SlideShare a Scribd company logo

Bitcoin, the Protocol

G-J van Rooyen
G-J van Rooyen

After four years of quiet growth and development, the Bitcoin cryptocurrency leaped into prominence during 2013. Much of the current discourse around Bitcoin focuses on its viability as currency and its valuation. However, to appreciate its potential as the “Internet of ownership transfer”, a deeper understanding of its technical underpinnings is needed. In this colloquium, Prof G-J van Rooyen gives a technological primer on the nuts and bolts of the cryptocurrency. The talk will demonstrate how the cunning use of hashes makes it possible to transfer ownership in such a way that cheating (double-spending) is impossible in a correctly functioning network. This is shown to be the most successful solution to the long-standing Byzantine Generals Problem, and a breakthrough in distributed information management. The talk will also show how the Bitcoin peer-to-peer network forms the first widespread use of triple-entry accounting, and consider the applications of such technology. We will briefly dip into the scripting language built into the protocol: “DUP HASH160 EQUALVERIFY CHECKSIG” turns the Bitcoin protocol into Bitcoin the currency. More advanced scripts can make arbitrarily complex contracts and interactions possible.

Economy & FinanceTechnology
1 of 44
Download to read offline
the Protocol G-J van Rooyen 20 February 2014
“With e-currency based on cryptographic proof, without the need to trust a third-party middleman, money can be secure and transactions effortless.” ! – Satoshi Nakamoto
“We can laugh at Bitcoin, but real guys, in real basements, are losing real fake money right now.” ! – David Clinch
This talk is not about… • …is Bitcoin “real” money? • …is Bitcoin a good investment? • …will Bitcoin replace the dollar/rand/yen? • …is Dogecoin/Litecoin better than Bitcoin? • …exchange volatility
We will talk about… • …difficulty of trust-free agreement in a decentralised P2P network (Byzantine Generals) • …triple-entry accounting • …how Bitcoin transactions are built and verified • …the scripting language built into the protocol • …scripted contracts (“Bitcoin 2.0”)
Abstraction, Level 1
Abstraction, Level 2
Abstraction, Level 3 BANKING EFT BITCOIN
Byzantine Generals • N generals need to coordinate an attack • Messages are passed amongst each other • Traitorous generals may pass on false messages • Consensus very difficult • Lamport: solution for 2/3 trust (later > 50%)
Nakamoto’s Solution • Scenario: generals have to agree on time to attack • A random general proposes a time and distributes the message • Other generals “sign off” (agree) on time adding a hash that’s computationally difficult to compute (but trivial to verify) • A chain of time-plus-hashes builds up and is distributed • Over time, the generals become convinced that the majority of the computational power of the network has reached consensus. • If an attacker injects a fake time to spread confusion, the network selects the chain with the longest sequence of valid hashes
Proof-of-work
Application to ownership transfer • I can sign a “cheque” giving away money I own • Everyone can verify the transaction is valid • A double-spend of money is always invalid • People who “audited” the transaction sign it off by proof-of-work
Single-entry accounting • “Write down income and expenses” • If you leave out a number, no-one will know • Bookkeeper always has plausible deniability (it was an honest mistake!) • Limited businesses to family and crown
Double-entry accounting • Florence, late 13th century • Much more difficult to “cook books” • Gave rise to the modern enterprise
Bitcoin as triple-entry • Alice debits her wallet, and credits Bob’s
 (double-entry) • Ivan audits transaction • Ivan commits it to the public ledger
 (third entry) • No central authority • Non-repudiable transaction
The basics of Bitcoin Back to Abstraction, Level 2
E The basics of Bitcoin:
 Private keys Import Format) Private Key (Wallet • Each “account”
 = random 256-bit number • Private key, must be kept secret • SECRET Need not be stored digitally
 – can be on paper or memorised ZLtyuu1z to open an account?
 • Want Guess a number! QR code representation of the private key! x3qRcMD5FyogomtVnABuToGCoVVDC9HvPMwDgARWBqzzzNte 5KQx3qRcMD5FyogomtVnABuToGCoVVDC9HvPMwDgARWBqzzzNte le pairing of a Bitcoin address with its corresponding Bitcoin private
The basics of Bitcoin:
 Public keys and addresses Bitcoin Address • ECDSA is used to generate a public key from the PrivKey • The PubKey can be used to verify transactions signed using the PrivKey • 64-byte PubKeys are unwieldy, and are hashed down to 20-byte addresses SH 1MZhiFUaJSLpUyrCj8de7 QR code representation of the address! 1MZhiFUaJSLpUyrCj8de7d5UMvZLtyuu1z
Crypto-primer: Hashes • Hashing: D = H(M) • D is usually much shorter than M • It is impossible to get back to M just from D • SHA256 and RIPEMD-160 used in Bitcoin
Crypto-primer: Signatures • Hashing: D = H(M) • Signing: σ = S(D, Pr)! • Verification: ß = V(D, σ, Pu) • Only the owner of the private key can sign a message (transaction) • Anyone who knows a user’s public key can verify that she signed it • ECDSA used in Bitcoin
Bitcoin transactions
Signing inputs
A full transaction Field Description Version # Currently 1 In-counter Positive integer Size! [b] 4 1-9 References to outputs of previous List of inputs transactions Out-counter Positive integer 1-9 Values of outputs, and scripts dictating List of outputs how they may be claimed Lock time Time stamp when transaction becomes final (default 0 = immediately) 4
A sample transaction Input:! Previous tx: f5d8ee39a430901c91a5917b9f2dc19d6d1a0e9cea205b009ca73dd04 470b9a6! Index: 0! scriptSig: 304502206e21798a42fae0e854281abd38bacd1aeed3ee3738d9e1446 618c4571d1090db022100e2ac980643b0b82c0e88ffdfec6b64e3e6ba 35e7ba5fdd7d5d6cc8d25c6b241501! ! Output:! Value: 5000000000! scriptPubKey: OP_DUP OP_HASH160 404371705fa9bd789a2fcd52d2c580b65d35549d! OP_EQUALVERIFY OP_CHECKSIG
The output script • Each output has a script specifying how it may be claimed • FORTH-like scripting language • Deliberately Turing-incomplete • Can specify anything: • “anyone can have this” • pay to specific address • highly complex contracts (e.g. “pay out when I die”)
The simplest script • Pay-to-PubkeyHash (give money to an address) • scriptPubKey: OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG • scriptSig: <sig> <pubKey> • scriptSig and scriptPubKey are combined, and then stack processing is done operation-by-operation
The simplest script: Step 1 STACK • scriptSig and scriptPubKey are combined • Unprocessed script:
 <sig> <pubKey> OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG (empty)
The simplest script: Step 2 STACK • The constants <sig> and <pubKey> are added to the stack • Unprocessed script:
 <sig> <pubKey> OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG <pubKey> <sig>
The simplest script: Step 3 STACK • The top stack item is duplicated • Unprocessed script:
 <sig> <pubKey> OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG <pubKey> <pubKey> <sig>
The simplest script: Step 4 • The top stack item is hashed! • This calculates and address from the claimant’s public key • (we must ensure this is the same as the TXout’s address) • Unprocessed script:
 <sig> <pubKey> OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG STACK <pubHashA> <pubKey> <sig>
The simplest script: Step 5 STACK • • Another constant (the previous output’s destination address) is added to the stack Unprocessed script:
 <sig> <pubKey> OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG <pubKeyHash> <pubHashA> <pubKey> <sig>
The simplest script: Step 6 • Verify that the claimant’s public key actually matches the previous transaction’s output address! • If false, the transaction is rejected an not distributed further • Unprocessed script:
 <sig> <pubKey> OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG STACK <pubKey> <sig>
The simplest script: Step 7 • Verify that the claimant’s public key confirms the transaction’s signature! • If false, the transaction is rejected an not distributed further • Unprocessed script:
 <sig> <pubKey> OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG STACK (empty)
We just used 4 opcodes… enum  opcodetype   {          //  push  value          OP_0  =  0x00,          OP_FALSE  =  OP_0,          OP_PUSHDATA1  =  0x4c,          OP_PUSHDATA2  =  0x4d,          OP_PUSHDATA4  =  0x4e,          OP_1NEGATE  =  0x4f,          OP_RESERVED  =  0x50,          OP_1  =  0x51,          OP_TRUE=OP_1,          OP_2  =  0x52,          OP_3  =  0x53,          OP_4  =  0x54,          OP_5  =  0x55,          OP_6  =  0x56,          OP_7  =  0x57,          OP_8  =  0x58,          OP_9  =  0x59,          OP_10  =  0x5a,          OP_11  =  0x5b,          OP_12  =  0x5c,          OP_13  =  0x5d,          OP_14  =  0x5e,          OP_15  =  0x5f,          OP_16  =  0x60,   !        //  control          OP_NOP  =  0x61,          OP_VER  =  0x62,          OP_IF  =  0x63,          OP_NOTIF  =  0x64,          OP_VERIF  =  0x65,          OP_VERNOTIF  =  0x66,          OP_ELSE  =  0x67,          OP_ENDIF  =  0x68,          OP_VERIFY  =  0x69,          OP_RETURN  =  0x6a,   !        //  stack  ops          OP_TOALTSTACK  =  0x6b,          OP_FROMALTSTACK  =  0x6c,          OP_2DROP  =  0x6d,          OP_2DUP  =  0x6e,          OP_3DUP  =  0x6f,          OP_2OVER  =  0x70,          OP_2ROT  =  0x71,          OP_2SWAP  =  0x72,          OP_IFDUP  =  0x73,          OP_DEPTH  =  0x74,          OP_DROP  =  0x75,          OP_DUP  =  0x76,          OP_NIP  =  0x77,          OP_OVER  =  0x78,          OP_PICK  =  0x79,          OP_ROLL  =  0x7a,          OP_ROT  =  0x7b,          OP_SWAP  =  0x7c,          OP_TUCK  =  0x7d,          //  numeric          OP_1ADD  =  0x8b,          OP_1SUB  =  0x8c,          OP_2MUL  =  0x8d,          OP_2DIV  =  0x8e,          OP_NEGATE  =  0x8f,          OP_ABS  =  0x90,          OP_NOT  =  0x91,          OP_0NOTEQUAL  =  0x92,   !        OP_ADD  =  0x93,          OP_SUB  =  0x94,          OP_MUL  =  0x95,          OP_DIV  =  0x96,          OP_MOD  =  0x97,          OP_LSHIFT  =  0x98,          OP_RSHIFT  =  0x99,   ! !        OP_BOOLAND  =  0x9a,          OP_BOOLOR  =  0x9b,          OP_NUMEQUAL  =  0x9c,          OP_NUMEQUALVERIFY  =  0x9d,          OP_NUMNOTEQUAL  =  0x9e,          OP_LESSTHAN  =  0x9f,          OP_GREATERTHAN  =  0xa0,          OP_LESSTHANOREQUAL  =  0xa1,          OP_GREATERTHANOREQUAL  =          OP_MIN  =  0xa3,          OP_MAX  =  0xa4,   !        //  crypto          OP_RIPEMD160  =  0xa6,          OP_SHA1  =  0xa7,          OP_SHA256  =  0xa8,          OP_HASH160  =  0xa9,          OP_HASH256  =  0xaa,          OP_CODESEPARATOR  =  0xab,   !        //  splice  ops          OP_CAT  =  0x7e,          OP_SUBSTR  =  0x7f,          OP_LEFT  =  0x80,          OP_RIGHT  =  0x81,          OP_SIZE  =  0x82,          //  bit  logic          OP_INVERT  =  0x83,          OP_AND  =  0x84,          OP_OR  =  0x85,          OP_XOR  =  0x86,          OP_EQUAL  =  0x87,          OP_EQUALVERIFY  =  0x88,          OP_RESERVED1  =  0x89,          OP_RESERVED2  =  0x8a,   !        OP_WITHIN  =  0xa5,   !        OP_CHECKSIG  =  0xac,          OP_CHECKSIGVERIFY  =  0xad,          OP_CHECKMULTISIG  =  0xae,          OP_CHECKMULTISIGVERIFY  =   !        //  expansion          OP_NOP1  =  0xb0,          OP_NOP2  =  0xb1,          OP_NOP3  =  0xb2,          OP_NOP4  =  0xb3,          OP_NOP5  =  0xb4,          OP_NOP6  =  0xb5,          OP_NOP7  =  0xb6,          OP_NOP8  =  0xb7,          OP_NOP9  =  0xb8,          OP_NOP10  =  0xb9,   ! ! !        //  template  matching  params          OP_SMALLDATA  =  0xf9,          OP_SMALLINTEGER  =  0xfa,          OP_PUBKEYS  =  0xfb,          OP_PUBKEYHASH  =  0xfd,          OP_PUBKEY  =  0xfe,   !        OP_INVALIDOPCODE  =  0xff,   };  
Mining • “Auditors” collect transactions into a “block”
 (up to 1 Mb) • Each transaction in the block is verified for validity • The miner then does a proof-of-work calculation to “sign off” the block and add it to the blockchain • Difficult hash calculation takes +/- 10 min regardless of number of miners in the network
Advanced mining • A miner who successfully finds a suitable hash for a block, gets reward (currently 25 XBT = 625 USD) • Each transaction has optional transaction fees (difference between sum of inputs and outputs) that also go to the miner • Hash difficulty: number of “leading zeros” in hash • Adjusted dynamically, aims for 1 block in 10 mins
More interesting contracts • Scripting language can be used to enforce arbitrary constraints on how outputs are spent • Entire financial applications involving transfer of ownership can be built using the Bitcoin protocol
Dispute mediation • Third party (escrow / arbiter) may optionally be called in to sign off on a transaction if something goes wrong. • Script:
 2 <K1> <K2> <K3> 3 OP_CHECKMULTISIGVERIFY! • 2 out of 3 parties must agree on the outcome of the transaction in order to spend the output • The output may be spent as a payment or a refund
Micropayment channels • Each Bitcoin transaction carries a transaction cost (or processing delay), so normal transactions aren’t ideal for micropayments • Client send rapid adjustments in what it is willing to transfer to the server, directly to the server • These transactions aren’t broadcast until the session ends, when the final payment is made.
Oracle conditions • E.g. script to pass on an inheritance: • • <hash> OP_DROP2 <son’s pubkey>
 <oracle’s pubkey> CHECKMULTISIG Uses an external, trusted oracle who will only sign off when predetermined condition is met, e.g. • if (has_died(‘G-J van Rooyen’, id=‘7609257364083’)) return (10.0, 1MZhiFUaJSLpUyrCj8de7d5UMvZLtyuu1z)
Colored coins • From “wallet point-of-view”, Bitcoins are fungible • However, transaction outputs are traceable • 0.00000001 XBT outputs can be used to trace ownership of associated digital or physical goods in the real world • Software, movies, stocks, cars, houses can be traded without intermediaries
In Conclusion • The Bitcoin protocol is brilliant, subtle, intricate and (in some places) horribly complex • Proof-of-ownership protocol with built-in scripting language • Currency (“pay-to-address”) is the “Hallo, world!” of Bitcoin applications • Understand the protocol. Then go understand traditional financial systems
Questions are welcome Also, 5KQx3qRcMD5FyogomtVnABuToGCoVVDC9HvPMwDgARWBqzzzNte
Private Key (Wallet Import Format) ET

Recommended

Blockchain consensus algorithms
Blockchain consensus algorithmsBlockchain consensus algorithms
Blockchain consensus algorithmsAnurag Dashputre
 
Introduction to Blockchain and Smart Contracts
Introduction to Blockchain and Smart ContractsIntroduction to Blockchain and Smart Contracts
Introduction to Blockchain and Smart ContractsTechracers
 
Introduction to Ethereum Blockchain & Smart Contract
Introduction to Ethereum Blockchain & Smart ContractIntroduction to Ethereum Blockchain & Smart Contract
Introduction to Ethereum Blockchain & Smart ContractThanh Nguyen
 
Smart Contract & Ethereum
Smart Contract & EthereumSmart Contract & Ethereum
Smart Contract & EthereumAkshay Singh
 
Solidity
SoliditySolidity
Soliditygavofyork
 
Crypto Wallet Types Explained
Crypto Wallet Types ExplainedCrypto Wallet Types Explained
Crypto Wallet Types Explained101 Blockchains
 
Blockchain Security Issues and Challenges
Blockchain Security Issues and Challenges Blockchain Security Issues and Challenges
Blockchain Security Issues and Challenges Merlec Mpyana
 
Decentralized applications 101: How and why to build a DApp
Decentralized applications 101: How and why to build a DAppDecentralized applications 101: How and why to build a DApp
Decentralized applications 101: How and why to build a DAppErik Trautman
 

Recommended

Blockchain consensus algorithms
Blockchain consensus algorithmsBlockchain consensus algorithms
Blockchain consensus algorithmsAnurag Dashputre
 
Introduction to Blockchain and Smart Contracts
Introduction to Blockchain and Smart ContractsIntroduction to Blockchain and Smart Contracts
Introduction to Blockchain and Smart ContractsTechracers
 
Introduction to Ethereum Blockchain & Smart Contract
Introduction to Ethereum Blockchain & Smart ContractIntroduction to Ethereum Blockchain & Smart Contract
Introduction to Ethereum Blockchain & Smart ContractThanh Nguyen
 
Smart Contract & Ethereum
Smart Contract & EthereumSmart Contract & Ethereum
Smart Contract & EthereumAkshay Singh
 
Solidity
SoliditySolidity
Soliditygavofyork
 
Crypto Wallet Types Explained
Crypto Wallet Types ExplainedCrypto Wallet Types Explained
Crypto Wallet Types Explained101 Blockchains
 
Blockchain Security Issues and Challenges
Blockchain Security Issues and Challenges Blockchain Security Issues and Challenges
Blockchain Security Issues and Challenges Merlec Mpyana
 
Decentralized applications 101: How and why to build a DApp
Decentralized applications 101: How and why to build a DAppDecentralized applications 101: How and why to build a DApp
Decentralized applications 101: How and why to build a DAppErik Trautman
 
Blockchain and Bitcoin
Blockchain and BitcoinBlockchain and Bitcoin
Blockchain and BitcoinHugo Rodrigues
 
The Art of non-fungible tokens
The Art of non-fungible tokensThe Art of non-fungible tokens
The Art of non-fungible tokensGene Leybzon
 
How to Create NFT Art + OpenSea Tutorial on Selling NFTs
How to Create NFT Art + OpenSea Tutorial on Selling NFTsHow to Create NFT Art + OpenSea Tutorial on Selling NFTs
How to Create NFT Art + OpenSea Tutorial on Selling NFTsCoursenvy.com
 
Blockchain Technology
Blockchain TechnologyBlockchain Technology
Blockchain TechnologyRashi Singh
 
Blockchain - HyperLedger Fabric
Blockchain - HyperLedger FabricBlockchain - HyperLedger Fabric
Blockchain - HyperLedger FabricAraf Karsh Hamid
 
Ethereum
EthereumEthereum
EthereumShermin Voshmgir
 
Blockchain Presentation
Blockchain PresentationBlockchain Presentation
Blockchain PresentationZied GUESMI
 
Blockchain Security
Blockchain SecurityBlockchain Security
Blockchain SecurityMunawar Hussain
 
Blockchain
BlockchainBlockchain
BlockchainVenkatesh Jambulingam
 
Blockchain 2.0
Blockchain 2.0Blockchain 2.0
Blockchain 2.0Jérôme Kehrli
 
Blockchain
BlockchainBlockchain
BlockchainMohit Singh
 
Blockchain Study(1) - What is Blockchain?
Blockchain Study(1) - What is Blockchain?Blockchain Study(1) - What is Blockchain?
Blockchain Study(1) - What is Blockchain?Fermat Jade
 
Ethereum Blockchain with Smart contract and ERC20
Ethereum Blockchain with Smart contract and ERC20Ethereum Blockchain with Smart contract and ERC20
Ethereum Blockchain with Smart contract and ERC20Truong Nguyen
 
BLOCKCHAIN
BLOCKCHAINBLOCKCHAIN
BLOCKCHAINNitish sharma
 
ERC20 Step-by-Step - Creating Your First Ethereum Token
ERC20 Step-by-Step - Creating Your First Ethereum TokenERC20 Step-by-Step - Creating Your First Ethereum Token
ERC20 Step-by-Step - Creating Your First Ethereum TokenCodeOps Technologies LLP
 
Understanding Proof of Work (PoW) and Proof of Stake (PoS) Algorithms
Understanding Proof of Work (PoW) and Proof of Stake (PoS) AlgorithmsUnderstanding Proof of Work (PoW) and Proof of Stake (PoS) Algorithms
Understanding Proof of Work (PoW) and Proof of Stake (PoS) AlgorithmsGautam Anand
 
Cryptocurrency
CryptocurrencyCryptocurrency
Cryptocurrencycrypt00
 
Crypto wallets
Crypto walletsCrypto wallets
Crypto walletsChristian Kameir
 
BitCoin, P2P, Distributed Computing
BitCoin, P2P, Distributed ComputingBitCoin, P2P, Distributed Computing
BitCoin, P2P, Distributed ComputingMichelle Davies (Hryvnak)
 
What is Cryptocurrency
What is Cryptocurrency What is Cryptocurrency
What is Cryptocurrency James Travis
 
Ethereum VM and DSLs for Smart Contracts (updated on May 12th 2015)
Ethereum VM and DSLs for Smart Contracts (updated on May 12th 2015)Ethereum VM and DSLs for Smart Contracts (updated on May 12th 2015)
Ethereum VM and DSLs for Smart Contracts (updated on May 12th 2015)Zvi Avraham
 
A simplified Bitcoin Implementation in GO
A simplified Bitcoin Implementation in GOA simplified Bitcoin Implementation in GO
A simplified Bitcoin Implementation in GOBrian Yap
 

More Related Content

What's hot

Blockchain and Bitcoin
Blockchain and BitcoinBlockchain and Bitcoin
Blockchain and BitcoinHugo Rodrigues
 
The Art of non-fungible tokens
The Art of non-fungible tokensThe Art of non-fungible tokens
The Art of non-fungible tokensGene Leybzon
 
How to Create NFT Art + OpenSea Tutorial on Selling NFTs
How to Create NFT Art + OpenSea Tutorial on Selling NFTsHow to Create NFT Art + OpenSea Tutorial on Selling NFTs
How to Create NFT Art + OpenSea Tutorial on Selling NFTsCoursenvy.com
 
Blockchain Technology
Blockchain TechnologyBlockchain Technology
Blockchain TechnologyRashi Singh
 
Blockchain - HyperLedger Fabric
Blockchain - HyperLedger FabricBlockchain - HyperLedger Fabric
Blockchain - HyperLedger FabricAraf Karsh Hamid
 
Blockchain Presentation
Blockchain PresentationBlockchain Presentation
Blockchain PresentationZied GUESMI
 
Blockchain Study(1) - What is Blockchain?
Blockchain Study(1) - What is Blockchain?Blockchain Study(1) - What is Blockchain?
Blockchain Study(1) - What is Blockchain?Fermat Jade
 
Ethereum Blockchain with Smart contract and ERC20
Ethereum Blockchain with Smart contract and ERC20Ethereum Blockchain with Smart contract and ERC20
Ethereum Blockchain with Smart contract and ERC20Truong Nguyen
 
ERC20 Step-by-Step - Creating Your First Ethereum Token
ERC20 Step-by-Step - Creating Your First Ethereum TokenERC20 Step-by-Step - Creating Your First Ethereum Token
ERC20 Step-by-Step - Creating Your First Ethereum TokenCodeOps Technologies LLP
 
Understanding Proof of Work (PoW) and Proof of Stake (PoS) Algorithms
Understanding Proof of Work (PoW) and Proof of Stake (PoS) AlgorithmsUnderstanding Proof of Work (PoW) and Proof of Stake (PoS) Algorithms
Understanding Proof of Work (PoW) and Proof of Stake (PoS) AlgorithmsGautam Anand
 
Cryptocurrency
CryptocurrencyCryptocurrency
Cryptocurrencycrypt00
 
What is Cryptocurrency
What is Cryptocurrency What is Cryptocurrency
What is Cryptocurrency James Travis
 

What's hot (20)

Blockchain and Bitcoin
Blockchain and BitcoinBlockchain and Bitcoin
Blockchain and Bitcoin
 
The Art of non-fungible tokens
The Art of non-fungible tokensThe Art of non-fungible tokens
The Art of non-fungible tokens
 
How to Create NFT Art + OpenSea Tutorial on Selling NFTs
How to Create NFT Art + OpenSea Tutorial on Selling NFTsHow to Create NFT Art + OpenSea Tutorial on Selling NFTs
How to Create NFT Art + OpenSea Tutorial on Selling NFTs
 
Blockchain Technology
Blockchain TechnologyBlockchain Technology
Blockchain Technology
 
Blockchain - HyperLedger Fabric
Blockchain - HyperLedger FabricBlockchain - HyperLedger Fabric
Blockchain - HyperLedger Fabric
 
Ethereum
EthereumEthereum
Ethereum
 
Blockchain Presentation
Blockchain PresentationBlockchain Presentation
Blockchain Presentation
 
Blockchain Security
Blockchain SecurityBlockchain Security
Blockchain Security
 
Blockchain
BlockchainBlockchain
Blockchain
 
Blockchain 2.0
Blockchain 2.0Blockchain 2.0
Blockchain 2.0
 
Blockchain
BlockchainBlockchain
Blockchain
 
Blockchain Study(1) - What is Blockchain?
Blockchain Study(1) - What is Blockchain?Blockchain Study(1) - What is Blockchain?
Blockchain Study(1) - What is Blockchain?
 
Ethereum Blockchain with Smart contract and ERC20
Ethereum Blockchain with Smart contract and ERC20Ethereum Blockchain with Smart contract and ERC20
Ethereum Blockchain with Smart contract and ERC20
 
BLOCKCHAIN
BLOCKCHAINBLOCKCHAIN
BLOCKCHAIN
 
ERC20 Step-by-Step - Creating Your First Ethereum Token
ERC20 Step-by-Step - Creating Your First Ethereum TokenERC20 Step-by-Step - Creating Your First Ethereum Token
ERC20 Step-by-Step - Creating Your First Ethereum Token
 
Understanding Proof of Work (PoW) and Proof of Stake (PoS) Algorithms
Understanding Proof of Work (PoW) and Proof of Stake (PoS) AlgorithmsUnderstanding Proof of Work (PoW) and Proof of Stake (PoS) Algorithms
Understanding Proof of Work (PoW) and Proof of Stake (PoS) Algorithms
 
Cryptocurrency
CryptocurrencyCryptocurrency
Cryptocurrency
 
Crypto wallets
Crypto walletsCrypto wallets
Crypto wallets
 
BitCoin, P2P, Distributed Computing
BitCoin, P2P, Distributed ComputingBitCoin, P2P, Distributed Computing
BitCoin, P2P, Distributed Computing
 
What is Cryptocurrency
What is Cryptocurrency What is Cryptocurrency
What is Cryptocurrency
 

Similar to Bitcoin, the Protocol

Ethereum VM and DSLs for Smart Contracts (updated on May 12th 2015)
Ethereum VM and DSLs for Smart Contracts (updated on May 12th 2015)Ethereum VM and DSLs for Smart Contracts (updated on May 12th 2015)
Ethereum VM and DSLs for Smart Contracts (updated on May 12th 2015)Zvi Avraham
 
A simplified Bitcoin Implementation in GO
A simplified Bitcoin Implementation in GOA simplified Bitcoin Implementation in GO
A simplified Bitcoin Implementation in GOBrian Yap
 
Mobile Bitcoin Wallet Security - Andras Mendik
Mobile Bitcoin Wallet Security - Andras MendikMobile Bitcoin Wallet Security - Andras Mendik
Mobile Bitcoin Wallet Security - Andras MendikBitcoin Barcamp
 
Zero-Downtime Rebalancing and Data Migration of a Mature Multi-Shard Platform
Zero-Downtime Rebalancing and Data Migration of a Mature Multi-Shard PlatformZero-Downtime Rebalancing and Data Migration of a Mature Multi-Shard Platform
Zero-Downtime Rebalancing and Data Migration of a Mature Multi-Shard PlatformFlorian Weingarten
 
Hacklu11 Writeup
Hacklu11 WriteupHacklu11 Writeup
Hacklu11 Writeupnkslides
 
Beyond php - it's not (just) about the code
Beyond php - it's not (just) about the codeBeyond php - it's not (just) about the code
Beyond php - it's not (just) about the codeWim Godden
 
Beyond php - it's not (just) about the code
Beyond php - it's not (just) about the codeBeyond php - it's not (just) about the code
Beyond php - it's not (just) about the codeWim Godden
 
Atm hacking and cracking to steal money with atm backdoor default master pass...
Atm hacking and cracking to steal money with atm backdoor default master pass...Atm hacking and cracking to steal money with atm backdoor default master pass...
Atm hacking and cracking to steal money with atm backdoor default master pass...FREDDY KEKANA
 
#2 Case study Tachyon & ICOVO App by Yoshikazu Nishimura, ICOVO's CTO
#2 Case study Tachyon & ICOVO App by Yoshikazu Nishimura, ICOVO's CTO#2 Case study Tachyon & ICOVO App by Yoshikazu Nishimura, ICOVO's CTO
#2 Case study Tachyon & ICOVO App by Yoshikazu Nishimura, ICOVO's CTOICOVO
 
Bitcoin, the Blockchain, and Open Source
Bitcoin, the Blockchain, and Open SourceBitcoin, the Blockchain, and Open Source
Bitcoin, the Blockchain, and Open SourceAll Things Open
 
Shabakat Pitch Deck
Shabakat Pitch DeckShabakat Pitch Deck
Shabakat Pitch DeckCryptoware
 
Build your own block chain
Build your own block chainBuild your own block chain
Build your own block chainBohdan Szymanik
 
DEF CON 24 - Patrick Wardle - 99 problems little snitch
DEF CON 24 - Patrick Wardle - 99 problems little snitchDEF CON 24 - Patrick Wardle - 99 problems little snitch
DEF CON 24 - Patrick Wardle - 99 problems little snitchFelipe Prado
 
ITCamp 2018 - David Wong - A deal with the devil: breaking smart contracts
ITCamp 2018 - David Wong - A deal with the devil: breaking smart contractsITCamp 2018 - David Wong - A deal with the devil: breaking smart contracts
ITCamp 2018 - David Wong - A deal with the devil: breaking smart contractsITCamp
 
Zn task - defcon russia 20
Zn task - defcon russia 20Zn task - defcon russia 20
Zn task - defcon russia 20DefconRussia
 
Devcon4 - Smart Contracts Approach with Caution by Jake Craige
Devcon4 - Smart Contracts Approach with Caution by Jake CraigeDevcon4 - Smart Contracts Approach with Caution by Jake Craige
Devcon4 - Smart Contracts Approach with Caution by Jake Craigejakecraige
 

Similar to Bitcoin, the Protocol (20)

Ethereum VM and DSLs for Smart Contracts (updated on May 12th 2015)
Ethereum VM and DSLs for Smart Contracts (updated on May 12th 2015)Ethereum VM and DSLs for Smart Contracts (updated on May 12th 2015)
Ethereum VM and DSLs for Smart Contracts (updated on May 12th 2015)
 
A simplified Bitcoin Implementation in GO
A simplified Bitcoin Implementation in GOA simplified Bitcoin Implementation in GO
A simplified Bitcoin Implementation in GO
 
Mobile Bitcoin Wallet Security - Andras Mendik
Mobile Bitcoin Wallet Security - Andras MendikMobile Bitcoin Wallet Security - Andras Mendik
Mobile Bitcoin Wallet Security - Andras Mendik
 
Zero-Downtime Rebalancing and Data Migration of a Mature Multi-Shard Platform
Zero-Downtime Rebalancing and Data Migration of a Mature Multi-Shard PlatformZero-Downtime Rebalancing and Data Migration of a Mature Multi-Shard Platform
Zero-Downtime Rebalancing and Data Migration of a Mature Multi-Shard Platform
 
Hacklu11 Writeup
Hacklu11 WriteupHacklu11 Writeup
Hacklu11 Writeup
 
Beyond php - it's not (just) about the code
Beyond php - it's not (just) about the codeBeyond php - it's not (just) about the code
Beyond php - it's not (just) about the code
 
Cipher block modes
Cipher block modesCipher block modes
Cipher block modes
 
Inside Winnyp
Inside WinnypInside Winnyp
Inside Winnyp
 
Beyond php - it's not (just) about the code
Beyond php - it's not (just) about the codeBeyond php - it's not (just) about the code
Beyond php - it's not (just) about the code
 
Atm hacking and cracking to steal money with atm backdoor default master pass...
Atm hacking and cracking to steal money with atm backdoor default master pass...Atm hacking and cracking to steal money with atm backdoor default master pass...
Atm hacking and cracking to steal money with atm backdoor default master pass...
 
#2 Case study Tachyon & ICOVO App by Yoshikazu Nishimura, ICOVO's CTO
#2 Case study Tachyon & ICOVO App by Yoshikazu Nishimura, ICOVO's CTO#2 Case study Tachyon & ICOVO App by Yoshikazu Nishimura, ICOVO's CTO
#2 Case study Tachyon & ICOVO App by Yoshikazu Nishimura, ICOVO's CTO
 
Bitcoin, the Blockchain, and Open Source
Bitcoin, the Blockchain, and Open SourceBitcoin, the Blockchain, and Open Source
Bitcoin, the Blockchain, and Open Source
 
Shabakat Pitch Deck
Shabakat Pitch DeckShabakat Pitch Deck
Shabakat Pitch Deck
 
Marat-Slides
Marat-SlidesMarat-Slides
Marat-Slides
 
3
33
3
 
Build your own block chain
Build your own block chainBuild your own block chain
Build your own block chain
 
DEF CON 24 - Patrick Wardle - 99 problems little snitch
DEF CON 24 - Patrick Wardle - 99 problems little snitchDEF CON 24 - Patrick Wardle - 99 problems little snitch
DEF CON 24 - Patrick Wardle - 99 problems little snitch
 
ITCamp 2018 - David Wong - A deal with the devil: breaking smart contracts
ITCamp 2018 - David Wong - A deal with the devil: breaking smart contractsITCamp 2018 - David Wong - A deal with the devil: breaking smart contracts
ITCamp 2018 - David Wong - A deal with the devil: breaking smart contracts
 
Zn task - defcon russia 20
Zn task - defcon russia 20Zn task - defcon russia 20
Zn task - defcon russia 20
 
Devcon4 - Smart Contracts Approach with Caution by Jake Craige
Devcon4 - Smart Contracts Approach with Caution by Jake CraigeDevcon4 - Smart Contracts Approach with Caution by Jake Craige
Devcon4 - Smart Contracts Approach with Caution by Jake Craige
 

Recently uploaded

NO1 WorldWide Genuine vashikaran specialist Vashikaran baba near Lahore Vashi...
NO1 WorldWide Genuine vashikaran specialist Vashikaran baba near Lahore Vashi...NO1 WorldWide Genuine vashikaran specialist Vashikaran baba near Lahore Vashi...
NO1 WorldWide Genuine vashikaran specialist Vashikaran baba near Lahore Vashi...Amil baba
 
The AES Investment Code - the go-to counsel for the most well-informed, wise...
The AES Investment Code - the go-to counsel for the most well-informed, wise...The AES Investment Code - the go-to counsel for the most well-informed, wise...
The AES Investment Code - the go-to counsel for the most well-informed, wise...AES International
 
NO1 WorldWide Love marriage specialist baba ji Amil Baba Kala ilam powerful v...
NO1 WorldWide Love marriage specialist baba ji Amil Baba Kala ilam powerful v...NO1 WorldWide Love marriage specialist baba ji Amil Baba Kala ilam powerful v...
NO1 WorldWide Love marriage specialist baba ji Amil Baba Kala ilam powerful v...Amil baba
 
Stock Market Brief Deck for 4/24/24 .pdf
Stock Market Brief Deck for 4/24/24 .pdfStock Market Brief Deck for 4/24/24 .pdf
Stock Market Brief Deck for 4/24/24 .pdfMichael Silva
 
Tenets of Physiocracy History of Economic
Tenets of Physiocracy History of EconomicTenets of Physiocracy History of Economic
Tenets of Physiocracy History of Economiccinemoviesu
 
letter-from-the-chair-to-the-fca-relating-to-british-steel-pensions-scheme-15...
letter-from-the-chair-to-the-fca-relating-to-british-steel-pensions-scheme-15...letter-from-the-chair-to-the-fca-relating-to-british-steel-pensions-scheme-15...
letter-from-the-chair-to-the-fca-relating-to-british-steel-pensions-scheme-15...Henry Tapper
 
magnetic-pensions-a-new-blueprint-for-the-dc-landscape.pdf
magnetic-pensions-a-new-blueprint-for-the-dc-landscape.pdfmagnetic-pensions-a-new-blueprint-for-the-dc-landscape.pdf
magnetic-pensions-a-new-blueprint-for-the-dc-landscape.pdfHenry Tapper
 
The Triple Threat | Article on Global Resession | Harsh Kumar
The Triple Threat | Article on Global Resession | Harsh KumarThe Triple Threat | Article on Global Resession | Harsh Kumar
The Triple Threat | Article on Global Resession | Harsh KumarHarsh Kumar
 
Managing Finances in a Small Business (yes).pdf
Managing Finances in a Small Business (yes).pdfManaging Finances in a Small Business (yes).pdf
Managing Finances in a Small Business (yes).pdfmar yame
 
AfRESFullPaper22018EmpiricalPerformanceofRealEstateInvestmentTrustsandShareho...
AfRESFullPaper22018EmpiricalPerformanceofRealEstateInvestmentTrustsandShareho...AfRESFullPaper22018EmpiricalPerformanceofRealEstateInvestmentTrustsandShareho...
AfRESFullPaper22018EmpiricalPerformanceofRealEstateInvestmentTrustsandShareho...yordanosyohannes2
 
Vp Girls near me Delhi Call Now or WhatsApp
Vp Girls near me Delhi Call Now or WhatsAppVp Girls near me Delhi Call Now or WhatsApp
Vp Girls near me Delhi Call Now or WhatsAppmiss dipika
 
NO1 WorldWide online istikhara for love marriage vashikaran specialist love p...
NO1 WorldWide online istikhara for love marriage vashikaran specialist love p...NO1 WorldWide online istikhara for love marriage vashikaran specialist love p...
NO1 WorldWide online istikhara for love marriage vashikaran specialist love p...Amil Baba Dawood bangali
 
NO1 Certified Ilam kala Jadu Specialist Expert In Bahawalpur, Sargodha, Sialk...
NO1 Certified Ilam kala Jadu Specialist Expert In Bahawalpur, Sargodha, Sialk...NO1 Certified Ilam kala Jadu Specialist Expert In Bahawalpur, Sargodha, Sialk...
NO1 Certified Ilam kala Jadu Specialist Expert In Bahawalpur, Sargodha, Sialk...Amil Baba Dawood bangali
 
Amil Baba In Pakistan amil baba in Lahore amil baba in Islamabad amil baba in...
Amil Baba In Pakistan amil baba in Lahore amil baba in Islamabad amil baba in...Amil Baba In Pakistan amil baba in Lahore amil baba in Islamabad amil baba in...
Amil Baba In Pakistan amil baba in Lahore amil baba in Islamabad amil baba in...amilabibi1
 
fca-bsps-decision-letter-redacted (1).pdf
fca-bsps-decision-letter-redacted (1).pdffca-bsps-decision-letter-redacted (1).pdf
fca-bsps-decision-letter-redacted (1).pdfHenry Tapper
 
Call Girls Near Delhi Pride Hotel, New Delhi|9873777170
Call Girls Near Delhi Pride Hotel, New Delhi|9873777170Call Girls Near Delhi Pride Hotel, New Delhi|9873777170
Call Girls Near Delhi Pride Hotel, New Delhi|9873777170Sonam Pathan
 
Bladex 1Q24 Earning Results Presentation
Bladex 1Q24 Earning Results PresentationBladex 1Q24 Earning Results Presentation
Bladex 1Q24 Earning Results PresentationBladex
 
Economic Risk Factor Update: April 2024 [SlideShare]
Economic Risk Factor Update: April 2024 [SlideShare]Economic Risk Factor Update: April 2024 [SlideShare]
Economic Risk Factor Update: April 2024 [SlideShare]Commonwealth
 
2024 Q1 Crypto Industry Report | CoinGecko
2024 Q1 Crypto Industry Report | CoinGecko2024 Q1 Crypto Industry Report | CoinGecko
2024 Q1 Crypto Industry Report | CoinGeckoCoinGecko
 
Financial Leverage Definition, Advantages, and Disadvantages
Financial Leverage Definition, Advantages, and DisadvantagesFinancial Leverage Definition, Advantages, and Disadvantages
Financial Leverage Definition, Advantages, and Disadvantagesjayjaymabutot13
 

Recently uploaded (20)

NO1 WorldWide Genuine vashikaran specialist Vashikaran baba near Lahore Vashi...
NO1 WorldWide Genuine vashikaran specialist Vashikaran baba near Lahore Vashi...NO1 WorldWide Genuine vashikaran specialist Vashikaran baba near Lahore Vashi...
NO1 WorldWide Genuine vashikaran specialist Vashikaran baba near Lahore Vashi...
 
The AES Investment Code - the go-to counsel for the most well-informed, wise...
The AES Investment Code - the go-to counsel for the most well-informed, wise...The AES Investment Code - the go-to counsel for the most well-informed, wise...
The AES Investment Code - the go-to counsel for the most well-informed, wise...
 
NO1 WorldWide Love marriage specialist baba ji Amil Baba Kala ilam powerful v...
NO1 WorldWide Love marriage specialist baba ji Amil Baba Kala ilam powerful v...NO1 WorldWide Love marriage specialist baba ji Amil Baba Kala ilam powerful v...
NO1 WorldWide Love marriage specialist baba ji Amil Baba Kala ilam powerful v...
 
Stock Market Brief Deck for 4/24/24 .pdf
Stock Market Brief Deck for 4/24/24 .pdfStock Market Brief Deck for 4/24/24 .pdf
Stock Market Brief Deck for 4/24/24 .pdf
 
Tenets of Physiocracy History of Economic
Tenets of Physiocracy History of EconomicTenets of Physiocracy History of Economic
Tenets of Physiocracy History of Economic
 
letter-from-the-chair-to-the-fca-relating-to-british-steel-pensions-scheme-15...
letter-from-the-chair-to-the-fca-relating-to-british-steel-pensions-scheme-15...letter-from-the-chair-to-the-fca-relating-to-british-steel-pensions-scheme-15...
letter-from-the-chair-to-the-fca-relating-to-british-steel-pensions-scheme-15...
 
magnetic-pensions-a-new-blueprint-for-the-dc-landscape.pdf
magnetic-pensions-a-new-blueprint-for-the-dc-landscape.pdfmagnetic-pensions-a-new-blueprint-for-the-dc-landscape.pdf
magnetic-pensions-a-new-blueprint-for-the-dc-landscape.pdf
 
The Triple Threat | Article on Global Resession | Harsh Kumar
The Triple Threat | Article on Global Resession | Harsh KumarThe Triple Threat | Article on Global Resession | Harsh Kumar
The Triple Threat | Article on Global Resession | Harsh Kumar
 
Managing Finances in a Small Business (yes).pdf
Managing Finances in a Small Business (yes).pdfManaging Finances in a Small Business (yes).pdf
Managing Finances in a Small Business (yes).pdf
 
AfRESFullPaper22018EmpiricalPerformanceofRealEstateInvestmentTrustsandShareho...
AfRESFullPaper22018EmpiricalPerformanceofRealEstateInvestmentTrustsandShareho...AfRESFullPaper22018EmpiricalPerformanceofRealEstateInvestmentTrustsandShareho...
AfRESFullPaper22018EmpiricalPerformanceofRealEstateInvestmentTrustsandShareho...
 
Vp Girls near me Delhi Call Now or WhatsApp
Vp Girls near me Delhi Call Now or WhatsAppVp Girls near me Delhi Call Now or WhatsApp
Vp Girls near me Delhi Call Now or WhatsApp
 
NO1 WorldWide online istikhara for love marriage vashikaran specialist love p...
NO1 WorldWide online istikhara for love marriage vashikaran specialist love p...NO1 WorldWide online istikhara for love marriage vashikaran specialist love p...
NO1 WorldWide online istikhara for love marriage vashikaran specialist love p...
 
NO1 Certified Ilam kala Jadu Specialist Expert In Bahawalpur, Sargodha, Sialk...
NO1 Certified Ilam kala Jadu Specialist Expert In Bahawalpur, Sargodha, Sialk...NO1 Certified Ilam kala Jadu Specialist Expert In Bahawalpur, Sargodha, Sialk...
NO1 Certified Ilam kala Jadu Specialist Expert In Bahawalpur, Sargodha, Sialk...
 
Amil Baba In Pakistan amil baba in Lahore amil baba in Islamabad amil baba in...
Amil Baba In Pakistan amil baba in Lahore amil baba in Islamabad amil baba in...Amil Baba In Pakistan amil baba in Lahore amil baba in Islamabad amil baba in...
Amil Baba In Pakistan amil baba in Lahore amil baba in Islamabad amil baba in...
 
fca-bsps-decision-letter-redacted (1).pdf
fca-bsps-decision-letter-redacted (1).pdffca-bsps-decision-letter-redacted (1).pdf
fca-bsps-decision-letter-redacted (1).pdf
 
Call Girls Near Delhi Pride Hotel, New Delhi|9873777170
Call Girls Near Delhi Pride Hotel, New Delhi|9873777170Call Girls Near Delhi Pride Hotel, New Delhi|9873777170
Call Girls Near Delhi Pride Hotel, New Delhi|9873777170
 
Bladex 1Q24 Earning Results Presentation
Bladex 1Q24 Earning Results PresentationBladex 1Q24 Earning Results Presentation
Bladex 1Q24 Earning Results Presentation
 
Economic Risk Factor Update: April 2024 [SlideShare]
Economic Risk Factor Update: April 2024 [SlideShare]Economic Risk Factor Update: April 2024 [SlideShare]
Economic Risk Factor Update: April 2024 [SlideShare]
 
2024 Q1 Crypto Industry Report | CoinGecko
2024 Q1 Crypto Industry Report | CoinGecko2024 Q1 Crypto Industry Report | CoinGecko
2024 Q1 Crypto Industry Report | CoinGecko
 
Financial Leverage Definition, Advantages, and Disadvantages
Financial Leverage Definition, Advantages, and DisadvantagesFinancial Leverage Definition, Advantages, and Disadvantages
Financial Leverage Definition, Advantages, and Disadvantages
 

Bitcoin, the Protocol

  • 1. the Protocol G-J van Rooyen 20 February 2014
  • 2. “With e-currency based on cryptographic proof, without the need to trust a third-party middleman, money can be secure and transactions effortless.” ! – Satoshi Nakamoto
  • 3. “We can laugh at Bitcoin, but real guys, in real basements, are losing real fake money right now.” ! – David Clinch
  • 4. This talk is not about… • …is Bitcoin “real” money? • …is Bitcoin a good investment? • …will Bitcoin replace the dollar/rand/yen? • …is Dogecoin/Litecoin better than Bitcoin? • …exchange volatility
  • 5. We will talk about… • …difficulty of trust-free agreement in a decentralised P2P network (Byzantine Generals) • …triple-entry accounting • …how Bitcoin transactions are built and verified • …the scripting language built into the protocol • …scripted contracts (“Bitcoin 2.0”)
  • 9. Byzantine Generals • N generals need to coordinate an attack • Messages are passed amongst each other • Traitorous generals may pass on false messages • Consensus very difficult • Lamport: solution for 2/3 trust (later > 50%)
  • 10. Nakamoto’s Solution • Scenario: generals have to agree on time to attack • A random general proposes a time and distributes the message • Other generals “sign off” (agree) on time adding a hash that’s computationally difficult to compute (but trivial to verify) • A chain of time-plus-hashes builds up and is distributed • Over time, the generals become convinced that the majority of the computational power of the network has reached consensus. • If an attacker injects a fake time to spread confusion, the network selects the chain with the longest sequence of valid hashes
  • 12. Application to ownership transfer • I can sign a “cheque” giving away money I own • Everyone can verify the transaction is valid • A double-spend of money is always invalid • People who “audited” the transaction sign it off by proof-of-work
  • 13. Single-entry accounting • “Write down income and expenses” • If you leave out a number, no-one will know • Bookkeeper always has plausible deniability (it was an honest mistake!) • Limited businesses to family and crown
  • 14. Double-entry accounting • Florence, late 13th century • Much more difficult to “cook books” • Gave rise to the modern enterprise
  • 15. Bitcoin as triple-entry • Alice debits her wallet, and credits Bob’s
 (double-entry) • Ivan audits transaction • Ivan commits it to the public ledger
 (third entry) • No central authority • Non-repudiable transaction
  • 16. The basics of Bitcoin Back to Abstraction, Level 2
  • 17. E The basics of Bitcoin:
 Private keys Import Format) Private Key (Wallet • Each “account”
 = random 256-bit number • Private key, must be kept secret • SECRET Need not be stored digitally
 – can be on paper or memorised ZLtyuu1z to open an account?
 • Want Guess a number! QR code representation of the private key! x3qRcMD5FyogomtVnABuToGCoVVDC9HvPMwDgARWBqzzzNte 5KQx3qRcMD5FyogomtVnABuToGCoVVDC9HvPMwDgARWBqzzzNte le pairing of a Bitcoin address with its corresponding Bitcoin private
  • 18. The basics of Bitcoin:
 Public keys and addresses Bitcoin Address • ECDSA is used to generate a public key from the PrivKey • The PubKey can be used to verify transactions signed using the PrivKey • 64-byte PubKeys are unwieldy, and are hashed down to 20-byte addresses SH 1MZhiFUaJSLpUyrCj8de7 QR code representation of the address! 1MZhiFUaJSLpUyrCj8de7d5UMvZLtyuu1z
  • 19. Crypto-primer: Hashes • Hashing: D = H(M) • D is usually much shorter than M • It is impossible to get back to M just from D • SHA256 and RIPEMD-160 used in Bitcoin
  • 20. Crypto-primer: Signatures • Hashing: D = H(M) • Signing: σ = S(D, Pr)! • Verification: ß = V(D, σ, Pu) • Only the owner of the private key can sign a message (transaction) • Anyone who knows a user’s public key can verify that she signed it • ECDSA used in Bitcoin
  • 23. A full transaction Field Description Version # Currently 1 In-counter Positive integer Size! [b] 4 1-9 References to outputs of previous List of inputs transactions Out-counter Positive integer 1-9 Values of outputs, and scripts dictating List of outputs how they may be claimed Lock time Time stamp when transaction becomes final (default 0 = immediately) 4
  • 24. A sample transaction Input:! Previous tx: f5d8ee39a430901c91a5917b9f2dc19d6d1a0e9cea205b009ca73dd04 470b9a6! Index: 0! scriptSig: 304502206e21798a42fae0e854281abd38bacd1aeed3ee3738d9e1446 618c4571d1090db022100e2ac980643b0b82c0e88ffdfec6b64e3e6ba 35e7ba5fdd7d5d6cc8d25c6b241501! ! Output:! Value: 5000000000! scriptPubKey: OP_DUP OP_HASH160 404371705fa9bd789a2fcd52d2c580b65d35549d! OP_EQUALVERIFY OP_CHECKSIG
  • 25. The output script • Each output has a script specifying how it may be claimed • FORTH-like scripting language • Deliberately Turing-incomplete • Can specify anything: • “anyone can have this” • pay to specific address • highly complex contracts (e.g. “pay out when I die”)
  • 26. The simplest script • Pay-to-PubkeyHash (give money to an address) • scriptPubKey: OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG • scriptSig: <sig> <pubKey> • scriptSig and scriptPubKey are combined, and then stack processing is done operation-by-operation
  • 27. The simplest script: Step 1 STACK • scriptSig and scriptPubKey are combined • Unprocessed script:
 <sig> <pubKey> OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG (empty)
  • 28. The simplest script: Step 2 STACK • The constants <sig> and <pubKey> are added to the stack • Unprocessed script:
 <sig> <pubKey> OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG <pubKey> <sig>
  • 29. The simplest script: Step 3 STACK • The top stack item is duplicated • Unprocessed script:
 <sig> <pubKey> OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG <pubKey> <pubKey> <sig>
  • 30. The simplest script: Step 4 • The top stack item is hashed! • This calculates and address from the claimant’s public key • (we must ensure this is the same as the TXout’s address) • Unprocessed script:
 <sig> <pubKey> OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG STACK <pubHashA> <pubKey> <sig>
  • 31. The simplest script: Step 5 STACK • • Another constant (the previous output’s destination address) is added to the stack Unprocessed script:
 <sig> <pubKey> OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG <pubKeyHash> <pubHashA> <pubKey> <sig>
  • 32. The simplest script: Step 6 • Verify that the claimant’s public key actually matches the previous transaction’s output address! • If false, the transaction is rejected an not distributed further • Unprocessed script:
 <sig> <pubKey> OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG STACK <pubKey> <sig>
  • 33. The simplest script: Step 7 • Verify that the claimant’s public key confirms the transaction’s signature! • If false, the transaction is rejected an not distributed further • Unprocessed script:
 <sig> <pubKey> OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG STACK (empty)
  • 34. We just used 4 opcodes… enum  opcodetype   {          //  push  value          OP_0  =  0x00,          OP_FALSE  =  OP_0,          OP_PUSHDATA1  =  0x4c,          OP_PUSHDATA2  =  0x4d,          OP_PUSHDATA4  =  0x4e,          OP_1NEGATE  =  0x4f,          OP_RESERVED  =  0x50,          OP_1  =  0x51,          OP_TRUE=OP_1,          OP_2  =  0x52,          OP_3  =  0x53,          OP_4  =  0x54,          OP_5  =  0x55,          OP_6  =  0x56,          OP_7  =  0x57,          OP_8  =  0x58,          OP_9  =  0x59,          OP_10  =  0x5a,          OP_11  =  0x5b,          OP_12  =  0x5c,          OP_13  =  0x5d,          OP_14  =  0x5e,          OP_15  =  0x5f,          OP_16  =  0x60,   !        //  control          OP_NOP  =  0x61,          OP_VER  =  0x62,          OP_IF  =  0x63,          OP_NOTIF  =  0x64,          OP_VERIF  =  0x65,          OP_VERNOTIF  =  0x66,          OP_ELSE  =  0x67,          OP_ENDIF  =  0x68,          OP_VERIFY  =  0x69,          OP_RETURN  =  0x6a,   !        //  stack  ops          OP_TOALTSTACK  =  0x6b,          OP_FROMALTSTACK  =  0x6c,          OP_2DROP  =  0x6d,          OP_2DUP  =  0x6e,          OP_3DUP  =  0x6f,          OP_2OVER  =  0x70,          OP_2ROT  =  0x71,          OP_2SWAP  =  0x72,          OP_IFDUP  =  0x73,          OP_DEPTH  =  0x74,          OP_DROP  =  0x75,          OP_DUP  =  0x76,          OP_NIP  =  0x77,          OP_OVER  =  0x78,          OP_PICK  =  0x79,          OP_ROLL  =  0x7a,          OP_ROT  =  0x7b,          OP_SWAP  =  0x7c,          OP_TUCK  =  0x7d,          //  numeric          OP_1ADD  =  0x8b,          OP_1SUB  =  0x8c,          OP_2MUL  =  0x8d,          OP_2DIV  =  0x8e,          OP_NEGATE  =  0x8f,          OP_ABS  =  0x90,          OP_NOT  =  0x91,          OP_0NOTEQUAL  =  0x92,   !        OP_ADD  =  0x93,          OP_SUB  =  0x94,          OP_MUL  =  0x95,          OP_DIV  =  0x96,          OP_MOD  =  0x97,          OP_LSHIFT  =  0x98,          OP_RSHIFT  =  0x99,   ! !        OP_BOOLAND  =  0x9a,          OP_BOOLOR  =  0x9b,          OP_NUMEQUAL  =  0x9c,          OP_NUMEQUALVERIFY  =  0x9d,          OP_NUMNOTEQUAL  =  0x9e,          OP_LESSTHAN  =  0x9f,          OP_GREATERTHAN  =  0xa0,          OP_LESSTHANOREQUAL  =  0xa1,          OP_GREATERTHANOREQUAL  =          OP_MIN  =  0xa3,          OP_MAX  =  0xa4,   !        //  crypto          OP_RIPEMD160  =  0xa6,          OP_SHA1  =  0xa7,          OP_SHA256  =  0xa8,          OP_HASH160  =  0xa9,          OP_HASH256  =  0xaa,          OP_CODESEPARATOR  =  0xab,   !        //  splice  ops          OP_CAT  =  0x7e,          OP_SUBSTR  =  0x7f,          OP_LEFT  =  0x80,          OP_RIGHT  =  0x81,          OP_SIZE  =  0x82,          //  bit  logic          OP_INVERT  =  0x83,          OP_AND  =  0x84,          OP_OR  =  0x85,          OP_XOR  =  0x86,          OP_EQUAL  =  0x87,          OP_EQUALVERIFY  =  0x88,          OP_RESERVED1  =  0x89,          OP_RESERVED2  =  0x8a,   !        OP_WITHIN  =  0xa5,   !        OP_CHECKSIG  =  0xac,          OP_CHECKSIGVERIFY  =  0xad,          OP_CHECKMULTISIG  =  0xae,          OP_CHECKMULTISIGVERIFY  =   !        //  expansion          OP_NOP1  =  0xb0,          OP_NOP2  =  0xb1,          OP_NOP3  =  0xb2,          OP_NOP4  =  0xb3,          OP_NOP5  =  0xb4,          OP_NOP6  =  0xb5,          OP_NOP7  =  0xb6,          OP_NOP8  =  0xb7,          OP_NOP9  =  0xb8,          OP_NOP10  =  0xb9,   ! ! !        //  template  matching  params          OP_SMALLDATA  =  0xf9,          OP_SMALLINTEGER  =  0xfa,          OP_PUBKEYS  =  0xfb,          OP_PUBKEYHASH  =  0xfd,          OP_PUBKEY  =  0xfe,   !        OP_INVALIDOPCODE  =  0xff,   };  
  • 35. Mining • “Auditors” collect transactions into a “block”
 (up to 1 Mb) • Each transaction in the block is verified for validity • The miner then does a proof-of-work calculation to “sign off” the block and add it to the blockchain • Difficult hash calculation takes +/- 10 min regardless of number of miners in the network
  • 36. Advanced mining • A miner who successfully finds a suitable hash for a block, gets reward (currently 25 XBT = 625 USD) • Each transaction has optional transaction fees (difference between sum of inputs and outputs) that also go to the miner • Hash difficulty: number of “leading zeros” in hash • Adjusted dynamically, aims for 1 block in 10 mins
  • 37. More interesting contracts • Scripting language can be used to enforce arbitrary constraints on how outputs are spent • Entire financial applications involving transfer of ownership can be built using the Bitcoin protocol
  • 38. Dispute mediation • Third party (escrow / arbiter) may optionally be called in to sign off on a transaction if something goes wrong. • Script:
 2 <K1> <K2> <K3> 3 OP_CHECKMULTISIGVERIFY! • 2 out of 3 parties must agree on the outcome of the transaction in order to spend the output • The output may be spent as a payment or a refund
  • 39. Micropayment channels • Each Bitcoin transaction carries a transaction cost (or processing delay), so normal transactions aren’t ideal for micropayments • Client send rapid adjustments in what it is willing to transfer to the server, directly to the server • These transactions aren’t broadcast until the session ends, when the final payment is made.
  • 40. Oracle conditions • E.g. script to pass on an inheritance: • • <hash> OP_DROP2 <son’s pubkey>
 <oracle’s pubkey> CHECKMULTISIG Uses an external, trusted oracle who will only sign off when predetermined condition is met, e.g. • if (has_died(‘G-J van Rooyen’, id=‘7609257364083’)) return (10.0, 1MZhiFUaJSLpUyrCj8de7d5UMvZLtyuu1z)
  • 41. Colored coins • From “wallet point-of-view”, Bitcoins are fungible • However, transaction outputs are traceable • 0.00000001 XBT outputs can be used to trace ownership of associated digital or physical goods in the real world • Software, movies, stocks, cars, houses can be traded without intermediaries
  • 42. In Conclusion • The Bitcoin protocol is brilliant, subtle, intricate and (in some places) horribly complex • Proof-of-ownership protocol with built-in scripting language • Currency (“pay-to-address”) is the “Hallo, world!” of Bitcoin applications • Understand the protocol. Then go understand traditional financial systems
  • 44. Private Key (Wallet Import Format) ET