This document provides an overview of distributed systems and blockchain technology. It discusses key concepts such as nodes, Byzantine faults, the CAP theorem, consensus algorithms, and examples of blockchain consensus mechanisms. It also covers the history of blockchain from early e-cash protocols to bitcoin. Blockchain is introduced as a peer-to-peer distributed ledger that uses cryptography and consensus to provide security and immutability without a central authority.

1. 1 | P a g e
20MCE22 - BLOCKCHAIN TECHNOLOGY
UNIT-1
Distributed Systems
Blockchain is a decentralized distributed system.
Distributed systems are a computing paradigm where two or more nodes work with each
other to achieve a common outcome and it’s modeled in such a way that end users see it as a
single logical platform.
Node – Individual in a distributed systems
Sending and receiving messages to and from each other
Have own memory and processor
Exhibit arbitrary behavior known as byzantine node
Unexpected behavior of a node on the network can be categorized as byzantine.
Challenge:
Coordination between nodes and fault tolerance
If some nodes become faulty, the distributed system should tolerate and continue to work
flawlessly to achieve desired result.
Distributed system are so challenging to design a theorem known as CAP theorem.

2. 2 | P a g e
CAP theorem
Also known as Brewer’s theorem.
The theorem states that any distributed system cannot have Consistency, Availability and
Partition tolerance simultaneously.
 Consistency – Ensure all nodes in a distributed system have single latest
copy of data.
 Availability – Accessible for use
Accepting incoming request and responding with data
without any failures
 Partition tolerance – Ensures if a group of node fails the distributed
system still continues to operate correctly.
To achieve fault tolerance, replication is used.
Consistency is achieved using consensus algorithm to ensure that all nodes have the same
copy of data. This is also called state machine replication.
Blockchain is basically a method to achieve state machine replication.
Two types of fault that node can experience
Faulty node has simply crashed
Faulty node can exhibit malicious or inconsistent behavior arbitrarily.
Byzantine Generals problem
Creates the problem among group of nodes.
Consensus
Process of agreement between distrusting nodes on a final state of data.
Easy to reach an agreement between 2 nodes but when multiple nodes are participating in a
distributed system and they need to agree on a single value, it becomes difficult to achieve
consensus.
Consensus mechanisms
Requirements of consensus mechanism:
 Agreement
 Termination

3. 3 | P a g e
 Validity
 Fault tolerant
 Integrity
Types of consensus mechanism
 Byzantine fault-tolerance based
 Leader-based consensus mechanism
History of blockchain
Introduced in 2008 and implemented in 2009.
Since 1980, e-cash protocols are existed.
Electronic cash
Successful application of blockchain : bitcoin or cryptocurrency.
Two fundamental e-cash system issues need to be addressed: accountability and
anonymity.
Accountability - ensure that cash is spendable only once (double-spend problem) and
that it can only be spent by its rightful owner.
Anonymity - protect users' privacy.
Blind signatures - signing a document without actually seeing it.
Secret sharing - enables the detection of double spending, that is using the same e-cash
token twice (double spending).
Other protocol such as Chaum, Fiat and Naor(CFN) introduced in anonymity and
double spending detection.
Hashcash as a PoW system to control e-mail spam.
b-money – introduced by Wei Dai
peer to peer network
creating money via solving computational puzzles such as hashcash.
Introduction to Blockchain
Peer-to-peer distributed ledger that is cryptographically secure, append-only, immutable
and updateable only via consensus or agreement among peers.

4. 4 | P a g e
Running on top of internet.
Generic elements of blockchain
 Addresses
 Transaction
 Block
 Peer-to-peer network
 Scripting or programming language
 Virtual machine
 State machine
 Nodes
 Smart contracts

5. 5 | P a g e
Features of Blockchain
 Distributed consensus
 Transaction verification
 Platform for smart contracts
 Transferring value between peers
 Generating cryptocurrency
 Smart property
 Provider of security
 Immutability
 Uniqueness
 Smart contracts
Tiers of blockchain technology
Blockchain 1.0 – include cryptographic currencies
Blockchain 2.0 – used by financial services and contracts
Blockchain 3.0 – implement financial services industry and used in general purpose
industries such as government , health, media.
Generation X(Blockchain X) – Public open distributed ledger with general purpose
rational agents.
Types of Blockchain
Public blockchain – open to the public and anyone can participate as a node in decision
making progress.
Private blockchain – open only to consortium or group of individuals or organizations

6. 6 | P a g e
Semi-private blockchains – private and part of its public
Private part- controlled by group of organization
Public part – open for participation by anyone
Sidechains – known as pegged sidechains
Coins can be moved from one blockchain to another and moved back
Permission ledger – participants of the network are known and already trusted.
Do not need to use a distributed consensus mechanism
Agreement protocol used to maintain a shared version of truth
about the state of records.
Distributed ledger – Spread across multiple sites or organization
Either private or public
Records are stored contiguously instead of sorted into blocks.
Used in Ripple
Shared ledger – Any application or database is shared by the public or consortium
Fully private and proprietary blockchain – no mainstream application, deviate from
the idea of decentralization in blockchain technology.
Tokenized blockchain – generate cryptocurrency as a result of consensus process via
mining or initial distribution.
Tokenless blockchain – lack basic unit of transfer of value but still valuable in
situation where there is no need to transfer value between nodes and only sharing data among
various trusted parties.
Consensus in blockchain
2 categories of consensus mechanism
 Proof-based, leader based, or the Nakamoto consensus
whereby a leader is elected at random (using an algorithm)
and proposes a final value.
 Byzantine fault-tolerance (BFT) based is a more traditional
approach based on rounds of votes.
Proof of work – relies on proof that enough computational resources have been
spent before proposing a value for acceptance by the network.

7. 7 | P a g e
Proof of Stake – node or user has enough stake in the system, user has invested
enough in the system so that any malicious attempt by that user would outweigh the benefits of
performing such an attack on the network.
Delegated proof of stake - system can delegate the validation of a transaction to
other nodes by voting.
Proof of Elapsed Time (PoET) - uses a Trusted Execution Environment
(TEE) to provide randomness and safety in the leader election process via a guaranteed wait
time.
Deposit-based consensus – security deposit
Benefits of blockchain
 Decentralization
 Transparency and trust
 Immutability
 High availability
 Highly secure
 Simplification of current paradigms
 Faster dealings
 Cost saving
Challenges
 Scalability
 Adaptability
 Regulation
 Relatively immature technology
 Privacy

8. 8 | P a g e
DECENTRALIZATION
Basic idea of decentralization is to distribute control and authority to peripheries instead of
one central authority being in full control of the organization.
Benefits for organizations, such as increased efficiency, expedited decision making, better
motivation, and a reduced burden on top management.
Decentralization using blockchain
Proof of Work - allows anyone to compete to become the decision-making authority.
Information and Communication Technology (ICT) - a centralized paradigm whereby
database or application servers are under the control of a central authority, such as system
administrator.
Centralized systems - conventional (client-server) IT systems in which there is a single
authority that controls the system, and who is solely in charge of all operations on the system.
Distributed system (parallel computing) - data and computation are spread across multiple
nodes in the network.
The critical difference between a decentralized system and distributed system is that in a
distributed system, there still exists a central authority that governs the entire system; whereas,
in a decentralized system, no such authority exists.
Methods of decentralization
Two methods to achieve decentralization
 Disintermediation
 Through competition

9. 9 | P a g e
Blockchain and full ecosystem decentralization
 Storage
 Communication
 Computation
Smart contract
Small decentralized program
Do not necessarily need a blockchain to run
Contains business logic and a limited amount of data
Decentralized organizations
Software programs that run on a blockchain and are based on the idea of actual
organizations with people and protocols.
Decentralized Autonomous Organization (DAO)
A computer program that runs on top of a blockchain and embedded within it are
governance and business logic rules. DAO and DO are fundamentally the same thing.
Decentralized Autonomous Corporations
Similar to DAO
Smaller subset of DAO
DACs can run a business automatically without human intervention based on the logic
programmed into them.

10. 10 | P a g e
Decentralized Autonomous Societies (DASs)
Entire society can function on a blockchain with the help of multiple, complex smart
contracts and a combination of DAOs and Decentralized Applications (DApps) running
autonomously.
Decentralized Applications (DApps)
DAOs, DACs, and DOs are DApps that run on top of a blockchain in a peer-to-peer
network.
Represent the latest advancement in decentralization technology.
Requirements of a Decentralized Application
 The DApp should be fully open source and autonomous, and no single entity
should be in control of a majority of its tokens.
 Data and records of operations of the application must be cryptographically
secured and stored on a public.
 A cryptographic token must be used by the application to provide access and
rewards to those who contribute value to the applications, for example, miners in
Bitcoin.
 The tokens must be generated by the DApp according to a standard cryptographic
algorithm. This generation of tokens acts as a proof of the value to contributors
(for example, miners).
Examples of decentralized applications
 KYC-chain
 OpenBazaar
 Lazooz
Platforms for decentralization
 Ethereum
 Maidsafe
 Lisk

11. 11 | P a g e
UNIT – 2
SYMMETRIC CRYPTOGRAPHY
 Cryptography is the science of making information secure in the presence of
adversaries. It does so under the assumption that limitless resources are available to
adversaries.
 Ciphers are algorithms used to encrypt or decrypt data, so that if intercepted by an
adversary, the data is meaningless to them without decryption, which requires a secret
key.
 Cryptography is primarily used to provide a confidentiality service.
 For example, securing a blockchain ecosystem requires many different cryptographic
primitives, such as hash functions, symmetric key cryptography, digital signatures, and
public key cryptography.
MATHEMATICS
As the subject of cryptography is based on mathematic
SET
A set is a collection of distinct objects, for example, X = {1, 2, 3, 4, 5}.
GROUP
 A group is a commutative set with one operation that combines two elements of the set.
 The group operation is closed and associated with a defined identity element.
Additionally, each element in the set has an inverse.
 Closure (closed) means that if, for example, elements A and B are in the set, and then the
resultant element after performing an operation on the elements is also in the set.
 Associative means that the grouping of elements does not affect the result of the
operation.
FIELD
 A field is a set that contains both additive and multiplicative groups. More precisely, all
elements in the set form an additive and multiplicative group.
 It satisfies specific axioms for addition and multiplication.
 For all group operations, the distributive law is also applied.
 The law dictates that the same sum or product will be produced even if any of the terms
or factors are reordered.
A FINITE FIELD

12. 12 | P a g e
 A finite field is one with a finite set of elements. Also known as Galois fields, these
structures are of particular importance in cryptography as they can be used to produce
accurate and error-free results of arithmetic operations.
 For example, prime finite fields are used in Elliptic Curve Cryptography (ECC) to
construct discrete logarithm problems.
ORDER
The order is the number of elements in a field. It is also known as the cardinality of the
field.
PRIME FIELDS
A prime field is a finite one with a prime number of elements. It has specific rules for
addition and multiplication, and each nonzero element in the field has an inverse. Addition and
multiplication operations are performed modulo p, that is, prime.
RING
 If more than one operation can be defined over an abelian group, that group becomes a
ring. There are also specific properties that need to be satisfied.
 A ring must have closure and associative and distributive properties.
A CYCLIC GROUP
A cyclic group is a type of group that can be generated by a single element called the
group generator.
AN ABELIAN GROUP
An abelian group is formed when the operation on the elements of a set is commutative.
The commutative law means that changing the order of the elements does not affect the result of
the operation, for example, A X B = B X A.
MODULAR ARITHMETIC
 Also known as clock arithmetic, numbers in modular arithmetic wrap around when they
reach a certain fixed number.
 This fixed number is a positive number called modulus, and all operations are performed
concerning this fixed number.
 Analogous to a clock, there are numbers from 1 to 12. When it reaches 12, the number 1
starts again. In other words, this type of arithmetic deals with the remainders after the
division operation.
 For example, 50 mod 11 is 6 because 50 / 11 leaves a remainder of 6.
 This completes a basic introduction to some mathematical concepts involved in
cryptography.

13. 13 | P a g e
CRYPTOGRAPHY
A generic cryptography model is shown in the following diagram:
In the preceding diagram, P, E, C, and D represent plaintext, encryption, ciphertext, and
decryption, respectively.
Also based on this model, explanations of concepts such as entity, sender, receiver, adversary,
key,
and channel follow:
 Entity: Either a person or system that sends, receives, or performs operations on data
 Sender: This is an entity that transmits the data
 Receiver: This is an entity that takes delivery of the data
 Adversary: This is an entity that tries to circumvent the security service
 Key: A key is data that is used to encrypt or decrypt other data
 Channel: Channel provides a medium of communication between entities
CONFIDENTIALITY
Confidentiality is the assurance that information is only available to authorized entities.
INTEGRITY
Integrity is the assurance that information is modifiable only by authorized entities.
ENTITY AUTHENTICATION
 Entity authentication is the assurance that an entity is currently involved and active in a
communication session.
 This type of authentication is not very secure for a variety of reasons, for example,
password leakage; therefore, additional factors are now commonly used to provide better
security.
 The use of additional techniques for user identification is known as multifactor
authentication (or two-factor authentication if only two methods are used).
 Various authentication factors are described here:

14. 14 | P a g e
The first factor is something you have, such as a hardware token or a smart card. In this
case, a user can use a hardware token in addition to login credentials to gain access to a system.
This mechanism protects the user by requiring two factors of authentication
The second factor is something you are, which uses biometric features to identify the
user. With this method, a user's fingerprint, retina, iris, or hand geometry is used to provide an
additional factor for authentication
DATA ORIGIN AUTHENTICATION
 Also known as message authentication, data origin authentication is an assurance that
the source of the information is indeed verified.
 Data origin authentication guarantees data integrity because if a source is corroborated,
then the data must not have been altered.
 Various methods, such as Message Authentication Codes (MACs) and digital
signatures are most commonly used.
NON-REPUDIATION
 Non-repudiation is the assurance that an entity cannot deny a previous commitment or
action by providing incontrovertible evidence. It is a security service that offers definitive
proof that a particular activity has occurred.
 Non-repudiation has been an active research area for many years. Disputes in electronic
transactions are a common issue, and there is a need to address them to increase the
confidence level of consumers in such services.
 In this context, there are two communications models that can be used to transfer
messages from originator A to recipient B:
 A message is sent directly from originator A to recipient B.
 A message is sent to a delivery agent from originator A, which then delivers the
message to recipient B.
ACCOUNTABILITY
 Accountability is the assurance which states that actions affecting security can be traced
back to the responsible party.
 This is usually provided by logging and audit mechanisms in systems where a detailed
audit is required due to the nature of the business, for example, in electronic trading
systems.
CRYPTOGRAPHIC PRIMITIVES
 Cryptographic primitives are the basic building blocks of a security protocol or system.
A security protocol is a set of steps taken to achieve the required security goals by
utilizing appropriate security mechanisms.

15. 15 | P a g e
 Various types of security protocols are in use, such as authentication protocols, non-
repudiation protocols, and key management protocols. The taxonomy of cryptographic
primitives can be visualized as shown here:
As shown in the cryptographic primitives taxonomy diagram, cryptography is mainly divided
into two
categories: symmetric cryptography and asymmetric cryptography.
SYMMETRIC CRYPTOGRAPHY
 Symmetric cryptography refers to a type of cryptography where the key that is used to
encrypt the data is the same one that is used for decrypting the data.
 Thus, it is also known as shared key cryptography.
 The key must be established or agreed upon before the data exchange occurs between the
communicating parties.
 This is the reason it is also called secret key cryptography.
 There are two types of symmetric ciphers: stream ciphers and block ciphers.
Data Encryption Standard (DES) and Advanced Encryption Standard (AES) are typical
examples of block ciphers, whereas RC4 and A5 are commonly used stream ciphers.
Stream ciphers

16. 16 | P a g e
Stream ciphers are encryption algorithms that apply encryption algorithms on a bit-by-
bit basis (one bit at a time) to plaintext using a keystream. There are two types of stream ciphers:
synchronous stream ciphers and asynchronous stream ciphers:
 Synchronous stream ciphers are those where the keystream is dependent only on the
key
 Asynchronous stream ciphers have a keystream that is also dependent on the
encrypted data
In stream ciphers, encryption and decryption are the same function because they are
simple modulo-2 additions or XOR operations. The fundamental requirement in stream ciphers is
the security and randomness of keystreams.
Block ciphers
 Block ciphers are encryption algorithms that break up the text to be encrypted (plaintext)
into blocks of a fixed length and apply the encryption block-by-block.
 Block ciphers are generally built using a design strategy known as a Feistel cipher.
 Recent block ciphers, such as AES (Rijndael) have been built using a combination of
substitution and permutation called a Substitution-Permutation Network (SPN).
 Feistel ciphers are based on the Feistel network, which is a structure developed by Horst
Feistel.
 This structure is based on the idea of combining multiple rounds of repeated operations to
achieve desirable cryptographic properties known as confusion and diffusion.
 A key advantage of using a Feistel cipher is that encryption and decryption operations are
almost identical and only require a reversal of the encryption process to achieve
decryption.
 DES is a prime example of Feistel-based ciphers:

17. 17 | P a g e
Various modes of operation for block ciphers are Electronic Code Book (ECB), Cipher Block
Chaining (CBC), Output Feedback (OFB) mode, and Counter (CTR) mode. These modes are
used to specify the way in which an encryption function is applied to the plaintext.
BLOCK ENCRYPTION MODE
In block encryption mode, the plaintext is divided into blocks of fixed length depending on the
type of cipher used. Then the encryption function is applied to each block.
KEYSTREAM GENERATION MODES
In this mode, the encryption function generates a keystream that is then XORed with the
plaintext stream in order to achieve encryption
MESSAGE AUTHENTICATION MODES
In this mode, a message authentication code is computed as a result of an encryption function.
MAC is basically a cryptographic checksum that provides an integrity service.
CRYPTOGRAPHIC HASHES
Hash function are basically used to compress a message to a fixed length digest. In this mode,
block ciphers are used as a compression function to produce a hash of plain text.
ELECTRONIC CODE BOOK

18. 18 | P a g e
Electronic Code Book (ECB) is a basic mode of operation in which the encrypted data
is produced as a result of applying the encryption algorithm one-by-one to each block of
plaintext.
CIPHER BLOCK CHAINING
In Cipher Block Chaining (CBC) mode, each block of plaintext is XOR'd with the
previously-encrypted block. CBC mode uses the Initialization Vector (IV) to encrypt the first
block.

19. 19 | P a g e
COUNTER MODE
The Counter (CTR) mode effectively uses a block cipher as a stream cipher. In this case,
a unique nonce is supplied that is concatenated with the counter value to produce a keystream:
There are other modes, such as Cipher Feedback (CFB) mode, Galois Counter (GCM) mode,
and Output Feedback (OFB) mode.
DATA ENCRYPTION STANDARD
 The Data Encryption Standard (DES) was introduced by the U.S. National Institute of
Standards and Technology (NIST) as a standard algorithm for encryption, and it was in
widespread use during the 1980s and 1990s.

20. 20 | P a g e
 In July 1998, for example, the Electronic Frontier Foundation (EFF) broke DES using
a special-purpose machine called EFF DES cracker (or Deep Crack).
 DES uses a key of only 56 bits, which raised some concerns. This problem was addressed
with the introduction of Triple DES (3DES), which proposed the use of a 168-bit key by
means of three 56-bit keys and the same number of executions of the DES algorithm, thus
making brute force attacks almost impossible. However, other limitations, such as slow
performance and 64-bit block size, were not desirable.
ADVANCED ENCRYPTION STANDARD
In 2001, after an open competition, an encryption algorithm named Rijndael invented by
cryptographers Joan Daemen and Vincent Rijmen was standardized as Advanced Encryption
Standard (AES) with minor modifications by NIST.
AES STEPS
 During AES algorithm processing, a 4 x 4 array of bytes known as the state is modified
using multiple rounds.
 Full encryption requires 10 to 14 rounds, depending on the size of the key. The following
table shows the key sizes and the required number of rounds:
Once the state is initialized with the input to the cipher, four operations are performed in four
stages to encrypt the input. These stages are: AddRoundKey, SubBytes, ShiftRows, and
MixColumns:
1. In the AddRoundKey step, the state array is XOR'd with a subkey, which is derived
from the master key
2. SubBytes is the substitution step where a lookup table (S-box) is used to replace all
bytes of the state array
3. The ShiftRows step is used to shift each row to the left, except for the first one, in the
state array to the left in a cyclic and incremental manner
4. Finally, all bytes are mixed in the MixColumns step in a linear fashion, column-wise

21. 21 | P a g e
PUBLIC KEY CRYPTOGRAPHY
Aspects of public key cryptography, also called asymmetric cryptography or asymmetric key
cryptography.
ASYMMETRIC CRYPTOGRAPHY
 Asymmetric cryptography refers to a type of cryptography where the key that is used to
encrypt the data is different from the key that is used to decrypt the data. This is also
known as public key cryptography.
 It uses both public and private keys to encrypt and decrypt data, respectively. Various
asymmetric cryptography schemes are in use, including RSA, DSA, and ElGammal.

22. 22 | P a g e
 The preceding diagram illustrates how a sender encrypts data P using the recipient's
public key and encryption function E and producing an output encrypted data C which is
then transmitted over the network to the receiver.
 Once it reaches the receiver, it can be decrypted using the receiver's private key by
feeding the C encrypted data into function D, which will output plaintext P.
 This way, the private key remains on the receiver's side, and there is no need to share
keys in order to perform encryption and decryption, which is the case with symmetric
encryption.
The preceding diagram shows that sender digitally signs the plaintext P with his private key
using signing function S and produces data C which is sent to the receiver who verifies C using
sender public key and function V to ensure the message has indeed come from the sender.
 Key establishment mechanisms are concerned with the design of protocols that allow
the setting up of keys over an insecure channel.
 Non-repudiation services, a very desirable property in many scenarios, can be provided
using digital signatures. Sometimes, it is important not only to authenticate a user but
also to identify the entity involved in a transaction.
 This can also be achieved by a combination of digital signatures and challenge-response
protocols.
INTEGER FACTORIZATION
Integer factorization schemes are based on the fact that large integers are very hard to
factor. RSA is the prime example of this type of algorithm.
DISCRETE LOGARITHM
A discrete logarithm scheme is based on a problem in modular arithmetic. This is a one-
way function.
For example, consider the following equation: 32 mod 10 = 9

23. 23 | P a g e
Now, given 9, the result of the preceding equation finding 2 which is the exponent of the
generator 3 in the preceding question, is extremely hard to determine.
ELLIPTIC CURVES
 The elliptic curves algorithm is based on the discrete logarithm problem discussed
earlier but in the context of elliptic curves.
 An elliptic curve is an algebraic cubic curve over a field, which can be defined by the
following equation.
 The curve is non-singular, which means that it has no cusps or self-intersections. It has
two variables a and b, as well as a point of infinity.
 Here, a and b are integers whose values are elements of the field on which the elliptic
curve is defined.
 The most prominently used cryptosystems based on elliptic curves are the Elliptic Curve
Digital Signature Algorithm (ECDSA) and the Elliptic Curve Diffie-Hellman
(ECDH) key exchange.
PUBLIC AND PRIVATE KEYS
 A private key, as the name suggests, is a randomly generated number that is kept secret
and held privately by its users.
 Private keys need to be protected and no unauthorized access should be granted to that
key; otherwise, the whole scheme of public key cryptography is jeopardized, as this is the
key that is used to decrypt messages.
 A public key is freely available and published by the private key owner. Anyone who
would then like to send the publisher of the public key an encrypted message can do so
by encrypting the message using the published public key and sending it to the holder of
the private key.
RSA
 RSA was invented in 1977 by Ron Rivest, Adi Shamir, and Leonard Adelman, hence the
name Rivest–Shamir– Adleman (RSA).
 An RSA key pair is generated by performing the following steps:
1. Modulus generation:
Select p and q, which are very large prime numbers
Multiply p and q, n=p.q to generate modulus n

24. 24 | P a g e
2. Generate co-prime:
Assume a number called e.
e should satisfy a certain condition; that is, it should be greater than 1 and less than (p-1)
(q-1). In other words,e must be a number such that no number other than 1 can divide e
and (p-1)(q-1). This is called co-prime, that is, e is the co-prime of (p-1) (q-1).
3. Generate the public key:
The modulus generated in step 1 and co-prime e generated in step 2 is a pair together that
is a public key. This part is the public part that can be shared with anyone; however, p
and q need to be kept secret.
4. Generate the private key:
The private key, called d here, is calculated from p, q, and e. The private key is basically
the inverse of e modulo (p-1)(q-1). In the equation form, it is this as follows:ed = 1 mod
(p-1) (q-1)
ENCRYPTION AND DECRYPTION USING RSA
 RSA uses the following equation to produce ciphertext: C = Pe mod n
 This means that plaintext P is raised to e number of times and then reduced to modulo n.
Decryption in RSA is provided in the following equation: P = Cd mod n
 This means that the receiver who has a public key pair (n, e) can decipher the data by
raising C to the value of the private key d and reducing to modulo n.
ELLIPTIC CURVE CRYPTOGRAPHY
 Elliptic Curve Cryptography (ECC) is based on the discrete logarithm problem
founded upon elliptic curves over finite fields (Galois fields).
 The main benefit of ECC over other types of public key algorithms is that it requires a
smaller key size while providing the same level of security as, for example, RSA.
MATHEMATICS BEHIND ECC
 To understand ECC, a basic introduction to the underlying mathematics is necessary.
 An elliptic curve is basically a type of polynomial equation known as the Weierstrass
equation, which generates a curve over a finite field.
 The most commonly-used field is where all the arithmetic operations are performed
modulo a prime p.
 Elliptic curve groups consist of points on the curve over a finite field.
 An elliptic curve is defined in the following equation:

25. 25 | P a g e
Here, A and B belong to a finite field Zp or Fp (prime finite field) along with a special
value called the point of infinity. The point of infinity (∞) is used to provide identity operations
for points on the curve.
More precisely, this ensures that the curve is non-singular:
Group operations on elliptic curves are point addition and point doubling. Point addition
is a process where two different points are added, and point doubling means that the same point
is added to itself.
POINT ADDITION
 Point addition is shown in the following diagram. This is a geometric representation of
point addition on elliptic curves.
 In this method, a diagonal line is drawn through the curve that intersects the curve at two
points P and Q, as shown in the diagram, which yields a third point between the curve
and the line.
 This point is mirrored as P+Q, which represents the result of the addition as R.
 This is shown as P+Q in the following diagram:
The group operation denoted by the + sign for addition yields the following equation:
P + Q = R
In this case, two points are added to compute the coordinates of the third point on the curve:
P + Q = R
More precisely, this means that coordinates are added, as shown in the following equation:
(x1, y1) + (x2, y2) = (x3, y3)
The equation of point addition is as follows:
X3 = s2- x1 - x2 mod p
y3 = s (x1 - x3) - y1 mod p
POINT DOUBLING

26. 26 | P a g e
 The other group operation on elliptic curves is called point doubling. This is a process
where P is added to itself.
 In this method, a tangent line is drawn through the curve, as shown in the following
graph.
 The second point is obtained, which is at the intersection of the tangent line drawn and
the curve.
 This point is then mirrored to yield the result, which is shown as 2P = P + P:
In the case of point doubling, the equation becomes:
DISCRETE LOGARITHM PROBLEM IN ECC
The discrete logarithm problem in ECC is based on the idea that, under certain
conditions, all points on an elliptic curve form a cyclic group.
ECC using OpenSSL
OpenSSL provides a very rich library of functions to perform ECC. The following
subsection shows how to use ECC functions in a practical manner in OpenSSL.
ECC PRIVATE AND PUBLIC KEY PAIR

27. 27 | P a g e
In this subsection, first an example is presented that demonstrates the creation of a private key
using ECC functions available in the OpenSSL library.
PRIVATE KEY
ECC is based on domain parameters defined by various standards. You can see the list of all
available standards defined and recommended curves available in OpenSSL using the following
command.
HASH FUNCTIONS
 Hash functions are used to create fixed-length digests of arbitrarily-long input strings.
Hash functions are keyless, and they provide the data integrity service. They are usually
built using iterated and dedicated hash function construction techniques.
 Various families of hash functions are available, such as MD, SHA-1, SHA-2, SHA-3,
RIPEMD, and Whirlpool. Hash functions are commonly used for digital signatures and
Message Authentication Codes (MACs), such as HMACs.
 Some applications use hash functions as a means for generating Pseudo-random
Numbers Generator (PRNGs).
COMPRESSION OF ARBITRARY MESSAGES INTO FIXED-LENGTH DIGEST
This property relates to the fact that a hash function must be able to take an input text of any
length and output a fixed-length compressed message. Hash functions produce a compressed
output in various bit sizes, usually between 128-bits and 512-bits.
EASY TO COMPUTE
Hash functions are efficient and fast one-way functions. It is required that hash functions be very
quick to compute regardless of the message size. The efficiency may decrease if the message is
too big, but the function should still be fast enough for practical use.
PREIMAGE RESISTANCE
 This property can be explained by using the simple equation shown as follows:
 h(x) = y Here, h is the hash function, x is the input, and y is the hash. The first security
property requires that y cannot be reverse-computed to x. x is considered a pre image of y,
hence the name preimage resistance. This is also called a one-way property.
SECOND PREIMAGE RESISTANCE
The second preimage resistance property requires that given x and h(x), it is almost impossible
to find any other message m, where m != x and hash of m = hash of x or h(m) = h(x). This
property is also known as weak collision resistance.
COLLISION RESISTANCE

28. 28 | P a g e
The collision resistance property requires that two different input messages should not hash to
the same output.
In other words, h(x) != h(z). This property is also known as strong collision resistance.
MESSAGE DIGEST
 Message Digest (MD) functions were prevalent in the early 1990s. MD4 and MD5 fall
into this category.
 Both MD functions were found to be insecure and are not recommended for use anymore.
MD5 is a 128-bit hash function that was commonly used for file integrity checks.
SECURE HASH ALGORITHMS
The following list describes the most common Secure Hash Algorithms (SHAs):
 SHA-0: This is a 160-bit function introduced by NIST in 1993.
 SHA-1: SHA-1 was introduced in 1995 by NIST as a replacement for SHA-0. This is
also a 160-bit hash function. SHA-1 is used commonly in SSL and TLS implementations.
It should be noted that SHA-1 is now considered insecure, and it is being deprecated by
certificate authorities. Its usage is discouraged in any new implementations.
 SHA-2: This category includes four functions defined by the number of bits of the hash:
SHA-224, SHA- 256, SHA-384, and SHA-512.
 SHA-3: This is the latest family of SHA functions. SHA-3-224, SHA-3-256, SHA-3-384,
and SHA-3-512 are members of this family. SHA-3 is a NIST-standardized version of

29. 29 | P a g e
Keccak. Keccak uses a new approach called sponge construction instead of the
commonly used Merkle-Damgard transformation.
 RIPEMD: RIPEMD is the acronym for RACE Integrity Primitives Evaluation
Message Digest. It is based on the design ideas used to build MD4. There are multiple
versions of RIPEMD, including 128-bit, 160-bit, 256-bit, and 320-bit.
 Whirlpool: This is based on a modified version of the Rijndael cipher known as W. It
uses the Miyaguchi- Preneel compression function, which is a type of one-way function
used for the compression of two fixed- length inputs into a single fixed-length output. It
is a single block length compression function.
DESIGN OF SECURE HASH ALGORITHMS
 In the following section, you will be introduced to the design of SHA-256 and SHA-3.
Both of these are used in Bitcoin and Ethereum, respectively.
 Ethereum does not use NIST Standard SHA-3, but Keccak, which is the original
algorithm presented to NIST.
 NIST, after some modifications, such as an increase in the number of rounds and simpler
message padding, standardized Keccak as SHA-3.
Design of SHA-256
 SHA-256 has the input message size < 264-bits. Block size is 512-bits, and it has a word
size of 32-bits. The output is a 256-bit digest.
 The algorithm works as follows, in eight steps:
1. Preprocessing:
 Padding of the message is used to adjust the length of a block to 512-bits if it is
smaller than the
 required block size of 512-bits.
 Parsing the message into message blocks, which ensures that the message and its
padding is divided into equal blocks of 512-bits.
 Setting up the initial hash value, which consists of the eight 32-bit words obtained by
taking the first 32-bits of the fractional parts of the square roots of the first eight
prime numbers. These initial values are randomly chosen to initialize the process, and
they provide a level of confidence that no backdoor exists in the algorithm.
2. Hash computation:
 Each message block is then processed in a sequence, and it requires 64 rounds to
compute the full
 hash output. Each round uses slightly different constants to ensure that no two rounds
are the same.
 The message schedule is prepared.
 Eight working variables are initialized.
 The intermediate hash value is calculated.

30. 30 | P a g e
 Finally, the message is processed, and the output hash is produced:
DESIGN OF SHA-3 (KECCAK)
 A newer approach called sponge and squeeze construction is used in Keccak.
 It is a random permutation model. Different variants of SHA-3 have been standardized,
such as SHA-3-224, SHA-3-256, SHA-3-384, SHA-3-512, SHAKE-128, and SHAKE-
256. SHAKE-128 and SHAKE-256 are Extendable Output Functions (XOFs), which
are also standardized by NIST.
 XOFs allow the output to be extended to any desired length.
Message Authentication Codes
MACs are sometimes called keyed hash functions, and they can be used to provide message
integrity and authentication.
MACs using block ciphers
 With this approach, block ciphers are used in the Cipher Block Chaining (CBC) mode
in order to generate a MAC.
 Any block cipher, for example AES in the CBC mode, can be used.

31. 31 | P a g e
 The MAC of the message is, in fact, the output of the last round of the CBC operation.
The length of the MAC output is the same as the block length of the block cipher used to
generate the MAC.
Hash-based MACs
 Similar to the hash function, Hash-based MACs (HMACs) produce a fixed-length
output and take an
 arbitrarily long message as the input.
 In this scheme, the sender signs a message using the MAC and the receiver verifies it
using the shared key.
 The key is hashed with the message using either of the two methods known as secret
prefix or the secret suffix.
Secret prefix: M = MACk(x) = h(k||x)
Secret suffix: M=MACk(x) = h(x||k)
MERKLE TREES
The concept of Merkle tree was introduced by Ralph Merkle. A diagram of Merkle tree is shown
here. Merkle trees enable secure and efficient verification of large datasets.
A Merkle tree is a binary tree in which the inputs are first placed at the leaves (node with no
children), and then the values of pairs of child nodes are hashed together to produce a value for
the parent node (internal node) until a single hash value known as Merkle root is achieved.
PATRICIA TREES
 A trie, or a digital tree, is an ordered tree data structure used to store a dataset.

32. 32 | P a g e
 Practical Algorithm to Retrieve Information Coded in Alphanumeric (Patricia), also
known as Radix tree, is a compact representation of a trie in which a node that is the only
child of a parent is merged with its parent.
 A Merkle-Patricia tree, based on the definitions of Patricia and Merkle, is a tree that has
a root node which contains the hash value of the entire data structure.
DIGITAL SIGNATURES
Digital signatures provide a means of associating a message with an entity from which the
message has originated. Digital signatures are used to provide data origin authentication and non-
repudiation.
RSA digital signature algorithm
The following is the RSA digital signature algorithm:
1. Calculate the hash value of the data packet: This will provide the data integrity guarantee as
the hash can be computed at the receiver's end again and matched with the original hash to check
whether the data has been modified in transit. Technically, message signing can work without
hashing the data first, but is not considered secure.
2. Signs the hash value with the signer's private key: As only the signer has the private key,
the authenticity of the signature and the signed data is ensured.

33. 33 | P a g e
SIGN THEN ENCRYPT
With this approach, the sender digitally signs the data using the private key, appends the
signature to the data, and then encrypts the data and the digital signature using the receiver's
public key. This is considered a more secure scheme as compared to the encrypt then sign
scheme described next.
ENCRYPT THEN SIGN
With this method, the sender encrypts the data using the receiver's public key and then digitally
signs the encrypted data.
HOMOMORPHIC ENCRYPTION
 Usually, public key cryptosystems, such as RSA, are multiplicative homomorphic or
additive homomorphic, such as the Paillier cryptosystem, and are called Partially
Homomorphic Encryption (PHE) systems.
 Additive PHEs are suitable for e-voting and banking applications.
SIGNCRYPTION Signcryption is a public key cryptography primitive that provides all of the
functions of a digital signature and Encryption.Signcryption enables Cost (signature &
encryption) << Cost (signature) + Cost (Encryption) in a single logical step.
ZERO-KNOWLEDGE PROOFS
 Zero-Knowledge Proofs (ZKPs) were introduced by Goldwasser, Micali, and Rackoff
in 1985. These proofs are used to prove the validity of an assertion without revealing any
information whatsoever about the assertion.

34. 34 | P a g e
 There are three properties of ZKPs that are required: completeness, soundness, and zero-
knowledge property.
 Completeness ensures that if a certain assertion is true, then the verifier will be
convinced of this claim by the prover. The soundness property makes sure that if an
assertion is false, then no dishonest prover can convince the verifier otherwise.
 The zero-knowledge property, as the name implies, is the key property of ZKPs
whereby it is ensured that absolutely nothing is revealed about the assertion except
whether it is true or false.
 ZKPs have sparked a special interest among researchers in the blockchain space due to
their privacy properties, which are very much desirable in financial and many other
fields, including law and medicine.
 A recent example of the successful implementation of a ZKP mechanism is the Zcash
cryptocurrency. In Zcash, a specific type of ZKP, known as Zero-Knowledge Succinct
Non-Interactive Argument of Knowledge (ZK-SNARK), is implemented.
BLIND SIGNATURES
 Blind signatures were introduced by David Chaum in 1982. They are based on public
key digital signature schemes, such as RSA.
 The key idea behind blind signatures is to get the message signed by the signer without
actually revealing the message.
 This is achieved by disguising or blinding the message before signing it, hence the name
blind signatures.
 This blind signature can then be verified against the original message just like a normal
digital signature.
 Blind signatures were introduced as a mechanism to allow the development of digital
cash schemes.
ENCODING SCHEMES
 Other than cryptographic primitives, binary-to-text encoding schemes are also used in
various scenarios.
 The most common use is to convert binary data into text so that it can either be
processed, saved, or transmitted via a protocol that does not support the processing of
binary data.
FINANCIAL MARKETS AND TRADING
Financial markets enable trading of financial securities such as bonds, equities, derivatives and
currencies. There are broadly three types of markets: money markets, credit markets, and capital
markets:

35. 35 | P a g e
 Money markets: These are short-term markets where money is lent to companies or
banks to do interbank lending. Foreign exchange or FX is another category of money
markets where currencies are traded.
 Credit markets: These consist mostly of retail banks where they borrow money from
central banks and loan it to companies or households in the form of mortgages or loans.
 Capital markets: These facilitate the buying and selling of financial instruments, mainly
stocks and bonds.
 Capital markets can be divided into two types: primary and secondary markets.
Stocks are issued directly by the companies to investors in primary markets,
whereas in secondary markets, investors resell their securities to other investors
via stock exchanges.
 Various electronic trading systems are used by exchanges today to facilitate the
trading of financial instruments.
Trading
 A market is a place where parties engage in exchange. It can be either a physical location
or an electronic or virtual location. Various financial instruments, including equities,
stocks, foreign exchange, commodities, and various types of derivatives are traded at
these marketplaces.
 Trading can be defined as an activity in which traders buy or sell various financial
instruments to generate profit and hedge risk
EXCHANGES
Exchanges are usually considered to be a very safe, regulated, and reliable place for trading.
During the last decade, electronic trading has gained more popularity as compared to traditional
floor-based trading.
ORDERS AND ORDER PROPERTIES
 Orders are instructions to trade, and they are the main building blocks of a trading
system. They have the following general attributes:
 The instrument name Quantity to be traded Direction (buy or sell)
 The type of the order that represents various conditions, for example, limit orders and
stop orders are orders to buy or sell once the price hits the price specified in the order, for
example, Google shares for 200 GBP.

36. 36 | P a g e
 Limit order allows selling or buying of stock at a specific price or better than the
specified price in the order. For example, sell Microsoft shares if price is 100 USD or
better.
 Orders are traded by bid prices and offer prices. Traders show their intention to buy or
sell by attaching bid and offer prices to their orders. The price at which a trader will buy
is known as the bid price. The price at which a trader is willing to sell is known as the
offer price.
ORDER MANAGEMENT AND ROUTING SYSTEMS
 Order routing systems routes and delivers orders to various destinations depending on
the business logic.
 Customers use them to send orders to their brokers, who then send these orders to
dealers, clearing houses, and exchanges.
 The two most common ones are markets orders and limit order.
 A market order is an instruction to trade at the best price currently available in
the market. These orders get filled immediately at spot prices.
 On the other hand, a limit order is an instruction to trade at the best price
available, but only if it is not lower than the limit price set by the trader.
COMPONENTS OF A TRADE
A trade ticket is the combination of all of the details related to a trade. However, there is some
variation depending on the type of the instrument and the asset class. These elements are
described in the following subsections.
THE UNDERLYING INSTRUMENT
The underlying instrument is the basis of the trade. It can be a currency, a bond, interest rate,
commodity, or equities.
GENERAL ATTRIBUTES
This includes the general identification information and essential features associated with every
trade. Typical attributes include a unique ID, instrument name, type, status, trade date, and time.
ECONOMICS
Economics are features related to the value of the trade, for example, buy or sell value, ticker,
exchange, price, and quantity.
SALES
Sales refer to the sales-characteristic related details, such as the name of the salesperson. It is just
an informational field, usually without any impact on the trade life cycle.

37. 37 | P a g e
COUNTERPARTY
The counterparty is an essential component of a trade as it shows the other side (the other party
involved in the trade) of the trade, and it is required to settle the trade successfully. The normal
attributes include counterparty name, address, payment type, any reference IDs, settlement date,
and delivery type.
TRADE LIFE CYCLE
A general trade life cycle includes the various stages from order placement to execution and
settlement. This life cycle is described step-by-step as follows:
 Pre-execution: An order is placed at this stage.
 Execution and booking: When the order is matched and executed, it converts it into a
trade. At this stage, the contract between counterparties is matured.
 Confirmation: This is where both counterparties agree to the particulars of the trade.
 Post booking: This stage is concerned with various scrutiny and verification processes
required to ascertain the correctness of the trade.
 Settlement: This is the most vital part of trade life cycle. At this stage, the trade is final.
 Overnight (end-of-day processing): End-of-day processes include report generation,
profit and loss calculations, and various risk calculations.
ORDER ANTICIPATORS
Order anticipators try to make a profit before other traders can carry out trading. This is based
on the anticipation of a trader who knows how trading activities of other trades will affect prices.
Frontrunners, sentiment-oriented technical traders, and squeezers are some examples of order
anticipators.
MARKET MANIPULATION
Market manipulation is strictly illegal in many countries. Fraudulent traders can spread false
information in the market, which can then result in price movements thus enabling illegal
profiteering.

38. 38 | P a g e
UNIT 3
BLOCKCHAIN – OUTSIDE OF CURRENCIES
INTERNET OF THINGS
IoT can be defined as a network of computationally intelligent physical objects that are capable
of connecting to the internet, sensing real-world events or environments, reacting to those events,
collecting relevant data, and communicating it over the internet.
The four functions come to light as being performed by an IoT device include sensing, reacting,
collecting, and communicating. All these functions are performed by using various components
on the IoT device.
All these components are accessible and controllable via the internet in the IoT. A typical IoT
can consist of many physical objects connecting with each other and to a centralized cloud
server. This is shown in the following diagram:
Elements of IoT are spread across multiple layers, and various reference architectures exist that
can be used to develop IoT systems.
A five-layer model can be used to describe IoT, which contains a physical object layer, device
layer, network layer, services layer, and application layer. Each layer or level is responsible for
various functions and includes multiple components. These are shown in the following diagram:

39. 39 | P a g e
Physical object layer
These include any real-world physical objects. It includes people, animals, cars, trees, fridges,
trains, factories, homes, and in fact anything that is required to be monitored and controlled can
be connected to the IoT.
Device layer
This layer contains things that make up the IoT such as sensors, transducers, actuators,
smartphones, smart devices, and Radio-Frequency Identification (RFID) tags.
This layer includes sensors that can monitor temperature, humidity, liquid flow, chemicals, air,
pressure, and much more. Usually, an Analog to Digital Converter (ADC) is required on a
device to turn the real-world analog signal into a digital signal that a microprocessor can
understand.
Actuators in this layer provide the means to enable control of external environments, for
example, starting a motor or opening a door.
Network layer
This layer is composed of various network devices that are used to provide Internet connectivity
between devices and to the cloud or servers that are part of the IoT ecosystem.
These devices can include gateways, routers, hubs, and switches. This layer can include two
types of communication.
First there is the horizontal means of communication, which includes radio, Bluetooth, Wi-Fi,
Ethernet, LAN, Zigbee, and PAN and can be used to provide communication between IoT
devices.
Second, we have communication to the next layer, which is usually through the internet and
provides communication between machines and people or other upper layers.

40. 40 | P a g e
Management layer
This layer provides the management layer for the IoT ecosystem. This includes platforms that
enable processing of data gathered from the IoT devices and turn that into meaningful insights.
Also, device management, security management, and data flow management are included in this
layer. It also manages communication between the device and application layers.
Application layer
This layer includes applications running on top of the IoT network. This layer can consist of
many applications depending on the requirements such as transportation, healthcare, financial,
insurance, or supply chain management.
Blockchain enables things to communicate and transact with each other directly and with the
availability of smart contracts, negotiation, and financial transactions can also occur directly
between the devices instead of requiring an intermediary, authority, or human intervention.
In this model, other layers would perhaps remain the same, but an additional blockchain layer
will be introduced as a middleware between all participants of the IoT network.
IOT BLOCKCHAIN EXPERIMENT
This example makes use of a Raspberry Pi device which is a Single Board Computer (SBC).
The Raspberry Pi is a SBC developed as a low-cost computer to promote computer education but

41. 41 | P a g e
has also gained much more popularity as a tool of choice for building IoT platforms.
A Raspberry Pi will be used as an IoT device connected to the Ethereum blockchain and will act
in response to a smart contract invocation.
NOOBS has been used to install Raspbian, the platform can be confirmed by running the
command uname -a in a terminal window in Raspberry Pi Raspbian operating system.
Once the Raspbian operating system is installed, the next step is to download the appropriate
Geth binary for the Raspberry Pi ARM platform.
The download and installation steps are described in detail:
1. Geth download
$wgethttps://gethstore.blob.core.windows.net/builds/geth-linux-
arm71.5.62a609af5.tar.gz
2. Unzip and extract into a directory.
$ tar -zxvf geth-linux-arm7-1.5.6-2a609af5.tar
3. The same genesis block needs to be used that was created previously, Ethereum
Development Environment.
4. Once the genesis.json file is copied onto the Raspberry Pi; the following command can be
run to generate the genesis block.
$ ./geth init genesis.json
5. After genesis block creation, there is a need to add peers to the network. This can be
achieved by creating a file named static-nodes.json, which contains the enode ID of the
peer that geth on the Raspberry Pi will connect for syncing.

42. 42 | P a g e
6. This information can be obtained from the Geth JavaScript console by running the
following command, and this command should be run on the peer to which Raspberry Pi
is going to connect:
> admin.nodeInfo
First node setup
First, the geth client needs to be started on the first node using the following command:
$ geth --datadir .ethereum/privatenet/ --networkid 786 --maxpeers 5 --rpc --rpcapi
web3,eth,debug,personal,net –
Raspberry Pi node setup
On Raspberry Pi, the following command is required to be run to start geth and to sync it with
other nodes (in this case only one node).
$ ./geth --networkid 786 --maxpeers 5 --rpc --rpcapi web3,eth,debug,personal,net --
rpccorsdomain "*" --port 30302
This can be further verified by running commands in the geth console on both nodes. The geth
client can be attached by simply running the following command on the Raspberry Pi:
$ geth attach
Similarly, we can attach to the geth instance by running the following command on the first
node:
$ geth attach ipc:.ethereum/privatenet/geth.ipc
Once both nodes are up-and-running further prerequisites can be installed to set up the
experiment. Installation of Node.js and the relevant JavaScript libraries is required.
Installing Node.js
The required libraries and dependencies are listed here. First Node.js and npm need to be
updated on the Raspberry Pi Raspbian operating system. For this the following steps can be
followed:
1. Install latest Node.js on the Raspberry Pi using the following command:
$ curl -sL https://deb.nodesource.com/setup_7.x | sudo -E bash –
2. Run the update via apt-get:
$ sudo apt-get install nodejs
3. Install Ethereum web3 npm, which is required to enable JavaScript code to access the
Ethereum blockchain:

43. 43 | P a g e
4. Similarly, npm onoff can be installed, which is required to communicate with the
Raspberry Pi and control GPIO:
$ npm install onoff
The hardware components are listed as follows:
 LED
 Resistor
 Breadboard
 T-Shaped cobbler
 Ribbon cable connector
Circuit
The positive leg (long leg) of the LED is connected to pin number 21 of the GPIO, and the
negative (short leg) is connected to the resistor, which is then connected to the ground (GND)
pin of the GPIO. Once the connections are set up the ribbon cable can be used to connect to the
GPIO connector on the Raspberry Pi simply.
Once the connections are set up correctly, and the Raspberry Pi has been updated with the
appropriate libraries and Geth, the next step is to develop a simple, smart contract that expects a
value.
The smart contract source code is shown as follows:

44. 44 | P a g e
The online Solidity compiler (Remix IDE) can be used to run and test this contract. The
Application Binary Interface (ABI) required for interacting with the contract is also available.
There are two methods by which the Raspberry Pi node can connect to the private blockchain via
the web3 interface. A comparison of both of these approaches is shown in the following diagram:
Truffle deploy can be performed simply by using the following shown command; it is assumed
that truffle init and other preliminaries, Ethereum Development Environment has already been
performed:
$ truffle migrate

45. 45 | P a g e
GOVERNMENT
There are various applications of blockchain being researched currently that can support
government functions and take the current model of e-government to the next level.
Government or electronic government is a paradigm where information and communication
technology are used to deliver public services to citizens. Transparency, auditability, and
integrity are attributes of blockchain that can go a long way in effectively managing various
government functions.
Border control
Automated border control systems have been in use for decades now to thwart illegal entry into
countries and prevent terrorism and human trafficking.
Machine-readable travel documents and specifically biometric passports have paved the way for
automated border control; however current systems are limited to a certain extent and blockchain
technology can provide solutions.
A Machine Readable Travel Document (MRTD) standard is defined in document ICAO 9303
by the International Civil Aviation Organization (ICAO) and has been implemented by many
countries around the world.
Each passport contains various security and identity attributes that can be used to identify the
owner of the passport and also circumvent attempts at tampering with the passports. These
include biometric features such as retina scan, fingerprints, facial recognition, and standard
ICAO specified features including Machine Readable Zone (MRZ) and other text attributes that
are visible on the first page of the passport.
.
Voting
Voting in any government is a key function and allows citizens to participate in the democratic
election process. The limitations in current voting systems revolve around fraud, weaknesses in
operational processes, and especially transparency.

46. 46 | P a g e
Blockchain-based voting systems can resolve these issues by introducing end-to-end security and
transparency in the process. Security is provided in the form of integrity and authenticity of votes
by using public key cryptography which comes as standard in a blockchain.
Citizen identification (ID cards)
Electronic IDs or national ID cards are issued by various countries around the world at present.
These cards are secure and possess many security features that thwart duplication or tampering
attempts.
A blockchain-based online digital identity allows control over personal information sharing.
Users can see who used their data and for what purpose and can control access to it.
The key benefit is that a single identity issued by the government can be used easily and in a
transparent manner for multiple services via a single government blockchain.
Miscellaneous
Other government functions where blockchain technology can be implemented to improve cost
and efficiency include the collection of taxes, benefits management and disbursement, land
ownership record management, life event registration (marriages, births), motor vehicle
registration, and licenses.
The key benefits of blockchain such as immutability, transparency, and decentralization can help
to bring improvements to most of the traditional government systems.
HEALTH
The health industry has also been identified as another major industry that can benefit by
adapting blockchain technology. Blockchain provides an immutable, auditable, and transparent
system that traditional peer-to-peer networks cannot.
In healthcare, major issues such as privacy compromises, data breaches, high costs, and fraud
can arise from lack of interoperability, overly complex processes, transparency, auditability, and
control.
With the adaptability of blockchain in the health sector, several benefits can be realized, ranging
from cost saving, increased trust, faster processing of claims, high availability, no operational
errors due to complexity in the operational procedures, and preventing the distribution of
counterfeit medicines.
FINANCE
Blockchain has many applications in the finance industry. Blockchain in finance is the hottest
topic in the industry currently, and major banks and financial organizations are researching to

47. 47 | P a g e
find ways to adapt blockchain technology primarily due to its highly-desired potential to cost-
save.
Insurance
In the insurance industry, blockchain technology can help to stop fraudulent claims, increase the
speed of claim processing, and enable transparency. Imagine a shared ledger between all insurers
that can provide a quick and efficient mechanism for handling intercompany claims.
Also, with the convergence of IoT and blockchain, an ecosystem of smart devices can be
imagined where all these things can negotiate and manage their insurance policies controlled by
smart contracts on the blockchain.
Blockchain can reduce the overall cost and effort required to process claims. Claims can be
automatically verified and paid via smart contracts and the associated identity of the insurance
policyholder.
Post-trade settlement
This is the most sought-after application of blockchain technology. Currently, many financial
institutions are exploring the possibility of using blockchain technology to simplify, automate,
and speed up the costly and time-consuming post-trade settlement process.
To understand the problem better, the trade life cycle is described briefly. A trade life cycle
contains three steps: execution, clearing, and settlement.
Financial crime prevention
Know Your Customer (KYC), and Anti Money Laundering (AML) are the key enablers for
the prevention of financial crime. In the case of KYC, currently, each institution maintains their
own copy of customer data and performs verification via centralized data providers. This can be
a time-consuming process and can result in delays in onboarding a new client.
Blockchain can provide a solution to this problem by securely sharing a distributed ledger
between all financial institutions that contain verified and true identities of customers.
Blockchain can provide a single shared view of all financial transactions in the system that are
cryptographically secure, authentic, and auditable, thus reducing the costs and complexity
associated with the currently employed regulatory reporting methods.
MEDIA
Critical issues in the media industry revolve around content distribution, rights management, and
royalty payments to artists. Blockchain can provide a network where digital music is
cryptographically guaranteed to be owned only by the consumers who pay for it.

48. 48 | P a g e
This payment mechanism is controlled by a smart contract instead of a centralized media agency
or authority. The payments will be automatically made based on the logic embedded within the
smart contract and number of downloads.
SCALABILITY AND OTHER CHALLENGES
The various challenges that need to be addressed before blockchains can become a mainstream
technology.
Even though various use cases and proof of concept systems have been developed and the
technology works well for many of the scenarios, there still is a need to address some
fundamental limitations that are present in blockchains in order to make this technology more
adaptable.
There are some reasonable security concerns in other blockchains, such as Ethereum, regarding
smart contracts, denial of service attacks, and large attack surface. All of these will be discussed
in detail in the following sections.
SCALABILITY
This problem has been a focus of intense debate, rigorous research, and media attention for the
last few years. This is the single most important problem that could mean the difference between
wider adaptability of blockchains or limited private use only by consortiums.
Based on the aforementioned solutions, generally, the proposals can be divided into two
categories: on-chain solutions that are based on the idea of changing fundamental protocols on
which the blockchain operates, and off-chain solutions that make use of network and processing
resources off-chain in order to enhance the blockchain.
Network plane
A key function of the network plane is transaction propagation. It has been identified in the
aforementioned paper that in Bitcoin, this plane underutilizes the network bandwidth due to the
way transaction validation is performed by a node before propagation and duplication of
transaction propagation, first in the transaction broadcast phase, and then after mining in a block.
Consensus plane
The second layer is called the consensus plane. This layer is responsible for mining and
achieving consensus. Bottlenecks in this layer revolve around limitations in PoW algorithms
whereby increasing consensus speed and bandwidth results in compromising the security of the
network due to an increase in the number of forks.

49. 49 | P a g e
Storage plane
The storage plane is the third layer, which stores the ledger. Issues in this layer revolve around
the need for each node to keep a copy of the entire ledger, which leads to certain inefficiencies,
such as increased bandwidth and storage requirements.
View plane
The view plane, which proposes an optimization which is based on the proposal that bitcoin
miners do not need the full blockchain to operate, and a view can be constructed out of the
complete ledger as a representation of the entire state of the system, which is sufficient for
miners to function. Implementation of views will eliminate the need for mining nodes to store the
full blockchain.
This plane represents the idea of off-chain transactions whereby the concept of payment or
transaction channels is used to offload the processing of transactions between participants but is
still backed by the main Bitcoin blockchain.
Block size increase
This is the most debated proposal for increasing blockchain performance (transaction processing
throughput).
Currently, Bitcoin can process only about three to seven transactions per second, which is a
major inhibiting factor in adapting the Bitcoin blockchain for processing micro transactions.
Block size in Bitcoin is hardcoded to be 1 MB, but if the block size is increased, it can hold more
transactions and can result in faster confirmation time.
There are several Bitcoin Improvement Proposals (BIPs) made in favor of block size increase.
These include BIP 100, BIP 101, BIP 102, BIP 103, and BIP 109.
Block interval reduction
Another proposal is to reduce the time between each block generation. The time between blocks
can be decreased to achieve faster finalization of blocks but may result in less security due to the
increased number of forks.
Ethereum has achieved a block time of approximately 14 seconds. This is a significant
improvement from the Bitcoin blockchain, which takes 10 minutes to generate a new block.
Once Ethereum moves to Proof of Stake (PoS), this will become irrelevant as no mining will be
required and almost immediate finality of transactions can be achieved.

50. 50 | P a g e
Invertible Bloom Lookup Tables
This is another approach that has been proposed to reduce the amount of data required to be
transferred between the Bitcoin nodes. The key attraction in this approach is that it does not
result in a hard fork of Bitcoin if implemented.
The key idea is based on the fact that there is no need to transfer all transactions between nodes;
instead, only those that are not already available in the transaction pool of the syncing node are
transferred.
Sharding
Sharding is not a new technique and has been used in distributed databases for scalability such as
MongoDB and MySQL. The key idea behind sharding is to split up the tasks into multiple
chunks that are then processed by multiple nodes.
This results in improved throughput and reduced storage requirements. In blockchains, a similar
scheme is employed whereby the state of the network is partitioned into multiple shards.
State channels
This is another approach proposed for speeding up the transaction on a blockchain network. The
basic idea is to use side channels for state updating and processing transactions off the main
chain; once the state is finalized, it is written back to the main chain, thus offloading the time-
consuming operations from the main blockchain.
State channels work by performing the following three steps:
1. First, a part of the blockchain state is locked under a smart contract, ensuring the agreement
and business logic between participants.
2. Now off-chain transaction processing and interaction is started between the participants that
update the state only between themselves for now.
3. Once the final state is achieved, the state channel is closed and the final state is written back to
the main blockchain. At this stage, the locked part of the blockchain is also unlocked. This
process is shown in the following diagram:

51. 51 | P a g e
Private blockchain
Private blockchains are inherently fast because no real decentralization is required and
participants on the network do not need to mine; instead, they can only validate transactions.
Proof of Stake
Instead of using Proof of Work (PoW), PoS algorithm based blockchains are fundamentally
faster.
Sidechains
Sidechains can improve scalability indirectly by allowing many sidechains to run along with the
main blockchain while allowing usage of perhaps comparatively less secure and faster sidechains
to perform transactions but still pegged with the main blockchain.
The core idea of sidechains is called a two-way peg, which allows transfer of coins from a parent
chain to a sidechain and vice versa.
Subchains
Miners can build subchains by layering weak blocks on top of each other unless a block is found
that meets the standard difficulty target. At this point, the subchain is closed and becomes the
strong block.

52. 52 | P a g e
Advantages of this approach include reduced waiting time for the first verification of a
transaction. This technique also results in a reduced chance of orphaning blocks and speeds up
transaction processing.
This is also an indirect way of addressing the scalability issue. Subchains do not require any soft
fork or hard fork to implement but need acceptance by the community.
Tree chains
There are also other proposals to increase Bitcoin scalability, such as tree chains that change the
blockchain layout from a linearly sequential model to a tree. This tree is basically a binary tree
which descends from the main Bitcoin chain.
This approach is similar to sidechain implementation, eliminating the need for major protocol
change or block size increase.
It allows improved transaction throughput. In this scheme, the blockchains themselves are
fragmented and distributed across the network in order to achieve scalability.
Privacy
Privacy of transactions is a much-desired property of blockchains. However, due to its very
nature, especially in public blockchains, everything is transparent, thus inhibiting its usage in
various industries where privacy is of paramount importance, such as finance, health, and many
others.
There are different proposals made to address the privacy issue and some progress has already
been made.
Several techniques, such as Indistinguishability Obfuscation (IO), usage of homomorphic
encryption, ZKPs, and ring signatures.
Indistinguishability Obfuscation
This cryptographic technique may serve as a silver bullet to all privacy and confidentiality issues
in blockchains but the technology is not yet ready for production deployments.
IO allows for code obfuscation, which is a very ripe research topic in cryptography and, if
applied to blockchains, can serve as an unbreakable obfuscation mechanism that will turn smart
contracts into a black box.
Homomorphic encryption
This type of encryption allows operations to be performed on encrypted data. Imagine a scenario
where the data is sent to a cloud server for processing. The server processes it and returns the
output without knowing anything about the data that it has processed.

53. 53 | P a g e
Once implemented on blockchains, it can allow processing on ciphertext which will allow
privacy and confidentiality of transactions inherently.
Zero-Knowledge Proofs
ZKPs have recently been implemented in Zcash successfully, as seen in Chapter 8, Alternative
Coins. More specifically, SNARK (short for Succinct Non-Interactive Argument of Knowledge)
have been implemented in order to ensure privacy on the blockchain.
The same idea can be implemented in Ethereum and other blockchains also. Integrating Zcash on
Ethereum is already a very active research project being run by the Ethereum R&D team and the
Zcash Company.
State channels
Privacy using state channels is also possible, simply due to the fact that all transactions are run
off-chain and the main blockchain does not see the transaction at all except for the final state
output, thus ensuring privacy and confidentiality.
Secure multiparty computation
The concept of secure multiparty computation is not new and is based on the notion that data is
split into multiple partitions between participating parties under a secret sharing mechanism
which then does the actual processing on the data without the need of the reconstructing data on
a single machine. The output produced after processing is also shared between the parties.
Usage of hardware to provide confidentiality
Trusted computing platforms can be used to provide a mechanism by which confidentiality of
transaction can be achieved on a blockchain.
If the technology is applied on smart contracts then, once a node has executed the smart
contract, it can produce the quote as a proof of correct and successful execution and other nodes
will only have to verify it.
This idea can be further extended by using any Trusted Execution Environment (TEE) which
can provide the same functionality as an enclave and is available even on mobile devices with
Near Field Communication (NFC) and a secure element.
CoinJoin
CoinJoin is a technique which is used to anonymize the bitcoin transactions by mixing them
interactively. The idea is based on forming a single transaction from multiple entities without
causing any change in inputs and outputs.

54. 54 | P a g e
It removes the direct link between senders and receivers, which means that a single address can
no longer be associated with transactions, which could lead to the identification of the users.
Confidential transactions
Confidential transactions make use of Pedersen commitments in order to provide
confidentiality.Commitment schemes allow a user to commit to some value while keeping it
secret with the capability of revealing it later.
Two properties that need to be satisfied in order to design a commitment scheme are binding and
hiding.
It supports homomorphic encryption of values. Using commitment schemes allows the hiding of
payment values in a bitcoin transaction.
MimbleWimble
MimbleWimble extends the idea of confidential transactions and CoinJoin, which allows
aggregation of transactions without requiring any interactivity.
However, it does not support the use of Bitcoin scripting language along with various other
features of standard Bitcoin protocol. This makes it incompatible with existing Bitcoin protocol.
Therefore, it can either be implemented as a sidechain to Bitcoin or on its own as an alternative
cryptocurrency.
This scheme can address privacy and scalability issues both at once.
SECURITY
Even though blockchains are generally secure and make use of asymmetric and symmetric
cryptography as required throughout the blockchain network, there still are few caveats that can
result in compromising the security of the blockchain.
Smart contract security
Smart contract security is of paramount importance now, and many other initiatives have also
been taken in order to devise methods that can analyze Solidity programs and find bugs.
A recent and seminal example is Oyente, which is a tool built by researchers and has been
introduced in their paper Making Smart Contracts Smarter.
Why3 Formal verification
Formal verification of Solidity code is now available as a feature in the solidity browser. First the
code is converted into why3 language that the verifier can understand.

55. 55 | P a g e
A simple solidity code that defines the variable z as maximum limit of unit. When this code runs,
it will result in returning 0, because unit z will overrun and start again from 0.
Oyente tool
This sample code contains a reentrancy bug which basically means that if a contract is interacting with
another contract or transferring Ether, it is effectively handing over the control to that other contract. This
allows the called contract to call back into the function of the contract from which it has been called
without waiting for completion.

56. 56 | P a g e

57. BITCOIN CLIENT
Dr.D.Sivabalaselvamani
Associate Professor
Department of Computer Applications
Kongu Engineering College
Perundurai – 638060.

58. THE BITCOIN CLIENT
Bitcoin Core: The Reference Implementation
 The reference client Bitcoin Core, also known as the “Satoshi
client” can be downloaded from bitcoin.org.
 The reference client implements all aspects of the bitcoin system,
including wallets, a transaction verification engine with a full copy
of the entire transaction ledger (blockchain), and a full network
node in the peer-to-peer bitcoin network.
 On Bitcoin’s Choose Your Wallet page, select Bitcoin Core to
download the reference client.
 Depending on your operating system, you will download an
executable installer.
 For Windows, this is either a ZIP archive or an .exe executable.
03-03-2023

59. THE BITCOIN CLIENT
Bitcoin Core: The Reference Implementation
 For Mac OS it is a .dmg disk image.
 Linux versions include a PPA package for Ubuntu or a tar.gz archive.
 The bitcoin.org page that lists recommended bitcoin clients is
shown below,

60. THE BITCOIN CLIENT
Running Bitcoin Core for the First Time
 If you download an installable package, such as an .exe, .dmg, or
PPA, you can install it the same way as any application on your
operating system.
 For Windows, run the .exe and follow the step-by-step instructions.
 For Mac OS, launch the .dmg and drag the Bitcoin-QT icon into your
Applications folder.
 For Ubuntu, double-click the PPA in your File Explorer and it will
open the package manager to install the package.
 Once you have completed installation you should have a new
application called Bitcoin-Qt in your application list.
 Double-click the icon to start the bitcoin client.
03-03-2023

61. THE BITCOIN CLIENT
Running Bitcoin Core for the First Time
 The first time you run Bitcoin Core it will start downloading the
blockchain, a process that might take several days.
 Leave it running in the background until it displays “Synchronized”
and no longer shows “out of sync” next to the balance.
 Bitcoin Core keeps a full copy of the transaction ledger
(blockchain), with every transaction that has ever occurred on the
bitcoin network since its inception in 2009.
 This dataset is several gigabytes in size (approximately 16 GB in
late 2013) and is downloaded incrementally over several days.
 Especially since 2014, the data set experienced exponential growth
with megabytes growing by nearly one gigabyte every few days.
 Sep 13, 2021 the Blockchain size is 355.52 GB.

62. 03-03-2023
Size of the Bitcoin blockchain from January 2009
to September 13, 2021(in gigabytes)

63. THE BITCOIN CLIENT
Running Bitcoin Core for the First Time
 The client will not be able to process transactions or update account
balances until the full blockchain dataset is downloaded.
 During that time, the client will display “out of sync” next to the
account balances and show “Synchronizing” in the footer.
 Make sure you have enough disk space, bandwidth, and time to
complete the initial synchronization.
03-03-2023

64. THE BITCOIN CLIENT

65. THE BITCOIN CLIENT
Compiling Bitcoin Core from the Source Code
 For developers, there is also the option to download the full source
code as a ZIP archive or by cloning the authoritative source
repository from GitHub.
 On the GitHub bitcoin page, select Download ZIP from the sidebar.
 Alternatively, use the git command line to create a local copy of the
source code on your system.
 In the following example, we are cloning the source code from a
Unix-like command line, in Linux or Mac OS:
03-03-2023

66. THE BITCOIN CLIENT
Compiling Bitcoin Core from the Source Code
$ git clone https://github.com/bitcoin/bitcoin.git
Cloning into 'bitcoin'...
remote: Counting objects: 31864, done.
remote: Compressing objects: 100% (12007/12007), done.
remote: Total 31864 (delta 24480), reused 26530 (delta 19621)
Receiving objects: 100% (31864/31864), 18.47 MiB | 119 KiB/s, done.
Resolving deltas: 100% (24480/24480), done.
$
 When the git cloning operation has completed, you will have a
complete local copy of the source code repository in the directory
bitcoin.
03-03-2023

67. THE BITCOIN CLIENT
Compiling Bitcoin Core from the Source Code
 Change to this directory by typing cd bitcoin at the prompt:
$ cd bitcoin
 Before compiling the code, select a specific version by checking out
a release tag.
 Tags are used by the developers to mark specific releases of the
code by version number.
 First, to find the available tags, we use the git tag command:
03-03-2023

68. THE BITCOIN CLIENT
Compiling Bitcoin Core from the Source Code
$ git tag
v0.1.5
v0.1.6test1
v0.2.0
v0.2.10
v0.2.11
v0.2.12
[... many more tags ...]
v0.8.4rc2
v0.8.5
v0.8.6
v0.8.6rc1
v0.9.0rc1
 The list of tags shows all the released versions of bitcoin.
03-03-2023

69. THE BITCOIN CLIENT
Compiling Bitcoin Core from the Source Code
 To check the latest versions use the git checkout command:
$ git checkout v0.9.0rc1
Note: checking out 'v0.9.0rc1'.
 The source code includes documentation, which can be found in a
number of files.
 Review the main documentation located in README.md in the
bitcoin directory by typing more README.md at the prompt and
using the space bar to progress to the next page.
 Here we will build the command-line bitcoin client, also known as
bitcoind on Linux.
 Review the instructions for compiling the bitcoind command-line
client on your platform by typing more doc/build-unix.md.
03-03-2023

70. THE BITCOIN CLIENT
Compiling Bitcoin Core from the Source Code
 Carefully review the build prerequisites, which are in the first part of
the build documentation.
 These are libraries that must be present on your system before you
can begin to compile bitcoin.
 If these prerequisites are missing, the build process will fail with an
error.
 If this happens because you missed a prerequisite, you can install it
and then resume the build process from where you left off.
 Assuming the prerequisites are installed, you start the build process
by generating a set of build scripts using the autogen.sh script.
03-03-2023

71. THE BITCOIN CLIENT
Compiling Bitcoin Core from the Source Code
$ ./autogen.sh
configure.ac:12: installing `src/build-aux/config.guess'
configure.ac:12: installing `src/build-aux/config.sub'
configure.ac:37: installing `src/build-aux/install-sh'
configure.ac:37: installing `src/build-aux/missing'
src/Makefile.am: installing `src/build-aux/depcomp'
$
 The autogen.sh script creates a set of automatic configuration scripts
that will interrogate your system to discover the correct settings and
ensure you have all the necessary libraries to compile the code.
 The most important of these is the configure script that offers a
number of different options to customize the build process.
 Type ./configure --help to see the various options:

72. THE BITCOIN CLIENT
Compiling Bitcoin Core from the Source Code
$ ./configure --help
`configure' configures Bitcoin Core 0.9.0 to adapt to many kinds of
systems.
Usage: ./configure [OPTION]... [VAR=VALUE]...
….
…..
Optional Features:
--disable-option-checking ignore unrecognized --enable/--with
options
--disable-FEATURE do not include FEATURE (same as --enable-
FEATURE=no)
--enable-FEATURE[=ARG] include FEATURE [ARG=yes]
[... more options ...]
Report bugs to <info@bitcoin.org>.
$

73. THE BITCOIN CLIENT
Compiling Bitcoin Core from the Source Code
 The configure script allows you to enable or disable certain
features of bitcoind through the use of the --enable-FEATURE and --
disable-FEATURE flags, where FEATURE is replaced by the feature
name, as listed in the help output.
 We will build the bitcoind client with all the default features.
 Next, run the configure script to automatically discover all the
necessary libraries and create a customized build script for your
system:
 If all goes well, the configure command will end by creating the
customized build scripts that will allow us to compile bitcoind.

74. THE BITCOIN CLIENT
Compiling Bitcoin Core from the Source Code
 If there are any missing libraries or errors, the configure command
will terminate with an error instead of creating the build scripts.
 If an error occurs, it is most likely because of a missing or
incompatible library.
 Review the build documentation again and make sure you install the
missing prerequisites.
 Then run configure again and see if that fixes the error.
 Next, compile the source code, a process that can take up to an hour
to complete.

75. THE BITCOIN CLIENT
Compiling Bitcoin Core from the Source Code
 During the compilation process you should see output every few
seconds or every few minutes, or an error if something goes wrong.
 The compilation process can be resumed at any time if interrupted.
 Type make to start compiling:
$ make
Making all in src
make[1]: Entering directory `/home/ubuntu/bitcoin/src'
make all-recursive
make[2]: Entering directory `/home/ubuntu/bitcoin/src'
Making all in .
make[3]: Entering directory `/home/ubuntu/bitcoin/src‘
…….
$

76. THE BITCOIN CLIENT
Compiling Bitcoin Core from the Source Code
 If all goes well, bitcoind is now compiled.
 The final step is to install the bitcoind executable into the system
path using the make command:
$ sudo make install
Making install in src
Making install in .
/bin/mkdir -p '/usr/local/bin‘
…..
…..
$

77. THE BITCOIN CLIENT
Compiling Bitcoin Core from the Source Code
 You can confirm that bitcoin is correctly installed by asking the
system for the path of the two executables, as follows:
$ which bitcoind
/usr/local/bin/bitcoind
$ which bitcoin-cli
/usr/local/bin/bitcoin-cli
 The default installation of bitcoind puts it in /usr/local/bin. When you
first run bitcoind, it will remind you to create a configuration file with a
strong password for the JSONRPC interface.
 Run bitcoind by typing bitcoind into the terminal:
$ bitcoind

78. THE BITCOIN CLIENT
Compiling Bitcoin Core from the Source Code
 Edit the configuration file in your preferred editor and set the
parameters, replacing the password with a strong password as
recommended by bitcoind.
 Now, run the Bitcoin Core client.
 The first time you run it, it will rebuild the bitcoin blockchain by
downloading all the blocks.
 This is a multigigabyte file and will take an average of two days to
download in full.
 You can shorten the blockchain initialization time by downloading a
partial copy of the blockchain using a BitTorrent client from
SourceForge.

79. THE BITCOIN CLIENT
Compiling Bitcoin Core from the Source Code
 Run bitcoind in the background with the option -daemon:
$ bitcoind -daemon
Bitcoin version v0.9.0rc1-beta (2014-01-31 09:30:15 +0100)
Using OpenSSL version OpenSSL 1.0.1c 10 May 2012
Default data directory /home/bitcoin/.bitcoin
Using data directory /bitcoin/
Using at most 4 connections (1024 file descriptors available)
init message: Verifying wallet...
dbenv.open LogDir=/bitcoin/database ErrorFile=/bitcoin/db.log
Bound to [::]:8333
Bound to 0.0.0.0:8333
init message: Loading block index...
Opening LevelDB in /bitcoin/blocks/index
Opened LevelDB successfully
Opening LevelDB in /bitcoin/chainstate
Opened LevelDB successfully
[... more startup messages ...]

80. THE BITCOIN CLIENT
Using Bitcoin Core’s JSON-RPC API from the Command Line
 The Bitcoin Core client implements a JSON-RPC interface that can
also be accessed using the command-line helper bitcoin-cli.
 This is done via the API.
 To start, invoke the help command to see a list of the available
bitcoin RPC commands:
$ bitcoin-cli help
addmultisigaddress nrequired ["key",...] ( "account" )
addnode "node" "add|remove|onetry"
backupwallet "destination"
createmultisig nrequired ["key",...]

81. THE BITCOIN CLIENT
Using Bitcoin Core’s JSON-RPC API from the Command Line
decoderawtransaction "hexstring"
decodescript "hex"
dumpprivkey "bitcoinaddress"
dumpwallet "filename"
getaccount "bitcoinaddress"
getaccountaddress "account"
getaddednodeinfo dns ( "node" )
getaddressesbyaccount "account"
getbalance ( "account" minconf )
getbestblockhash
getblock "hash" ( verbose )
getblockchaininfo
getblockcount
getblockhash index
getblocktemplate ( "jsonrequestobject" )
getconnectioncount
getdifficulty

82. THE BITCOIN CLIENT
Using Bitcoin Core’s JSON-RPC API from the Command Line
getgenerate
gethashespersec
getinfo
getmininginfo
Getnettotals
getnetworkhashps ( blocks height )
getnetworkinfo
getnewaddress ( "account" )
getpeerinfo
getrawchangeaddress
getrawmempool ( verbose )
getrawtransaction "txid" ( verbose )
getreceivedbyaccount "account" ( minconf )
getreceivedbyaddress "bitcoinaddress" ( minconf )
gettransaction "txid"
gettxout "txid" n ( includemempool )
gettxoutsetinfo

83. THE BITCOIN CLIENT
Using Bitcoin Core’s JSON-RPC API from the Command Line
getunconfirmedbalance
getwalletinfo
getwork ( "data" )
help ( "command" )
importprivkey "bitcoinprivkey" ( "label" rescan )
importwallet "filename"
keypoolrefill ( newsize)
listaccounts ( minconf )
listaddressgroupings
listlockunspent
listreceivedbyaccount ( minconf includeempty )
listreceivedbyaddress ( minconf includeempty )
listsinceblock ( "blockhash" target-confirmations )
listtransactions ( "account" count from )
listunspent ( minconf maxconf ["address",...] )
lockunspent unlock [{"txid":"txid","vout":n},...]
move "fromaccount" "toaccount" amount ( minconf "comment" )

84. THE BITCOIN CLIENT
Using Bitcoin Core’s JSON-RPC API from the Command Line
ping
sendfrom "fromaccount" "tobitcoinaddress" amount ( minconf "comment"
"commentto”)
sendmany "fromaccount" {"address":amount,...} ( minconf "comment" )
sendrawtransaction "hexstring" ( allowhighfees )
sendtoaddress "bitcoinaddress" amount ( "comment" "comment-to" )
setaccount "bitcoinaddress" "account"
setgenerate generate ( genproclimit )
settxfee amount
signmessage "bitcoinaddress" "message"
signrawtransaction "hexstring" ( [{"txid":"id","vout":n,"scriptPub-
Key":"hex","redeemScript":"hex"},...] ["privatekey1",...] sighashtype )
stop
submitblock "hexdata" ( "jsonparametersobject" )
validateaddress "bitcoinaddress"
verifychain ( checklevel numblocks )
verifymessage "bitcoinaddress" "signature" "message"
walletlock
walletpassphrase "passphrase" timeout
walletpassphrasechange "oldpassphrase" "newpassphrase"

85. THE BITCOIN CLIENT
1. Getting Information on the Bitcoin Core Client Status
 Commands: getinfo
 Bitcoin’s getinfo RPC command displays basic information about the
status of the bitcoin network node, the wallet, and the blockchain
database.
 Use bitcoin-cli to run it:

86. THE BITCOIN CLIENT
1. Getting Information on the Bitcoin Core Client Status
$ bitcoin-cli getinfo
{
"version" : 90000,
"protocolversion" : 70002,
"walletversion" : 60000,
"balance" : 0.00000000,
"blocks" : 286216,
"timeoffset" : -72,
"connections" : 4,
"proxy" : "",
"difficulty" : 2621404453.06461525,
"testnet" : false,
"keypoololdest" : 1374553827,
"keypoolsize" : 101,
"paytxfee" : 0.00000000,
"errors" : ""
}
 The data is returned in JavaScript Object Notation (JSON), a format that can easily be
“consumed” by all programming languages but is also quite human-readable.

87. THE BITCOIN CLIENT
2. Wallet Setup and Encryption
 Commands: encryptwallet, walletpassphrase
 Before creating keys and other commands, you should first encrypt the
wallet with a password.
$ bitcoin-cli encryptwallet foo
wallet encrypted; Bitcoin server stopping, restart to run with encrypted wallet.
The keypool has been flushed, you need to make a new backup.
$
 You can verify the wallet has been encrypted by running getinfo again.
 At first this will be set to zero, meaning the wallet is locked:

88. THE BITCOIN CLIENT
2. Wallet Setup and Encryption
$ bitcoin-cli getinfo
{
"version" : 90000,
#[... other information...]
"unlocked_until" : 0,
"errors" : ""
}
$
 To unlock the wallet, issue the walletpassphrase command, which
takes two parameters— the password and a number of seconds until
the wallet is locked again automatically (a time counter):
$ bitcoin-cli walletpassphrase foo 360
$

89. THE BITCOIN CLIENT
3. Wallet Backup, Plain-text Dump, and Restore
 Commands: backupwallet, importwallet, dumpwallet
 Next, we will see creating a wallet backup file and then restoring the
wallet from the backup file. Use the backupwallet command to back
up, providing the filename as the parameter. Here we back up the wallet
to the file wallet.backup:
$ bitcoin-cli backupwallet wallet.backup
$
 Now, to restore the backup file, use the importwallet command. If your
wallet is locked, you will need to unlock it first (use walletpassphrase) in
order to import the backup file:
$ bitcoin-cli importwallet wallet.backup
$

90. THE BITCOIN CLIENT
3. Wallet Backup, Plain-text Dump, and Restore
 The dumpwallet command can be used to dump the wallet into a text
file that is humanreadable:
$ bitcoin-cli dumpwallet wallet.txt
$ more wallet.txt
# Wallet dump created by Bitcoin v0.9.0rc1-beta (2014-01-31 09:30:15
+0100)
# * Created on 2014-02- 8dT20:34:55Z
# * Best block at time of backup was 286234
(0000000000000000f74f0bc9d3c186267bc45c7b91c49a0386538ac24c0
d3a44),
# mined on 2014-02- 8dT20:24:01Z
KzTg2wn6Z8s7ai5NA9MVX4vstHRsqP26QKJCzLg4JvFrp6mMaGB9
2013-07-4dT04:30:27Z
change=1 # addr=17oJds8kaN8LP8kuAkWTco6ZM7BGXFC3gk
[... many more keys ...]
$

91. THE BITCOIN CLIENT
4. Wallet Addresses and Receiving Transactions
 Commands: getnewaddress, getreceivedbyaddress,
listtransactions, getaddressesbyaccount, getbalance
 The bitcoin reference client maintains a pool of addresses, the size of
which is displayed by keypoolsize when you use the command getinfo.
 To get one of these addresses, use the getnewaddress command:
$ bitcoin-cli getnewaddress
1hvzSofGwT8cjb8JU7nBsCSfEVQX5u9CL
 Now, we can use this address to send a small amount of bitcoin to our
bitcoind wallet from an external wallet
Ex: 50 millibits (0.050 bitcoin) to the preceding address

92. THE BITCOIN CLIENT
4. Wallet Addresses and Receiving Transactions
 We can now query the bitcoind client for the amount received by this
address, and specify how many confirmations are required before an
amount is counted in that balance.
 We use getreceivedbyaddress with the address and the number of
confirmations set to zero (0):
$ bitcoin-cli getreceivedbyaddress 1hvzSofGwT8cjb8JU7nBsCSfEVQX5u9CL 0
0.05000000
 The transactions received by the entire wallet can also be displayed
using the listtransactions command:

93. THE BITCOIN CLIENT
4. Wallet Addresses and Receiving Transactions
$ bitcoin-cli listtransactions
[
{
"account" : "",
"address" : "1hvzSofGwT8cjb8JU7nBsCSfEVQX5u9CL",
"category" : "receive",
"amount" : 0.05000000,
"confirmations" : 0,
"txid" : "9ca8f969bd3ef5ec2a8685660fdbf7a8bd365524c2e1fc66c309ac
bae2c14ae3",
"time" : 1392660908,
"timereceived" : 1392660908
}
]

94. THE BITCOIN CLIENT
4. Wallet Addresses and Receiving Transactions
 We can list all addresses in the entire wallet using the
getaddressesbyaccount command:
$ bitcoin-cli getaddressesbyaccount ""
[
"1LQoTPYy1TyERbNV4zZbhEmgyfAipC6eqL",
"17vrg8uwMQUibkvS2ECRX4zpcVJ78iFaZS",
"1FvRHWhHBBZA8cGRRsGiAeqEzUmjJkJQWR",
"1NVJK3JsL41BF1KyxrUyJW5XHjunjfp2jz",
"14MZqqzCxjc99M5ipsQSRfieT7qPZcM7Df",
"1BhrGvtKFjTAhGdPGbrEwP3xvFjkJBuFCa",
"15nem8CX91XtQE8B1Hdv97jE8X44H3DQMT",
"1Q3q6taTsUiv3mMemEuQQJ9sGLEGaSjo81",
"1HoSiTg8sb16oE6SrmazQEwcGEv8obv9ns",
"13fE8BGhBvnoy68yZKuWJ2hheYKovSDjqM",
"1hvzSofGwT8cjb8JU7nBsCSfEVQX5u9CL",
"1LqJZz1D9yHxG4cLkdujnqG5jNNGmPeAMD"
]

95. THE BITCOIN CLIENT
4. Wallet Addresses and Receiving Transactions
 Finally, the command getbalance will show the total balance of the
wallet:
$ bitcoin-cli getbalance
0.05000000

96. THE BITCOIN CLIENT
5. Exploring and Decoding Transactions
 Commands: gettransaction, getrawtransaction,
decoderawtransaction
6. Exploring Blocks
 Commands: getblock, getblockhash
7. Creating, Signing, and Submitting Transactions Based on
Unspent Outputs
 Commands: listunspent, gettxout, createrawtransaction,
decoderawtransaction, signrawtransaction, sendrawtransaction

97. BITCOIN
Dr.D.Sivabalaselvamani
Associate Professor
Department of Computer Applications
Kongu Engineering College
Perundurai – 638060.

98. HOW BITCOIN WORKS
Transactions, Blocks, Mining, and the Blockchain
 The bitcoin system, unlike traditional banking and payment systems,
is based on decentralized trust.
 Instead of a central trusted authority, in bitcoin, trust is achieved as
an emergent property from the interactions of different participants in
the bitcoin system.
 Here, we will examine bitcoin from a high level by tracking a single
transaction through the bitcoin system and watch as it becomes
“trusted” and accepted by the bitcoin mechanism of distributed
consensus and is finally recorded on the blockchain, the distributed
ledger of all transactions.
 Each example is based on an actual transaction made on the bitcoin
network, simulating the interactions between the users (Joe, Alice,
and Bob) by sending funds from one wallet to another.
03-03-2023

99. HOW BITCOIN WORKS
Transactions, Blocks, Mining, and the Blockchain
 While tracking a transaction through the bitcoin network and
blockchain, we will use a blockchain explorer site to visualize each
step.
 A blockchain explorer is a web application that operates as a
bitcoin search engine, in that it allows you to search for addresses,
transactions, and blocks and see the relationships and flows
between them.
 Popular blockchain explorers include:
• Blockchain info
• Bitcoin Block Explorer
• insight
• blockr Block Reader
03-03-2023

100. HOW BITCOIN WORKS
Transactions, Blocks, Mining, and the Blockchain
 Each of these has a search function that can take an address,
transaction hash, or block number and find the equivalent data on
the bitcoin network and blockchain.
03-03-2023

101. BITCOIN OVERVIEW
 In the overview diagram shown below, we see that the bitcoin
system consists of users with wallets containing keys,
transactions that are propagated across the network, and
miners who produce (through competitive computation) the
consensus blockchain, which is the authoritative ledger of all
transactions.
03-03-2023

102. BITCOIN OVERVIEW

103. HOW BITCOIN WORKS
Buying a Cup of Coffee
 Alice met with her friend Joe to exchange some cash for bitcoin.
 The transaction created by Joe funded Alice’s wallet with 0.10 BTC.
 Now Alice will make her first retail transaction, buying a cup of coffee
at Bob’s coffee shop in Palo Alto, California.
 Bob’s coffee shop recently started accepting bitcoin payments, by
adding a bitcoin option to his point-of-sale system.
 The prices at Bob’s Cafe are listed in the local currency (US dollars),
but at the register, customers have the option of paying in either
dollars or bitcoin.
 Alice places her order for a cup of coffee and Bob enters the
transaction at the register.
 The point-of-sale system will convert the total price from US dollars
to bitcoins at the prevailing market rate and display the prices in both
currencies, as well as show a QR code containing a payment request
for this transaction.
03-03-2023

104. Total:
$1.50 USD
0.015 BTC
03-03-2023

105. HOW BITCOIN WORKS
Buying a Cup of Coffee
 The payment request QR code encodes the following URL, defined
in BIP0021:
bitcoin:1GdK9UzpHBzqzX2A9JFP3Di4weBwqgmoQA?
amount=0.015&
label=Bob%27s%20Cafe&
message=Purchase%20at%20Bob%27s%20Cafe
Components of the URL
A bitcoin address: "1GdK9UzpHBzqzX2A9JFP3Di4weBwqgmoQA"
The payment amount: "0.015"
A label for the recipient address: "Bob's Cafe"
A description for the payment: "Purchase at Bob's Cafe"
03-03-2023

106. BITCOIN TRANSACTIONS
 A transaction tells the network that the owner of a number of
bitcoins has authorized the transfer of some of those bitcoins to
another owner.
 The new owner can now spend these bitcoins by creating another
transaction that authorizes transfer to another owner, and so on, in a
chain of ownership.
 Transactions are like lines in a double-entry bookkeeping ledger.
 The inputs and outputs (debits and credits) do not necessarily
add up to the same amount.
 Instead, outputs add up to slightly less than inputs and the
difference represents an implied “transaction fee” which is a small
payment collected by the miner who includes the transaction in the
ledger.
03-03-2023

107. BITCOIN TRANSACTIONS

108.  A chain of transactions, where the output of one transaction is the
input of the next transaction.

109. Common Transaction Forms
 The most common form of transaction is a simple payment from one
address to another, which often includes some “change” returned to the
original owner.
 This type of transaction has one input and two outputs and is shown
below,

110. Common Transaction Forms
 Another common form of transaction is one that aggregates several
inputs into a single output (seen below).
This represents the real-world equivalent of exchanging a pile of coins
and currency notes for a single larger note.
Transactions like these are sometimes generated by wallet
applications to clean up lots of smaller amounts that were received as
change for payments.

111. Common Transaction Forms
 Finally, another transaction form that is seen often on the bitcoin
ledger is a transaction that distributes one input to multiple outputs
representing multiple recipients (seen Below).
 This type of transaction is sometimes used by commercial entities to
distribute funds, such as when processing payroll payments to
multiple employees.

112. BITCOIN
Dr.D.Sivabalaselvamani
Associate Professor
Department of Computer Applications
Kongu Engineering College
Perundurai – 638060.

113. CONSTRUCTING A BITCOIN
 Alice’s wallet application contains all the logic for selecting
appropriate inputs and outputs to build a transaction to Alice’s
specification.
 Alice only needs to specify a destination and an amount and the rest
happens in the wallet application without her seeing the details.
 Importantly, a wallet application can construct transactions even if it
is completely offline.
 Like writing a cheque at home and later sending it to the bank in an
envelope, the transaction does not need to be constructed and
signed while connected to the bitcoin network.
 It only has to be sent to the network eventually for it to be executed.
03-03-2023

114. CONSTRUCTING A BITCOIN
1.Getting the Right Inputs
 Alice’s wallet application will first have to find inputs that can pay for
the amount she wants to send to Bob.
 Most wallet applications keep a small database of “unspent
transaction outputs” that are locked (encumbered) with the wallet’s
own keys.
 Therefore, Alice’s wallet would contain a copy of the transaction
output from Joe’s transaction, which was created in exchange for
cash.
 A bitcoin wallet application that runs as a full-index client actually
contains a copy of every unspent output from every transaction in the
blockchain.
 This allows a wallet to construct transaction inputs as well as quickly
verify incoming transactions as having correct inputs.

115. CONSTRUCTING A BITCOIN
1.Getting the Right Inputs
 However, because a full-index client takes up a lot of disk space,
most user wallets run “lightweight” clients that track only the user’s
own unspent outputs.
 If the wallet application does not maintain a copy of unspent
transaction outputs, it can query the bitcoin network to retrieve this
information, using a variety of APIs available by different providers or
by asking a full-index node using the bitcoin JSON RPC API.

116. CONSTRUCTING A BITCOIN
2. Creating the Outputs
 A transaction output is created in the form of a script that creates
an encumbrance on the value and can only be redeemed by the
introduction of a solution to the script.
 In simpler terms, Alice’s transaction output will contain a script that
says something like, “This output is payable to whoever can present
a signature from the key corresponding to Bob’s public address.”
 Because only Bob has the wallet with the keys corresponding to that
address, only Bob’s wallet can present such a signature to redeem
this output.
 Alice will therefore “encumber” the output value with a demand for a
signature from Bob.

117. CONSTRUCTING A BITCOIN

118. CONSTRUCTING A BITCOIN
3. Adding the Transaction to the Ledger
 The transaction created by Alice’s wallet application is 258 bytes
long and contains everything necessary to confirm ownership of the
funds and assign new owners.
 Now, the transaction must be transmitted to the bitcoin network
where it will become part of the distributed ledger (the blockchain).

119. BITCOIN
Dr.D.Sivabalaselvamani
Associate Professor
Department of Computer Applications
Kongu Engineering College
Perundurai – 638060.

120. INTRODUCTION TO BITCOIN
 Bitcoin is a collection of concepts and technologies that form the
basis of a digital money ecosystem.
 Units of currency called bitcoins are used to store and transmit
value among participants in the bitcoin network
 .
 Bitcoin users communicate with each other using the bitcoin
protocol primarily via the Internet, although other transport networks
can also be used.
 Users can transfer bitcoins over the network to do just about
anything that can be done with conventional currencies, including
buy and sell goods, send money to people or organizations, or
extend credit.
 Bitcoins can be purchased, sold, and exchanged for other currencies
at specialized currency exchanges.
03-03-2023

121. INTRODUCTION TO BITCOIN
 Unlike traditional currencies, bitcoins are entirely virtual.
 There are no physical coins.
 The coins are implied in transactions that transfer value from sender
to recipient.
 Users of bitcoin own keys that allow them to prove ownership of
transactions in the bitcoin network, unlocking the value to spend it
and transfer it to a new recipient.
 Those keys are often stored in a digital wallet on each user’s
computer.
03-03-2023

122. INTRODUCTION TO BITCOIN
 Bitcoin is a distributed, peer-to-peer system.
 As such there is no “central” server or point of control.
 Bitcoins are created through a process called “mining” , which
involves competing to find solutions to a mathematical problem
while processing bitcoin transactions.
 Any participant in the bitcoin network (i.e., anyone using a device
running the full bitcoin protocol stack) may operate as a miner,
using their computer’s processing power to verify and record
transactions.
 Every 10 minutes on average, someone is able to validate the
transactions of the past 10 minutes and is rewarded with brand new
bitcoins.
03-03-2023

123. INTRODUCTION TO BITCOIN
 The bitcoin protocol includes built-in algorithms that regulate the
mining function across the network.
 The difficulty of the processing task that miners must perform—to
successfully record a block of transactions for the bitcoin network—is
adjusted dynamically so that, on average, someone succeeds every
10 minutes regardless of how many miners (and CPUs) are working
on the task at any moment.
 The protocol also halves the rate at which new bitcoins are
created every four years, and limits the total number of bitcoins that
will be created to a fixed total of 21 million coins.
 The result is that the number of bitcoins in circulation closely
follows an easily predictable curve that reaches 21 million by the
year 2140.
03-03-2023

124. INTRODUCTION TO BITCOIN
How did Nakamoto come to 21 million Bitcoin?
 Nakamoto explained why they chose 21 million for Bitcoin‘s supply
limit, but never really expressed how.
 One solid theory involves dissecting Bitcoin‘s distribution model, but
it unfortunately requires some mathematics.
 Many believe that Bitcoin‘s 21 million limit was arbitrarily set when
Nakamoto made two key decisions, that: Bitcoin should add new
blocks its blockchain every 10 minutes (on average); and the
reward paid to miners (starting with 50 BTC) halve every four
years.
03-03-2023

125. INTRODUCTION TO BITCOIN
How did Nakamoto come to 21 million Bitcoin?
 Calculate the number of blocks per four year cycle:
6 blocks per hour
* 24 hours per day
* 365 days per year
* 4 years per cycle
= 210,240
~= 210,000
 Sum all the block reward sizes:
50 + 25 + 12.5 + 6.25 + 3.125 + … = 100
 Multiply the two:
210,000 * 100 = 21 million.
03-03-2023

126. INTRODUCTION TO BITCOIN
03-03-2023

127. INTRODUCTION TO BITCOIN
 Bitcoin represents the culmination of decades of research in
cryptography and distributed systems and includes four key
innovations brought together in a unique and powerful combination.
Bitcoin consists of:
• A decentralized peer-to-peer network (the bitcoin protocol)
• A public transaction ledger (the blockchain)
• A decentralized mathematical and deterministic currency
issuance (distributed mining)
• A decentralized transaction verification system (transaction
script)
03-03-2023

128. HISTORY OF BITCOIN
 Bitcoin was invented in 2008 with the publication of a paper titled
“Bitcoin: A Peer-to-Peer Electronic Cash System”, written under
the alias of Satoshi Nakamoto.
 Nakamoto combined several prior inventions such as b-money and
HashCash to create a completely decentralized electronic cash
system that does not rely on a central authority for currency
issuance or settlement and validation of transactions.
 The key innovation was to use a distributed computation system
(called a “proof-of-work” algorithm) to conduct a global “election”
every 10 minutes, allowing the decentralized network to arrive at
consensus about the state of transactions
 This elegantly solves the issue of double-spend where a single
currency unit can be spent twice..
03-03-2023

129. HISTORY OF BITCOIN
 The bitcoin network started in 2009, based on a reference
implementation published by Nakamoto and since revised by many
other programmers.
 The distributed computation that provides security and resilience
for bitcoin has increased exponentially, and now exceeds that
combined processing capacity of the world’s top super-computers.
 Bitcoin’s total market value is estimated at between 5 billion and 10
billion US dollars, depending on the bitcoin-to-dollar exchange rate.
 The largest transaction processed so far by the network was 150
million US dollars, transmitted instantly and processed without any
fees.
03-03-2023

130. HISTORY OF BITCOIN
 Satoshi Nakamoto withdrew from the public in April of 2011,
leaving the responsibility of developing the code and network to a
thriving group of volunteers.
 The identity of the person or people behind bitcoin is still unknown.
03-03-2023

131. BITCOIN – GETTING STARTED
 To join the bitcoin network and start using the currency, all a user
has to do is download an application or use a web application.
 Because bitcoin is a standard, there are many implementations of
the bitcoin client software.
 The three main forms of bitcoin clients are:
1. Full client
 A full client, or “full node” is a client that stores the entire history
of bitcoin transactions (every transaction by every user, ever),
manages the users’ wallets, and can initiate transactions directly
on the bitcoin network.
03-03-2023

132. BITCOIN – GETTING STARTED
2. Lightweight client
 A lightweight client stores the user’s wallet but relies on third-party–
owned servers for access to the bitcoin transactions and network.
 The light client does not store a full copy of all transactions and
therefore must trust the third-party servers for transaction validation.
3. Web client
 Web clients are accessed through a web browser and store the
user’s wallet on a server owned by a third party.
03-03-2023

133. BITCOIN ADDRESSES, WALLETS
Dr.D.Sivabalaselvamani
Associate Professor
Department of Computer Applications
Kongu Engineering College
Perundurai – 638060.

134. BITCOIN ADDRESSES
 A bitcoin address is a string of digits and characters that can be
shared with anyone who wants to send you money.
 Addresses produced from public keys consist of a string of numbers
and letters, beginning with the digit “1”.
 Here’s an example of a bitcoin address:
1J7mdg5rbQyUHENYdx39WVWK7fsLpEoXZy
 The bitcoin address is what appears most commonly in a transaction
as the “recipient” of the funds.
 The bitcoin address is derived from the public key through the use of
one-way cryptographic hashing.
03-03-2023

135. BITCOIN ADDRESSES
 A “hashing algorithm” or simply “hash algorithm” is a one-way
function that produces a fingerprint or “hash” of an arbitrary-sized
input.
 Cryptographic hash functions are used extensively in bitcoin: in
bitcoin addresses, in script addresses, and in the mining proof-of-
work algorithm.
 The algorithms used to make a bitcoin address from a public key are
the Secure Hash Algorithm (SHA) and the RACE Integrity Primitives
Evaluation Message Digest (RIPEMD), specifically SHA256 and
RIPEMD160.
 Starting with the public key K, we compute the SHA256 hash and
then compute the RIPEMD160 hash of the result, producing a 160-bit
(20-byte) number:
A = RIPEMD160(SHA256(K))
03-03-2023

136. BITCOIN ADDRESSES
 where K is the public key and A is the resulting bitcoin address.
 A bitcoin address is not the same as a public key. Bitcoin addresses
are derived from a public key using a one-way function.
 Bitcoin addresses are almost always presented to users in an
encoding called “Base58Check”, which uses 58 characters (a
Base58 number system) and a checksum to help human readability,
avoid ambiguity, and protect against errors in address transcription
and entry.
 Next we will see the conversion of a public key into a bitcoin
address.
03-03-2023

137. BITCOIN ADDRESSES
03-03-2023

138. BITCOIN ADDRESSES
Base58 and Base58Check Encoding
 Base58 is a text-based binary- encoding format developed for use in
bitcoin and used in many other cryptocurrencies.
 It offers a balance between compact representation, readability, and
error detection and prevention.
 Base58 is a subset of Base64, using the upper and lowercase letters
and numbers, but omitting some characters that are frequently
mistaken for one another and can appear identical when displayed in
certain fonts.
 Specifically, Base58 is Base64 without the 0 (number zero), O
(capital o), l (lower L), I (capital i), and the symbols “+” and “/”. Or,
more simply, it is a set of lower and capital letters and numbers
without the four (0, O, l, I) just mentioned.
Ex: bitcoin’s Base58 alphabet
123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz
03-03-2023

139. BITCOIN ADDRESSES
Base58 and Base58Check Encoding
 Base58Check is a Base58 encoding format, frequently used in
bitcoin, which has a built-in error-checking code.
 The checksum is an additional four bytes added to the end of the
data that is being encoded.
 The checksum is derived from the hash of the encoded data and can
therefore be used to detect and prevent transcription and typing
errors.
 The Base58Check encoding process is given below,
03-03-2023

140. BITCOIN ADDRESSES
03-03-2023

141. BITCOIN ADDRESSES
Base58 and Base58Check Encoding
 Some example version prefixes and the resulting Base58 characters
are shown below, WIF – Wallet Import Format, BIP – Bitcoin
Improvement Proposal.
03-03-2023

142. BITCOIN ADDRESSES
Key Formats
 Both private and public keys can be represented in a number of
different formats.
 These representations all encode the same number, even though
they look different.
 These formats are primarily used to make it easy for people to read
and transcribe keys without introducing errors.
Private key formats
 The private key can be represented in a number of different formats,
all of which correspond to the same 256-bit number.
 Table shows three common formats used to represent private keys.

143. BITCOIN ADDRESSES
Private key formats
 The below table shows the private key generated in these three
formats.
 All of these representations are different ways of showing the same
number, the same private key.
 They look different, but any one format can easily be converted to
any other format.

144. BITCOIN ADDRESSES
Public key formats
 Public keys are also presented in different ways, most importantly
as either compressed or uncompressed public keys.
 Compressed public keys were introduced to bitcoin to reduce the
size of transactions and conserve disk space on nodes that store the
bitcoin blockchain database.
 Most transactions include the public key, required to validate the
owner’s credentials and spend the bitcoin.
 Each public key requires 520 bits (prefix + x + y)
 A public key is a point (x,y) on an elliptic curve.
 Whereas uncompressed public keys have a prefix of 04,
compressed public keys start with either a 02 or a 03 prefix.

145. BITCOIN ADDRESSES
03-03-2023

146. Implementing Keys and Addresses in Python
 The most comprehensive bitcoin library in Python is pybitcointools
by Vitalik Buterin.
 We use the pybitcointools library (imported as “bitcoin”) to generate
and display keys and addresses in various formats.
 Using the Python ECDSA library for the elliptic curve math.
 This is an easy-to-use implementation of ECC (Elliptic Curve
Cryptography) with support for ECDSA (Elliptic Curve Digital
Signature Algorithm) and ECDH (Elliptic Curve Diffie-Hellman),
implemented purely in Python, released under the MIT license.
 With this library, you can quickly create key pairs (signing key and
verifying key), sign messages, and verify the signatures.
 This library provides key generation, signing and verifying.

147. WALLETS
Wallets
 Wallets are containers for private keys, usually implemented as
structured files or simple databases.
 Another method for making keys is deterministic key generation.
 Here you derive each new private key, using a one-way hash
function from a previous private key, linking them in a sequence.
 Bitcoin wallets contain keys, not coins.
 Each user has a wallet containing keys.

148. WALLETS
 Wallets are really keychains containing pairs of private/public
keys.
 Users sign transactions with the keys, thereby proving they own the
transaction outputs (their coins).
 The coins are stored on the blockchain in the form of transaction-
outputs (often noted as vout or txout).

149. WALLETS
1. Nondeterministic (Random) Wallets
 In the first bitcoin clients, wallets were simply collections of randomly
generated private keys.
 This type of wallet is called a Type-0 nondeterministic wallet.
 For example, the Bitcoin Core client pregenerates 100 random
private keys when first started and generates more keys as needed,
using each key only once.
 This type of wallet is nicknamed “Just a Bunch Of Keys,” or JBOK,
and such wallets are being replaced with deterministic wallets
because they are cumbersome to manage, back up, and import.
 The disadvantage of random keys is that if you generate many of
them you must keep copies of all of them, meaning that the wallet
must be backed up frequently.

150. WALLETS
1. Nondeterministic (Random) Wallets
 A Type-0 nondeterministic wallet is a poor choice of wallet, especially
if you want to avoid address re-use; that means managing many
keys, which creates the need for frequent backups.
 Although the Bitcoin Core client includes a Type-0 wallet, using this
wallet is discouraged by developers of Bitcoin Core.
 Type-0 nondeterministic (random) wallet: a collection of randomly
generated keys is shown below,

151. WALLETS
2. Mnemonic Code Words
 Mnemonic codes are English word sequences that represent
(encode) a random number used as a seed to derive a deterministic
wallet.
 The sequence of words is sufficient to recreate the seed and from
there re-create the wallet and all the derived keys.
 A wallet application that implements deterministic wallets with
mnemonic code will show the user a sequence of 12 to 24 words
when first creating a wallet.
 That sequence of words is the wallet backup and can be used to
recover and re-create all the keys in the same or any compatible
wallet application.

152. WALLETS
2. Mnemonic Code Words
 Mnemonic code words make it easier for users to back up wallets
because they are easy to read and correctly transcribe, as compared
to a random sequence of numbers.
 Mnemonic codes are defined in Bitcoin Improvement Proposal 39
( [bip0039]), currently in Draft status.
 Note that BIP0039 is a draft proposal and not a standard.
 BIP0039 defines the creation of a mnemonic code and seed as a
follows:
1. Create a random sequence (entropy) of 128 to 256 bits.
2. Create a checksum of the random sequence by taking the first few
bits of its SHA256 hash.

153. WALLETS
2. Mnemonic Code Words
3. Add the checksum to the end of the random sequence.
4. Divide the sequence into sections of 11 bits, using those to index a
dictionary of 2048 predefined words.
5. Produce 12 to 24 words representing the mnemonic code.
 The Following table shows the relationship between the size of
entropy data and the length of mnemonic codes in words.

154. WALLETS
2. Mnemonic Code Words
 The mnemonic code represents 128 to 256 bits, which are used to
derive a longer (512-bit) seed through the use of the key-stretching
function PBKDF2.
 The resulting seed is used to create a deterministic wallet and all of
its derived keys.
128-bit entropy mnemonic code and resulting seed

155. WALLETS
3. Hierarchical Deterministic Wallets (BIP0032/BIP0044)
 Deterministic wallets were developed to make it easy to derive many
keys from a single “seed.”
 The most advanced form of deterministic wallets is the hierarchical
deterministic wallet or HD wallet defined by the BIP0032 standard.
 Hierarchical deterministic wallets contain keys derived in a tree
structure, such that a parent key can derive a sequence of children
keys, each of which can derive a sequence of grandchildren keys,
and so on, to an infinite depth.
 This tree structure is given below,

156. WALLETS
3. Hierarchical Deterministic Wallets (BIP0032/BIP0044)

157. WALLETS
3. Hierarchical Deterministic Wallets (BIP0032/BIP0044)
 HD wallets offer two major advantages over random
(nondeterministic) keys.
 First, the tree structure can be used to express additional
organizational meaning, such as when a specific branch of subkeys
is used to receive incoming payments and a different branch is used
to receive change from outgoing payments.
 The second advantage of HD wallets is that users can create a
sequence of public keys without having access to the corresponding
private keys.
HD wallet creation from a seed
 HD wallets are created from a single root seed, which is a 128, 256,
or 512-bit random number.

158. WALLETS
3. Hierarchical Deterministic Wallets (BIP0032/BIP0044)
 Everything else in the HD wallet is deterministically derived from this
root seed, which makes it possible to re-create the entire HD wallet
from that seed in any compatible HD wallet.
 This makes it easy to back up, restore, export, and import HD wallets
containing thousands or even millions of keys by simply transferring
only the root seed.
 The root seed is most often represented by a mnemonic word
sequence, to make it easier for people to transcribe and store it.
 The process of creating the master keys and master chain code for
an HD wallet is shown below,

159. WALLETS
3. Hierarchical Deterministic Wallets (BIP0032/BIP0044)

160. WALLETS
3. Hierarchical Deterministic Wallets (BIP0032/BIP0044)
 The root seed is input into the HMAC-SHA512 algorithm and the
resulting hash is used to create a master private key (m) and a
master chain code.
 The master private key (m) then generates a corresponding master
public key (M), using the normal elliptic curve multiplication process
m * G.
 The chain code creates child keys from parent keys.

161. TRANSACTIONS
Dr.D.Sivabalaselvamani
Associate Professor
Department of Computer Applications
Kongu Engineering College
Perundurai – 638060.

162. TRANSACTIONS
 Transactions are the most important part of the bitcoin system.
 Everything else in bitcoin is designed to ensure that transactions
can be created, propagated on the network, validated, and finally
added to the global ledger of transactions (the blockchain).
 Transactions are data structures that encode the transfer of value
between participants in the bitcoin system.
 Each transaction is a public entry in bitcoin’s blockchain, the global
double-entry bookkeeping ledger.
 Here we will see the various forms of transactions, what they contain,
how to create them, how they are verified, and how they become part
of the permanent record of all transactions.
03-03-2023

163. TRANSACTION LIFECYCLE
 A transaction’s lifecycle starts with the transaction’s creation, also
known as origination.
 The transaction is then signed with one or more signatures indicating
the authorization to spend the funds referenced by the transaction.
 The transaction is then broadcast on the bitcoin network, where each
network node (participant) validates and propagates the transaction
until it reaches (almost) every node in the network.
 Finally, the transaction is verified by a mining node and included in
a block of transactions that is recorded on the blockchain.
 Once recorded on the blockchain and confirmed by sufficient
subsequent blocks (confirmations), the transaction is a permanent
part of the bitcoin ledger and is accepted as valid by all
participants.
03-03-2023

164. TRANSACTION LIFECYCLE
 The funds allocated to a new owner by the transaction can then be
spent in a new transaction, extending the chain of ownership and
beginning the lifecycle of a transaction again.
 The Steps involved in Transaction Lifecycle are,
1. Creating Transactions,
2. Broadcasting Transactions to the Bitcoin Network, and
3. Propagating Transactions on the Bitcoin Network.
03-03-2023

165. TRANSACTION STRUCTURE
 A transaction is a data structure that encodes a transfer of value
from a source of funds, called an input, to a destination, called an
output.
 Transaction inputs and outputs are not related to accounts or
identities.
 The Structure of transaction contains a number of fields, as shown
in table below
03-03-2023

166. TRANSACTION OUTPUTS AND INPUTS
Transaction Locktime
 Locktime defines the earliest time that a transaction can be added to
the blockchain. It is set to zero in most transactions to indicate
immediate execution.
Transaction Outputs and Inputs
 The fundamental building block of a bitcoin transaction is an unspent
transaction output, or UTXO.
 UTXO are indivisible chunks of bitcoin currency locked to a specific
owner, recorded on the blockchain, and recognized as currency units
by the entire network.
03-03-2023

167. TRANSACTION OUTPUTS AND INPUTS
 The bitcoin network tracks all available (unspent) UTXO currently
numbering in the millions.
 Whenever a user receives bitcoin, that amount is recorded within the
blockchain as a UTXO.
 There are no accounts or balances in bitcoin; there are only unspent
transaction outputs (UTXO) scattered in the blockchain.
 The UTXO consumed by a transaction are called transaction
inputs, and the UTXO created by a transaction are called
transaction outputs.
 This way, chunks of bitcoin value move forward from owner to owner
in a chain of transactions consuming and creating UTXO.
03-03-2023

168. TRANSACTION OUTPUTS AND INPUTS
 Transactions consume UTXO by unlocking it with the signature of the
current owner and create UTXO by locking it to the bitcoin address of
the new owner.
 The exception to the output and input chain is a special type of
transaction called the coinbase transaction, which is the first
transaction in each block.
 This transaction is placed there by the “winning” miner and creates
brand-new bitcoin payable to that miner as a reward for mining.
 This is how bitcoin’s money supply is created during the mining
process.
03-03-2023

169. TRANSACTION OUTPUTS AND INPUTS
 What comes first? Inputs or outputs, the chicken or the egg? Strictly
speaking, outputs come first because coinbase transactions, which
generate new bitcoin, have no inputs and create outputs from
nothing.
Transaction Outputs
 Every bitcoin transaction creates outputs, which are recorded on the
bitcoin ledger.
 Transaction outputs consist of two parts:
 An amount of bitcoin, denominated in satoshis, the smallest
bitcoin unit
 A locking script, also known as an “encumbrance” that
“locks” this amount by specifying the conditions that must be
met to spend the output
03-03-2023

170. TRANSACTION OUTPUTS AND INPUTS
 The structure of a transaction output is shown below,
03-03-2023
 We use the blockchain.info API to find the unspent outputs (UTXO) of a
specific address.
Transaction Inputs
 In simple terms, transaction inputs are pointers to UTXO.
 They point to a specific UTXO by reference to the transaction hash and
sequence number where the UTXO is recorded in the blockchain.
 To spend UTXO, a transaction input also includes unlocking scripts that
satisfy the spending conditions set by the UTXO.
 The unlocking script is usually a signature proving ownership of the bitcoin
address that is in the locking script.

171. TRANSACTION OUTPUTS AND INPUTS
 The structure of a transaction input is shown below,
03-03-2023
Transaction Fees
 Most transactions include transaction fees, which compensate the bitcoin
miners for securing the network.
 Transaction fees serve as an incentive to include (mine) a transaction into
the next block and also as a disincentive against “spam” transactions or
any kind of abuse of the system, by imposing a small cost on every
transaction.

172. TRANSACTION FEES
 Transaction fees are collected by the miner who mines the block that
records the transaction on the blockchain.
 Transaction fees are calculated based on the size of the transaction
in kilobytes, not the value of the transaction in bitcoin.
 Overall, transaction fees are set based on market forces within the
bitcoin network.
 Miners prioritize transactions based on many different criteria,
including fees, and might even process transactions for free under
certain circumstances.
 Transaction fees are not mandatory, and transactions without fees
might be processed eventually; however, including transaction fees
encourages priority processing.
03-03-2023

173. TRANSACTION FEES
Adding Fees to Transactions
 The data structure of transactions does not have a field for fees.
 Instead, fees are implied as the difference between the sum of
inputs and the sum of outputs.
 Any excess amount that remains after all outputs have been
deducted from all inputs is the fee that is collected by the miners.
 Transaction fees are implied, as the excess of inputs minus outputs:
Fees = Sum(Inputs) – Sum(Outputs)
 Wallet application will calculate the appropriate fee by measuring the
size of the transaction and multiplying that by the per-kilobyte fee.
 Many wallets will overpay fees for larger transactions to ensure the
transaction is processed promptly.
03-03-2023

174. TRANSACTION CHAINING AND ORPHAN TRANSACTIONS
Transaction Chaining and Orphan Transactions
 Transactions form a chain, whereby one transaction spends the
outputs of the previous transaction (known as the parent) and
creates outputs for a subsequent transaction (known as the child).
 Sometimes an entire chain of transactions depending on each
other—say a parent, child, and grandchild transaction—are created
at the same time, to fulfill a complex transactional workflow that
requires valid children to be signed before the parent is signed.
 For example, this is a technique used in CoinJoin transactions where
multiple parties join transactions together to protect their privacy.
03-03-2023

175. TRANSACTION CHAINING AND ORPHAN TRANSACTIONS
 When a chain of transactions is transmitted across the network, they
don’t always arrive in the same order.
 Sometimes, the child might arrive before the parent.
 In that case, the nodes that see a child first can see that it references
a parent transaction that is not yet known.
 Rather than reject the child, they put it in a temporary pool to await
the arrival of its parent and propagate it to every other node.
03-03-2023

176. TRANSACTION CHAINING AND ORPHAN TRANSACTIONS
 The pool of transactions without parents is known as the orphan
transaction pool.
 Once the parent arrives, any orphans that reference the UTXO
created by the parent are released from the pool, revalidated
recursively, and then the entire chain of transactions can be included
in the transaction pool, ready to be mined in a block.
 Transaction chains can be arbitrarily long, with any number of
generations transmitted simultaneously
03-03-2023

177. TRANSACTION SCRIPT
Transaction Scripts and Script Language
 Bitcoin clients validate transactions by executing a script, written in a
Forth-like scripting language.
 Both the locking script (encumbrance) placed on a UTXO and the un‐
locking script that usually contains a signature are written in this
scripting language.
 When a transaction is validated, the unlocking script in each input is
executed alongside the corresponding locking script to see if it
satisfies the spending condition.
 Bitcoin transaction validation is not based on a static pattern, but
instead is achieved through the execution of a scripting language.
03-03-2023

178. TRANSACTION SCRIPT
 Bitcoin’s transaction validation engine relies on two types of scripts to
validate transactions: a locking script and an unlocking script.
 A locking script is an encumbrance placed on an output, and it
specifies the conditions that must be met to spend the output in the
future.
 Historically, the locking script was called a scriptPubKey, because it
usually contained a public key or bitcoin address.
 An unlocking script is a script that “solves,” or satisfies, the
conditions placed on an output by a locking script and allows the
output to be spent.
 Unlocking scripts are part of every transaction input, and most of the
time they contain a digital signature produced by the user’s wallet
from his or her private key.
03-03-2023

179. SCRIPTING LANGUAGE
Scripting Language
 The bitcoin transaction script language, called Script, is a Forth-like
reverse-polish notation stack-based execution language.
 Script is a very simple language that was designed to be limited in
scope and executable on a range of hardware, perhaps as simple as
an embedded device, such as a handheld calculator.
 It requires minimal processing and cannot do many of the fancy
things modern programming languages can do.
 Bitcoin’s scripting language is called a stack-based language
because it uses a data structure called a stack.
 A stack is a very simple data structure, which can be visualized as a
stack of cards.
03-03-2023

180. SCRIPTING LANGUAGE
 A stack allows two operations: push and pop.
 Push adds an item on top of the stack.
 Pop removes the top item from the stack.
 The scripting language executes the script by processing each item
from left to right.
 Numbers (data constants) are pushed onto the stack.
 Operators push or pop one or more parameters from the stack, act
on them, and might push a result onto the stack.
 Step by Step example of Bitcoin’s script validation doing simple math
is given below,
03-03-2023

181. 03-03-2023

182. STANDARD TRANSACTIONS
STANDARD TRANSACTIONS
 In the first few years of bitcoin’s development, the developers
introduced some limitations in the types of scripts that could be
processed by the reference client.
 These limitations are encoded in a function called isStandard(),
which defines five types of “standard” transactions.
 The five standard types of transaction scripts are,
1. pay-to-public-key-hash (P2PKH),
2. pay-to-public-key,
3. multi-signature (limited to 15 keys),
4. pay-to-script-hash (P2SH), and
5. data output (OP_RETURN).
 The five standard types of transaction scripts are the only ones that will be
accepted by the reference client and most miners who run the reference
client.
03-03-2023

183. STANDARD TRANSACTIONS
1. pay-to-public-key-hash (P2PKH)
 The vast majority of transactions processed on the bitcoin network
are P2PKH transactions.
 These contain a locking script that encumbers the output with a
public key hash, more commonly known as a bitcoin address.
 Transactions that pay a bitcoin address contain P2PKH scripts.
 An output locked by a P2PKH script can be unlocked (spent) by
presenting a public key and a digital signature created by the
corresponding private key.
03-03-2023

184. STANDARD TRANSACTIONS
2. pay-to-public-key
 pay-to-public-key is a simpler form of a bitcoin payment than
pay-to-public-key-hash.
 With this script form, the public key itself is stored in the locking
script, rather than a public-key-hash as with P2PKH earlier, which is
much shorter.
 Pay-to-public-key-hash was invented by Satoshi to make bitcoin
addresses shorter, for ease of use.
 Pay-to-public key is now most often seen in coinbase transactions,
generated by older mining software that has not been updated to use
P2PKH.
03-03-2023

185. STANDARD TRANSACTIONS
3. multi-signature (limited to 15 keys)
 Multi-signature scripts set a condition where N public keys are
recorded in the script and at least M of those must provide signatures
to release the encumbrance.
 This is also known as an M-of-N scheme, where N is the total
number of keys and M is the threshold of signatures required for
validation.
 For example, a 2-of-3 multi-signature is one where three public keys
are listed as potential signers and at least two of those must be used
to create signatures for a valid transaction to spend the funds.
 At this time, standard multi-signature scripts are limited to at most 15
listed public keys, meaning you can do anything from a 1-of-1 to a
15-of-15 multi-signature or any combination within that range.
03-03-2023

186. STANDARD TRANSACTIONS
4. pay-to-script-hash (P2SH)
 Pay-to-script-hash (P2SH) was introduced in 2012 as a powerful
new type of transaction that greatly simplifies the use of complex
transaction scripts.
 Pay-to-script-hash (P2SH) was developed to resolve these practical
difficulties of multi-signature and to make the use of complex scripts
as easy as a payment to a bitcoin address.
 With P2SH payments, the complex locking script is replaced with its
digital fingerprint, a cryptographic hash.
 In simple terms, P2SH means “pay to a script matching this hash,
a script that will be presented later when this output is spent.”
03-03-2023

187. STANDARD TRANSACTIONS
4. pay-to-script-hash (P2SH)
i. Pay-to-script-hash addresses
 Another important part of the P2SH feature is the ability to encode a
script hash as an address, as defined in BIP0013.
 P2SH addresses are Base58Check encodings of the 20 byte hash
of a script, just like bitcoin addresses are Base58Check encodings of
the 20- byte hash of a public key.
 P2SH addresses use the version prefix “5”, which results in
Base58Check-encoded addresses that start with a “3”
03-03-2023

188. STANDARD TRANSACTIONS
4. pay-to-script-hash (P2SH)
ii. Benefits of pay-to-script-hash
 The pay-to-script-hash feature offers the following benefits
compared to the direct use of complex scripts in locking outputs:
 Complex scripts are replaced by shorter fingerprints in the
transaction output, making the transaction smaller.
 Scripts can be coded as an address, so the sender and the
sender’s wallet don’t need complex engineering to implement
P2SH.
 P2SH shifts the burden of constructing the script to the recipient,
not the sender.
03-03-2023

189. STANDARD TRANSACTIONS
4. pay-to-script-hash (P2SH)
ii. Benefits of pay-to-script-hash
 P2SH shifts the burden in data storage for the long script from the
output (which is in the UTXO set and therefore affect memory) to
the input (only stored on the blockchain).
 P2SH shifts the burden in data storage for the long script from the
present time (payment) to a future time (when it is spent).
 P2SH shifts the transaction fee cost of a long script from the
sender to the recipient, who has to include the long redeem script
to spend it.
03-03-2023

190. STANDARD TRANSACTIONS
5. data output (OP_RETURN)
 Bitcoin’s distributed and timestamped ledger, the blockchain, has
potential uses far beyond payments.
 Many developers have tried to use the transaction scripting language
to take advantage of the security and resilience of the system for
applications such as digital notary services, stock certificates,
and smart contracts.
 Early attempts to use bitcoin’s script language for these purposes
involved creating transaction outputs that recorded data on the
blockchain; for example, to record a digital fingerprint of a file in
such a way that anyone could establish proof-of-existence of that file
on a specific date by reference to that transaction.
03-03-2023

191. STANDARD TRANSACTIONS
5. data output (OP_RETURN)
 OP_RETURN allows developers to add 40 bytes of non‐payment
data to a transaction output.
 However, unlike the use of “fake” UTXO, the OP_RETURN operator
creates an explicitly provably unspendable output, which does not
need to be stored in the UTXO set.
 OP_RETURN outputs are recorded on the blockchain, so they
consume disk space and contribute to the increase in the
blockchain’s size, but they are not stored in the UTXO set and
therefore do not bloat the UTXO memory pool and burden full nodes
with the cost of more expensive RAM.
03-03-2023

192. STANDARD TRANSACTIONS
5. data output (OP_RETURN)
 The data portion is limited to 40 bytes and most often represents a
hash, such as the output from the SHA256 algorithm (32 bytes).
 Many applications put a prefix in front of the data to help identify the
application.
 For example, the Proof of Existence digital notarization service uses
the 8-byte prefix “DOCPROOF,” which is ASCII encoded as
44f4350524f4f46 in hexadecimal.
 A standard transaction (one that conforms to the isStandard()
checks) can have only one OP_RETURN output.
03-03-2023