls In Sakinaka ( Mumbai )Vip Call US 📞 7738631006 ✅Call Girls In Sakinaka ( Mumbai )
Vip Call US 📞 7738631006 ✅Call Girls In Sakinaka ( Mumbai )Pooja Nehwal
 
02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx
02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx
02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptxFinTech Belgium
 
Instant Issue Debit Cards - High School Spirit
Instant Issue Debit Cards - High School SpiritInstant Issue Debit Cards - High School Spirit
Instant Issue Debit Cards - High School Spiritegoetzinger
 
VIP Call Girls LB Nagar ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With Room...
VIP Call Girls LB Nagar ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With Room...VIP Call Girls LB Nagar ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With Room...
VIP Call Girls LB Nagar ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With Room...Suhani Kapoor
 
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escortsranjana rawat
 
Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...Call Girls in Nagpur High Profile
 
Malad Call Girl in Services 9892124323 | ₹,4500 With Room Free Delivery
Malad Call Girl in Services 9892124323 | ₹,4500 With Room Free DeliveryMalad Call Girl in Services 9892124323 | ₹,4500 With Room Free Delivery
Malad Call Girl in Services 9892124323 | ₹,4500 With Room Free DeliveryPooja Nehwal
 
Dividend Policy and Dividend Decision Theories.pptx
Dividend Policy and Dividend Decision Theories.pptxDividend Policy and Dividend Decision Theories.pptx
Dividend Policy and Dividend Decision Theories.pptxanshikagoel52
 
VIP Kolkata Call Girl Jodhpur Park 👉 8250192130 Available With Room
VIP Kolkata Call Girl Jodhpur Park 👉 8250192130 Available With RoomVIP Kolkata Call Girl Jodhpur Park 👉 8250192130 Available With Room
VIP Kolkata Call Girl Jodhpur Park 👉 8250192130 Available With Roomdivyansh0kumar0
 
The Economic History of the U.S. Lecture 23.pdf
The Economic History of the U.S. Lecture 23.pdfThe Economic History of the U.S. Lecture 23.pdf
The Economic History of the U.S. Lecture 23.pdfGale Pooley
 
Call US 📞 9892124323 ✅ Kurla Call Girls In Kurla ( Mumbai ) secure service
Call US 📞 9892124323 ✅ Kurla Call Girls In Kurla ( Mumbai ) secure serviceCall US 📞 9892124323 ✅ Kurla Call Girls In Kurla ( Mumbai ) secure service
Call US 📞 9892124323 ✅ Kurla Call Girls In Kurla ( Mumbai ) secure servicePooja Nehwal
 
The Economic History of the U.S. Lecture 18.pdf
The Economic History of the U.S. Lecture 18.pdfThe Economic History of the U.S. Lecture 18.pdf
The Economic History of the U.S. Lecture 18.pdfGale Pooley
 
OAT_RI_Ep19 WeighingTheRisks_Apr24_TheYellowMetal.pptx
OAT_RI_Ep19 WeighingTheRisks_Apr24_TheYellowMetal.pptxOAT_RI_Ep19 WeighingTheRisks_Apr24_TheYellowMetal.pptx
OAT_RI_Ep19 WeighingTheRisks_Apr24_TheYellowMetal.pptxhiddenlevers
 
High Class Call Girls Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
High Class Call Girls Nagpur Grishma Call 7001035870 Meet With Nagpur EscortsHigh Class Call Girls Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
High Class Call Girls Nagpur Grishma Call 7001035870 Meet With Nagpur Escortsranjana rawat
 
The Economic History of the U.S. Lecture 20.pdf
The Economic History of the U.S. Lecture 20.pdfThe Economic History of the U.S. Lecture 20.pdf
The Economic History of the U.S. Lecture 20.pdfGale Pooley
 

Recently uploaded (20)

VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130
VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130
VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130
 
20240417-Calibre-April-2024-Investor-Presentation.pdf
20240417-Calibre-April-2024-Investor-Presentation.pdf20240417-Calibre-April-2024-Investor-Presentation.pdf
20240417-Calibre-April-2024-Investor-Presentation.pdf
 
High Class Call Girls Nashik Maya 7001305949 Independent Escort Service Nashik
High Class Call Girls Nashik Maya 7001305949 Independent Escort Service NashikHigh Class Call Girls Nashik Maya 7001305949 Independent Escort Service Nashik
High Class Call Girls Nashik Maya 7001305949 Independent Escort Service Nashik
 
Quarter 4- Module 3 Principles of Marketing
Quarter 4- Module 3 Principles of MarketingQuarter 4- Module 3 Principles of Marketing
Quarter 4- Module 3 Principles of Marketing
 
Commercial Bank Economic Capsule - April 2024
Commercial Bank Economic Capsule - April 2024Commercial Bank Economic Capsule - April 2024
Commercial Bank Economic Capsule - April 2024
 
Vip Call US 📞 7738631006 ✅Call Girls In Sakinaka ( Mumbai )
Vip Call US 📞 7738631006 ✅Call Girls In Sakinaka ( Mumbai )Vip Call US 📞 7738631006 ✅Call Girls In Sakinaka ( Mumbai )
Vip Call US 📞 7738631006 ✅Call Girls In Sakinaka ( Mumbai )
 
02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx
02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx
02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx
 
Instant Issue Debit Cards - High School Spirit
Instant Issue Debit Cards - High School SpiritInstant Issue Debit Cards - High School Spirit
Instant Issue Debit Cards - High School Spirit
 
VIP Call Girls LB Nagar ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With Room...
VIP Call Girls LB Nagar ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With Room...VIP Call Girls LB Nagar ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With Room...
VIP Call Girls LB Nagar ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With Room...
 
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escorts
 
Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...
 
Malad Call Girl in Services 9892124323 | ₹,4500 With Room Free Delivery
Malad Call Girl in Services 9892124323 | ₹,4500 With Room Free DeliveryMalad Call Girl in Services 9892124323 | ₹,4500 With Room Free Delivery
Malad Call Girl in Services 9892124323 | ₹,4500 With Room Free Delivery
 
Dividend Policy and Dividend Decision Theories.pptx
Dividend Policy and Dividend Decision Theories.pptxDividend Policy and Dividend Decision Theories.pptx
Dividend Policy and Dividend Decision Theories.pptx
 
VIP Kolkata Call Girl Jodhpur Park 👉 8250192130 Available With Room
VIP Kolkata Call Girl Jodhpur Park 👉 8250192130 Available With RoomVIP Kolkata Call Girl Jodhpur Park 👉 8250192130 Available With Room
VIP Kolkata Call Girl Jodhpur Park 👉 8250192130 Available With Room
 
The Economic History of the U.S. Lecture 23.pdf
The Economic History of the U.S. Lecture 23.pdfThe Economic History of the U.S. Lecture 23.pdf
The Economic History of the U.S. Lecture 23.pdf
 
Call US 📞 9892124323 ✅ Kurla Call Girls In Kurla ( Mumbai ) secure service
Call US 📞 9892124323 ✅ Kurla Call Girls In Kurla ( Mumbai ) secure serviceCall US 📞 9892124323 ✅ Kurla Call Girls In Kurla ( Mumbai ) secure service
Call US 📞 9892124323 ✅ Kurla Call Girls In Kurla ( Mumbai ) secure service
 
The Economic History of the U.S. Lecture 18.pdf
The Economic History of the U.S. Lecture 18.pdfThe Economic History of the U.S. Lecture 18.pdf
The Economic History of the U.S. Lecture 18.pdf
 
OAT_RI_Ep19 WeighingTheRisks_Apr24_TheYellowMetal.pptx
OAT_RI_Ep19 WeighingTheRisks_Apr24_TheYellowMetal.pptxOAT_RI_Ep19 WeighingTheRisks_Apr24_TheYellowMetal.pptx
OAT_RI_Ep19 WeighingTheRisks_Apr24_TheYellowMetal.pptx
 
High Class Call Girls Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
High Class Call Girls Nagpur Grishma Call 7001035870 Meet With Nagpur EscortsHigh Class Call Girls Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
High Class Call Girls Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
 
The Economic History of the U.S. Lecture 20.pdf
The Economic History of the U.S. Lecture 20.pdfThe Economic History of the U.S. Lecture 20.pdf
The Economic History of the U.S. Lecture 20.pdf
 

Bitcoin, the Protocol

  • 1. the Protocol G-J van Rooyen 20 February 2014
  • 2. “With e-currency based on cryptographic proof, without the need to trust a third-party middleman, money can be secure and transactions effortless.” ! – Satoshi Nakamoto
  • 3. “We can laugh at Bitcoin, but real guys, in real basements, are losing real fake money right now.” ! – David Clinch
  • 4. This talk is not about… • …is Bitcoin “real” money? • …is Bitcoin a good investment? • …will Bitcoin replace the dollar/rand/yen? • …is Dogecoin/Litecoin better than Bitcoin? • …exchange volatility
  • 5. We will talk about… • …difficulty of trust-free agreement in a decentralised P2P network (Byzantine Generals) • …triple-entry accounting • …how Bitcoin transactions are built and verified • …the scripting language built into the protocol • …scripted contracts (“Bitcoin 2.0”)
  • 9. Byzantine Generals • N generals need to coordinate an attack • Messages are passed amongst each other • Traitorous generals may pass on false messages • Consensus very difficult • Lamport: solution for 2/3 trust (later > 50%)
  • 10. Nakamoto’s Solution • Scenario: generals have to agree on time to attack • A random general proposes a time and distributes the message • Other generals “sign off” (agree) on time adding a hash that’s computationally difficult to compute (but trivial to verify) • A chain of time-plus-hashes builds up and is distributed • Over time, the generals become convinced that the majority of the computational power of the network has reached consensus. • If an attacker injects a fake time to spread confusion, the network selects the chain with the longest sequence of valid hashes
  • 12. Application to ownership transfer • I can sign a “cheque” giving away money I own • Everyone can verify the transaction is valid • A double-spend of money is always invalid • People who “audited” the transaction sign it off by proof-of-work
  • 13. Single-entry accounting • “Write down income and expenses” • If you leave out a number, no-one will know • Bookkeeper always has plausible deniability (it was an honest mistake!) • Limited businesses to family and crown
  • 14. Double-entry accounting • Florence, late 13th century • Much more difficult to “cook books” • Gave rise to the modern enterprise
  • 15. Bitcoin as triple-entry • Alice debits her wallet, and credits Bob’s
 (double-entry) • Ivan audits transaction • Ivan commits it to the public ledger
 (third entry) • No central authority • Non-repudiable transaction
  • 16. The basics of Bitcoin Back to Abstraction, Level 2
  • 17. E The basics of Bitcoin:
 Private keys Import Format) Private Key (Wallet • Each “account”
 = random 256-bit number • Private key, must be kept secret • SECRET Need not be stored digitally
 – can be on paper or memorised ZLtyuu1z to open an account?
 • Want Guess a number! QR code representation of the private key! x3qRcMD5FyogomtVnABuToGCoVVDC9HvPMwDgARWBqzzzNte 5KQx3qRcMD5FyogomtVnABuToGCoVVDC9HvPMwDgARWBqzzzNte le pairing of a Bitcoin address with its corresponding Bitcoin private
  • 18. The basics of Bitcoin:
 Public keys and addresses Bitcoin Address • ECDSA is used to generate a public key from the PrivKey • The PubKey can be used to verify transactions signed using the PrivKey • 64-byte PubKeys are unwieldy, and are hashed down to 20-byte addresses SH 1MZhiFUaJSLpUyrCj8de7 QR code representation of the address! 1MZhiFUaJSLpUyrCj8de7d5UMvZLtyuu1z
  • 19. Crypto-primer: Hashes • Hashing: D = H(M) • D is usually much shorter than M • It is impossible to get back to M just from D • SHA256 and RIPEMD-160 used in Bitcoin
  • 20. Crypto-primer: Signatures • Hashing: D = H(M) • Signing: σ = S(D, Pr)! • Verification: ß = V(D, σ, Pu) • Only the owner of the private key can sign a message (transaction) • Anyone who knows a user’s public key can verify that she signed it • ECDSA used in Bitcoin
  • 23. A full transaction Field Description Version # Currently 1 In-counter Positive integer Size! [b] 4 1-9 References to outputs of previous List of inputs transactions Out-counter Positive integer 1-9 Values of outputs, and scripts dictating List of outputs how they may be claimed Lock time Time stamp when transaction becomes final (default 0 = immediately) 4
  • 24. A sample transaction Input:! Previous tx: f5d8ee39a430901c91a5917b9f2dc19d6d1a0e9cea205b009ca73dd04 470b9a6! Index: 0! scriptSig: 304502206e21798a42fae0e854281abd38bacd1aeed3ee3738d9e1446 618c4571d1090db022100e2ac980643b0b82c0e88ffdfec6b64e3e6ba 35e7ba5fdd7d5d6cc8d25c6b241501! ! Output:! Value: 5000000000! scriptPubKey: OP_DUP OP_HASH160 404371705fa9bd789a2fcd52d2c580b65d35549d! OP_EQUALVERIFY OP_CHECKSIG
  • 25. The output script • Each output has a script specifying how it may be claimed • FORTH-like scripting language • Deliberately Turing-incomplete • Can specify anything: • “anyone can have this” • pay to specific address • highly complex contracts (e.g. “pay out when I die”)
  • 26. The simplest script • Pay-to-PubkeyHash (give money to an address) • scriptPubKey: OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG • scriptSig: <sig> <pubKey> • scriptSig and scriptPubKey are combined, and then stack processing is done operation-by-operation
  • 27. The simplest script: Step 1 STACK • scriptSig and scriptPubKey are combined • Unprocessed script:
 <sig> <pubKey> OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG (empty)
  • 28. The simplest script: Step 2 STACK • The constants <sig> and <pubKey> are added to the stack • Unprocessed script:
 <sig> <pubKey> OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG <pubKey> <sig>
  • 29. The simplest script: Step 3 STACK • The top stack item is duplicated • Unprocessed script:
 <sig> <pubKey> OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG <pubKey> <pubKey> <sig>
  • 30. The simplest script: Step 4 • The top stack item is hashed! • This calculates and address from the claimant’s public key • (we must ensure this is the same as the TXout’s address) • Unprocessed script:
 <sig> <pubKey> OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG STACK <pubHashA> <pubKey> <sig>
  • 31. The simplest script: Step 5 STACK • • Another constant (the previous output’s destination address) is added to the stack Unprocessed script:
 <sig> <pubKey> OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG <pubKeyHash> <pubHashA> <pubKey> <sig>
  • 32. The simplest script: Step 6 • Verify that the claimant’s public key actually matches the previous transaction’s output address! • If false, the transaction is rejected an not distributed further • Unprocessed script:
 <sig> <pubKey> OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG STACK <pubKey> <sig>
  • 33. The simplest script: Step 7 • Verify that the claimant’s public key confirms the transaction’s signature! • If false, the transaction is rejected an not distributed further • Unprocessed script:
 <sig> <pubKey> OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG STACK (empty)
  • 34. We just used 4 opcodes… enum  opcodetype   {          //  push  value          OP_0  =  0x00,          OP_FALSE  =  OP_0,          OP_PUSHDATA1  =  0x4c,          OP_PUSHDATA2  =  0x4d,          OP_PUSHDATA4  =  0x4e,          OP_1NEGATE  =  0x4f,          OP_RESERVED  =  0x50,          OP_1  =  0x51,          OP_TRUE=OP_1,          OP_2  =  0x52,          OP_3  =  0x53,          OP_4  =  0x54,          OP_5  =  0x55,          OP_6  =  0x56,          OP_7  =  0x57,          OP_8  =  0x58,          OP_9  =  0x59,          OP_10  =  0x5a,          OP_11  =  0x5b,          OP_12  =  0x5c,          OP_13  =  0x5d,          OP_14  =  0x5e,          OP_15  =  0x5f,          OP_16  =  0x60,   !        //  control          OP_NOP  =  0x61,          OP_VER  =  0x62,          OP_IF  =  0x63,          OP_NOTIF  =  0x64,          OP_VERIF  =  0x65,          OP_VERNOTIF  =  0x66,          OP_ELSE  =  0x67,          OP_ENDIF  =  0x68,          OP_VERIFY  =  0x69,          OP_RETURN  =  0x6a,   !        //  stack  ops          OP_TOALTSTACK  =  0x6b,          OP_FROMALTSTACK  =  0x6c,          OP_2DROP  =  0x6d,          OP_2DUP  =  0x6e,          OP_3DUP  =  0x6f,          OP_2OVER  =  0x70,          OP_2ROT  =  0x71,          OP_2SWAP  =  0x72,          OP_IFDUP  =  0x73,          OP_DEPTH  =  0x74,          OP_DROP  =  0x75,          OP_DUP  =  0x76,          OP_NIP  =  0x77,          OP_OVER  =  0x78,          OP_PICK  =  0x79,          OP_ROLL  =  0x7a,          OP_ROT  =  0x7b,          OP_SWAP  =  0x7c,          OP_TUCK  =  0x7d,          //  numeric          OP_1ADD  =  0x8b,          OP_1SUB  =  0x8c,          OP_2MUL  =  0x8d,          OP_2DIV  =  0x8e,          OP_NEGATE  =  0x8f,          OP_ABS  =  0x90,          OP_NOT  =  0x91,          OP_0NOTEQUAL  =  0x92,   !        OP_ADD  =  0x93,          OP_SUB  =  0x94,          OP_MUL  =  0x95,          OP_DIV  =  0x96,          OP_MOD  =  0x97,          OP_LSHIFT  =  0x98,          OP_RSHIFT  =  0x99,   ! !        OP_BOOLAND  =  0x9a,          OP_BOOLOR  =  0x9b,          OP_NUMEQUAL  =  0x9c,          OP_NUMEQUALVERIFY  =  0x9d,          OP_NUMNOTEQUAL  =  0x9e,          OP_LESSTHAN  =  0x9f,          OP_GREATERTHAN  =  0xa0,          OP_LESSTHANOREQUAL  =  0xa1,          OP_GREATERTHANOREQUAL  =          OP_MIN  =  0xa3,          OP_MAX  =  0xa4,   !        //  crypto          OP_RIPEMD160  =  0xa6,          OP_SHA1  =  0xa7,          OP_SHA256  =  0xa8,          OP_HASH160  =  0xa9,          OP_HASH256  =  0xaa,          OP_CODESEPARATOR  =  0xab,   !        //  splice  ops          OP_CAT  =  0x7e,          OP_SUBSTR  =  0x7f,          OP_LEFT  =  0x80,          OP_RIGHT  =  0x81,          OP_SIZE  =  0x82,          //  bit  logic          OP_INVERT  =  0x83,          OP_AND  =  0x84,          OP_OR  =  0x85,          OP_XOR  =  0x86,          OP_EQUAL  =  0x87,          OP_EQUALVERIFY  =  0x88,          OP_RESERVED1  =  0x89,          OP_RESERVED2  =  0x8a,   !        OP_WITHIN  =  0xa5,   !        OP_CHECKSIG  =  0xac,          OP_CHECKSIGVERIFY  =  0xad,          OP_CHECKMULTISIG  =  0xae,          OP_CHECKMULTISIGVERIFY  =   !        //  expansion          OP_NOP1  =  0xb0,          OP_NOP2  =  0xb1,          OP_NOP3  =  0xb2,          OP_NOP4  =  0xb3,          OP_NOP5  =  0xb4,          OP_NOP6  =  0xb5,          OP_NOP7  =  0xb6,          OP_NOP8  =  0xb7,          OP_NOP9  =  0xb8,          OP_NOP10  =  0xb9,   ! ! !        //  template  matching  params          OP_SMALLDATA  =  0xf9,          OP_SMALLINTEGER  =  0xfa,          OP_PUBKEYS  =  0xfb,          OP_PUBKEYHASH  =  0xfd,          OP_PUBKEY  =  0xfe,   !        OP_INVALIDOPCODE  =  0xff,   };  
  • 35. Mining • “Auditors” collect transactions into a “block”
 (up to 1 Mb) • Each transaction in the block is verified for validity • The miner then does a proof-of-work calculation to “sign off” the block and add it to the blockchain • Difficult hash calculation takes +/- 10 min regardless of number of miners in the network
  • 36. Advanced mining • A miner who successfully finds a suitable hash for a block, gets reward (currently 25 XBT = 625 USD) • Each transaction has optional transaction fees (difference between sum of inputs and outputs) that also go to the miner • Hash difficulty: number of “leading zeros” in hash • Adjusted dynamically, aims for 1 block in 10 mins
  • 37. More interesting contracts • Scripting language can be used to enforce arbitrary constraints on how outputs are spent • Entire financial applications involving transfer of ownership can be built using the Bitcoin protocol
  • 38. Dispute mediation • Third party (escrow / arbiter) may optionally be called in to sign off on a transaction if something goes wrong. • Script:
 2 <K1> <K2> <K3> 3 OP_CHECKMULTISIGVERIFY! • 2 out of 3 parties must agree on the outcome of the transaction in order to spend the output • The output may be spent as a payment or a refund
  • 39. Micropayment channels • Each Bitcoin transaction carries a transaction cost (or processing delay), so normal transactions aren’t ideal for micropayments • Client send rapid adjustments in what it is willing to transfer to the server, directly to the server • These transactions aren’t broadcast until the session ends, when the final payment is made.
  • 40. Oracle conditions • E.g. script to pass on an inheritance: • • <hash> OP_DROP2 <son’s pubkey>
 <oracle’s pubkey> CHECKMULTISIG Uses an external, trusted oracle who will only sign off when predetermined condition is met, e.g. • if (has_died(‘G-J van Rooyen’, id=‘7609257364083’)) return (10.0, 1MZhiFUaJSLpUyrCj8de7d5UMvZLtyuu1z)
  • 41. Colored coins • From “wallet point-of-view”, Bitcoins are fungible • However, transaction outputs are traceable • 0.00000001 XBT outputs can be used to trace ownership of associated digital or physical goods in the real world • Software, movies, stocks, cars, houses can be traded without intermediaries
  • 42. In Conclusion • The Bitcoin protocol is brilliant, subtle, intricate and (in some places) horribly complex • Proof-of-ownership protocol with built-in scripting language • Currency (“pay-to-address”) is the “Hallo, world!” of Bitcoin applications • Understand the protocol. Then go understand traditional financial systems
  • 44. Private Key (Wallet Import Format) ET