NO
Uploaded byN. P. O'Donnell
PPTX, PDF143 views

Bitcoin fundamentals

The document provides a comprehensive overview of Bitcoin fundamentals, focusing on the structure and functionality of its blockchain. It defines key components like blocks, transactions, and addresses while emphasizing Bitcoin's status as the first and most secure blockchain. The document also touches on the relationship between private keys, public keys, and Bitcoin addresses.

Embed presentation

Download to read offline
1 / 266
2 / 266
3 / 266
4 / 266
5 / 266
6 / 266
7 / 266
8 / 266
9 / 266
10 / 266
11 / 266
12 / 266
13 / 266
14 / 266
15 / 266
16 / 266
17 / 266
18 / 266
19 / 266
20 / 266
21 / 266
22 / 266
23 / 266
24 / 266
25 / 266
26 / 266
27 / 266
28 / 266
29 / 266
30 / 266
31 / 266
32 / 266
33 / 266
34 / 266
35 / 266
36 / 266
37 / 266
38 / 266
39 / 266
40 / 266
41 / 266
42 / 266
43 / 266
44 / 266
45 / 266
46 / 266
47 / 266
48 / 266
49 / 266
50 / 266
51 / 266
52 / 266
53 / 266
54 / 266
55 / 266
56 / 266
57 / 266
58 / 266
59 / 266
60 / 266
61 / 266
62 / 266
63 / 266
64 / 266
65 / 266
66 / 266
67 / 266
68 / 266
69 / 266
70 / 266
71 / 266
72 / 266
73 / 266
74 / 266
75 / 266
76 / 266
77 / 266
78 / 266
79 / 266
80 / 266
81 / 266
82 / 266
83 / 266
84 / 266
85 / 266
86 / 266
87 / 266
88 / 266
89 / 266
90 / 266
91 / 266
92 / 266
93 / 266
94 / 266
95 / 266
96 / 266
97 / 266
98 / 266
99 / 266
100 / 266
101 / 266
102 / 266
103 / 266
104 / 266
105 / 266
106 / 266
107 / 266
108 / 266
109 / 266
110 / 266
111 / 266
112 / 266
113 / 266
114 / 266
115 / 266
116 / 266
117 / 266
118 / 266
119 / 266
120 / 266
121 / 266
122 / 266
123 / 266
124 / 266
125 / 266
126 / 266
127 / 266
128 / 266
129 / 266
130 / 266
131 / 266
132 / 266
133 / 266
134 / 266
135 / 266
136 / 266
137 / 266
138 / 266
139 / 266
140 / 266
141 / 266
142 / 266
143 / 266
144 / 266
145 / 266
146 / 266
147 / 266
148 / 266
149 / 266
150 / 266
151 / 266
152 / 266
153 / 266
154 / 266
155 / 266
156 / 266
157 / 266
158 / 266
159 / 266
160 / 266
161 / 266
162 / 266
163 / 266
164 / 266
165 / 266
166 / 266
167 / 266
168 / 266
169 / 266
170 / 266
171 / 266
172 / 266
173 / 266
174 / 266
175 / 266
176 / 266
177 / 266
178 / 266
179 / 266
180 / 266
181 / 266
182 / 266
183 / 266
184 / 266
185 / 266
186 / 266
187 / 266
188 / 266
189 / 266
190 / 266
191 / 266
192 / 266
193 / 266
194 / 266
195 / 266
196 / 266
197 / 266
198 / 266
199 / 266
200 / 266
201 / 266
202 / 266
203 / 266
204 / 266
205 / 266
206 / 266
207 / 266
208 / 266
209 / 266
210 / 266
211 / 266
212 / 266
213 / 266
214 / 266
215 / 266
216 / 266
217 / 266
218 / 266
219 / 266
220 / 266
221 / 266
222 / 266
223 / 266
224 / 266
225 / 266
226 / 266
227 / 266
228 / 266
229 / 266
230 / 266
231 / 266
232 / 266
233 / 266
234 / 266
235 / 266
236 / 266
237 / 266
238 / 266
239 / 266
240 / 266
241 / 266
242 / 266
243 / 266
244 / 266
245 / 266
246 / 266
247 / 266
248 / 266
249 / 266
250 / 266
251 / 266
252 / 266
253 / 266
254 / 266
255 / 266
256 / 266
257 / 266
258 / 266
259 / 266
260 / 266
261 / 266
262 / 266
263 / 266
264 / 266
265 / 266
266 / 266
Bitcoin Fundamentals N. P. O'DONNELL, MAYNOOTH UNIVERSITY
Topics Covered
Topics Covered •Blockchain
Topics Covered •Blockchain •Blocks
Topics Covered •Blockchain •Blocks •Keys & Addresses
Topics Covered •Blockchain •Blocks •Keys & Addresses •Scripting
Topics Covered •Blockchain •Blocks •Keys & Addresses •Scripting •Transactions
Topics Covered •Blockchain •Blocks •Keys & Addresses •Scripting •Transactions •Proof-Of-Work & Mining
Topics Covered •Blockchain •Blocks •Keys & Addresses •Scripting •Transactions •Proof-Of-Work & Mining •Attacks
Topics Covered •Blockchain •Blocks •Keys & Addresses •Scripting •Transactions •Proof-Of-Work & Mining •Attacks •Quantum Computing Threats ?
Blockchain BITCOIN FUNDAMENTALS N. P. O'DONNELL, MAYNOOTH UNIVERSITY
What Is A Blockchain? Several Definitions:
What Is A Blockchain? Several Definitions: •Over-used buzzword that many people don't understand
What Is A Blockchain? Several Definitions: •Over-used buzzword that many people don't understand •A very slow database
What Is A Blockchain? Several Definitions: •Over-used buzzword that many people don't understand •A very slow database •A database that can't be tampered with
What Is A Blockchain? Several Definitions: •Over-used buzzword that many people don't understand •A very slow database •A database that can't be tampered with •An append-only database
What Is A Blockchain? Several Definitions: •Over-used buzzword that many people don't understand •A very slow database •A database that can't be tampered with •An append-only database •A cryptographically verified database
What Is A Blockchain? Several Definitions: •Over-used buzzword that many people don't understand •A very slow database •A database that can't be tampered with •An append-only database •A cryptographically verified database •A chain of blocks
What Is A Blockchain? Several Definitions: •Over-used buzzword that many people don't understand •A very slow database •A database that can't be tampered with •An append-only database •A cryptographically verified database •An immutable, append-only, hashed, cryptographically verified, singly-linked chain of blocks
What about Bitcoin's blockchain? Since "blockchain" is an overloaded term, let's examine Bitcoin's blockchain alone, since it certainly fits the description.
What about Bitcoin's blockchain? Since "blockchain" is an overloaded term, let's examine Bitcoin's blockchain alone, since it certainly fits the description. •World's first blockchain (and always will be)
What about Bitcoin's blockchain? Since "blockchain" is an overloaded term, let's examine Bitcoin's blockchain alone, since it certainly fits the description. •World's first blockchain (and always will be) •World's most secure blockchain I.e. highest hash rate
What about Bitcoin's blockchain? Since "blockchain" is an overloaded term, let's examine Bitcoin's blockchain alone, since it certainly fits the description. •World's first blockchain (and always will be) •World's most secure blockchain I.e. highest hash rate •World's most famous blockchain
What about Bitcoin's blockchain? Since "blockchain" is an overloaded term, let's examine Bitcoin's blockchain alone, since it certainly fits the description. •World's first blockchain (and always will be) •World's most secure blockchain I.e. highest hash rate •World's most famous blockchain •Not the biggest blockchain (Ethereum is far bigger)
What about Bitcoin's blockchain? Since "blockchain" is an overloaded term, let's examine Bitcoin's blockchain alone, since it certainly fits the description. •World's first blockchain (and always will be) •World's most secure blockchain I.e. highest hash rate •World's most famous blockchain •Not the biggest blockchain (Ethereum is far bigger) •Each block contains block header plus N transactions where 0 ≤ N
What about Bitcoin's blockchain? Since "blockchain" is an overloaded term, let's examine Bitcoin's blockchain alone, since it certainly fits the description. •World's first blockchain (and always will be) •World's most secure blockchain I.e. highest hash rate •World's most famous blockchain •Not the biggest blockchain (Ethereum is far bigger) •Each block contains block header plus N transactions where 0 ≤ N •Each block is limited to 1MB*
What about Bitcoin's blockchain? Since "blockchain" is an overloaded term, let's examine Bitcoin's blockchain alone, since it certainly fits the description. •World's first blockchain (and always will be) •World's most secure blockchain I.e. highest hash rate •World's most famous blockchain •Not the biggest blockchain (Ethereum is far bigger) •Each block contains block header plus N transactions where 0 ≤ N •Each block is limited to 1MB* •New block generated every 10 minutes**
What about Bitcoin's blockchain? Since "blockchain" is an overloaded term, let's examine Bitcoin's blockchain alone, since it certainly fits the description. •World's first blockchain (and always will be) •World's most secure blockchain I.e. highest hash rate •World's most famous blockchain •Not the biggest blockchain (Ethereum is far bigger) •Each block contains block header plus N transactions where 0 ≤ N •Each block is limited to 1MB* •New block generated every 10 minutes** * Technically not true anymore, but block size still has a small, hard limit ** On average
What about Bitcoin's blockchain? HashMerkleRoot Block 0 HashPrevBlock HashMerkleRoot Block 1 HashPrevBlock HashMerkleRoot Block 2 HashPrevBlock HashMerkleRoot Block 3 The Times 03/Jan/2009 Chancellor on brink of second bailout for banks
Blocks BITCOIN FUNDAMENTALS N. P. O'DONNELL, MAYNOOTH UNIVERSITY
Structure Of A Bitcoin Block Each Bitcoin block consists of:
Structure Of A Bitcoin Block Each Bitcoin block consists of: • Magic Number – Used to identify block as a bitcoin block. No cryptographic significance
Structure Of A Bitcoin Block Each Bitcoin block consists of: • Magic Number – Used to identify block as a bitcoin block. No cryptographic significance • Block Size
Structure Of A Bitcoin Block Each Bitcoin block consists of: • Magic Number – Used to identify block as a bitcoin block. No cryptographic significance • Block Size • Block header
Structure Of A Bitcoin Block Each Bitcoin block consists of: • Magic Number – Used to identify block as a bitcoin block. No cryptographic significance • Block Size • Block header • Transaction counter
Structure Of A Bitcoin Block Each Bitcoin block consists of: • Magic Number – Used to identify block as a bitcoin block. No cryptographic significance • Block Size • Block header • Transaction counter • The transactions themselves
Structure Of A Bitcoin Block Each Bitcoin block consists of: • Magic Number – Used to identify block as a bitcoin block. No cryptographic significance • Block Size • Block header • Transaction counter • The transactions themselvesEach Bitcoin block contains a block header. This is what is hashed and gives rise to the blockchain. The transactions themselves are not hashed, only the merkle root of the transactions. So technically it's a blockheader chain. Each block header contains:
Structure Of A Bitcoin Block Each Bitcoin block consists of: • Magic Number – Used to identify block as a bitcoin block. No cryptographic significance • Block Size • Block header • Transaction counter • The transactions themselvesEach Bitcoin block contains a block header. This is what is hashed and gives rise to the blockchain. The transactions themselves are not hashed, only the merkle root of the transactions. So technically it's a blockheader chain. Each block header contains: • Version
Structure Of A Bitcoin Block Each Bitcoin block consists of: • Magic Number – Used to identify block as a bitcoin block. No cryptographic significance • Block Size • Block header • Transaction counter • The transactions themselvesEach Bitcoin block contains a block header. This is what is hashed and gives rise to the blockchain. The transactions themselves are not hashed, only the merkle root of the transactions. So technically it's a blockheader chain. Each block header contains: • Version • HashPrevBlock – Hash of the previous block's header
Structure Of A Bitcoin Block Each Bitcoin block consists of: • Magic Number – Used to identify block as a bitcoin block. No cryptographic significance • Block Size • Block header • Transaction counter • The transactions themselvesEach Bitcoin block contains a block header. This is what is hashed and gives rise to the blockchain. The transactions themselves are not hashed, only the merkle root of the transactions. So technically it's a blockheader chain. Each block header contains: • Version • HashPrevBlock – Hash of the previous block's header • HashMerkleRoot – Hash of the merkle root of the transactions in this block. Just think of it as a hash of all the transactions treated as one blob of data
Structure Of A Bitcoin Block Each Bitcoin block consists of: • Magic Number – Used to identify block as a bitcoin block. No cryptographic significance • Block Size • Block header • Transaction counter • The transactions themselvesEach Bitcoin block contains a block header. This is what is hashed and gives rise to the blockchain. The transactions themselves are not hashed, only the merkle root of the transactions. So technically it's a blockheader chain. Each block header contains: • Version • HashPrevBlock – Hash of the previous block's header • HashMerkleRoot – Hash of the merkle root of the transactions in this block. Just think of it as a hash of all the transactions treated as one blob of data • Time
Structure Of A Bitcoin Block Each Bitcoin block consists of: • Magic Number – Used to identify block as a bitcoin block. No cryptographic significance • Block Size • Block header • Transaction counter • The transactions themselvesEach Bitcoin block contains a block header. This is what is hashed and gives rise to the blockchain. The transactions themselves are not hashed, only the merkle root of the transactions. So technically it's a blockheader chain. Each block header contains: • Version • HashPrevBlock – Hash of the previous block's header • HashMerkleRoot – Hash of the merkle root of the transactions in this block. Just think of it as a hash of all the transactions treated as one blob of data • Time • Bits – Current difficulty target (more on this later)
Structure Of A Bitcoin Block Each Bitcoin block consists of: • Magic Number – Used to identify block as a bitcoin block. No cryptographic significance • Block Size • Block header • Transaction counter • The transactions themselvesEach Bitcoin block contains a block header. This is what is hashed and gives rise to the blockchain. The transactions themselves are not hashed, only the merkle root of the transactions. So technically it's a blockheader chain. Each block header contains: • Version • HashPrevBlock – Hash of the previous block's header • HashMerkleRoot – Hash of the merkle root of the transactions in this block. Just think of it as a hash of all the transactions treated as one blob of data • Time • Bits – Current difficulty target (more on this later) • Nonce – Related to mining (more on this later)
Keys & Addresses BITCOIN FUNDAMENTALS N. P. O'DONNELL, MAYNOOTH UNIVERSITY
Keys & Addresses
Keys & Addresses P2PKH bitcoin address
Keys & Addresses What is a Bitcoin address? Is it just a random string of characters?
Keys & Addresses What is a Bitcoin address? Is it just a random string of characters? Answer: No
Keys & Addresses What is a Bitcoin address? Is it just a random string of characters? Answer: No Each address is derived from a public key.
Keys & Addresses What is a Bitcoin address? Is it just a random string of characters? Answer: No Each address is derived from a public key. Each public key is derived from a private key.
Keys & Addresses What is a Bitcoin address? Is it just a random string of characters? Answer: No Each address is derived from a public key. Each public key is derived from a private key. Private Key Public Key Address
Keys & Addresses What is a Bitcoin address? Is it just a random string of characters? Answer: No Each address is derived from a public key. Each public key is derived from a private key. Private Key Public Key Address Private Key Public Key Address
Keys & Addresses
Keys & Addresses Private Key: 0x69bc69641bd3111e47d55c40b8f1e912577c78edabb1c8ca5d2907bff7a93097
Keys & Addresses Private Key: 0x69bc69641bd3111e47d55c40b8f1e912577c78edabb1c8ca5d2907bff7a93097 Private key is just a random number between 0 and 2256 - 232 - 29 - 28 - 27 - 26 - 24 – 1
Keys & Addresses Private Key: 0x69bc69641bd3111e47d55c40b8f1e912577c78edabb1c8ca5d2907bff7a93097 Private key is just a random number between 0 and 2256 - 232 - 29 - 28 - 27 - 26 - 24 – 1 Generator point: 0x0279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798
Keys & Addresses Private Key: 0x69bc69641bd3111e47d55c40b8f1e912577c78edabb1c8ca5d2907bff7a93097 Private key is just a random number between 0 and 2256 - 232 - 29 - 28 - 27 - 26 - 24 – 1 Generator point: 0x0279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798 To get the unique public key for this private key, we add the generator point to itself private key times.
Keys & Addresses Private Key: 0x69bc69641bd3111e47d55c40b8f1e912577c78edabb1c8ca5d2907bff7a93097 Private key is just a random number between 0 and 2256 - 232 - 29 - 28 - 27 - 26 - 24 – 1 Generator point: 0x0279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798 To get the unique public key for this private key, we add the generator point to itself private key times. Public key: 0x0380864b7759a43923d2d0c99b142843fc306199a94995e55cb204d9a91fa09feb
Keys & Addresses Private Key: 0x69bc69641bd3111e47d55c40b8f1e912577c78edabb1c8ca5d2907bff7a93097 Private key is just a random number between 0 and 2256 - 232 - 29 - 28 - 27 - 26 - 24 – 1 Generator point: 0x0279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798 To get the unique public key for this private key, we add the generator point to itself private key times. Public key: 0x0380864b7759a43923d2d0c99b142843fc306199a94995e55cb204d9a91fa09feb PubkeyHash = SHA256(RipeMD160(Public Key)) = 0xd8e5899f2589b7fa9df2513bf2366d2031f2d478
Keys & Addresses Private Key: 0x69bc69641bd3111e47d55c40b8f1e912577c78edabb1c8ca5d2907bff7a93097 Private key is just a random number between 0 and 2256 - 232 - 29 - 28 - 27 - 26 - 24 – 1 Generator point: 0x0279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798 To get the unique public key for this private key, we add the generator point to itself private key times. Public key: 0x0380864b7759a43923d2d0c99b142843fc306199a94995e55cb204d9a91fa09feb PubkeyHash = SHA256(RipeMD160(Public Key)) = 0xd8e5899f2589b7fa9df2513bf2366d2031f2d478 VersionByte (0x00) | PubkeyHash = 0x00d8e5899f2589b7fa9df2513bf2366d2031f2d478
Keys & Addresses Private Key: 0x69bc69641bd3111e47d55c40b8f1e912577c78edabb1c8ca5d2907bff7a93097 Private key is just a random number between 0 and 2256 - 232 - 29 - 28 - 27 - 26 - 24 – 1 Generator point: 0x0279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798 To get the unique public key for this private key, we add the generator point to itself private key times. Public key: 0x0380864b7759a43923d2d0c99b142843fc306199a94995e55cb204d9a91fa09feb PubkeyHash = SHA256(RipeMD160(Public Key)) = 0xd8e5899f2589b7fa9df2513bf2366d2031f2d478 VersionByte (0x00) | PubkeyHash = 0x00d8e5899f2589b7fa9df2513bf2366d2031f2d478 SHA2562(VersionByte | PubkeyHash)[:4] (Checksum) = 0x08c131a4
Keys & Addresses Private Key: 0x69bc69641bd3111e47d55c40b8f1e912577c78edabb1c8ca5d2907bff7a93097 Private key is just a random number between 0 and 2256 - 232 - 29 - 28 - 27 - 26 - 24 – 1 Generator point: 0x0279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798 To get the unique public key for this private key, we add the generator point to itself private key times. Public key: 0x0380864b7759a43923d2d0c99b142843fc306199a94995e55cb204d9a91fa09feb PubkeyHash = SHA256(RipeMD160(Public Key)) = 0xd8e5899f2589b7fa9df2513bf2366d2031f2d478 VersionByte (0x00) | PubkeyHash = 0x00d8e5899f2589b7fa9df2513bf2366d2031f2d478 SHA2562(VersionByte | PubkeyHash)[:4] (Checksum) = 0x08c131a4 VersionByte | PubkeyHash | Checksum = 0x00d8e5899f2589b7fa9df2513bf2366d2031f2d47808c131a4
Keys & Addresses Private Key: 0x69bc69641bd3111e47d55c40b8f1e912577c78edabb1c8ca5d2907bff7a93097 Private key is just a random number between 0 and 2256 - 232 - 29 - 28 - 27 - 26 - 24 – 1 Generator point: 0x0279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798 To get the unique public key for this private key, we add the generator point to itself private key times. Public key: 0x0380864b7759a43923d2d0c99b142843fc306199a94995e55cb204d9a91fa09feb PubkeyHash = SHA256(RipeMD160(Public Key)) = 0xd8e5899f2589b7fa9df2513bf2366d2031f2d478 VersionByte (0x00) | PubkeyHash = 0x00d8e5899f2589b7fa9df2513bf2366d2031f2d478 SHA2562(VersionByte | PubkeyHash)[:4] (Checksum) = 0x08c131a4 VersionByte | PubkeyHash | Checksum = 0x00d8e5899f2589b7fa9df2513bf2366d2031f2d47808c131a4 Base58CheckEncode(0x00d8e5899f2589b7fa9df2513bf2366d2031f2d47808c131a4) = 1LmqvzD5KgNs1a8tcibuiNNM1MfZxLr5pw
Scripting BITCOIN FUNDAMENTALS N. P. O'DONNELL, MAYNOOTH UNIVERSITY
Script
Script • Bitcoin comes with its own scripting language called "script"
Script • Bitcoin comes with its own scripting language called "script" • Script is used to lock and unlock funds
Script • Bitcoin comes with its own scripting language called "script" • Script is used to lock and unlock funds • All bitcoin transactions must use script. There is no other way to lock/unlock funds
Script • Bitcoin comes with its own scripting language called "script" • Script is used to lock and unlock funds • All bitcoin transactions must use script. There is no other way to lock/unlock funds • Script is non-turing-complete, which means it has no loops
Script • Bitcoin comes with its own scripting language called "script" • Script is used to lock and unlock funds • All bitcoin transactions must use script. There is no other way to lock/unlock funds • Script is non-turing-complete, which means it has no loops • Script is a stack-based language which runs in (what some people call) a VM
Script • Bitcoin comes with its own scripting language called "script" • Script is used to lock and unlock funds • All bitcoin transactions must use script. There is no other way to lock/unlock funds • Script is non-turing-complete, which means it has no loops • Script is a stack-based language which runs in (what some people call) a VM • VM is basically a giant switch statement (EvalScript in src/script/interpreter.cpp)
Script • Bitcoin comes with its own scripting language called "script" • Script is used to lock and unlock funds • All bitcoin transactions must use script. There is no other way to lock/unlock funds • Script is non-turing-complete, which means it has no loops • Script is a stack-based language which runs in (what some people call) a VM • VM is basically a giant switch statement (EvalScript in src/script/interpreter.cpp) • Giant switch statement is about 800 lines of C++
Script • Bitcoin comes with its own scripting language called "script" • Script is used to lock and unlock funds • All bitcoin transactions must use script. There is no other way to lock/unlock funds • Script is non-turing-complete, which means it has no loops • Script is a stack-based language which runs in (what some people call) a VM • VM is basically a giant switch statement (EvalScript in src/script/interpreter.cpp) • Giant switch statement is about 800 lines of C++ • Consensus-critical code !!!
Script Let's run a script!
Script Interpreter Stack OP_3 OP_5 OP_ADD OP_8 OP_EQUAL
Script Interpreter Stack OP_3 OP_5 OP_ADD OP_8 OP_EQUAL 3
Script Interpreter Stack OP_3 OP_5 OP_ADD OP_8 OP_EQUAL 5 3
Script Interpreter Stack OP_3 OP_5 OP_ADD OP_8 OP_EQUAL ADD 5 3
Script Interpreter Stack OP_3 OP_5 OP_ADD OP_8 OP_EQUAL 8
Script Interpreter Stack OP_3 OP_5 OP_ADD OP_8 OP_EQUAL 8 8
Script Interpreter Stack OP_3 OP_5 OP_ADD OP_8 OP_EQUAL OP_EQUAL 8 8
Script Interpreter Stack OP_3 OP_5 OP_ADD OP_8 OP_EQUAL TRUE
Transactions BITCOIN FUNDAMENTALS N. P. O'DONNELL, MAYNOOTH UNIVERSITY
Transactions
Transactions Each transaction contains 1 or more inputs and 1 or more outputs.
Transactions
Transactions • Each input contains a reference to exactly one output in a previous transaction.
Transactions • Each input contains a reference to exactly one output in a previous transaction. • This is known as an "outpoint".
Transactions • Each input contains a reference to exactly one output in a previous transaction. • This is known as an "outpoint". • Each input also contains a script.
Transactions • Each input contains a reference to exactly one output in a previous transaction. • This is known as an "outpoint". • Each input also contains a script.
Transactions • Each output contains a value in satoshis. (1 satoshi = 10-8BTC) • Each input contains a reference to exactly one output in a previous transaction. • This is known as an "outpoint". • Each input also contains a script.
Transactions • Each output contains a value in satoshis. (1 satoshi = 10-8BTC) • Each output also contains a script • Each input contains a reference to exactly one output in a previous transaction. • This is known as an "outpoint". • Each input also contains a script.
Transactions
Transactions • In a transaction, a scriptSig from a TxIn (input) is contatenated with a scriptPubKey from a TxOut (output) to form a full script.
Transactions • In a transaction, a scriptSig from a TxIn (input) is contatenated with a scriptPubKey from a TxOut (output) to form a full script. • This script is run by the script interpreter and if there's a TRUE at the top of the stack after the script is run, the transaction is a success and the funds can be unlocked and transferred to somebody else.
Transactions • In a transaction, a scriptSig from a TxIn (input) is contatenated with a scriptPubKey from a TxOut (output) to form a full script. • This script is run by the script interpreter and if there's a TRUE at the top of the stack after the script is run, the transaction is a success and the funds can be unlocked and transferred to somebody else. • If there's anything other than a TRUE at the top of the stack, the transaction is deemed a failure and the funds remain locked.
Transactions • In a transaction, a scriptSig from a TxIn (input) is contatenated with a scriptPubKey from a TxOut (output) to form a full script. • This script is run by the script interpreter and if there's a TRUE at the top of the stack after the script is run, the transaction is a success and the funds can be unlocked and transferred to somebody else. • If there's anything other than a TRUE at the top of the stack, the transaction is deemed a failure and the funds remain locked. • A transaction containing a scriptSig which fails to unlock funds will not be broadcast by nodes, and even some wallets may not broadcast it. This is an important spam-prevention mechanism which ensures only transactions which spend bitcoin in the form of fees, use network resources.
Script P2PKH Transaction Verification Script
Script Interpreter Stack <SIG> <PUBKEY> OP_DUP OP_HASH160 <PUBKEYHASH> OP_EQUALVERIFY OP_CHECKSIG
Script Interpreter Stack <SIG> <PUBKEY> OP_DUP OP_HASH160 <PUBKEYHASH> OP_EQUALVERIFY OP_CHECKSIG ScriptSig (part of Input)
Script Interpreter Stack <SIG> <PUBKEY> OP_DUP OP_HASH160 <PUBKEYHASH> OP_EQUALVERIFY OP_CHECKSIG ScriptPubKey (part of Output)
Script Interpreter Stack <SIG> <PUBKEY> OP_DUP OP_HASH160 <PUBKEYHASH> OP_EQUALVERIFY OP_CHECKSIG <SIG>
Script Interpreter Stack <SIG> <PUBKEY> OP_DUP OP_HASH160 <PUBKEYHASH> OP_EQUALVERIFY OP_CHECKSIG <PUBKEY> <SIG>
Script Interpreter Stack <SIG> <PUBKEY> OP_DUP OP_HASH160 <PUBKEYHASH> OP_EQUALVERIFY OP_CHECKSIG OP_DUP <PUBKEY> <SIG>
Script Interpreter Stack <SIG> <PUBKEY> OP_DUP OP_HASH160 <PUBKEYHASH> OP_EQUALVERIFY OP_CHECKSIG <PUBKEY> <PUBKEY> <SIG>
Script Interpreter Stack <SIG> <PUBKEY> OP_DUP OP_HASH160 <PUBKEYHASH> OP_EQUALVERIFY OP_CHECKSIG OP_HASH160 <PUBKEY> <PUBKEY> <SIG>
Script Interpreter Stack <SIG> <PUBKEY> OP_DUP OP_HASH160 <PUBKEYHASH> OP_EQUALVERIFY OP_CHECKSIG <PUBKEYHASH> <PUBKEY> <SIG>
Script Interpreter Stack <SIG> <PUBKEY> OP_DUP OP_HASH160 <PUBKEYHASH> OP_EQUALVERIFY OP_CHECKSIG <PUBKEYHASH> <PUBKEYHASH> <PUBKEY> <SIG>
Script Interpreter Stack <SIG> <PUBKEY> OP_DUP OP_HASH160 <PUBKEYHASH> OP_EQUALVERIFY OP_CHECKSIG OP_EQUALVERIFY <PUBKEYHASH> <PUBKEYHASH> <PUBKEY> <SIG>
Script Interpreter Stack <SIG> <PUBKEY> OP_DUP OP_HASH160 <PUBKEYHASH> OP_EQUALVERIFY OP_CHECKSIG <PUBKEY> <SIG>
Script Interpreter Stack <SIG> <PUBKEY> OP_DUP OP_HASH160 <PUBKEYHASH> OP_EQUALVERIFY OP_CHECKSIG OP_CHECKSIG <PUBKEY> <SIG>
Script Interpreter Stack <SIG> <PUBKEY> OP_DUP OP_HASH160 <PUBKEYHASH> OP_EQUALVERIFY OP_CHECKSIG TRUE
Proof-of-Work & Mining BITCOIN FUNDAMENTALS N. P. O'DONNELL, MAYNOOTH UNIVERSITY
Proof-Of-Work & Mining
Proof-Of-Work & Mining • Every bitcoin block has a 256-bit block ID (also called a block hash)
Proof-Of-Work & Mining • Every bitcoin block has a 256-bit block ID (also called a block hash) • Ex. Block hash: 00000000000000000005b5a0046b4e542a11f790b3fca15964bc58ad7b4386a4
Proof-Of-Work & Mining • Every bitcoin block has a 256-bit block ID (also called a block hash) • Ex. Block hash: 00000000000000000005b5a0046b4e542a11f790b3fca15964bc58ad7b4386a4 • Technically it’s a block header hash
Proof-Of-Work & Mining • Every bitcoin block has a 256-bit block ID (also called a block hash) • Ex. Block hash: 00000000000000000005b5a0046b4e542a11f790b3fca15964bc58ad7b4386a4 • Technically it’s a block header hash • To get different block hashes, a miner changes the nonce field in the block header
Proof-Of-Work & Mining • Every bitcoin block has a 256-bit block ID (also called a block hash) • Ex. Block hash: 00000000000000000005b5a0046b4e542a11f790b3fca15964bc58ad7b4386a4 • Technically it’s a block header hash • To get different block hashes, a miner changes the nonce field in the block header • Only block hashes below a threshold are accepted - this threshold is known as the difficulty
Proof-Of-Work & Mining • Every bitcoin block has a 256-bit block ID (also called a block hash) • Ex. Block hash: 00000000000000000005b5a0046b4e542a11f790b3fca15964bc58ad7b4386a4 • Technically it’s a block header hash • To get different block hashes, a miner changes the nonce field in the block header • Only block hashes below a threshold are accepted - this threshold is known as the difficulty • This process continues until a hash below the threshold is found
Proof-Of-Work & Mining • Every bitcoin block has a 256-bit block ID (also called a block hash) • Ex. Block hash: 00000000000000000005b5a0046b4e542a11f790b3fca15964bc58ad7b4386a4 • Technically it’s a block header hash • To get different block hashes, a miner changes the nonce field in the block header • Only block hashes below a threshold are accepted - this threshold is known as the difficulty • This process continues until a hash below the threshold is found • First miner to find this hash gets 12.5 BTC (EUR 82,818.68) - this is known as the block reward
Proof-Of-Work & Mining • Every bitcoin block has a 256-bit block ID (also called a block hash) • Ex. Block hash: 00000000000000000005b5a0046b4e542a11f790b3fca15964bc58ad7b4386a4 • Technically it’s a block header hash • To get different block hashes, a miner changes the nonce field in the block header • Only block hashes below a threshold are accepted - this threshold is known as the difficulty • This process continues until a hash below the threshold is found • First miner to find this hash gets 12.5 BTC (EUR 82,818.68) - this is known as the block reward • This happens every 10 minutes
Proof-Of-Work & Mining • Every bitcoin block has a 256-bit block ID (also called a block hash) • Ex. Block hash: 00000000000000000005b5a0046b4e542a11f790b3fca15964bc58ad7b4386a4 • Technically it’s a block header hash • To get different block hashes, a miner changes the nonce field in the block header • Only block hashes below a threshold are accepted - this threshold is known as the difficulty • This process continues until a hash below the threshold is found • First miner to find this hash gets 12.5 BTC (EUR 82,818.68) - this is known as the block reward • This happens every 10 minutes • Each day ~ EUR 5,962,800.95 of new BTC is mined
Proof-Of-Work & Mining • Every bitcoin block has a 256-bit block ID (also called a block hash) • Ex. Block hash: 00000000000000000005b5a0046b4e542a11f790b3fca15964bc58ad7b4386a4 • Technically it’s a block header hash • To get different block hashes, a miner changes the nonce field in the block header • Only block hashes below a threshold are accepted - this threshold is known as the difficulty • This process continues until a hash below the threshold is found • First miner to find this hash gets 12.5 BTC (EUR 82,818.68) - this is known as the block reward • This happens every 10 minutes • Each day ~ EUR 5,962,800.95 of new BTC is mined • Difficulty adjusted every 2,016 blocks
Proof-Of-Work & Mining • Every bitcoin block has a 256-bit block ID (also called a block hash) • Ex. Block hash: 00000000000000000005b5a0046b4e542a11f790b3fca15964bc58ad7b4386a4 • Technically it’s a block header hash • To get different block hashes, a miner changes the nonce field in the block header • Only block hashes below a threshold are accepted - this threshold is known as the difficulty • This process continues until a hash below the threshold is found • First miner to find this hash gets 12.5 BTC (EUR 82,818.68) - this is known as the block reward • This happens every 10 minutes • Each day ~ EUR 5,962,800.95 of new BTC is mined • Difficulty adjusted every 2,016 blocks • Block reward halved every 210,000 blocks
Proof-Of-Work & Mining • Every bitcoin block has a 256-bit block ID (also called a block hash) • Ex. Block hash: 00000000000000000005b5a0046b4e542a11f790b3fca15964bc58ad7b4386a4 • Technically it’s a block header hash • To get different block hashes, a miner changes the nonce field in the block header • Only block hashes below a threshold are accepted - this threshold is known as the difficulty • This process continues until a hash below the threshold is found • First miner to find this hash gets 12.5 BTC (EUR 82,818.68) - this is known as the block reward • This happens every 10 minutes • Each day ~ EUR 5,962,800.95 of new BTC is mined • Difficulty adjusted every 2,016 blocks • Block reward halved every 210,000 blocks • Bitcoin mining uses the SHA-256 hash algorithm
Proof-Of-Work & Mining • Every bitcoin block has a 256-bit block ID (also called a block hash) • Ex. Block hash: 00000000000000000005b5a0046b4e542a11f790b3fca15964bc58ad7b4386a4 • Technically it’s a block header hash • To get different block hashes, a miner changes the nonce field in the block header • Only block hashes below a threshold are accepted - this threshold is known as the difficulty • This process continues until a hash below the threshold is found • First miner to find this hash gets 12.5 BTC (EUR 82,818.68) - this is known as the block reward • This happens every 10 minutes • Each day ~ EUR 5,962,800.95 of new BTC is mined • Difficulty adjusted every 2,016 blocks • Block reward halved every 210,000 blocks • Bitcoin mining uses the SHA-256 hash algorithm • All bitcoin Block IDs can be calculated with sha256(sha256(BlockHeader))
Proof-Of-Work & Mining • Every bitcoin block has a 256-bit block ID (also called a block hash) • Ex. Block hash: 00000000000000000005b5a0046b4e542a11f790b3fca15964bc58ad7b4386a4 • Technically it’s a block header hash • To get different block hashes, a miner changes the nonce field in the block header • Only block hashes below a threshold are accepted - this threshold is known as the difficulty • This process continues until a hash below the threshold is found • First miner to find this hash gets 12.5 BTC (EUR 82,818.68) - this is known as the block reward • This happens every 10 minutes • Each day ~ EUR 5,962,800.95 of new BTC is mined • Difficulty adjusted every 2,016 blocks • Block reward halved every 210,000 blocks • Bitcoin mining uses the SHA-256 hash algorithm • All bitcoin Block IDs can be calculated with sha256(sha256(BlockHeader)) • Mining can be done on any kind of hardware but is best done on specialized hardware
Mining Hardware Comparison
Mining Hardware Comparison 5.2 MH/sCore i7 3930k ($220)
Mining Hardware Comparison 749.23 MH/s 5.2 MH/sCore i7 3930k ($220) Tesla S2070 ($18,995)
Mining Hardware Comparison 749.23 MH/s 5.2 MH/s 16 TH/s Core i7 3930k ($220) Tesla S2070 ($18,995) Antminer S9 (about $300)
Mining Hardware Comparison 749.23 MH/s 5.2 MH/s 16 TH/s Core i7 3930k ($220) Tesla S2070 ($18,995) Antminer S9 (about $300) Tesla is 144 X faster than i7
Mining Hardware Comparison 749.23 MH/s 5.2 MH/s 16 TH/s Core i7 3930k ($220) Tesla S2070 ($18,995) Antminer S9 (about $300) Tesla is 144 X faster than i7 S9 is 21,355 X faster than Tesla
Bitcoin Mining Farm (Somewhere on Earth)
Bitcoin Mining Farm (Somewhere on Earth) 3,075,120 i7s
Bitcoin Mining Farm (Somewhere on Earth) 3,075,120 i7s • Many such mining farms on earth
Bitcoin Mining Farm (Somewhere on Earth) 3,075,120 i7s • Many such mining farms on earth • Often in secret locations
Bitcoin Mining Farm (Somewhere on Earth) 3,075,120 i7s • Many such mining farms on earth • Often in secret locations • Impossible to find their locations
Bitcoin Mining Farm (Somewhere on Earth) 3,075,120 i7s • Many such mining farms on earth • Often in secret locations • Impossible to find their locations • Usually in cold countries with cheap electricity
Bitcoin Mining Farm (Somewhere on Earth) 3,075,120 i7s • Many such mining farms on earth • Often in secret locations • Impossible to find their locations • Usually in cold countries with cheap electricity • Bitcoin mining uses enough electricity to power 3 Irelands
Bitcoin Mining Farm (Somewhere on Earth) 3,075,120 i7s • Many such mining farms on earth • Often in secret locations • Impossible to find their locations • Usually in cold countries with cheap electricity • Bitcoin mining uses enough electricity to power 3 Irelands • Many rumors about who is mining Bitcoin
Bitcoin Mining Farm (Somewhere on Earth) 3,075,120 i7s • Many such mining farms on earth • Often in secret locations • Impossible to find their locations • Usually in cold countries with cheap electricity • Bitcoin mining uses enough electricity to power 3 Irelands • Many rumors about who is mining Bitcoin • One thing we do know: more mining farms are springing up because the hash rate is growing
Bitcoin Mining Farm (Somewhere on Earth) 3,075,120 i7s • Many such mining farms on earth • Often in secret locations • Impossible to find their locations • Usually in cold countries with cheap electricity • Bitcoin mining uses enough electricity to power 3 Irelands • Many rumors about who is mining Bitcoin • One thing we do know: more mining farms are springing up because the hash rate is growing • How do we know this ?
Finding The Network Hash Rate
Finding The Network Hash Rate
Finding The Network Hash Rate
Finding The Network Hash Rate The "Great Crash" of 2017
Finding The Network Hash Rate 1,923,076,923,077 i7s
Finding The Network Hash Rate But how does blockchain.info know the hash rate ?
Finding The Network Hash Rate But how does blockchain.info know the hash rate ? Nobody knows where all the mining farms are.
Finding The Network Hash Rate But how does blockchain.info know the hash rate ? Nobody knows where all the mining farms are. Answer: They use math
Proof-Of-Work & Mining
Proof-Of-Work & Mining PBH = 1
Proof-Of-Work & Mining PBH = 1 "The mining equation"
Proof-Of-Work & Mining PBH = 1 "The mining equation" P = probability of mining block below difficulty target in 1 try
Proof-Of-Work & Mining PBH = 1 "The mining equation" P = probability of mining block below difficulty target in 1 try B = block time (s)
Proof-Of-Work & Mining PBH = 1 "The mining equation" P = probability of mining block below difficulty target in 1 try B = block time (s) H = # of tries per second, a.k.a. hash rate (h/s)
Proof-Of-Work & Mining PBH = 1 "The mining equation" P = probability of mining block below difficulty target in 1 try B = block time (s) H = # of tries per second, a.k.a. hash rate (h/s) P = 1/BH B = 1/PH H = 1/PB
Example Hash Rate Calculation Probability of mining a block in single attempt is 0.1. I'm trying 10 hashes per second, what is my block time?
Example Hash Rate Calculation Probability of mining a block in single attempt is 0.1. I'm trying 10 hashes per second, what is my block time? P = 0.1
Example Hash Rate Calculation Probability of mining a block in single attempt is 0.1. I'm trying 10 hashes per second, what is my block time? P = 0.1 H = 10
Example Hash Rate Calculation Probability of mining a block in single attempt is 0.1. I'm trying 10 hashes per second, what is my block time? P = 0.1 H = 10 B = 1/PH
Example Hash Rate Calculation Probability of mining a block in single attempt is 0.1. I'm trying 10 hashes per second, what is my block time? P = 0.1 H = 10 B = 1/PH B = 1/(0.1 × 10)
Example Hash Rate Calculation Probability of mining a block in single attempt is 0.1. I'm trying 10 hashes per second, what is my block time? P = 0.1 H = 10 B = 1/PH B = 1/(0.1 × 10) B = 1/1
Example Hash Rate Calculation Probability of mining a block in single attempt is 0.1. I'm trying 10 hashes per second, what is my block time? P = 0.1 H = 10 B = 1/PH B = 1/(0.1 × 10) B = 1/1 Average block time is 1 second
Example Hash Rate Calculation Let's try a real example!
Example Hash Rate Calculation The home page of blockchain.info looks like this: What is the current network hash rate?
Example Hash Rate Calculation We have:
Example Hash Rate Calculation We have: • 8 most recent block hashes: • 000000000000000000156ef4be0d0c90b655f9fb08fac67aa151032bfcdfa51a • 0000000000000000000dd8b04dcf588433bbb4838d20ea8e3682c5b5328f3934 • 0000000000000000000ba39636a6dd75584f400da3217c5aec4d91116307243c • 0000000000000000000c65f787061574865988894a721900fe46dbbe85580950 • 0000000000000000000825524292c9ad4938a85c3a0cd08965182272912d087d • 00000000000000000013f660755e5aa1f9daf8eaa0663a4ecddd17d75e608d05 • 00000000000000000010f252e6a289adcdcce0577afa29d9f62082b7a416bc41 • 000000000000000000050de301e9b99dcc253f51b186a3d6333ae5c5f9a2f22b
Example Hash Rate Calculation We have: • 8 most recent block hashes: • 000000000000000000156ef4be0d0c90b655f9fb08fac67aa151032bfcdfa51a • 0000000000000000000dd8b04dcf588433bbb4838d20ea8e3682c5b5328f3934 • 0000000000000000000ba39636a6dd75584f400da3217c5aec4d91116307243c • 0000000000000000000c65f787061574865988894a721900fe46dbbe85580950 • 0000000000000000000825524292c9ad4938a85c3a0cd08965182272912d087d • 00000000000000000013f660755e5aa1f9daf8eaa0663a4ecddd17d75e608d05 • 00000000000000000010f252e6a289adcdcce0577afa29d9f62082b7a416bc41 • 000000000000000000050de301e9b99dcc253f51b186a3d6333ae5c5f9a2f22b • 8 most recent block timestamps: • 2019-12-06 02:37 • 2019-12-06 02:19 • 2019-12-06 02:12 • 2019-12-06 01:46 • 2019-12-06 01:44 • 2019-12-06 01:26 • 2019-12-06 01:24 • 2019-12-06 01:15
Example Hash Rate Calculation We want: • P (probability of finding correct hash in one try) • B (block time) • So we can solve H = 1/PB
Example Hash Rate Calculation B is easier to find so we'll start with it.
Example Hash Rate Calculation B is easier to find so we'll start with it. Step 1: Convert 8 timestamps into seconds: • 2019-12-06 02:37 • 2019-12-06 02:19 • 2019-12-06 02:12 • 2019-12-06 01:46 • 2019-12-06 01:44 • 2019-12-06 01:26 • 2019-12-06 01:24 • 2019-12-06 01:15
Example Hash Rate Calculation B is easier to find so we'll start with it. Step 1: Convert 8 timestamps into seconds: • 2019-12-06 02:37 => 1575599820 • 2019-12-06 02:19 => 1575598740 • 2019-12-06 02:12 => 1575598320 • 2019-12-06 01:46 => 1575596760 • 2019-12-06 01:44 => 1575596640 • 2019-12-06 01:26 => 1575595560 • 2019-12-06 01:24 => 1575595440 • 2019-12-06 01:15 => 1575594900
Example Hash Rate Calculation B is easier to find so we'll start with it. Step 1: Convert 8 timestamps into seconds: • 2019-12-06 02:37 => 1575599820 • 2019-12-06 02:19 => 1575598740 • 2019-12-06 02:12 => 1575598320 • 2019-12-06 01:46 => 1575596760 • 2019-12-06 01:44 => 1575596640 • 2019-12-06 01:26 => 1575595560 • 2019-12-06 01:24 => 1575595440 • 2019-12-06 01:15 => 1575594900 Step 2: Calculate intervals • 1575599820 – 1575598740 • 1575598740 – 1575598320 • 1575598320 - 1575596760 • 1575596760 - 1575596640 • 1575596640 - 1575595560 • 1575595560 - 1575595440 • 1575595440 - 1575594900
Example Hash Rate Calculation B is easier to find so we'll start with it. Step 1: Convert 8 timestamps into seconds: • 2019-12-06 02:37 => 1575599820 • 2019-12-06 02:19 => 1575598740 • 2019-12-06 02:12 => 1575598320 • 2019-12-06 01:46 => 1575596760 • 2019-12-06 01:44 => 1575596640 • 2019-12-06 01:26 => 1575595560 • 2019-12-06 01:24 => 1575595440 • 2019-12-06 01:15 => 1575594900 Step 2: Calculate intervals • 1575599820 – 1575598740 = 1080 • 1575598740 – 1575598320 = 420 • 1575598320 - 1575596760 = 1560 • 1575596760 - 1575596640 = 120 • 1575596640 - 1575595560 = 1080 • 1575595560 - 1575595440 = 120 • 1575595440 - 1575594900 = 540
Example Hash Rate Calculation B is easier to find so we'll start with it. Step 1: Convert 8 timestamps into seconds: • 2019-12-06 02:37 => 1575599820 • 2019-12-06 02:19 => 1575598740 • 2019-12-06 02:12 => 1575598320 • 2019-12-06 01:46 => 1575596760 • 2019-12-06 01:44 => 1575596640 • 2019-12-06 01:26 => 1575595560 • 2019-12-06 01:24 => 1575595440 • 2019-12-06 01:15 => 1575594900 Step 2: Calculate intervals • 1575599820 – 1575598740 = 1080 • 1575598740 – 1575598320 = 420 • 1575598320 - 1575596760 = 1560 • 1575596760 - 1575596640 = 120 • 1575596640 - 1575595560 = 1080 • 1575595560 - 1575595440 = 120 • 1575595440 - 1575594900 = 540 Step 3: Compute median: 120 120 420 540 1080 1080 1560
Example Hash Rate Calculation B is easier to find so we'll start with it. Step 1: Convert 8 timestamps into seconds: • 2019-12-06 02:37 => 1575599820 • 2019-12-06 02:19 => 1575598740 • 2019-12-06 02:12 => 1575598320 • 2019-12-06 01:46 => 1575596760 • 2019-12-06 01:44 => 1575596640 • 2019-12-06 01:26 => 1575595560 • 2019-12-06 01:24 => 1575595440 • 2019-12-06 01:15 => 1575594900 Step 2: Calculate intervals • 1575599820 – 1575598740 = 1080 • 1575598740 – 1575598320 = 420 • 1575598320 - 1575596760 = 1560 • 1575596760 - 1575596640 = 120 • 1575596640 - 1575595560 = 1080 • 1575595560 - 1575595440 = 120 • 1575595440 - 1575594900 = 540 Step 3: Compute median: 120 120 420 540 1080 1080 1560 • => B = 540
Example Hash Rate Calculation To find P, we can average the block hashes of the last 8 blocks, then multiply by 2 to get the difficulty target. We then express that as a fraction of 2256. •
Example Hash Rate Calculation To find P, we can average the block hashes of the last 8 blocks, then multiply by 2 to get the difficulty target. We then express that as a fraction of 2256. Reasoning: If I keep asking to choose numbers between 1 and 100, and write down only the numbers below 10, the average of the numbers I write down will be 5. •
Example Hash Rate Calculation 0x000000000000000000156ef4be0d0c90b655f9fb08fac67aa151032bfcdfa51a 0x0000000000000000000dd8b04dcf588433bbb4838d20ea8e3682c5b5328f3934 0x0000000000000000000ba39636a6dd75584f400da3217c5aec4d91116307243c 0x0000000000000000000c65f787061574865988894a721900fe46dbbe85580950 0x0000000000000000000825524292c9ad4938a85c3a0cd08965182272912d087d 0x00000000000000000013f660755e5aa1f9daf8eaa0663a4ecddd17d75e608d05 0x00000000000000000010f252e6a289adcdcce0577afa29d9f62082b7a416bc41 + 0x000000000000000000050de301e9b99dcc253f51b186a3d6333ae5c5f9a2f22b
Example Hash Rate Calculation 0x000000000000000000156ef4be0d0c90b655f9fb08fac67aa151032bfcdfa51a 0x0000000000000000000dd8b04dcf588433bbb4838d20ea8e3682c5b5328f3934 0x0000000000000000000ba39636a6dd75584f400da3217c5aec4d91116307243c 0x0000000000000000000c65f787061574865988894a721900fe46dbbe85580950 0x0000000000000000000825524292c9ad4938a85c3a0cd08965182272912d087d 0x00000000000000000013f660755e5aa1f9daf8eaa0663a4ecddd17d75e608d05 0x00000000000000000010f252e6a289adcdcce0577afa29d9f62082b7a416bc41 + 0x000000000000000000050de301e9b99dcc253f51b186a3d6333ae5c5f9a2f22b 0x6d6d1b6a06bf99a5c038058aa31eed1eb8d878a5154fc8
Example Hash Rate Calculation 0x000000000000000000156ef4be0d0c90b655f9fb08fac67aa151032bfcdfa51a 0x0000000000000000000dd8b04dcf588433bbb4838d20ea8e3682c5b5328f3934 0x0000000000000000000ba39636a6dd75584f400da3217c5aec4d91116307243c 0x0000000000000000000c65f787061574865988894a721900fe46dbbe85580950 0x0000000000000000000825524292c9ad4938a85c3a0cd08965182272912d087d 0x00000000000000000013f660755e5aa1f9daf8eaa0663a4ecddd17d75e608d05 0x00000000000000000010f252e6a289adcdcce0577afa29d9f62082b7a416bc41 + 0x000000000000000000050de301e9b99dcc253f51b186a3d6333ae5c5f9a2f22b 0x6d6d1b6a06bf99a5c038058aa31eed1eb8d878a5154fc8 ÷ 0x04
Example Hash Rate Calculation 0x000000000000000000156ef4be0d0c90b655f9fb08fac67aa151032bfcdfa51a 0x0000000000000000000dd8b04dcf588433bbb4838d20ea8e3682c5b5328f3934 0x0000000000000000000ba39636a6dd75584f400da3217c5aec4d91116307243c 0x0000000000000000000c65f787061574865988894a721900fe46dbbe85580950 0x0000000000000000000825524292c9ad4938a85c3a0cd08965182272912d087d 0x00000000000000000013f660755e5aa1f9daf8eaa0663a4ecddd17d75e608d05 0x00000000000000000010f252e6a289adcdcce0577afa29d9f62082b7a416bc41 + 0x000000000000000000050de301e9b99dcc253f51b186a3d6333ae5c5f9a2f22b 0x6d6d1b6a06bf99a5c038058aa31eed1eb8d878a5154fc8 ÷ 0x04 0x1b5b46da81afe669700e0162a8c7bb47ae361e294553f2
Example Hash Rate Calculation 0x000000000000000000156ef4be0d0c90b655f9fb08fac67aa151032bfcdfa51a 0x0000000000000000000dd8b04dcf588433bbb4838d20ea8e3682c5b5328f3934 0x0000000000000000000ba39636a6dd75584f400da3217c5aec4d91116307243c 0x0000000000000000000c65f787061574865988894a721900fe46dbbe85580950 0x0000000000000000000825524292c9ad4938a85c3a0cd08965182272912d087d 0x00000000000000000013f660755e5aa1f9daf8eaa0663a4ecddd17d75e608d05 0x00000000000000000010f252e6a289adcdcce0577afa29d9f62082b7a416bc41 + 0x000000000000000000050de301e9b99dcc253f51b186a3d6333ae5c5f9a2f22b 0x6d6d1b6a06bf99a5c038058aa31eed1eb8d878a5154fc8 ÷ 0x04 0x1b5b46da81afe669700e0162a8c7bb47ae361e294553f2 ÷ 0x020x100
Example Hash Rate Calculation 0x000000000000000000156ef4be0d0c90b655f9fb08fac67aa151032bfcdfa51a 0x0000000000000000000dd8b04dcf588433bbb4838d20ea8e3682c5b5328f3934 0x0000000000000000000ba39636a6dd75584f400da3217c5aec4d91116307243c 0x0000000000000000000c65f787061574865988894a721900fe46dbbe85580950 0x0000000000000000000825524292c9ad4938a85c3a0cd08965182272912d087d 0x00000000000000000013f660755e5aa1f9daf8eaa0663a4ecddd17d75e608d05 0x00000000000000000010f252e6a289adcdcce0577afa29d9f62082b7a416bc41 + 0x000000000000000000050de301e9b99dcc253f51b186a3d6333ae5c5f9a2f22b 0x6d6d1b6a06bf99a5c038058aa31eed1eb8d878a5154fc8 ÷ 0x04 0x1b5b46da81afe669700e0162a8c7bb47ae361e294553f2 ÷ 0x020x100 0.0000000000000000000000226...
Example Hash Rate Calculation 0x000000000000000000156ef4be0d0c90b655f9fb08fac67aa151032bfcdfa51a 0x0000000000000000000dd8b04dcf588433bbb4838d20ea8e3682c5b5328f3934 0x0000000000000000000ba39636a6dd75584f400da3217c5aec4d91116307243c 0x0000000000000000000c65f787061574865988894a721900fe46dbbe85580950 0x0000000000000000000825524292c9ad4938a85c3a0cd08965182272912d087d 0x00000000000000000013f660755e5aa1f9daf8eaa0663a4ecddd17d75e608d05 0x00000000000000000010f252e6a289adcdcce0577afa29d9f62082b7a416bc41 + 0x000000000000000000050de301e9b99dcc253f51b186a3d6333ae5c5f9a2f22b 0x6d6d1b6a06bf99a5c038058aa31eed1eb8d878a5154fc8 ÷ 0x04 0x1b5b46da81afe669700e0162a8c7bb47ae361e294553f2 ÷ 0x020x100 0.0000000000000000000000226... => P = 0.0000000000000000000000226
Example Hash Rate Calculation H = 1/PB
Example Hash Rate Calculation H = 1/PB H = 1/(0.0000000000000000000000226 × 540)
Example Hash Rate Calculation H = 1/PB H = 1/(0.0000000000000000000000226 × 540) H = 81836032937956668986
Example Hash Rate Calculation H = 1/PB H = 1/(0.0000000000000000000000226 × 540) H = 81836032937956668986 H = 81,836,032,937,956,668,986
Example Hash Rate Calculation H = 1/PB H = 1/(0.0000000000000000000000226 × 540) H = 81836032937956668986 H = 81,836,032,937,956,668,986 H = 81.8 EH/s
Example Hash Rate Calculation H = 1/PB H = 1/(0.0000000000000000000000226 × 540) H = 81836032937956668986 H = 81,836,032,937,956,668,986 H = 81.8 EH/s Within 10% of the correct answer. Only out by a few quintillion !
Attacks BITCOIN FUNDAMENTALS N. P. O'DONNELL, MAYNOOTH UNIVERSITY
Key Guessing Attack
Key Guessing Attack • If you can successfully guess somebody's private key, you can take all their bitcoin
Key Guessing Attack • If you can successfully guess somebody's private key, you can take all their bitcoin • Individual addresses have 256-bit security
Key Guessing Attack • If you can successfully guess somebody's private key, you can take all their bitcoin • Individual addresses have 256-bit security • Assuming a good RNG was used, the chance of correctly guessing are virtually zero
Key Guessing Attack • If you can successfully guess somebody's private key, you can take all their bitcoin • Individual addresses have 256-bit security • Assuming a good RNG was used, the chance of correctly guessing are virtually zero • Not the case if you use "brain wallets" which are insecure
Key Guessing Attack • If you can successfully guess somebody's private key, you can take all their bitcoin • Individual addresses have 256-bit security • Assuming a good RNG was used, the chance of correctly guessing are virtually zero • Not the case if you use "brain wallets" which are insecure • Don't use brain wallets!
Key Guessing Attack • If you can successfully guess somebody's private key, you can take all their bitcoin • Individual addresses have 256-bit security • Assuming a good RNG was used, the chance of correctly guessing are virtually zero • Not the case if you use "brain wallets" which are insecure • Don't use brain wallets! • Famous brain wallets:
Key Guessing Attack • If you can successfully guess somebody's private key, you can take all their bitcoin • Individual addresses have 256-bit security • Assuming a good RNG was used, the chance of correctly guessing are virtually zero • Not the case if you use "brain wallets" which are insecure • Don't use brain wallets! • Famous brain wallets: • "bitcoin": 1E984zyYbNmeuumzEdqT8VSL8QGJi3byAD
Key Guessing Attack • If you can successfully guess somebody's private key, you can take all their bitcoin • Individual addresses have 256-bit security • Assuming a good RNG was used, the chance of correctly guessing are virtually zero • Not the case if you use "brain wallets" which are insecure • Don't use brain wallets! • Famous brain wallets: • "bitcoin": 1E984zyYbNmeuumzEdqT8VSL8QGJi3byAD • "hello": 1HoSFymoqteYrmmr7s3jDDqmggoxacbk37
Key Guessing Attack • If you can successfully guess somebody's private key, you can take all their bitcoin • Individual addresses have 256-bit security • Assuming a good RNG was used, the chance of correctly guessing are virtually zero • Not the case if you use "brain wallets" which are insecure • Don't use brain wallets! • Famous brain wallets: • "bitcoin": 1E984zyYbNmeuumzEdqT8VSL8QGJi3byAD • "hello": 1HoSFymoqteYrmmr7s3jDDqmggoxacbk37 • "satoshi": 1ADJqstUMBB5zFquWg19UqZ7Zc6ePCpzLE
Key Guessing Attack • If you can successfully guess somebody's private key, you can take all their bitcoin • Individual addresses have 256-bit security • Assuming a good RNG was used, the chance of correctly guessing are virtually zero • Not the case if you use "brain wallets" which are insecure • Don't use brain wallets! • Famous brain wallets: • "bitcoin": 1E984zyYbNmeuumzEdqT8VSL8QGJi3byAD • "hello": 1HoSFymoqteYrmmr7s3jDDqmggoxacbk37 • "satoshi": 1ADJqstUMBB5zFquWg19UqZ7Zc6ePCpzLE • Bots are running 24/7 ready to take any bitcoin sent to brain wallets
Key Guessing Attack • If you can successfully guess somebody's private key, you can take all their bitcoin • Individual addresses have 256-bit security • Assuming a good RNG was used, the chance of correctly guessing are virtually zero • Not the case if you use "brain wallets" which are insecure • Don't use brain wallets! • Famous brain wallets: • "bitcoin": 1E984zyYbNmeuumzEdqT8VSL8QGJi3byAD • "hello": 1HoSFymoqteYrmmr7s3jDDqmggoxacbk37 • "satoshi": 1ADJqstUMBB5zFquWg19UqZ7Zc6ePCpzLE • Bots are running 24/7 ready to take any bitcoin sent to brain wallets • Bots use massive hash tables of pre-computed brain wallets
Key Guessing Attack • If you can successfully guess somebody's private key, you can take all their bitcoin • Individual addresses have 256-bit security • Assuming a good RNG was used, the chance of correctly guessing are virtually zero • Not the case if you use "brain wallets" which are insecure • Don't use brain wallets! • Famous brain wallets: • "bitcoin": 1E984zyYbNmeuumzEdqT8VSL8QGJi3byAD • "hello": 1HoSFymoqteYrmmr7s3jDDqmggoxacbk37 • "satoshi": 1ADJqstUMBB5zFquWg19UqZ7Zc6ePCpzLE • Bots are running 24/7 ready to take any bitcoin sent to brain wallets • Bots use massive hash tables of pre-computed brain wallets • I lost about 500 euros to one such bot
Key Guessing Attack • If you can successfully guess somebody's private key, you can take all their bitcoin • Individual addresses have 256-bit security • Assuming a good RNG was used, the chance of correctly guessing are virtually zero • Not the case if you use "brain wallets" which are insecure • Don't use brain wallets! • Famous brain wallets: • "bitcoin": 1E984zyYbNmeuumzEdqT8VSL8QGJi3byAD • "hello": 1HoSFymoqteYrmmr7s3jDDqmggoxacbk37 • "satoshi": 1ADJqstUMBB5zFquWg19UqZ7Zc6ePCpzLE • Bots are running 24/7 ready to take any bitcoin sent to brain wallets • Bots use massive hash tables of pre-computed brain wallets • I lost about 500 euros to one such bot • Best kind of wallet is a hardware wallet
Key Guessing Attack • If you can successfully guess somebody's private key, you can take all their bitcoin • Individual addresses have 256-bit security • Assuming a good RNG was used, the chance of correctly guessing are virtually zero • Not the case if you use "brain wallets" which are insecure • Don't use brain wallets! • Famous brain wallets: • "bitcoin": 1E984zyYbNmeuumzEdqT8VSL8QGJi3byAD • "hello": 1HoSFymoqteYrmmr7s3jDDqmggoxacbk37 • "satoshi": 1ADJqstUMBB5zFquWg19UqZ7Zc6ePCpzLE • Bots are running 24/7 ready to take any bitcoin sent to brain wallets • Bots use massive hash tables of pre-computed brain wallets • I lost about 500 euros to one such bot • Best kind of wallet is a hardware wallet • Hardware wallets are resistant to any intrusion on your computer including viruses, remote attackers, etc
Key Guessing Attack • If you can successfully guess somebody's private key, you can take all their bitcoin • Individual addresses have 256-bit security • Assuming a good RNG was used, the chance of correctly guessing are virtually zero • Not the case if you use "brain wallets" which are insecure • Don't use brain wallets! • Famous brain wallets: • "bitcoin": 1E984zyYbNmeuumzEdqT8VSL8QGJi3byAD • "hello": 1HoSFymoqteYrmmr7s3jDDqmggoxacbk37 • "satoshi": 1ADJqstUMBB5zFquWg19UqZ7Zc6ePCpzLE • Bots are running 24/7 ready to take any bitcoin sent to brain wallets • Bots use massive hash tables of pre-computed brain wallets • I lost about 500 euros to one such bot • Best kind of wallet is a hardware wallet • Hardware wallets are resistant to any intrusion on your computer including viruses, remote attackers, etc • Hardware wallet stores private key and signs transactions on behalf of the user
Key Guessing Attack
51% Attack
51% Attack • To perform this attack, attacker must possess over 50% of the hashing power
51% Attack • To perform this attack, attacker must possess over 50% of the hashing power 1. Attacker pays somebody in bitcoin for goods or services in transaction T, spending coin C to address A (recipient)
51% Attack • To perform this attack, attacker must possess over 50% of the hashing power 1. Attacker pays somebody in bitcoin for goods or services in transaction T, spending coin C to address A (recipient) 2. Attacker begins privately mining alternative blockchain which contains transaction T' instead, spending coin C to address A' (himself)
51% Attack • To perform this attack, attacker must possess over 50% of the hashing power 1. Attacker pays somebody in bitcoin for goods or services in transaction T, spending coin C to address A (recipient) 2. Attacker begins privately mining alternative blockchain which contains transaction T' instead, spending coin C to address A' (himself) 3. Once goods/services have arrived, attacker broadcasts alternative blockchain
51% Attack • To perform this attack, attacker must possess over 50% of the hashing power 1. Attacker pays somebody in bitcoin for goods or services in transaction T, spending coin C to address A (recipient) 2. Attacker begins privately mining alternative blockchain which contains transaction T' instead, spending coin C to address A' (himself) 3. Once goods/services have arrived, attacker broadcasts alternative blockchain 4. Since attacker's private blockchain will have higher height, network will be forced to accept it and re-organize
51% Attack • To perform this attack, attacker must possess over 50% of the hashing power 1. Attacker pays somebody in bitcoin for goods or services in transaction T, spending coin C to address A (recipient) 2. Attacker begins privately mining alternative blockchain which contains transaction T' instead, spending coin C to address A' (himself) 3. Once goods/services have arrived, attacker broadcasts alternative blockchain 4. Since attacker's private blockchain will have higher height, network will be forced to accept it and re-organize 5. Attacker will still have his bitcoin in alternative address, plus goods or services ("goods" are usually $$$)
51% Attack • To perform this attack, attacker must possess over 50% of the hashing power 1. Attacker pays somebody in bitcoin for goods or services in transaction T, spending coin C to address A (recipient) 2. Attacker begins privately mining alternative blockchain which contains transaction T' instead, spending coin C to address A' (himself) 3. Once goods/services have arrived, attacker broadcasts alternative blockchain 4. Since attacker's private blockchain will have higher height, network will be forced to accept it and re-organize 5. Attacker will still have his bitcoin in alternative address, plus goods or services ("goods" are usually $$$) • Any blockchain where one entity controls over 50% of hashing power should be considered compromised
51% Attack • To perform this attack, attacker must possess over 50% of the hashing power 1. Attacker pays somebody in bitcoin for goods or services in transaction T, spending coin C to address A (recipient) 2. Attacker begins privately mining alternative blockchain which contains transaction T' instead, spending coin C to address A' (himself) 3. Once goods/services have arrived, attacker broadcasts alternative blockchain 4. Since attacker's private blockchain will have higher height, network will be forced to accept it and re-organize 5. Attacker will still have his bitcoin in alternative address, plus goods or services ("goods" are usually $$$) • Any blockchain where one entity controls over 50% of hashing power should be considered compromised • Small blockchains are susceptible
51% Attack • To perform this attack, attacker must possess over 50% of the hashing power 1. Attacker pays somebody in bitcoin for goods or services in transaction T, spending coin C to address A (recipient) 2. Attacker begins privately mining alternative blockchain which contains transaction T' instead, spending coin C to address A' (himself) 3. Once goods/services have arrived, attacker broadcasts alternative blockchain 4. Since attacker's private blockchain will have higher height, network will be forced to accept it and re-organize 5. Attacker will still have his bitcoin in alternative address, plus goods or services ("goods" are usually $$$) • Any blockchain where one entity controls over 50% of hashing power should be considered compromised • Small blockchains are susceptible • Can be used for:
51% Attack • To perform this attack, attacker must possess over 50% of the hashing power 1. Attacker pays somebody in bitcoin for goods or services in transaction T, spending coin C to address A (recipient) 2. Attacker begins privately mining alternative blockchain which contains transaction T' instead, spending coin C to address A' (himself) 3. Once goods/services have arrived, attacker broadcasts alternative blockchain 4. Since attacker's private blockchain will have higher height, network will be forced to accept it and re-organize 5. Attacker will still have his bitcoin in alternative address, plus goods or services ("goods" are usually $$$) • Any blockchain where one entity controls over 50% of hashing power should be considered compromised • Small blockchains are susceptible • Can be used for: • Preventing certain transactions from being confirmed
51% Attack • To perform this attack, attacker must possess over 50% of the hashing power 1. Attacker pays somebody in bitcoin for goods or services in transaction T, spending coin C to address A (recipient) 2. Attacker begins privately mining alternative blockchain which contains transaction T' instead, spending coin C to address A' (himself) 3. Once goods/services have arrived, attacker broadcasts alternative blockchain 4. Since attacker's private blockchain will have higher height, network will be forced to accept it and re-organize 5. Attacker will still have his bitcoin in alternative address, plus goods or services ("goods" are usually $$$) • Any blockchain where one entity controls over 50% of hashing power should be considered compromised • Small blockchains are susceptible • Can be used for: • Preventing certain transactions from being confirmed • Double-spending
51% Attack • To perform this attack, attacker must possess over 50% of the hashing power 1. Attacker pays somebody in bitcoin for goods or services in transaction T, spending coin C to address A (recipient) 2. Attacker begins privately mining alternative blockchain which contains transaction T' instead, spending coin C to address A' (himself) 3. Once goods/services have arrived, attacker broadcasts alternative blockchain 4. Since attacker's private blockchain will have higher height, network will be forced to accept it and re-organize 5. Attacker will still have his bitcoin in alternative address, plus goods or services ("goods" are usually $$$) • Any blockchain where one entity controls over 50% of hashing power should be considered compromised • Small blockchains are susceptible • Can be used for: • Preventing certain transactions from being confirmed • Double-spending • Network interruption
51% Attack • To perform this attack, attacker must possess over 50% of the hashing power 1. Attacker pays somebody in bitcoin for goods or services in transaction T, spending coin C to address A (recipient) 2. Attacker begins privately mining alternative blockchain which contains transaction T' instead, spending coin C to address A' (himself) 3. Once goods/services have arrived, attacker broadcasts alternative blockchain 4. Since attacker's private blockchain will have higher height, network will be forced to accept it and re-organize 5. Attacker will still have his bitcoin in alternative address, plus goods or services ("goods" are usually $$$) • Any blockchain where one entity controls over 50% of hashing power should be considered compromised • Small blockchains are susceptible • Can be used for: • Preventing certain transactions from being confirmed • Double-spending • Network interruption • Cannot be used to:
51% Attack • To perform this attack, attacker must possess over 50% of the hashing power 1. Attacker pays somebody in bitcoin for goods or services in transaction T, spending coin C to address A (recipient) 2. Attacker begins privately mining alternative blockchain which contains transaction T' instead, spending coin C to address A' (himself) 3. Once goods/services have arrived, attacker broadcasts alternative blockchain 4. Since attacker's private blockchain will have higher height, network will be forced to accept it and re-organize 5. Attacker will still have his bitcoin in alternative address, plus goods or services ("goods" are usually $$$) • Any blockchain where one entity controls over 50% of hashing power should be considered compromised • Small blockchains are susceptible • Can be used for: • Preventing certain transactions from being confirmed • Double-spending • Network interruption • Cannot be used to: • Steal coins
51% Attack • To perform this attack, attacker must possess over 50% of the hashing power 1. Attacker pays somebody in bitcoin for goods or services in transaction T, spending coin C to address A (recipient) 2. Attacker begins privately mining alternative blockchain which contains transaction T' instead, spending coin C to address A' (himself) 3. Once goods/services have arrived, attacker broadcasts alternative blockchain 4. Since attacker's private blockchain will have higher height, network will be forced to accept it and re-organize 5. Attacker will still have his bitcoin in alternative address, plus goods or services ("goods" are usually $$$) • Any blockchain where one entity controls over 50% of hashing power should be considered compromised • Small blockchains are susceptible • Can be used for: • Preventing certain transactions from being confirmed • Double-spending • Network interruption • Cannot be used to: • Steal coins • Best protected against with:
51% Attack • To perform this attack, attacker must possess over 50% of the hashing power 1. Attacker pays somebody in bitcoin for goods or services in transaction T, spending coin C to address A (recipient) 2. Attacker begins privately mining alternative blockchain which contains transaction T' instead, spending coin C to address A' (himself) 3. Once goods/services have arrived, attacker broadcasts alternative blockchain 4. Since attacker's private blockchain will have higher height, network will be forced to accept it and re-organize 5. Attacker will still have his bitcoin in alternative address, plus goods or services ("goods" are usually $$$) • Any blockchain where one entity controls over 50% of hashing power should be considered compromised • Small blockchains are susceptible • Can be used for: • Preventing certain transactions from being confirmed • Double-spending • Network interruption • Cannot be used to: • Steal coins • Best protected against with: • Many miners
51% Attack • To perform this attack, attacker must possess over 50% of the hashing power 1. Attacker pays somebody in bitcoin for goods or services in transaction T, spending coin C to address A (recipient) 2. Attacker begins privately mining alternative blockchain which contains transaction T' instead, spending coin C to address A' (himself) 3. Once goods/services have arrived, attacker broadcasts alternative blockchain 4. Since attacker's private blockchain will have higher height, network will be forced to accept it and re-organize 5. Attacker will still have his bitcoin in alternative address, plus goods or services ("goods" are usually $$$) • Any blockchain where one entity controls over 50% of hashing power should be considered compromised • Small blockchains are susceptible • Can be used for: • Preventing certain transactions from being confirmed • Double-spending • Network interruption • Cannot be used to: • Steal coins • Best protected against with: • Many miners • Incentivizing mining pools (where individual miners are free to choose transactions)
51% Attack • To perform this attack, attacker must possess over 50% of the hashing power 1. Attacker pays somebody in bitcoin for goods or services in transaction T, spending coin C to address A (recipient) 2. Attacker begins privately mining alternative blockchain which contains transaction T' instead, spending coin C to address A' (himself) 3. Once goods/services have arrived, attacker broadcasts alternative blockchain 4. Since attacker's private blockchain will have higher height, network will be forced to accept it and re-organize 5. Attacker will still have his bitcoin in alternative address, plus goods or services ("goods" are usually $$$) • Any blockchain where one entity controls over 50% of hashing power should be considered compromised • Small blockchains are susceptible • Can be used for: • Preventing certain transactions from being confirmed • Double-spending • Network interruption • Cannot be used to: • Steal coins • Best protected against with: • Many miners • Incentivizing mining pools (where individual miners are free to choose transactions) • Competition
51% Attack • To perform this attack, attacker must possess over 50% of the hashing power 1. Attacker pays somebody in bitcoin for goods or services in transaction T, spending coin C to address A (recipient) 2. Attacker begins privately mining alternative blockchain which contains transaction T' instead, spending coin C to address A' (himself) 3. Once goods/services have arrived, attacker broadcasts alternative blockchain 4. Since attacker's private blockchain will have higher height, network will be forced to accept it and re-organize 5. Attacker will still have his bitcoin in alternative address, plus goods or services ("goods" are usually $$$) • Any blockchain where one entity controls over 50% of hashing power should be considered compromised • Small blockchains are susceptible • Can be used for: • Preventing certain transactions from being confirmed • Double-spending • Network interruption • Cannot be used to: • Steal coins • Best protected against with: • Many miners • Incentivizing mining pools (where individual miners are free to choose transactions) • Competition • Real-life examples:
51% Attack • To perform this attack, attacker must possess over 50% of the hashing power 1. Attacker pays somebody in bitcoin for goods or services in transaction T, spending coin C to address A (recipient) 2. Attacker begins privately mining alternative blockchain which contains transaction T' instead, spending coin C to address A' (himself) 3. Once goods/services have arrived, attacker broadcasts alternative blockchain 4. Since attacker's private blockchain will have higher height, network will be forced to accept it and re-organize 5. Attacker will still have his bitcoin in alternative address, plus goods or services ("goods" are usually $$$) • Any blockchain where one entity controls over 50% of hashing power should be considered compromised • Small blockchains are susceptible • Can be used for: • Preventing certain transactions from being confirmed • Double-spending • Network interruption • Cannot be used to: • Steal coins • Best protected against with: • Many miners • Incentivizing mining pools (where individual miners are free to choose transactions) • Competition • Real-life examples: • May 2018: Bitcoin Gold was 51% attacked - $18,000,000 stolen
51% Attack • To perform this attack, attacker must possess over 50% of the hashing power 1. Attacker pays somebody in bitcoin for goods or services in transaction T, spending coin C to address A (recipient) 2. Attacker begins privately mining alternative blockchain which contains transaction T' instead, spending coin C to address A' (himself) 3. Once goods/services have arrived, attacker broadcasts alternative blockchain 4. Since attacker's private blockchain will have higher height, network will be forced to accept it and re-organize 5. Attacker will still have his bitcoin in alternative address, plus goods or services ("goods" are usually $$$) • Any blockchain where one entity controls over 50% of hashing power should be considered compromised • Small blockchains are susceptible • Can be used for: • Preventing certain transactions from being confirmed • Double-spending • Network interruption • Cannot be used to: • Steal coins • Best protected against with: • Many miners • Incentivizing mining pools (where individual miners are free to choose transactions) • Competition • Real-life examples: • May 2018: Bitcoin Gold was 51% attacked - $18,000,000 stolen • December 2018: Vertcoin was 51% attacked - $100,000 stolen
51% Attack • To perform this attack, attacker must possess over 50% of the hashing power 1. Attacker pays somebody in bitcoin for goods or services in transaction T, spending coin C to address A (recipient) 2. Attacker begins privately mining alternative blockchain which contains transaction T' instead, spending coin C to address A' (himself) 3. Once goods/services have arrived, attacker broadcasts alternative blockchain 4. Since attacker's private blockchain will have higher height, network will be forced to accept it and re-organize 5. Attacker will still have his bitcoin in alternative address, plus goods or services ("goods" are usually $$$) • Any blockchain where one entity controls over 50% of hashing power should be considered compromised • Small blockchains are susceptible • Can be used for: • Preventing certain transactions from being confirmed • Double-spending • Network interruption • Cannot be used to: • Steal coins • Best protected against with: • Many miners • Incentivizing mining pools (where individual miners are free to choose transactions) • Competition • Real-life examples: • May 2018: Bitcoin Gold was 51% attacked - $18,000,000 stolen • December 2018: Vertcoin was 51% attacked - $100,000 stolen • Unlikely to happen to Bitcoin because:
51% Attack • To perform this attack, attacker must possess over 50% of the hashing power 1. Attacker pays somebody in bitcoin for goods or services in transaction T, spending coin C to address A (recipient) 2. Attacker begins privately mining alternative blockchain which contains transaction T' instead, spending coin C to address A' (himself) 3. Once goods/services have arrived, attacker broadcasts alternative blockchain 4. Since attacker's private blockchain will have higher height, network will be forced to accept it and re-organize 5. Attacker will still have his bitcoin in alternative address, plus goods or services ("goods" are usually $$$) • Any blockchain where one entity controls over 50% of hashing power should be considered compromised • Small blockchains are susceptible • Can be used for: • Preventing certain transactions from being confirmed • Double-spending • Network interruption • Cannot be used to: • Steal coins • Best protected against with: • Many miners • Incentivizing mining pools (where individual miners are free to choose transactions) • Competition • Real-life examples: • May 2018: Bitcoin Gold was 51% attacked - $18,000,000 stolen • December 2018: Vertcoin was 51% attacked - $100,000 stolen • Unlikely to happen to Bitcoin because: • Hash-power is massive and well-diversified
51% Attack • To perform this attack, attacker must possess over 50% of the hashing power 1. Attacker pays somebody in bitcoin for goods or services in transaction T, spending coin C to address A (recipient) 2. Attacker begins privately mining alternative blockchain which contains transaction T' instead, spending coin C to address A' (himself) 3. Once goods/services have arrived, attacker broadcasts alternative blockchain 4. Since attacker's private blockchain will have higher height, network will be forced to accept it and re-organize 5. Attacker will still have his bitcoin in alternative address, plus goods or services ("goods" are usually $$$) • Any blockchain where one entity controls over 50% of hashing power should be considered compromised • Small blockchains are susceptible • Can be used for: • Preventing certain transactions from being confirmed • Double-spending • Network interruption • Cannot be used to: • Steal coins • Best protected against with: • Many miners • Incentivizing mining pools (where individual miners are free to choose transactions) • Competition • Real-life examples: • May 2018: Bitcoin Gold was 51% attacked - $18,000,000 stolen • December 2018: Vertcoin was 51% attacked - $100,000 stolen • Unlikely to happen to Bitcoin because: • Hash-power is massive and well-diversified • Hash-power distribution is well known
51% Attack • To perform this attack, attacker must possess over 50% of the hashing power 1. Attacker pays somebody in bitcoin for goods or services in transaction T, spending coin C to address A (recipient) 2. Attacker begins privately mining alternative blockchain which contains transaction T' instead, spending coin C to address A' (himself) 3. Once goods/services have arrived, attacker broadcasts alternative blockchain 4. Since attacker's private blockchain will have higher height, network will be forced to accept it and re-organize 5. Attacker will still have his bitcoin in alternative address, plus goods or services ("goods" are usually $$$) • Any blockchain where one entity controls over 50% of hashing power should be considered compromised • Small blockchains are susceptible • Can be used for: • Preventing certain transactions from being confirmed • Double-spending • Network interruption • Cannot be used to: • Steal coins • Best protected against with: • Many miners • Incentivizing mining pools (where individual miners are free to choose transactions) • Competition • Real-life examples: • May 2018: Bitcoin Gold was 51% attacked - $18,000,000 stolen • December 2018: Vertcoin was 51% attacked - $100,000 stolen • Unlikely to happen to Bitcoin because: • Hash-power is massive and well-diversified • Hash-power distribution is well known • Miners want Bitcoin to succeed and price to go up. 51% attack would cause price crash
Quantum Computing Threats ? BITCOIN FUNDAMENTALS N. P. O'DONNELL, MAYNOOTH UNIVERSITY
Quantum Computing Threats ?
Quantum Computing Threats ? • Bitcoin uses 256-bit EC cryptography
Quantum Computing Threats ? • Bitcoin uses 256-bit EC cryptography • To break a n-bit EC key a QC with 9n + 2 log2(n) + 10 qubits are needed (arXiv:1706.06752v3)
Quantum Computing Threats ? • Bitcoin uses 256-bit EC cryptography • To break a n-bit EC key a QC with 9n + 2 log2(n) + 10 qubits are needed (arXiv:1706.06752v3) • These need to be stable qubits
Quantum Computing Threats ? • Bitcoin uses 256-bit EC cryptography • To break a n-bit EC key a QC with 9n + 2 log2(n) + 10 qubits are needed (arXiv:1706.06752v3) • These need to be stable qubits • To "break bitcoin", this means 2,000 stable qubits are required
Quantum Computing Threats ? • Bitcoin uses 256-bit EC cryptography • To break a n-bit EC key a QC with 9n + 2 log2(n) + 10 qubits are needed (arXiv:1706.06752v3) • These need to be stable qubits • To "break bitcoin", this means 2,000 stable qubits are required • It's very difficult to build QCs with stable qubits, this is due to decoherence when entangled qubits interact with their environment
Quantum Computing Threats ? • Bitcoin uses 256-bit EC cryptography • To break a n-bit EC key a QC with 9n + 2 log2(n) + 10 qubits are needed (arXiv:1706.06752v3) • These need to be stable qubits • To "break bitcoin", this means 2,000 stable qubits are required • It's very difficult to build QCs with stable qubits, this is due to decoherence when entangled qubits interact with their environment • It's much easier to go from 1 to 2 qubits than to go from 100 to 101 qubits
Quantum Computing Threats ? • Bitcoin uses 256-bit EC cryptography • To break a n-bit EC key a QC with 9n + 2 log2(n) + 10 qubits are needed (arXiv:1706.06752v3) • These need to be stable qubits • To "break bitcoin", this means 2,000 stable qubits are required • It's very difficult to build QCs with stable qubits, this is due to decoherence when entangled qubits interact with their environment • It's much easier to go from 1 to 2 qubits than to go from 100 to 101 qubits • Adding qubit n introduces n – 1 new interactions to the system
Quantum Computing Threats ? • Bitcoin uses 256-bit EC cryptography • To break a n-bit EC key a QC with 9n + 2 log2(n) + 10 qubits are needed (arXiv:1706.06752v3) • These need to be stable qubits • To "break bitcoin", this means 2,000 stable qubits are required • It's very difficult to build QCs with stable qubits, this is due to decoherence when entangled qubits interact with their environment • It's much easier to go from 1 to 2 qubits than to go from 100 to 101 qubits • Adding qubit n introduces n – 1 new interactions to the system • Breaking bitcoin requires a QC that can run Shor's algorithm
Quantum Computing Threats ? • Bitcoin uses 256-bit EC cryptography • To break a n-bit EC key a QC with 9n + 2 log2(n) + 10 qubits are needed (arXiv:1706.06752v3) • These need to be stable qubits • To "break bitcoin", this means 2,000 stable qubits are required • It's very difficult to build QCs with stable qubits, this is due to decoherence when entangled qubits interact with their environment • It's much easier to go from 1 to 2 qubits than to go from 100 to 101 qubits • Adding qubit n introduces n – 1 new interactions to the system • Breaking bitcoin requires a QC that can run Shor's algorithm • Most QCs can't run Shor's Algorithm except with a tiny number of qubits (like 5)
Quantum Computing Threats ? • Bitcoin uses 256-bit EC cryptography • To break a n-bit EC key a QC with 9n + 2 log2(n) + 10 qubits are needed (arXiv:1706.06752v3) • These need to be stable qubits • To "break bitcoin", this means 2,000 stable qubits are required • It's very difficult to build QCs with stable qubits, this is due to decoherence when entangled qubits interact with their environment • It's much easier to go from 1 to 2 qubits than to go from 100 to 101 qubits • Adding qubit n introduces n – 1 new interactions to the system • Breaking bitcoin requires a QC that can run Shor's algorithm • Most QCs can't run Shor's Algorithm except with a tiny number of qubits (like 5) • Largest number ever factored on a real QC using Shor's is 21 (5 bits, 2012).
Quantum Computing Threats ? • Bitcoin uses 256-bit EC cryptography • To break a n-bit EC key a QC with 9n + 2 log2(n) + 10 qubits are needed (arXiv:1706.06752v3) • These need to be stable qubits • To "break bitcoin", this means 2,000 stable qubits are required • It's very difficult to build QCs with stable qubits, this is due to decoherence when entangled qubits interact with their environment • It's much easier to go from 1 to 2 qubits than to go from 100 to 101 qubits • Adding qubit n introduces n – 1 new interactions to the system • Breaking bitcoin requires a QC that can run Shor's algorithm • Most QCs can't run Shor's Algorithm except with a tiny number of qubits (like 5) • Largest number ever factored on a real QC using Shor's is 21 (5 bits, 2012). • Largest number ever factored on a real QC is 4,088,459 (22 bits) using IBM's 5-qubit processor (Grover's algorithm)
Quantum Computing Threats ? • Bitcoin uses 256-bit EC cryptography • To break a n-bit EC key a QC with 9n + 2 log2(n) + 10 qubits are needed (arXiv:1706.06752v3) • These need to be stable qubits • To "break bitcoin", this means 2,000 stable qubits are required • It's very difficult to build QCs with stable qubits, this is due to decoherence when entangled qubits interact with their environment • It's much easier to go from 1 to 2 qubits than to go from 100 to 101 qubits • Adding qubit n introduces n – 1 new interactions to the system • Breaking bitcoin requires a QC that can run Shor's algorithm • Most QCs can't run Shor's Algorithm except with a tiny number of qubits (like 5) • Largest number ever factored on a real QC using Shor's is 21 (5 bits, 2012). • Largest number ever factored on a real QC is 4,088,459 (22 bits) using IBM's 5-qubit processor (Grover's algorithm) • How could a 22-bit number be factored on a 5-bit QC?
Quantum Computing Threats ? • Bitcoin uses 256-bit EC cryptography • To break a n-bit EC key a QC with 9n + 2 log2(n) + 10 qubits are needed (arXiv:1706.06752v3) • These need to be stable qubits • To "break bitcoin", this means 2,000 stable qubits are required • It's very difficult to build QCs with stable qubits, this is due to decoherence when entangled qubits interact with their environment • It's much easier to go from 1 to 2 qubits than to go from 100 to 101 qubits • Adding qubit n introduces n – 1 new interactions to the system • Breaking bitcoin requires a QC that can run Shor's algorithm • Most QCs can't run Shor's Algorithm except with a tiny number of qubits (like 5) • Largest number ever factored on a real QC using Shor's is 21 (5 bits, 2012). • Largest number ever factored on a real QC is 4,088,459 (22 bits) using IBM's 5-qubit processor (Grover's algorithm) • How could a 22-bit number be factored on a 5-bit QC? • Answer: 2088459 = 2017 × 2027
Quantum Computing Threats ? • Bitcoin uses 256-bit EC cryptography • To break a n-bit EC key a QC with 9n + 2 log2(n) + 10 qubits are needed (arXiv:1706.06752v3) • These need to be stable qubits • To "break bitcoin", this means 2,000 stable qubits are required • It's very difficult to build QCs with stable qubits, this is due to decoherence when entangled qubits interact with their environment • It's much easier to go from 1 to 2 qubits than to go from 100 to 101 qubits • Adding qubit n introduces n – 1 new interactions to the system • Breaking bitcoin requires a QC that can run Shor's algorithm • Most QCs can't run Shor's Algorithm except with a tiny number of qubits (like 5) • Largest number ever factored on a real QC using Shor's is 21 (5 bits, 2012). • Largest number ever factored on a real QC is 4,088,459 (22 bits) using IBM's 5-qubit processor (Grover's algorithm) • How could a 22-bit number be factored on a 5-bit QC? • Answer: 2088459 = 2017 × 2027 • 2017 and 2027 differ by 2 bits; only 2 qubits of the 5 were used.
Quantum Computing Threats ? • Bitcoin uses 256-bit EC cryptography • To break a n-bit EC key a QC with 9n + 2 log2(n) + 10 qubits are needed (arXiv:1706.06752v3) • These need to be stable qubits • To "break bitcoin", this means 2,000 stable qubits are required • It's very difficult to build QCs with stable qubits, this is due to decoherence when entangled qubits interact with their environment • It's much easier to go from 1 to 2 qubits than to go from 100 to 101 qubits • Adding qubit n introduces n – 1 new interactions to the system • Breaking bitcoin requires a QC that can run Shor's algorithm • Most QCs can't run Shor's Algorithm except with a tiny number of qubits (like 5) • Largest number ever factored on a real QC using Shor's is 21 (5 bits, 2012). • Largest number ever factored on a real QC is 4,088,459 (22 bits) using IBM's 5-qubit processor (Grover's algorithm) • How could a 22-bit number be factored on a 5-bit QC? • Answer: 2088459 = 2017 × 2027 • 2017 and 2027 differ by 2 bits; only 2 qubits of the 5 were used. • Numbers were cherry-picked.
Quantum Computing Threats ? • Bitcoin uses 256-bit EC cryptography • To break a n-bit EC key a QC with 9n + 2 log2(n) + 10 qubits are needed (arXiv:1706.06752v3) • These need to be stable qubits • To "break bitcoin", this means 2,000 stable qubits are required • It's very difficult to build QCs with stable qubits, this is due to decoherence when entangled qubits interact with their environment • It's much easier to go from 1 to 2 qubits than to go from 100 to 101 qubits • Adding qubit n introduces n – 1 new interactions to the system • Breaking bitcoin requires a QC that can run Shor's algorithm • Most QCs can't run Shor's Algorithm except with a tiny number of qubits (like 5) • Largest number ever factored on a real QC using Shor's is 21 (5 bits, 2012). • Largest number ever factored on a real QC is 4,088,459 (22 bits) using IBM's 5-qubit processor (Grover's algorithm) • How could a 22-bit number be factored on a 5-bit QC? • Answer: 2088459 = 2017 × 2027 • 2017 and 2027 differ by 2 bits; only 2 qubits of the 5 were used. • Numbers were cherry-picked. • More promising results with quantum annealing:
Quantum Computing Threats ? • Bitcoin uses 256-bit EC cryptography • To break a n-bit EC key a QC with 9n + 2 log2(n) + 10 qubits are needed (arXiv:1706.06752v3) • These need to be stable qubits • To "break bitcoin", this means 2,000 stable qubits are required • It's very difficult to build QCs with stable qubits, this is due to decoherence when entangled qubits interact with their environment • It's much easier to go from 1 to 2 qubits than to go from 100 to 101 qubits • Adding qubit n introduces n – 1 new interactions to the system • Breaking bitcoin requires a QC that can run Shor's algorithm • Most QCs can't run Shor's Algorithm except with a tiny number of qubits (like 5) • Largest number ever factored on a real QC using Shor's is 21 (5 bits, 2012). • Largest number ever factored on a real QC is 4,088,459 (22 bits) using IBM's 5-qubit processor (Grover's algorithm) • How could a 22-bit number be factored on a 5-bit QC? • Answer: 2088459 = 2017 × 2027 • 2017 and 2027 differ by 2 bits; only 2 qubits of the 5 were used. • Numbers were cherry-picked. • More promising results with quantum annealing: • 376,289 = 571 × 659 was factored on D-wave 2000Q quantum annealer by Shuxian Jiang, Keith A. Britt, Travis S. Humble, and Sabre Kais (2018)
Quantum Computing Threats ? • Bitcoin uses 256-bit EC cryptography • To break a n-bit EC key a QC with 9n + 2 log2(n) + 10 qubits are needed (arXiv:1706.06752v3) • These need to be stable qubits • To "break bitcoin", this means 2,000 stable qubits are required • It's very difficult to build QCs with stable qubits, this is due to decoherence when entangled qubits interact with their environment • It's much easier to go from 1 to 2 qubits than to go from 100 to 101 qubits • Adding qubit n introduces n – 1 new interactions to the system • Breaking bitcoin requires a QC that can run Shor's algorithm • Most QCs can't run Shor's Algorithm except with a tiny number of qubits (like 5) • Largest number ever factored on a real QC using Shor's is 21 (5 bits, 2012). • Largest number ever factored on a real QC is 4,088,459 (22 bits) using IBM's 5-qubit processor (Grover's algorithm) • How could a 22-bit number be factored on a 5-bit QC? • Answer: 2088459 = 2017 × 2027 • 2017 and 2027 differ by 2 bits; only 2 qubits of the 5 were used. • Numbers were cherry-picked. • More promising results with quantum annealing: • 376,289 = 571 × 659 was factored on D-wave 2000Q quantum annealer by Shuxian Jiang, Keith A. Britt, Travis S. Humble, and Sabre Kais (2018) • Not cherry-picked, but these are still tiny numbers
Quantum Computing Threats ? • Bitcoin uses 256-bit EC cryptography • To break a n-bit EC key a QC with 9n + 2 log2(n) + 10 qubits are needed (arXiv:1706.06752v3) • These need to be stable qubits • To "break bitcoin", this means 2,000 stable qubits are required • It's very difficult to build QCs with stable qubits, this is due to decoherence when entangled qubits interact with their environment • It's much easier to go from 1 to 2 qubits than to go from 100 to 101 qubits • Adding qubit n introduces n – 1 new interactions to the system • Breaking bitcoin requires a QC that can run Shor's algorithm • Most QCs can't run Shor's Algorithm except with a tiny number of qubits (like 5) • Largest number ever factored on a real QC using Shor's is 21 (5 bits, 2012). • Largest number ever factored on a real QC is 4,088,459 (22 bits) using IBM's 5-qubit processor (Grover's algorithm) • How could a 22-bit number be factored on a 5-bit QC? • Answer: 2088459 = 2017 × 2027 • 2017 and 2027 differ by 2 bits; only 2 qubits of the 5 were used. • Numbers were cherry-picked. • More promising results with quantum annealing: • 376,289 = 571 × 659 was factored on D-wave 2000Q quantum annealer by Shuxian Jiang, Keith A. Britt, Travis S. Humble, and Sabre Kais (2018) • Not cherry-picked, but these are still tiny numbers • Does not use Shor's algorithm, but variant of Grover's algorithm. Doubtful if the method used can scale to large numbers
Quantum Computing Threats ? • Bitcoin uses 256-bit EC cryptography • To break a n-bit EC key a QC with 9n + 2 log2(n) + 10 qubits are needed (arXiv:1706.06752v3) • These need to be stable qubits • To "break bitcoin", this means 2,000 stable qubits are required • It's very difficult to build QCs with stable qubits, this is due to decoherence when entangled qubits interact with their environment • It's much easier to go from 1 to 2 qubits than to go from 100 to 101 qubits • Adding qubit n introduces n – 1 new interactions to the system • Breaking bitcoin requires a QC that can run Shor's algorithm • Most QCs can't run Shor's Algorithm except with a tiny number of qubits (like 5) • Largest number ever factored on a real QC using Shor's is 21 (5 bits, 2012). • Largest number ever factored on a real QC is 4,088,459 (22 bits) using IBM's 5-qubit processor (Grover's algorithm) • How could a 22-bit number be factored on a 5-bit QC? • Answer: 2088459 = 2017 × 2027 • 2017 and 2027 differ by 2 bits; only 2 qubits of the 5 were used. • Numbers were cherry-picked. • More promising results with quantum annealing: • 376,289 = 571 × 659 was factored on D-wave 2000Q quantum annealer by Shuxian Jiang, Keith A. Britt, Travis S. Humble, and Sabre Kais (2018) • Not cherry-picked, but these are still tiny numbers • Does not use Shor's algorithm, but variant of Grover's algorithm. Doubtful if the method used can scale to large numbers • If QC does break Bitcoin tomorrow, it will break everything else too. Banks, Governments, Hospitals, Airlines, Military, Big Tech...
Quantum Computing Threats ? • Bitcoin uses 256-bit EC cryptography • To break a n-bit EC key a QC with 9n + 2 log2(n) + 10 qubits are needed (arXiv:1706.06752v3) • These need to be stable qubits • To "break bitcoin", this means 2,000 stable qubits are required • It's very difficult to build QCs with stable qubits, this is due to decoherence when entangled qubits interact with their environment • It's much easier to go from 1 to 2 qubits than to go from 100 to 101 qubits • Adding qubit n introduces n – 1 new interactions to the system • Breaking bitcoin requires a QC that can run Shor's algorithm • Most QCs can't run Shor's Algorithm except with a tiny number of qubits (like 5) • Largest number ever factored on a real QC using Shor's is 21 (5 bits, 2012). • Largest number ever factored on a real QC is 4,088,459 (22 bits) using IBM's 5-qubit processor (Grover's algorithm) • How could a 22-bit number be factored on a 5-bit QC? • Answer: 2088459 = 2017 × 2027 • 2017 and 2027 differ by 2 bits; only 2 qubits of the 5 were used. • Numbers were cherry-picked. • More promising results with quantum annealing: • 376,289 = 571 × 659 was factored on D-wave 2000Q quantum annealer by Shuxian Jiang, Keith A. Britt, Travis S. Humble, and Sabre Kais (2018) • Not cherry-picked, but these are still tiny numbers • Does not use Shor's algorithm, but variant of Grover's algorithm. Doubtful if the method used can scale to large numbers • If QC does break Bitcoin tomorrow, it will break everything else too. Banks, Governments, Hospitals, Airlines, Military, Big Tech... • Such a QC would be the greatest weapon imaginable in information warfare
Quantum Computing Threats ? • Bitcoin uses 256-bit EC cryptography • To break a n-bit EC key a QC with 9n + 2 log2(n) + 10 qubits are needed (arXiv:1706.06752v3) • These need to be stable qubits • To "break bitcoin", this means 2,000 stable qubits are required • It's very difficult to build QCs with stable qubits, this is due to decoherence when entangled qubits interact with their environment • It's much easier to go from 1 to 2 qubits than to go from 100 to 101 qubits • Adding qubit n introduces n – 1 new interactions to the system • Breaking bitcoin requires a QC that can run Shor's algorithm • Most QCs can't run Shor's Algorithm except with a tiny number of qubits (like 5) • Largest number ever factored on a real QC using Shor's is 21 (5 bits, 2012). • Largest number ever factored on a real QC is 4,088,459 (22 bits) using IBM's 5-qubit processor (Grover's algorithm) • How could a 22-bit number be factored on a 5-bit QC? • Answer: 2088459 = 2017 × 2027 • 2017 and 2027 differ by 2 bits; only 2 qubits of the 5 were used. • Numbers were cherry-picked. • More promising results with quantum annealing: • 376,289 = 571 × 659 was factored on D-wave 2000Q quantum annealer by Shuxian Jiang, Keith A. Britt, Travis S. Humble, and Sabre Kais (2018) • Not cherry-picked, but these are still tiny numbers • Does not use Shor's algorithm, but variant of Grover's algorithm. Doubtful if the method used can scale to large numbers • If QC does break Bitcoin tomorrow, it will break everything else too. Banks, Governments, Hospitals, Airlines, Military, Big Tech... • Such a QC would be the greatest weapon imaginable in information warfare • No palpable sense of urgency from these entities to upgrade to post-quantum cryptography
Quantum Computing Threats ? • Bitcoin uses 256-bit EC cryptography • To break a n-bit EC key a QC with 9n + 2 log2(n) + 10 qubits are needed (arXiv:1706.06752v3) • These need to be stable qubits • To "break bitcoin", this means 2,000 stable qubits are required • It's very difficult to build QCs with stable qubits, this is due to decoherence when entangled qubits interact with their environment • It's much easier to go from 1 to 2 qubits than to go from 100 to 101 qubits • Adding qubit n introduces n – 1 new interactions to the system • Breaking bitcoin requires a QC that can run Shor's algorithm • Most QCs can't run Shor's Algorithm except with a tiny number of qubits (like 5) • Largest number ever factored on a real QC using Shor's is 21 (5 bits, 2012). • Largest number ever factored on a real QC is 4,088,459 (22 bits) using IBM's 5-qubit processor (Grover's algorithm) • How could a 22-bit number be factored on a 5-bit QC? • Answer: 2088459 = 2017 × 2027 • 2017 and 2027 differ by 2 bits; only 2 qubits of the 5 were used. • Numbers were cherry-picked. • More promising results with quantum annealing: • 376,289 = 571 × 659 was factored on D-wave 2000Q quantum annealer by Shuxian Jiang, Keith A. Britt, Travis S. Humble, and Sabre Kais (2018) • Not cherry-picked, but these are still tiny numbers • Does not use Shor's algorithm, but variant of Grover's algorithm. Doubtful if the method used can scale to large numbers • If QC does break Bitcoin tomorrow, it will break everything else too. Banks, Governments, Hospitals, Airlines, Military, Big Tech... • Such a QC would be the greatest weapon imaginable in information warfare • No palpable sense of urgency from these entities to upgrade to post-quantum cryptography • As things stand – a tiny computer such as an Apple watch is far better at breaking crypto and prime factorization than today's multi-million dollar QCs
Quantum Computing Threats ? • Bitcoin uses 256-bit EC cryptography • To break a n-bit EC key a QC with 9n + 2 log2(n) + 10 qubits are needed (arXiv:1706.06752v3) • These need to be stable qubits • To "break bitcoin", this means 2,000 stable qubits are required • It's very difficult to build QCs with stable qubits, this is due to decoherence when entangled qubits interact with their environment • It's much easier to go from 1 to 2 qubits than to go from 100 to 101 qubits • Adding qubit n introduces n – 1 new interactions to the system • Breaking bitcoin requires a QC that can run Shor's algorithm • Most QCs can't run Shor's Algorithm except with a tiny number of qubits (like 5) • Largest number ever factored on a real QC using Shor's is 21 (5 bits, 2012). • Largest number ever factored on a real QC is 4,088,459 (22 bits) using IBM's 5-qubit processor (Grover's algorithm) • How could a 22-bit number be factored on a 5-bit QC? • Answer: 2088459 = 2017 × 2027 • 2017 and 2027 differ by 2 bits; only 2 qubits of the 5 were used. • Numbers were cherry-picked. • More promising results with quantum annealing: • 376,289 = 571 × 659 was factored on D-wave 2000Q quantum annealer by Shuxian Jiang, Keith A. Britt, Travis S. Humble, and Sabre Kais (2018) • Not cherry-picked, but these are still tiny numbers • Does not use Shor's algorithm, but variant of Grover's algorithm. Doubtful if the method used can scale to large numbers • If QC does break Bitcoin tomorrow, it will break everything else too. Banks, Governments, Hospitals, Airlines, Military, Big Tech... • Such a QC would be the greatest weapon imaginable in information warfare • No palpable sense of urgency from these entities to upgrade to post-quantum cryptography • As things stand – a tiny computer such as an Apple watch is far better at breaking crypto and prime factorization than today's multi-million dollar QCs • Basically there's nothing to worry about.
The End BITCOIN FUNDAMENTALS N. P. O'DONNELL, MAYNOOTH UNIVERSITY
Questions? BITCOIN FUNDAMENTALS N. P. O'DONNELL, MAYNOOTH UNIVERSITY

More Related Content

PPTX
Introduction to Bitcoin
byLivares Technologies Pvt Ltd
 
PPTX
Cryptocurrencies 101 v5 public
byBrett Colbert
 
PPTX
Blockchain and bitcoin fundamentals (usages and applications)
byAmir Rafati
 
PDF
Bitcoin and the Rise of the Block Chains
byDallas Kennedy
 
PPTX
Cryptocurrencies 101 v3
byBrett Colbert
 
PPTX
Future of Bitcoin Mining- Josh Zerlan
byMediabistro
 
PPTX
Demysitifying Bitcoin and Blockchain
byGanesh Kondal
 
PPTX
Bitcoin - An introduction to a decentralised and anonymous currency
byAndyBrodieLocima
 
Introduction to Bitcoin
byLivares Technologies Pvt Ltd
 
Cryptocurrencies 101 v5 public
byBrett Colbert
 
Blockchain and bitcoin fundamentals (usages and applications)
byAmir Rafati
 
Bitcoin and the Rise of the Block Chains
byDallas Kennedy
 
Cryptocurrencies 101 v3
byBrett Colbert
 
Future of Bitcoin Mining- Josh Zerlan
byMediabistro
 
Demysitifying Bitcoin and Blockchain
byGanesh Kondal
 
Bitcoin - An introduction to a decentralised and anonymous currency
byAndyBrodieLocima
 

What's hot

PPTX
Overview of bitcoin
byAbdul Nasir
 
PPTX
Blockchain: A beginning of Era...
byRajesh Kumar
 
PDF
bitcoin pricing - jan2017
byPatrick Bucquet
 
PPTX
Digital currency
byMoaaz Mohamed
 
PPTX
#blockchain_hashin_bitcoin_cryptocurranies
byMoaaz Mohamed
 
PDF
Bitcoin 101 - Certified Bitcoin Professional Training Session
byLisa Cheng
 
PDF
Blockchain Тechnology - Introduction
byGalin Dinkov
 
PPTX
Meta X Blockchain Bootcamp
byMetaX
 
PDF
Bitcoin Transaction Malleability
bysrkedmi
 
PPTX
R1x g16 blockchain
bycairo university
 
PDF
2019 03 18_kenneth_simplebitcoinwebsite
byHu Kenneth
 
PDF
Blockchain Basics | What is it and how to use DLT & Crypto Technology
byMarcel Isler
 
PDF
Bitcoin intro
byblockchained
 
PDF
Bitcoin and Ransomware Analysis
byinder_barara
 
PDF
Bitcoin and Blockchain Technology: An Introduction
byFerdinando Maria Ametrano
 
PDF
Lightning Network
byFelix Crisan
 
PPTX
An Introduction to Blockchain
byArun Sharma
 
PPTX
Math in the News: Issue 99
byMedia4math
 
PDF
Start here-investing-in-cryptocurrency
byChris Helweg
 
PPTX
Bitcoin - Understanding and Assessing potential Opportunities
byQuasarVentures
 
Overview of bitcoin
byAbdul Nasir
 
Blockchain: A beginning of Era...
byRajesh Kumar
 
bitcoin pricing - jan2017
byPatrick Bucquet
 
Digital currency
byMoaaz Mohamed
 
#blockchain_hashin_bitcoin_cryptocurranies
byMoaaz Mohamed
 
Bitcoin 101 - Certified Bitcoin Professional Training Session
byLisa Cheng
 
Blockchain Тechnology - Introduction
byGalin Dinkov
 
Meta X Blockchain Bootcamp
byMetaX
 
Bitcoin Transaction Malleability
bysrkedmi
 
R1x g16 blockchain
bycairo university
 
2019 03 18_kenneth_simplebitcoinwebsite
byHu Kenneth
 
Blockchain Basics | What is it and how to use DLT & Crypto Technology
byMarcel Isler
 
Bitcoin intro
byblockchained
 
Bitcoin and Ransomware Analysis
byinder_barara
 
Bitcoin and Blockchain Technology: An Introduction
byFerdinando Maria Ametrano
 
Lightning Network
byFelix Crisan
 
An Introduction to Blockchain
byArun Sharma
 
Math in the News: Issue 99
byMedia4math
 
Start here-investing-in-cryptocurrency
byChris Helweg
 
Bitcoin - Understanding and Assessing potential Opportunities
byQuasarVentures
 

Similar to Bitcoin fundamentals

PPTX
Introduction to Blockchain
bymohammad alkhalil
 
ODP
CBGTBT - Part 2 - Blockchains 101
byBlockstrap.com
 
PDF
Intro to blockchain - Dapper Dev Bootcamp
byshotdsherrif
 
PPTX
Blockchain Technology
byRashi Singh
 
DOCX
UNIT I.docxcloud service management document anna university regulation 2021
byamrashbhanuabdul
 
PDF
Bitcoin Blockchain - Under the Hood
byGalin Dinkov
 
PPTX
Blockchain Blockchain Blockchain Lec 1.pptx
bynsyd08384
 
PDF
Blockchain Primer Part 1
bySanjay Basu
 
PPTX
Blockchain Interview Questions And Answers | Blockchain Technology Interview ...
bySimplilearn
 
PDF
Blockchain fundamentals
byNhất Linh Châu
 
PPTX
Block chain and its basic terminology include mining
byAvinashAvuthu2
 
PPTX
1 - Introduction to Blockchain Technology.pptx
byAugustine Malamsha
 
PPTX
Introduction to Blockchain & development
byAbdullah Aziz
 
PPTX
blockchain presentation 1 for the day 123
bysekarbangs1
 
PPTX
Block chain
bySaranya Krishnan
 
PDF
Blockchain: An Innovative Technology
byIJSRED
 
PDF
Applying Blockchain Technology for Digital Transformation
byGokul Alex
 
PPTX
Blockchain Demystified
byMahesh M Reddy
 
PPTX
MONEY ,BITCOIN,BLOCKCHAIN TECHNOLOGY
byHasHim Salim
 
PPTX
Introduction to Blockchain Web3 Session
byDSCIITPatna
 
Introduction to Blockchain
bymohammad alkhalil
 
CBGTBT - Part 2 - Blockchains 101
byBlockstrap.com
 
Intro to blockchain - Dapper Dev Bootcamp
byshotdsherrif
 
Blockchain Technology
byRashi Singh
 
UNIT I.docxcloud service management document anna university regulation 2021
byamrashbhanuabdul
 
Bitcoin Blockchain - Under the Hood
byGalin Dinkov
 
Blockchain Blockchain Blockchain Lec 1.pptx
bynsyd08384
 
Blockchain Primer Part 1
bySanjay Basu
 
Blockchain Interview Questions And Answers | Blockchain Technology Interview ...
bySimplilearn
 
Blockchain fundamentals
byNhất Linh Châu
 
Block chain and its basic terminology include mining
byAvinashAvuthu2
 
1 - Introduction to Blockchain Technology.pptx
byAugustine Malamsha
 
Introduction to Blockchain & development
byAbdullah Aziz
 
blockchain presentation 1 for the day 123
bysekarbangs1
 
Block chain
bySaranya Krishnan
 
Blockchain: An Innovative Technology
byIJSRED
 
Applying Blockchain Technology for Digital Transformation
byGokul Alex
 
Blockchain Demystified
byMahesh M Reddy
 
MONEY ,BITCOIN,BLOCKCHAIN TECHNOLOGY
byHasHim Salim
 
Introduction to Blockchain Web3 Session
byDSCIITPatna
 

Recently uploaded

PDF
Role of Training and Development in Enhancing Safety Performance in Opencast ...
byRathin Biswas
 
PDF
Creating a Multi-Agent Flow: Orchestrate multiple specialized agents into a p...
byJhonatan Salazar
 
PPTX
Optimum mesh size for various fishing gears by B2B.pptx
byB. BHASKAR
 
PDF
MoD_2.pptx solid rockets of the rocket.pdf
byrajaashish82988
 
PPTX
Why TPM Succeeds in Some Plants and Struggles in Others | MaintWiz
byMaintWiz Technologies Private Limited
 
PPTX
[Deck] What's New in Spark-Iceberg Integration via DSV2.pptx
bySzehon Ho
 
PPTX
ME3592 - Metrology and Measurements - Unit - 1 - Lecture Notes
bypprakash21252
 
PDF
Microcontroller Notes Final 2016 April june.pdf
bypmuiruri768
 
PDF
DAA Lab Manual ssit -kavya r.pdf or Digital Design and Analysis of Algorithm ...
bykavya R
 
PDF
AWS Re:Invent 2025 Recap by FivexL - Guilherme, Vladimir, Andrey
byAndrey Devyatkin
 
PPTX
The Hidden Cost of Bad Spare Parts Planning (And How AI CMMS Fixes It)
byMaintWiz Technologies Private Limited
 
PDF
Highway Curves in Transportation Engineering.pdf
byMahmoodKhalid11
 
PPTX
Presentation-WPS Office.pptx afgouvhyhgfccf
byEndaleTimerga
 
PDF
NS unit wise unit wise 1 -5 so prepare,.
bykumaransudhan1512
 
PDF
Shear Strength of Soil (Direct shear test).pdf
byMahmoodKhalid11
 
PDF
Applications of AI in Civil Engineering - Dr. Rohan Dasgupta
byRohan Dasgupta
 
PDF
Microeconomics Theory and Market Structure.pdf
byMahmoodKhalid11
 
PPTX
unit v awp IN ANTENNA AND WAVE PROP IN JNTUH
byTCEKPEDDAPALLI
 
PPTX
How Does LNG Regasification Work | INOXCVA
byINOXCVA
 
PPTX
INTEGRATED COMMUNICATION AND SENSING Presentation.pptx
byNanaAgyeman13
 
Role of Training and Development in Enhancing Safety Performance in Opencast ...
byRathin Biswas
 
Creating a Multi-Agent Flow: Orchestrate multiple specialized agents into a p...
byJhonatan Salazar
 
Optimum mesh size for various fishing gears by B2B.pptx
byB. BHASKAR
 
MoD_2.pptx solid rockets of the rocket.pdf
byrajaashish82988
 
Why TPM Succeeds in Some Plants and Struggles in Others | MaintWiz
byMaintWiz Technologies Private Limited
 
[Deck] What's New in Spark-Iceberg Integration via DSV2.pptx
bySzehon Ho
 
ME3592 - Metrology and Measurements - Unit - 1 - Lecture Notes
bypprakash21252
 
Microcontroller Notes Final 2016 April june.pdf
bypmuiruri768
 
DAA Lab Manual ssit -kavya r.pdf or Digital Design and Analysis of Algorithm ...
bykavya R
 
AWS Re:Invent 2025 Recap by FivexL - Guilherme, Vladimir, Andrey
byAndrey Devyatkin
 
The Hidden Cost of Bad Spare Parts Planning (And How AI CMMS Fixes It)
byMaintWiz Technologies Private Limited
 
Highway Curves in Transportation Engineering.pdf
byMahmoodKhalid11
 
Presentation-WPS Office.pptx afgouvhyhgfccf
byEndaleTimerga
 
NS unit wise unit wise 1 -5 so prepare,.
bykumaransudhan1512
 
Shear Strength of Soil (Direct shear test).pdf
byMahmoodKhalid11
 
Applications of AI in Civil Engineering - Dr. Rohan Dasgupta
byRohan Dasgupta
 
Microeconomics Theory and Market Structure.pdf
byMahmoodKhalid11
 
unit v awp IN ANTENNA AND WAVE PROP IN JNTUH
byTCEKPEDDAPALLI
 
How Does LNG Regasification Work | INOXCVA
byINOXCVA
 
INTEGRATED COMMUNICATION AND SENSING Presentation.pptx
byNanaAgyeman13
 

Bitcoin fundamentals

  • 1.
    Bitcoin Fundamentals N. P.O'DONNELL, MAYNOOTH UNIVERSITY
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
    Topics Covered •Blockchain •Blocks •Keys &Addresses •Scripting •Transactions
  • 8.
    Topics Covered •Blockchain •Blocks •Keys &Addresses •Scripting •Transactions •Proof-Of-Work & Mining
  • 9.
    Topics Covered •Blockchain •Blocks •Keys &Addresses •Scripting •Transactions •Proof-Of-Work & Mining •Attacks
  • 10.
    Topics Covered •Blockchain •Blocks •Keys &Addresses •Scripting •Transactions •Proof-Of-Work & Mining •Attacks •Quantum Computing Threats ?
  • 11.
    Blockchain BITCOIN FUNDAMENTALS N. P.O'DONNELL, MAYNOOTH UNIVERSITY
  • 12.
    What Is ABlockchain? Several Definitions:
  • 13.
    What Is ABlockchain? Several Definitions: •Over-used buzzword that many people don't understand
  • 14.
    What Is ABlockchain? Several Definitions: •Over-used buzzword that many people don't understand •A very slow database
  • 15.
    What Is ABlockchain? Several Definitions: •Over-used buzzword that many people don't understand •A very slow database •A database that can't be tampered with
  • 16.
    What Is ABlockchain? Several Definitions: •Over-used buzzword that many people don't understand •A very slow database •A database that can't be tampered with •An append-only database
  • 17.
    What Is ABlockchain? Several Definitions: •Over-used buzzword that many people don't understand •A very slow database •A database that can't be tampered with •An append-only database •A cryptographically verified database
  • 18.
    What Is ABlockchain? Several Definitions: •Over-used buzzword that many people don't understand •A very slow database •A database that can't be tampered with •An append-only database •A cryptographically verified database •A chain of blocks
  • 19.
    What Is ABlockchain? Several Definitions: •Over-used buzzword that many people don't understand •A very slow database •A database that can't be tampered with •An append-only database •A cryptographically verified database •An immutable, append-only, hashed, cryptographically verified, singly-linked chain of blocks
  • 20.
    What about Bitcoin'sblockchain? Since "blockchain" is an overloaded term, let's examine Bitcoin's blockchain alone, since it certainly fits the description.
  • 21.
    What about Bitcoin'sblockchain? Since "blockchain" is an overloaded term, let's examine Bitcoin's blockchain alone, since it certainly fits the description. •World's first blockchain (and always will be)
  • 22.
    What about Bitcoin'sblockchain? Since "blockchain" is an overloaded term, let's examine Bitcoin's blockchain alone, since it certainly fits the description. •World's first blockchain (and always will be) •World's most secure blockchain I.e. highest hash rate
  • 23.
    What about Bitcoin'sblockchain? Since "blockchain" is an overloaded term, let's examine Bitcoin's blockchain alone, since it certainly fits the description. •World's first blockchain (and always will be) •World's most secure blockchain I.e. highest hash rate •World's most famous blockchain
  • 24.
    What about Bitcoin'sblockchain? Since "blockchain" is an overloaded term, let's examine Bitcoin's blockchain alone, since it certainly fits the description. •World's first blockchain (and always will be) •World's most secure blockchain I.e. highest hash rate •World's most famous blockchain •Not the biggest blockchain (Ethereum is far bigger)
  • 25.
    What about Bitcoin'sblockchain? Since "blockchain" is an overloaded term, let's examine Bitcoin's blockchain alone, since it certainly fits the description. •World's first blockchain (and always will be) •World's most secure blockchain I.e. highest hash rate •World's most famous blockchain •Not the biggest blockchain (Ethereum is far bigger) •Each block contains block header plus N transactions where 0 ≤ N
  • 26.
    What about Bitcoin'sblockchain? Since "blockchain" is an overloaded term, let's examine Bitcoin's blockchain alone, since it certainly fits the description. •World's first blockchain (and always will be) •World's most secure blockchain I.e. highest hash rate •World's most famous blockchain •Not the biggest blockchain (Ethereum is far bigger) •Each block contains block header plus N transactions where 0 ≤ N •Each block is limited to 1MB*
  • 27.
    What about Bitcoin'sblockchain? Since "blockchain" is an overloaded term, let's examine Bitcoin's blockchain alone, since it certainly fits the description. •World's first blockchain (and always will be) •World's most secure blockchain I.e. highest hash rate •World's most famous blockchain •Not the biggest blockchain (Ethereum is far bigger) •Each block contains block header plus N transactions where 0 ≤ N •Each block is limited to 1MB* •New block generated every 10 minutes**
  • 28.
    What about Bitcoin'sblockchain? Since "blockchain" is an overloaded term, let's examine Bitcoin's blockchain alone, since it certainly fits the description. •World's first blockchain (and always will be) •World's most secure blockchain I.e. highest hash rate •World's most famous blockchain •Not the biggest blockchain (Ethereum is far bigger) •Each block contains block header plus N transactions where 0 ≤ N •Each block is limited to 1MB* •New block generated every 10 minutes** * Technically not true anymore, but block size still has a small, hard limit ** On average
  • 29.
    What about Bitcoin'sblockchain? HashMerkleRoot Block 0 HashPrevBlock HashMerkleRoot Block 1 HashPrevBlock HashMerkleRoot Block 2 HashPrevBlock HashMerkleRoot Block 3 The Times 03/Jan/2009 Chancellor on brink of second bailout for banks
  • 30.
    Blocks BITCOIN FUNDAMENTALS N. P.O'DONNELL, MAYNOOTH UNIVERSITY
  • 31.
    Structure Of ABitcoin Block Each Bitcoin block consists of:
  • 32.
    Structure Of ABitcoin Block Each Bitcoin block consists of: • Magic Number – Used to identify block as a bitcoin block. No cryptographic significance
  • 33.
    Structure Of ABitcoin Block Each Bitcoin block consists of: • Magic Number – Used to identify block as a bitcoin block. No cryptographic significance • Block Size
  • 34.
    Structure Of ABitcoin Block Each Bitcoin block consists of: • Magic Number – Used to identify block as a bitcoin block. No cryptographic significance • Block Size • Block header
  • 35.
    Structure Of ABitcoin Block Each Bitcoin block consists of: • Magic Number – Used to identify block as a bitcoin block. No cryptographic significance • Block Size • Block header • Transaction counter
  • 36.
    Structure Of ABitcoin Block Each Bitcoin block consists of: • Magic Number – Used to identify block as a bitcoin block. No cryptographic significance • Block Size • Block header • Transaction counter • The transactions themselves
  • 37.
    Structure Of ABitcoin Block Each Bitcoin block consists of: • Magic Number – Used to identify block as a bitcoin block. No cryptographic significance • Block Size • Block header • Transaction counter • The transactions themselvesEach Bitcoin block contains a block header. This is what is hashed and gives rise to the blockchain. The transactions themselves are not hashed, only the merkle root of the transactions. So technically it's a blockheader chain. Each block header contains:
  • 38.
    Structure Of ABitcoin Block Each Bitcoin block consists of: • Magic Number – Used to identify block as a bitcoin block. No cryptographic significance • Block Size • Block header • Transaction counter • The transactions themselvesEach Bitcoin block contains a block header. This is what is hashed and gives rise to the blockchain. The transactions themselves are not hashed, only the merkle root of the transactions. So technically it's a blockheader chain. Each block header contains: • Version
  • 39.
    Structure Of ABitcoin Block Each Bitcoin block consists of: • Magic Number – Used to identify block as a bitcoin block. No cryptographic significance • Block Size • Block header • Transaction counter • The transactions themselvesEach Bitcoin block contains a block header. This is what is hashed and gives rise to the blockchain. The transactions themselves are not hashed, only the merkle root of the transactions. So technically it's a blockheader chain. Each block header contains: • Version • HashPrevBlock – Hash of the previous block's header
  • 40.
    Structure Of ABitcoin Block Each Bitcoin block consists of: • Magic Number – Used to identify block as a bitcoin block. No cryptographic significance • Block Size • Block header • Transaction counter • The transactions themselvesEach Bitcoin block contains a block header. This is what is hashed and gives rise to the blockchain. The transactions themselves are not hashed, only the merkle root of the transactions. So technically it's a blockheader chain. Each block header contains: • Version • HashPrevBlock – Hash of the previous block's header • HashMerkleRoot – Hash of the merkle root of the transactions in this block. Just think of it as a hash of all the transactions treated as one blob of data
  • 41.
    Structure Of ABitcoin Block Each Bitcoin block consists of: • Magic Number – Used to identify block as a bitcoin block. No cryptographic significance • Block Size • Block header • Transaction counter • The transactions themselvesEach Bitcoin block contains a block header. This is what is hashed and gives rise to the blockchain. The transactions themselves are not hashed, only the merkle root of the transactions. So technically it's a blockheader chain. Each block header contains: • Version • HashPrevBlock – Hash of the previous block's header • HashMerkleRoot – Hash of the merkle root of the transactions in this block. Just think of it as a hash of all the transactions treated as one blob of data • Time
  • 42.
    Structure Of ABitcoin Block Each Bitcoin block consists of: • Magic Number – Used to identify block as a bitcoin block. No cryptographic significance • Block Size • Block header • Transaction counter • The transactions themselvesEach Bitcoin block contains a block header. This is what is hashed and gives rise to the blockchain. The transactions themselves are not hashed, only the merkle root of the transactions. So technically it's a blockheader chain. Each block header contains: • Version • HashPrevBlock – Hash of the previous block's header • HashMerkleRoot – Hash of the merkle root of the transactions in this block. Just think of it as a hash of all the transactions treated as one blob of data • Time • Bits – Current difficulty target (more on this later)
  • 43.
    Structure Of ABitcoin Block Each Bitcoin block consists of: • Magic Number – Used to identify block as a bitcoin block. No cryptographic significance • Block Size • Block header • Transaction counter • The transactions themselvesEach Bitcoin block contains a block header. This is what is hashed and gives rise to the blockchain. The transactions themselves are not hashed, only the merkle root of the transactions. So technically it's a blockheader chain. Each block header contains: • Version • HashPrevBlock – Hash of the previous block's header • HashMerkleRoot – Hash of the merkle root of the transactions in this block. Just think of it as a hash of all the transactions treated as one blob of data • Time • Bits – Current difficulty target (more on this later) • Nonce – Related to mining (more on this later)
  • 44.
    Keys & Addresses BITCOINFUNDAMENTALS N. P. O'DONNELL, MAYNOOTH UNIVERSITY
  • 45.
  • 46.
    Keys & Addresses P2PKHbitcoin address
  • 47.
    Keys & Addresses Whatis a Bitcoin address? Is it just a random string of characters?
  • 48.
    Keys & Addresses Whatis a Bitcoin address? Is it just a random string of characters? Answer: No
  • 49.
    Keys & Addresses Whatis a Bitcoin address? Is it just a random string of characters? Answer: No Each address is derived from a public key.
  • 50.
    Keys & Addresses Whatis a Bitcoin address? Is it just a random string of characters? Answer: No Each address is derived from a public key. Each public key is derived from a private key.
  • 51.
    Keys & Addresses Whatis a Bitcoin address? Is it just a random string of characters? Answer: No Each address is derived from a public key. Each public key is derived from a private key. Private Key Public Key Address
  • 52.
    Keys & Addresses Whatis a Bitcoin address? Is it just a random string of characters? Answer: No Each address is derived from a public key. Each public key is derived from a private key. Private Key Public Key Address Private Key Public Key Address
  • 53.
  • 54.
    Keys & Addresses PrivateKey: 0x69bc69641bd3111e47d55c40b8f1e912577c78edabb1c8ca5d2907bff7a93097
  • 55.
    Keys & Addresses PrivateKey: 0x69bc69641bd3111e47d55c40b8f1e912577c78edabb1c8ca5d2907bff7a93097 Private key is just a random number between 0 and 2256 - 232 - 29 - 28 - 27 - 26 - 24 – 1
  • 56.
    Keys & Addresses PrivateKey: 0x69bc69641bd3111e47d55c40b8f1e912577c78edabb1c8ca5d2907bff7a93097 Private key is just a random number between 0 and 2256 - 232 - 29 - 28 - 27 - 26 - 24 – 1 Generator point: 0x0279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798
  • 57.
    Keys & Addresses PrivateKey: 0x69bc69641bd3111e47d55c40b8f1e912577c78edabb1c8ca5d2907bff7a93097 Private key is just a random number between 0 and 2256 - 232 - 29 - 28 - 27 - 26 - 24 – 1 Generator point: 0x0279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798 To get the unique public key for this private key, we add the generator point to itself private key times.
  • 58.
    Keys & Addresses PrivateKey: 0x69bc69641bd3111e47d55c40b8f1e912577c78edabb1c8ca5d2907bff7a93097 Private key is just a random number between 0 and 2256 - 232 - 29 - 28 - 27 - 26 - 24 – 1 Generator point: 0x0279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798 To get the unique public key for this private key, we add the generator point to itself private key times. Public key: 0x0380864b7759a43923d2d0c99b142843fc306199a94995e55cb204d9a91fa09feb
  • 59.
    Keys & Addresses PrivateKey: 0x69bc69641bd3111e47d55c40b8f1e912577c78edabb1c8ca5d2907bff7a93097 Private key is just a random number between 0 and 2256 - 232 - 29 - 28 - 27 - 26 - 24 – 1 Generator point: 0x0279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798 To get the unique public key for this private key, we add the generator point to itself private key times. Public key: 0x0380864b7759a43923d2d0c99b142843fc306199a94995e55cb204d9a91fa09feb PubkeyHash = SHA256(RipeMD160(Public Key)) = 0xd8e5899f2589b7fa9df2513bf2366d2031f2d478
  • 60.
    Keys & Addresses PrivateKey: 0x69bc69641bd3111e47d55c40b8f1e912577c78edabb1c8ca5d2907bff7a93097 Private key is just a random number between 0 and 2256 - 232 - 29 - 28 - 27 - 26 - 24 – 1 Generator point: 0x0279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798 To get the unique public key for this private key, we add the generator point to itself private key times. Public key: 0x0380864b7759a43923d2d0c99b142843fc306199a94995e55cb204d9a91fa09feb PubkeyHash = SHA256(RipeMD160(Public Key)) = 0xd8e5899f2589b7fa9df2513bf2366d2031f2d478 VersionByte (0x00) | PubkeyHash = 0x00d8e5899f2589b7fa9df2513bf2366d2031f2d478
  • 61.
    Keys & Addresses PrivateKey: 0x69bc69641bd3111e47d55c40b8f1e912577c78edabb1c8ca5d2907bff7a93097 Private key is just a random number between 0 and 2256 - 232 - 29 - 28 - 27 - 26 - 24 – 1 Generator point: 0x0279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798 To get the unique public key for this private key, we add the generator point to itself private key times. Public key: 0x0380864b7759a43923d2d0c99b142843fc306199a94995e55cb204d9a91fa09feb PubkeyHash = SHA256(RipeMD160(Public Key)) = 0xd8e5899f2589b7fa9df2513bf2366d2031f2d478 VersionByte (0x00) | PubkeyHash = 0x00d8e5899f2589b7fa9df2513bf2366d2031f2d478 SHA2562(VersionByte | PubkeyHash)[:4] (Checksum) = 0x08c131a4
  • 62.
    Keys & Addresses PrivateKey: 0x69bc69641bd3111e47d55c40b8f1e912577c78edabb1c8ca5d2907bff7a93097 Private key is just a random number between 0 and 2256 - 232 - 29 - 28 - 27 - 26 - 24 – 1 Generator point: 0x0279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798 To get the unique public key for this private key, we add the generator point to itself private key times. Public key: 0x0380864b7759a43923d2d0c99b142843fc306199a94995e55cb204d9a91fa09feb PubkeyHash = SHA256(RipeMD160(Public Key)) = 0xd8e5899f2589b7fa9df2513bf2366d2031f2d478 VersionByte (0x00) | PubkeyHash = 0x00d8e5899f2589b7fa9df2513bf2366d2031f2d478 SHA2562(VersionByte | PubkeyHash)[:4] (Checksum) = 0x08c131a4 VersionByte | PubkeyHash | Checksum = 0x00d8e5899f2589b7fa9df2513bf2366d2031f2d47808c131a4
  • 63.
    Keys & Addresses PrivateKey: 0x69bc69641bd3111e47d55c40b8f1e912577c78edabb1c8ca5d2907bff7a93097 Private key is just a random number between 0 and 2256 - 232 - 29 - 28 - 27 - 26 - 24 – 1 Generator point: 0x0279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798 To get the unique public key for this private key, we add the generator point to itself private key times. Public key: 0x0380864b7759a43923d2d0c99b142843fc306199a94995e55cb204d9a91fa09feb PubkeyHash = SHA256(RipeMD160(Public Key)) = 0xd8e5899f2589b7fa9df2513bf2366d2031f2d478 VersionByte (0x00) | PubkeyHash = 0x00d8e5899f2589b7fa9df2513bf2366d2031f2d478 SHA2562(VersionByte | PubkeyHash)[:4] (Checksum) = 0x08c131a4 VersionByte | PubkeyHash | Checksum = 0x00d8e5899f2589b7fa9df2513bf2366d2031f2d47808c131a4 Base58CheckEncode(0x00d8e5899f2589b7fa9df2513bf2366d2031f2d47808c131a4) = 1LmqvzD5KgNs1a8tcibuiNNM1MfZxLr5pw
  • 64.
    Scripting BITCOIN FUNDAMENTALS N. P.O'DONNELL, MAYNOOTH UNIVERSITY
  • 65.
  • 66.
    Script • Bitcoin comeswith its own scripting language called "script"
  • 67.
    Script • Bitcoin comeswith its own scripting language called "script" • Script is used to lock and unlock funds
  • 68.
    Script • Bitcoin comeswith its own scripting language called "script" • Script is used to lock and unlock funds • All bitcoin transactions must use script. There is no other way to lock/unlock funds
  • 69.
    Script • Bitcoin comeswith its own scripting language called "script" • Script is used to lock and unlock funds • All bitcoin transactions must use script. There is no other way to lock/unlock funds • Script is non-turing-complete, which means it has no loops
  • 70.
    Script • Bitcoin comeswith its own scripting language called "script" • Script is used to lock and unlock funds • All bitcoin transactions must use script. There is no other way to lock/unlock funds • Script is non-turing-complete, which means it has no loops • Script is a stack-based language which runs in (what some people call) a VM
  • 71.
    Script • Bitcoin comeswith its own scripting language called "script" • Script is used to lock and unlock funds • All bitcoin transactions must use script. There is no other way to lock/unlock funds • Script is non-turing-complete, which means it has no loops • Script is a stack-based language which runs in (what some people call) a VM • VM is basically a giant switch statement (EvalScript in src/script/interpreter.cpp)
  • 72.
    Script • Bitcoin comeswith its own scripting language called "script" • Script is used to lock and unlock funds • All bitcoin transactions must use script. There is no other way to lock/unlock funds • Script is non-turing-complete, which means it has no loops • Script is a stack-based language which runs in (what some people call) a VM • VM is basically a giant switch statement (EvalScript in src/script/interpreter.cpp) • Giant switch statement is about 800 lines of C++
  • 73.
    Script • Bitcoin comeswith its own scripting language called "script" • Script is used to lock and unlock funds • All bitcoin transactions must use script. There is no other way to lock/unlock funds • Script is non-turing-complete, which means it has no loops • Script is a stack-based language which runs in (what some people call) a VM • VM is basically a giant switch statement (EvalScript in src/script/interpreter.cpp) • Giant switch statement is about 800 lines of C++ • Consensus-critical code !!!
  • 74.
  • 75.
  • 76.
    Script Interpreter Stack OP_3 OP_5OP_ADD OP_8 OP_EQUAL 3
  • 77.
    Script Interpreter Stack OP_3 OP_5OP_ADD OP_8 OP_EQUAL 5 3
  • 78.
    Script Interpreter Stack OP_3 OP_5OP_ADD OP_8 OP_EQUAL ADD 5 3
  • 79.
    Script Interpreter Stack OP_3 OP_5OP_ADD OP_8 OP_EQUAL 8
  • 80.
    Script Interpreter Stack OP_3 OP_5OP_ADD OP_8 OP_EQUAL 8 8
  • 81.
    Script Interpreter Stack OP_3 OP_5OP_ADD OP_8 OP_EQUAL OP_EQUAL 8 8
  • 82.
    Script Interpreter Stack OP_3 OP_5OP_ADD OP_8 OP_EQUAL TRUE
  • 83.
    Transactions BITCOIN FUNDAMENTALS N. P.O'DONNELL, MAYNOOTH UNIVERSITY
  • 84.
  • 85.
    Transactions Each transaction contains1 or more inputs and 1 or more outputs.
  • 86.
  • 87.
    Transactions • Each inputcontains a reference to exactly one output in a previous transaction.
  • 88.
    Transactions • Each inputcontains a reference to exactly one output in a previous transaction. • This is known as an "outpoint".
  • 89.
    Transactions • Each inputcontains a reference to exactly one output in a previous transaction. • This is known as an "outpoint". • Each input also contains a script.
  • 90.
    Transactions • Each inputcontains a reference to exactly one output in a previous transaction. • This is known as an "outpoint". • Each input also contains a script.
  • 91.
    Transactions • Each outputcontains a value in satoshis. (1 satoshi = 10-8BTC) • Each input contains a reference to exactly one output in a previous transaction. • This is known as an "outpoint". • Each input also contains a script.
  • 92.
    Transactions • Each outputcontains a value in satoshis. (1 satoshi = 10-8BTC) • Each output also contains a script • Each input contains a reference to exactly one output in a previous transaction. • This is known as an "outpoint". • Each input also contains a script.
  • 93.
  • 94.
    Transactions • In atransaction, a scriptSig from a TxIn (input) is contatenated with a scriptPubKey from a TxOut (output) to form a full script.
  • 95.
    Transactions • In atransaction, a scriptSig from a TxIn (input) is contatenated with a scriptPubKey from a TxOut (output) to form a full script. • This script is run by the script interpreter and if there's a TRUE at the top of the stack after the script is run, the transaction is a success and the funds can be unlocked and transferred to somebody else.
  • 96.
    Transactions • In atransaction, a scriptSig from a TxIn (input) is contatenated with a scriptPubKey from a TxOut (output) to form a full script. • This script is run by the script interpreter and if there's a TRUE at the top of the stack after the script is run, the transaction is a success and the funds can be unlocked and transferred to somebody else. • If there's anything other than a TRUE at the top of the stack, the transaction is deemed a failure and the funds remain locked.
  • 97.
    Transactions • In atransaction, a scriptSig from a TxIn (input) is contatenated with a scriptPubKey from a TxOut (output) to form a full script. • This script is run by the script interpreter and if there's a TRUE at the top of the stack after the script is run, the transaction is a success and the funds can be unlocked and transferred to somebody else. • If there's anything other than a TRUE at the top of the stack, the transaction is deemed a failure and the funds remain locked. • A transaction containing a scriptSig which fails to unlock funds will not be broadcast by nodes, and even some wallets may not broadcast it. This is an important spam-prevention mechanism which ensures only transactions which spend bitcoin in the form of fees, use network resources.
  • 98.
  • 99.
    Script Interpreter Stack <SIG> <PUBKEY>OP_DUP OP_HASH160 <PUBKEYHASH> OP_EQUALVERIFY OP_CHECKSIG
  • 100.
    Script Interpreter Stack <SIG> <PUBKEY>OP_DUP OP_HASH160 <PUBKEYHASH> OP_EQUALVERIFY OP_CHECKSIG ScriptSig (part of Input)
  • 101.
    Script Interpreter Stack <SIG> <PUBKEY>OP_DUP OP_HASH160 <PUBKEYHASH> OP_EQUALVERIFY OP_CHECKSIG ScriptPubKey (part of Output)
  • 102.
    Script Interpreter Stack <SIG> <PUBKEY>OP_DUP OP_HASH160 <PUBKEYHASH> OP_EQUALVERIFY OP_CHECKSIG <SIG>
  • 103.
    Script Interpreter Stack <SIG> <PUBKEY>OP_DUP OP_HASH160 <PUBKEYHASH> OP_EQUALVERIFY OP_CHECKSIG <PUBKEY> <SIG>
  • 104.
    Script Interpreter Stack <SIG> <PUBKEY>OP_DUP OP_HASH160 <PUBKEYHASH> OP_EQUALVERIFY OP_CHECKSIG OP_DUP <PUBKEY> <SIG>
  • 105.
    Script Interpreter Stack <SIG> <PUBKEY>OP_DUP OP_HASH160 <PUBKEYHASH> OP_EQUALVERIFY OP_CHECKSIG <PUBKEY> <PUBKEY> <SIG>
  • 106.
    Script Interpreter Stack <SIG> <PUBKEY>OP_DUP OP_HASH160 <PUBKEYHASH> OP_EQUALVERIFY OP_CHECKSIG OP_HASH160 <PUBKEY> <PUBKEY> <SIG>
  • 107.
    Script Interpreter Stack <SIG> <PUBKEY>OP_DUP OP_HASH160 <PUBKEYHASH> OP_EQUALVERIFY OP_CHECKSIG <PUBKEYHASH> <PUBKEY> <SIG>
  • 108.
    Script Interpreter Stack <SIG> <PUBKEY>OP_DUP OP_HASH160 <PUBKEYHASH> OP_EQUALVERIFY OP_CHECKSIG <PUBKEYHASH> <PUBKEYHASH> <PUBKEY> <SIG>
  • 109.
    Script Interpreter Stack <SIG> <PUBKEY>OP_DUP OP_HASH160 <PUBKEYHASH> OP_EQUALVERIFY OP_CHECKSIG OP_EQUALVERIFY <PUBKEYHASH> <PUBKEYHASH> <PUBKEY> <SIG>
  • 110.
    Script Interpreter Stack <SIG> <PUBKEY>OP_DUP OP_HASH160 <PUBKEYHASH> OP_EQUALVERIFY OP_CHECKSIG <PUBKEY> <SIG>
  • 111.
    Script Interpreter Stack <SIG> <PUBKEY>OP_DUP OP_HASH160 <PUBKEYHASH> OP_EQUALVERIFY OP_CHECKSIG OP_CHECKSIG <PUBKEY> <SIG>
  • 112.
    Script Interpreter Stack <SIG> <PUBKEY>OP_DUP OP_HASH160 <PUBKEYHASH> OP_EQUALVERIFY OP_CHECKSIG TRUE
  • 113.
    Proof-of-Work & Mining BITCOINFUNDAMENTALS N. P. O'DONNELL, MAYNOOTH UNIVERSITY
  • 114.
  • 115.
    Proof-Of-Work & Mining •Every bitcoin block has a 256-bit block ID (also called a block hash)
  • 116.
    Proof-Of-Work & Mining •Every bitcoin block has a 256-bit block ID (also called a block hash) • Ex. Block hash: 00000000000000000005b5a0046b4e542a11f790b3fca15964bc58ad7b4386a4
  • 117.
    Proof-Of-Work & Mining •Every bitcoin block has a 256-bit block ID (also called a block hash) • Ex. Block hash: 00000000000000000005b5a0046b4e542a11f790b3fca15964bc58ad7b4386a4 • Technically it’s a block header hash
  • 118.
    Proof-Of-Work & Mining •Every bitcoin block has a 256-bit block ID (also called a block hash) • Ex. Block hash: 00000000000000000005b5a0046b4e542a11f790b3fca15964bc58ad7b4386a4 • Technically it’s a block header hash • To get different block hashes, a miner changes the nonce field in the block header
  • 119.
    Proof-Of-Work & Mining •Every bitcoin block has a 256-bit block ID (also called a block hash) • Ex. Block hash: 00000000000000000005b5a0046b4e542a11f790b3fca15964bc58ad7b4386a4 • Technically it’s a block header hash • To get different block hashes, a miner changes the nonce field in the block header • Only block hashes below a threshold are accepted - this threshold is known as the difficulty
  • 120.
    Proof-Of-Work & Mining •Every bitcoin block has a 256-bit block ID (also called a block hash) • Ex. Block hash: 00000000000000000005b5a0046b4e542a11f790b3fca15964bc58ad7b4386a4 • Technically it’s a block header hash • To get different block hashes, a miner changes the nonce field in the block header • Only block hashes below a threshold are accepted - this threshold is known as the difficulty • This process continues until a hash below the threshold is found
  • 121.
    Proof-Of-Work & Mining •Every bitcoin block has a 256-bit block ID (also called a block hash) • Ex. Block hash: 00000000000000000005b5a0046b4e542a11f790b3fca15964bc58ad7b4386a4 • Technically it’s a block header hash • To get different block hashes, a miner changes the nonce field in the block header • Only block hashes below a threshold are accepted - this threshold is known as the difficulty • This process continues until a hash below the threshold is found • First miner to find this hash gets 12.5 BTC (EUR 82,818.68) - this is known as the block reward
  • 122.
    Proof-Of-Work & Mining •Every bitcoin block has a 256-bit block ID (also called a block hash) • Ex. Block hash: 00000000000000000005b5a0046b4e542a11f790b3fca15964bc58ad7b4386a4 • Technically it’s a block header hash • To get different block hashes, a miner changes the nonce field in the block header • Only block hashes below a threshold are accepted - this threshold is known as the difficulty • This process continues until a hash below the threshold is found • First miner to find this hash gets 12.5 BTC (EUR 82,818.68) - this is known as the block reward • This happens every 10 minutes
  • 123.
    Proof-Of-Work & Mining •Every bitcoin block has a 256-bit block ID (also called a block hash) • Ex. Block hash: 00000000000000000005b5a0046b4e542a11f790b3fca15964bc58ad7b4386a4 • Technically it’s a block header hash • To get different block hashes, a miner changes the nonce field in the block header • Only block hashes below a threshold are accepted - this threshold is known as the difficulty • This process continues until a hash below the threshold is found • First miner to find this hash gets 12.5 BTC (EUR 82,818.68) - this is known as the block reward • This happens every 10 minutes • Each day ~ EUR 5,962,800.95 of new BTC is mined
  • 124.
    Proof-Of-Work & Mining •Every bitcoin block has a 256-bit block ID (also called a block hash) • Ex. Block hash: 00000000000000000005b5a0046b4e542a11f790b3fca15964bc58ad7b4386a4 • Technically it’s a block header hash • To get different block hashes, a miner changes the nonce field in the block header • Only block hashes below a threshold are accepted - this threshold is known as the difficulty • This process continues until a hash below the threshold is found • First miner to find this hash gets 12.5 BTC (EUR 82,818.68) - this is known as the block reward • This happens every 10 minutes • Each day ~ EUR 5,962,800.95 of new BTC is mined • Difficulty adjusted every 2,016 blocks
  • 125.
    Proof-Of-Work & Mining •Every bitcoin block has a 256-bit block ID (also called a block hash) • Ex. Block hash: 00000000000000000005b5a0046b4e542a11f790b3fca15964bc58ad7b4386a4 • Technically it’s a block header hash • To get different block hashes, a miner changes the nonce field in the block header • Only block hashes below a threshold are accepted - this threshold is known as the difficulty • This process continues until a hash below the threshold is found • First miner to find this hash gets 12.5 BTC (EUR 82,818.68) - this is known as the block reward • This happens every 10 minutes • Each day ~ EUR 5,962,800.95 of new BTC is mined • Difficulty adjusted every 2,016 blocks • Block reward halved every 210,000 blocks
  • 126.
    Proof-Of-Work & Mining •Every bitcoin block has a 256-bit block ID (also called a block hash) • Ex. Block hash: 00000000000000000005b5a0046b4e542a11f790b3fca15964bc58ad7b4386a4 • Technically it’s a block header hash • To get different block hashes, a miner changes the nonce field in the block header • Only block hashes below a threshold are accepted - this threshold is known as the difficulty • This process continues until a hash below the threshold is found • First miner to find this hash gets 12.5 BTC (EUR 82,818.68) - this is known as the block reward • This happens every 10 minutes • Each day ~ EUR 5,962,800.95 of new BTC is mined • Difficulty adjusted every 2,016 blocks • Block reward halved every 210,000 blocks • Bitcoin mining uses the SHA-256 hash algorithm
  • 127.
    Proof-Of-Work & Mining •Every bitcoin block has a 256-bit block ID (also called a block hash) • Ex. Block hash: 00000000000000000005b5a0046b4e542a11f790b3fca15964bc58ad7b4386a4 • Technically it’s a block header hash • To get different block hashes, a miner changes the nonce field in the block header • Only block hashes below a threshold are accepted - this threshold is known as the difficulty • This process continues until a hash below the threshold is found • First miner to find this hash gets 12.5 BTC (EUR 82,818.68) - this is known as the block reward • This happens every 10 minutes • Each day ~ EUR 5,962,800.95 of new BTC is mined • Difficulty adjusted every 2,016 blocks • Block reward halved every 210,000 blocks • Bitcoin mining uses the SHA-256 hash algorithm • All bitcoin Block IDs can be calculated with sha256(sha256(BlockHeader))
  • 128.
    Proof-Of-Work & Mining •Every bitcoin block has a 256-bit block ID (also called a block hash) • Ex. Block hash: 00000000000000000005b5a0046b4e542a11f790b3fca15964bc58ad7b4386a4 • Technically it’s a block header hash • To get different block hashes, a miner changes the nonce field in the block header • Only block hashes below a threshold are accepted - this threshold is known as the difficulty • This process continues until a hash below the threshold is found • First miner to find this hash gets 12.5 BTC (EUR 82,818.68) - this is known as the block reward • This happens every 10 minutes • Each day ~ EUR 5,962,800.95 of new BTC is mined • Difficulty adjusted every 2,016 blocks • Block reward halved every 210,000 blocks • Bitcoin mining uses the SHA-256 hash algorithm • All bitcoin Block IDs can be calculated with sha256(sha256(BlockHeader)) • Mining can be done on any kind of hardware but is best done on specialized hardware
  • 129.
  • 130.
    Mining Hardware Comparison 5.2MH/sCore i7 3930k ($220)
  • 131.
    Mining Hardware Comparison 749.23MH/s 5.2 MH/sCore i7 3930k ($220) Tesla S2070 ($18,995)
  • 132.
    Mining Hardware Comparison 749.23MH/s 5.2 MH/s 16 TH/s Core i7 3930k ($220) Tesla S2070 ($18,995) Antminer S9 (about $300)
  • 133.
    Mining Hardware Comparison 749.23MH/s 5.2 MH/s 16 TH/s Core i7 3930k ($220) Tesla S2070 ($18,995) Antminer S9 (about $300) Tesla is 144 X faster than i7
  • 134.
    Mining Hardware Comparison 749.23MH/s 5.2 MH/s 16 TH/s Core i7 3930k ($220) Tesla S2070 ($18,995) Antminer S9 (about $300) Tesla is 144 X faster than i7 S9 is 21,355 X faster than Tesla
  • 135.
  • 136.
    Bitcoin Mining Farm (Somewhereon Earth) 3,075,120 i7s
  • 137.
    Bitcoin Mining Farm (Somewhereon Earth) 3,075,120 i7s • Many such mining farms on earth
  • 138.
    Bitcoin Mining Farm (Somewhereon Earth) 3,075,120 i7s • Many such mining farms on earth • Often in secret locations
  • 139.
    Bitcoin Mining Farm (Somewhereon Earth) 3,075,120 i7s • Many such mining farms on earth • Often in secret locations • Impossible to find their locations
  • 140.
    Bitcoin Mining Farm (Somewhereon Earth) 3,075,120 i7s • Many such mining farms on earth • Often in secret locations • Impossible to find their locations • Usually in cold countries with cheap electricity
  • 141.
    Bitcoin Mining Farm (Somewhereon Earth) 3,075,120 i7s • Many such mining farms on earth • Often in secret locations • Impossible to find their locations • Usually in cold countries with cheap electricity • Bitcoin mining uses enough electricity to power 3 Irelands
  • 142.
    Bitcoin Mining Farm (Somewhereon Earth) 3,075,120 i7s • Many such mining farms on earth • Often in secret locations • Impossible to find their locations • Usually in cold countries with cheap electricity • Bitcoin mining uses enough electricity to power 3 Irelands • Many rumors about who is mining Bitcoin
  • 143.
    Bitcoin Mining Farm (Somewhereon Earth) 3,075,120 i7s • Many such mining farms on earth • Often in secret locations • Impossible to find their locations • Usually in cold countries with cheap electricity • Bitcoin mining uses enough electricity to power 3 Irelands • Many rumors about who is mining Bitcoin • One thing we do know: more mining farms are springing up because the hash rate is growing
  • 144.
    Bitcoin Mining Farm (Somewhereon Earth) 3,075,120 i7s • Many such mining farms on earth • Often in secret locations • Impossible to find their locations • Usually in cold countries with cheap electricity • Bitcoin mining uses enough electricity to power 3 Irelands • Many rumors about who is mining Bitcoin • One thing we do know: more mining farms are springing up because the hash rate is growing • How do we know this ?
  • 145.
  • 146.
  • 147.
  • 148.
    Finding The NetworkHash Rate The "Great Crash" of 2017
  • 149.
    Finding The NetworkHash Rate 1,923,076,923,077 i7s
  • 150.
    Finding The NetworkHash Rate But how does blockchain.info know the hash rate ?
  • 151.
    Finding The NetworkHash Rate But how does blockchain.info know the hash rate ? Nobody knows where all the mining farms are.
  • 152.
    Finding The NetworkHash Rate But how does blockchain.info know the hash rate ? Nobody knows where all the mining farms are. Answer: They use math
  • 153.
  • 154.
  • 155.
    Proof-Of-Work & Mining PBH= 1 "The mining equation"
  • 156.
    Proof-Of-Work & Mining PBH= 1 "The mining equation" P = probability of mining block below difficulty target in 1 try
  • 157.
    Proof-Of-Work & Mining PBH= 1 "The mining equation" P = probability of mining block below difficulty target in 1 try B = block time (s)
  • 158.
    Proof-Of-Work & Mining PBH= 1 "The mining equation" P = probability of mining block below difficulty target in 1 try B = block time (s) H = # of tries per second, a.k.a. hash rate (h/s)
  • 159.
    Proof-Of-Work & Mining PBH= 1 "The mining equation" P = probability of mining block below difficulty target in 1 try B = block time (s) H = # of tries per second, a.k.a. hash rate (h/s) P = 1/BH B = 1/PH H = 1/PB
  • 160.
    Example Hash RateCalculation Probability of mining a block in single attempt is 0.1. I'm trying 10 hashes per second, what is my block time?
  • 161.
    Example Hash RateCalculation Probability of mining a block in single attempt is 0.1. I'm trying 10 hashes per second, what is my block time? P = 0.1
  • 162.
    Example Hash RateCalculation Probability of mining a block in single attempt is 0.1. I'm trying 10 hashes per second, what is my block time? P = 0.1 H = 10
  • 163.
    Example Hash RateCalculation Probability of mining a block in single attempt is 0.1. I'm trying 10 hashes per second, what is my block time? P = 0.1 H = 10 B = 1/PH
  • 164.
    Example Hash RateCalculation Probability of mining a block in single attempt is 0.1. I'm trying 10 hashes per second, what is my block time? P = 0.1 H = 10 B = 1/PH B = 1/(0.1 × 10)
  • 165.
    Example Hash RateCalculation Probability of mining a block in single attempt is 0.1. I'm trying 10 hashes per second, what is my block time? P = 0.1 H = 10 B = 1/PH B = 1/(0.1 × 10) B = 1/1
  • 166.
    Example Hash RateCalculation Probability of mining a block in single attempt is 0.1. I'm trying 10 hashes per second, what is my block time? P = 0.1 H = 10 B = 1/PH B = 1/(0.1 × 10) B = 1/1 Average block time is 1 second
  • 167.
    Example Hash RateCalculation Let's try a real example!
  • 168.
    Example Hash RateCalculation The home page of blockchain.info looks like this: What is the current network hash rate?
  • 169.
    Example Hash RateCalculation We have:
  • 170.
    Example Hash RateCalculation We have: • 8 most recent block hashes: • 000000000000000000156ef4be0d0c90b655f9fb08fac67aa151032bfcdfa51a • 0000000000000000000dd8b04dcf588433bbb4838d20ea8e3682c5b5328f3934 • 0000000000000000000ba39636a6dd75584f400da3217c5aec4d91116307243c • 0000000000000000000c65f787061574865988894a721900fe46dbbe85580950 • 0000000000000000000825524292c9ad4938a85c3a0cd08965182272912d087d • 00000000000000000013f660755e5aa1f9daf8eaa0663a4ecddd17d75e608d05 • 00000000000000000010f252e6a289adcdcce0577afa29d9f62082b7a416bc41 • 000000000000000000050de301e9b99dcc253f51b186a3d6333ae5c5f9a2f22b
  • 171.
    Example Hash RateCalculation We have: • 8 most recent block hashes: • 000000000000000000156ef4be0d0c90b655f9fb08fac67aa151032bfcdfa51a • 0000000000000000000dd8b04dcf588433bbb4838d20ea8e3682c5b5328f3934 • 0000000000000000000ba39636a6dd75584f400da3217c5aec4d91116307243c • 0000000000000000000c65f787061574865988894a721900fe46dbbe85580950 • 0000000000000000000825524292c9ad4938a85c3a0cd08965182272912d087d • 00000000000000000013f660755e5aa1f9daf8eaa0663a4ecddd17d75e608d05 • 00000000000000000010f252e6a289adcdcce0577afa29d9f62082b7a416bc41 • 000000000000000000050de301e9b99dcc253f51b186a3d6333ae5c5f9a2f22b • 8 most recent block timestamps: • 2019-12-06 02:37 • 2019-12-06 02:19 • 2019-12-06 02:12 • 2019-12-06 01:46 • 2019-12-06 01:44 • 2019-12-06 01:26 • 2019-12-06 01:24 • 2019-12-06 01:15
  • 172.
    Example Hash RateCalculation We want: • P (probability of finding correct hash in one try) • B (block time) • So we can solve H = 1/PB
  • 173.
    Example Hash RateCalculation B is easier to find so we'll start with it.
  • 174.
    Example Hash RateCalculation B is easier to find so we'll start with it. Step 1: Convert 8 timestamps into seconds: • 2019-12-06 02:37 • 2019-12-06 02:19 • 2019-12-06 02:12 • 2019-12-06 01:46 • 2019-12-06 01:44 • 2019-12-06 01:26 • 2019-12-06 01:24 • 2019-12-06 01:15
  • 175.
    Example Hash RateCalculation B is easier to find so we'll start with it. Step 1: Convert 8 timestamps into seconds: • 2019-12-06 02:37 => 1575599820 • 2019-12-06 02:19 => 1575598740 • 2019-12-06 02:12 => 1575598320 • 2019-12-06 01:46 => 1575596760 • 2019-12-06 01:44 => 1575596640 • 2019-12-06 01:26 => 1575595560 • 2019-12-06 01:24 => 1575595440 • 2019-12-06 01:15 => 1575594900
  • 176.
    Example Hash RateCalculation B is easier to find so we'll start with it. Step 1: Convert 8 timestamps into seconds: • 2019-12-06 02:37 => 1575599820 • 2019-12-06 02:19 => 1575598740 • 2019-12-06 02:12 => 1575598320 • 2019-12-06 01:46 => 1575596760 • 2019-12-06 01:44 => 1575596640 • 2019-12-06 01:26 => 1575595560 • 2019-12-06 01:24 => 1575595440 • 2019-12-06 01:15 => 1575594900 Step 2: Calculate intervals • 1575599820 – 1575598740 • 1575598740 – 1575598320 • 1575598320 - 1575596760 • 1575596760 - 1575596640 • 1575596640 - 1575595560 • 1575595560 - 1575595440 • 1575595440 - 1575594900
  • 177.
    Example Hash RateCalculation B is easier to find so we'll start with it. Step 1: Convert 8 timestamps into seconds: • 2019-12-06 02:37 => 1575599820 • 2019-12-06 02:19 => 1575598740 • 2019-12-06 02:12 => 1575598320 • 2019-12-06 01:46 => 1575596760 • 2019-12-06 01:44 => 1575596640 • 2019-12-06 01:26 => 1575595560 • 2019-12-06 01:24 => 1575595440 • 2019-12-06 01:15 => 1575594900 Step 2: Calculate intervals • 1575599820 – 1575598740 = 1080 • 1575598740 – 1575598320 = 420 • 1575598320 - 1575596760 = 1560 • 1575596760 - 1575596640 = 120 • 1575596640 - 1575595560 = 1080 • 1575595560 - 1575595440 = 120 • 1575595440 - 1575594900 = 540
  • 178.
    Example Hash RateCalculation B is easier to find so we'll start with it. Step 1: Convert 8 timestamps into seconds: • 2019-12-06 02:37 => 1575599820 • 2019-12-06 02:19 => 1575598740 • 2019-12-06 02:12 => 1575598320 • 2019-12-06 01:46 => 1575596760 • 2019-12-06 01:44 => 1575596640 • 2019-12-06 01:26 => 1575595560 • 2019-12-06 01:24 => 1575595440 • 2019-12-06 01:15 => 1575594900 Step 2: Calculate intervals • 1575599820 – 1575598740 = 1080 • 1575598740 – 1575598320 = 420 • 1575598320 - 1575596760 = 1560 • 1575596760 - 1575596640 = 120 • 1575596640 - 1575595560 = 1080 • 1575595560 - 1575595440 = 120 • 1575595440 - 1575594900 = 540 Step 3: Compute median: 120 120 420 540 1080 1080 1560
  • 179.
    Example Hash RateCalculation B is easier to find so we'll start with it. Step 1: Convert 8 timestamps into seconds: • 2019-12-06 02:37 => 1575599820 • 2019-12-06 02:19 => 1575598740 • 2019-12-06 02:12 => 1575598320 • 2019-12-06 01:46 => 1575596760 • 2019-12-06 01:44 => 1575596640 • 2019-12-06 01:26 => 1575595560 • 2019-12-06 01:24 => 1575595440 • 2019-12-06 01:15 => 1575594900 Step 2: Calculate intervals • 1575599820 – 1575598740 = 1080 • 1575598740 – 1575598320 = 420 • 1575598320 - 1575596760 = 1560 • 1575596760 - 1575596640 = 120 • 1575596640 - 1575595560 = 1080 • 1575595560 - 1575595440 = 120 • 1575595440 - 1575594900 = 540 Step 3: Compute median: 120 120 420 540 1080 1080 1560 • => B = 540
  • 180.
    Example Hash RateCalculation To find P, we can average the block hashes of the last 8 blocks, then multiply by 2 to get the difficulty target. We then express that as a fraction of 2256. •
  • 181.
    Example Hash RateCalculation To find P, we can average the block hashes of the last 8 blocks, then multiply by 2 to get the difficulty target. We then express that as a fraction of 2256. Reasoning: If I keep asking to choose numbers between 1 and 100, and write down only the numbers below 10, the average of the numbers I write down will be 5. •
  • 182.
    Example Hash RateCalculation 0x000000000000000000156ef4be0d0c90b655f9fb08fac67aa151032bfcdfa51a 0x0000000000000000000dd8b04dcf588433bbb4838d20ea8e3682c5b5328f3934 0x0000000000000000000ba39636a6dd75584f400da3217c5aec4d91116307243c 0x0000000000000000000c65f787061574865988894a721900fe46dbbe85580950 0x0000000000000000000825524292c9ad4938a85c3a0cd08965182272912d087d 0x00000000000000000013f660755e5aa1f9daf8eaa0663a4ecddd17d75e608d05 0x00000000000000000010f252e6a289adcdcce0577afa29d9f62082b7a416bc41 + 0x000000000000000000050de301e9b99dcc253f51b186a3d6333ae5c5f9a2f22b
  • 183.
    Example Hash RateCalculation 0x000000000000000000156ef4be0d0c90b655f9fb08fac67aa151032bfcdfa51a 0x0000000000000000000dd8b04dcf588433bbb4838d20ea8e3682c5b5328f3934 0x0000000000000000000ba39636a6dd75584f400da3217c5aec4d91116307243c 0x0000000000000000000c65f787061574865988894a721900fe46dbbe85580950 0x0000000000000000000825524292c9ad4938a85c3a0cd08965182272912d087d 0x00000000000000000013f660755e5aa1f9daf8eaa0663a4ecddd17d75e608d05 0x00000000000000000010f252e6a289adcdcce0577afa29d9f62082b7a416bc41 + 0x000000000000000000050de301e9b99dcc253f51b186a3d6333ae5c5f9a2f22b 0x6d6d1b6a06bf99a5c038058aa31eed1eb8d878a5154fc8
  • 184.
    Example Hash RateCalculation 0x000000000000000000156ef4be0d0c90b655f9fb08fac67aa151032bfcdfa51a 0x0000000000000000000dd8b04dcf588433bbb4838d20ea8e3682c5b5328f3934 0x0000000000000000000ba39636a6dd75584f400da3217c5aec4d91116307243c 0x0000000000000000000c65f787061574865988894a721900fe46dbbe85580950 0x0000000000000000000825524292c9ad4938a85c3a0cd08965182272912d087d 0x00000000000000000013f660755e5aa1f9daf8eaa0663a4ecddd17d75e608d05 0x00000000000000000010f252e6a289adcdcce0577afa29d9f62082b7a416bc41 + 0x000000000000000000050de301e9b99dcc253f51b186a3d6333ae5c5f9a2f22b 0x6d6d1b6a06bf99a5c038058aa31eed1eb8d878a5154fc8 ÷ 0x04
  • 185.
    Example Hash RateCalculation 0x000000000000000000156ef4be0d0c90b655f9fb08fac67aa151032bfcdfa51a 0x0000000000000000000dd8b04dcf588433bbb4838d20ea8e3682c5b5328f3934 0x0000000000000000000ba39636a6dd75584f400da3217c5aec4d91116307243c 0x0000000000000000000c65f787061574865988894a721900fe46dbbe85580950 0x0000000000000000000825524292c9ad4938a85c3a0cd08965182272912d087d 0x00000000000000000013f660755e5aa1f9daf8eaa0663a4ecddd17d75e608d05 0x00000000000000000010f252e6a289adcdcce0577afa29d9f62082b7a416bc41 + 0x000000000000000000050de301e9b99dcc253f51b186a3d6333ae5c5f9a2f22b 0x6d6d1b6a06bf99a5c038058aa31eed1eb8d878a5154fc8 ÷ 0x04 0x1b5b46da81afe669700e0162a8c7bb47ae361e294553f2
  • 186.
    Example Hash RateCalculation 0x000000000000000000156ef4be0d0c90b655f9fb08fac67aa151032bfcdfa51a 0x0000000000000000000dd8b04dcf588433bbb4838d20ea8e3682c5b5328f3934 0x0000000000000000000ba39636a6dd75584f400da3217c5aec4d91116307243c 0x0000000000000000000c65f787061574865988894a721900fe46dbbe85580950 0x0000000000000000000825524292c9ad4938a85c3a0cd08965182272912d087d 0x00000000000000000013f660755e5aa1f9daf8eaa0663a4ecddd17d75e608d05 0x00000000000000000010f252e6a289adcdcce0577afa29d9f62082b7a416bc41 + 0x000000000000000000050de301e9b99dcc253f51b186a3d6333ae5c5f9a2f22b 0x6d6d1b6a06bf99a5c038058aa31eed1eb8d878a5154fc8 ÷ 0x04 0x1b5b46da81afe669700e0162a8c7bb47ae361e294553f2 ÷ 0x020x100
  • 187.
    Example Hash RateCalculation 0x000000000000000000156ef4be0d0c90b655f9fb08fac67aa151032bfcdfa51a 0x0000000000000000000dd8b04dcf588433bbb4838d20ea8e3682c5b5328f3934 0x0000000000000000000ba39636a6dd75584f400da3217c5aec4d91116307243c 0x0000000000000000000c65f787061574865988894a721900fe46dbbe85580950 0x0000000000000000000825524292c9ad4938a85c3a0cd08965182272912d087d 0x00000000000000000013f660755e5aa1f9daf8eaa0663a4ecddd17d75e608d05 0x00000000000000000010f252e6a289adcdcce0577afa29d9f62082b7a416bc41 + 0x000000000000000000050de301e9b99dcc253f51b186a3d6333ae5c5f9a2f22b 0x6d6d1b6a06bf99a5c038058aa31eed1eb8d878a5154fc8 ÷ 0x04 0x1b5b46da81afe669700e0162a8c7bb47ae361e294553f2 ÷ 0x020x100 0.0000000000000000000000226...
  • 188.
    Example Hash RateCalculation 0x000000000000000000156ef4be0d0c90b655f9fb08fac67aa151032bfcdfa51a 0x0000000000000000000dd8b04dcf588433bbb4838d20ea8e3682c5b5328f3934 0x0000000000000000000ba39636a6dd75584f400da3217c5aec4d91116307243c 0x0000000000000000000c65f787061574865988894a721900fe46dbbe85580950 0x0000000000000000000825524292c9ad4938a85c3a0cd08965182272912d087d 0x00000000000000000013f660755e5aa1f9daf8eaa0663a4ecddd17d75e608d05 0x00000000000000000010f252e6a289adcdcce0577afa29d9f62082b7a416bc41 + 0x000000000000000000050de301e9b99dcc253f51b186a3d6333ae5c5f9a2f22b 0x6d6d1b6a06bf99a5c038058aa31eed1eb8d878a5154fc8 ÷ 0x04 0x1b5b46da81afe669700e0162a8c7bb47ae361e294553f2 ÷ 0x020x100 0.0000000000000000000000226... => P = 0.0000000000000000000000226
  • 189.
    Example Hash RateCalculation H = 1/PB
  • 190.
    Example Hash RateCalculation H = 1/PB H = 1/(0.0000000000000000000000226 × 540)
  • 191.
    Example Hash RateCalculation H = 1/PB H = 1/(0.0000000000000000000000226 × 540) H = 81836032937956668986
  • 192.
    Example Hash RateCalculation H = 1/PB H = 1/(0.0000000000000000000000226 × 540) H = 81836032937956668986 H = 81,836,032,937,956,668,986
  • 193.
    Example Hash RateCalculation H = 1/PB H = 1/(0.0000000000000000000000226 × 540) H = 81836032937956668986 H = 81,836,032,937,956,668,986 H = 81.8 EH/s
  • 194.
    Example Hash RateCalculation H = 1/PB H = 1/(0.0000000000000000000000226 × 540) H = 81836032937956668986 H = 81,836,032,937,956,668,986 H = 81.8 EH/s Within 10% of the correct answer. Only out by a few quintillion !
  • 195.
    Attacks BITCOIN FUNDAMENTALS N. P.O'DONNELL, MAYNOOTH UNIVERSITY
  • 196.
  • 197.
    Key Guessing Attack •If you can successfully guess somebody's private key, you can take all their bitcoin
  • 198.
    Key Guessing Attack •If you can successfully guess somebody's private key, you can take all their bitcoin • Individual addresses have 256-bit security
  • 199.
    Key Guessing Attack •If you can successfully guess somebody's private key, you can take all their bitcoin • Individual addresses have 256-bit security • Assuming a good RNG was used, the chance of correctly guessing are virtually zero
  • 200.
    Key Guessing Attack •If you can successfully guess somebody's private key, you can take all their bitcoin • Individual addresses have 256-bit security • Assuming a good RNG was used, the chance of correctly guessing are virtually zero • Not the case if you use "brain wallets" which are insecure
  • 201.
    Key Guessing Attack •If you can successfully guess somebody's private key, you can take all their bitcoin • Individual addresses have 256-bit security • Assuming a good RNG was used, the chance of correctly guessing are virtually zero • Not the case if you use "brain wallets" which are insecure • Don't use brain wallets!
  • 202.
    Key Guessing Attack •If you can successfully guess somebody's private key, you can take all their bitcoin • Individual addresses have 256-bit security • Assuming a good RNG was used, the chance of correctly guessing are virtually zero • Not the case if you use "brain wallets" which are insecure • Don't use brain wallets! • Famous brain wallets:
  • 203.
    Key Guessing Attack •If you can successfully guess somebody's private key, you can take all their bitcoin • Individual addresses have 256-bit security • Assuming a good RNG was used, the chance of correctly guessing are virtually zero • Not the case if you use "brain wallets" which are insecure • Don't use brain wallets! • Famous brain wallets: • "bitcoin": 1E984zyYbNmeuumzEdqT8VSL8QGJi3byAD
  • 204.
    Key Guessing Attack •If you can successfully guess somebody's private key, you can take all their bitcoin • Individual addresses have 256-bit security • Assuming a good RNG was used, the chance of correctly guessing are virtually zero • Not the case if you use "brain wallets" which are insecure • Don't use brain wallets! • Famous brain wallets: • "bitcoin": 1E984zyYbNmeuumzEdqT8VSL8QGJi3byAD • "hello": 1HoSFymoqteYrmmr7s3jDDqmggoxacbk37
  • 205.
    Key Guessing Attack •If you can successfully guess somebody's private key, you can take all their bitcoin • Individual addresses have 256-bit security • Assuming a good RNG was used, the chance of correctly guessing are virtually zero • Not the case if you use "brain wallets" which are insecure • Don't use brain wallets! • Famous brain wallets: • "bitcoin": 1E984zyYbNmeuumzEdqT8VSL8QGJi3byAD • "hello": 1HoSFymoqteYrmmr7s3jDDqmggoxacbk37 • "satoshi": 1ADJqstUMBB5zFquWg19UqZ7Zc6ePCpzLE
  • 206.
    Key Guessing Attack •If you can successfully guess somebody's private key, you can take all their bitcoin • Individual addresses have 256-bit security • Assuming a good RNG was used, the chance of correctly guessing are virtually zero • Not the case if you use "brain wallets" which are insecure • Don't use brain wallets! • Famous brain wallets: • "bitcoin": 1E984zyYbNmeuumzEdqT8VSL8QGJi3byAD • "hello": 1HoSFymoqteYrmmr7s3jDDqmggoxacbk37 • "satoshi": 1ADJqstUMBB5zFquWg19UqZ7Zc6ePCpzLE • Bots are running 24/7 ready to take any bitcoin sent to brain wallets
  • 207.
    Key Guessing Attack •If you can successfully guess somebody's private key, you can take all their bitcoin • Individual addresses have 256-bit security • Assuming a good RNG was used, the chance of correctly guessing are virtually zero • Not the case if you use "brain wallets" which are insecure • Don't use brain wallets! • Famous brain wallets: • "bitcoin": 1E984zyYbNmeuumzEdqT8VSL8QGJi3byAD • "hello": 1HoSFymoqteYrmmr7s3jDDqmggoxacbk37 • "satoshi": 1ADJqstUMBB5zFquWg19UqZ7Zc6ePCpzLE • Bots are running 24/7 ready to take any bitcoin sent to brain wallets • Bots use massive hash tables of pre-computed brain wallets
  • 208.
    Key Guessing Attack •If you can successfully guess somebody's private key, you can take all their bitcoin • Individual addresses have 256-bit security • Assuming a good RNG was used, the chance of correctly guessing are virtually zero • Not the case if you use "brain wallets" which are insecure • Don't use brain wallets! • Famous brain wallets: • "bitcoin": 1E984zyYbNmeuumzEdqT8VSL8QGJi3byAD • "hello": 1HoSFymoqteYrmmr7s3jDDqmggoxacbk37 • "satoshi": 1ADJqstUMBB5zFquWg19UqZ7Zc6ePCpzLE • Bots are running 24/7 ready to take any bitcoin sent to brain wallets • Bots use massive hash tables of pre-computed brain wallets • I lost about 500 euros to one such bot
  • 209.
    Key Guessing Attack •If you can successfully guess somebody's private key, you can take all their bitcoin • Individual addresses have 256-bit security • Assuming a good RNG was used, the chance of correctly guessing are virtually zero • Not the case if you use "brain wallets" which are insecure • Don't use brain wallets! • Famous brain wallets: • "bitcoin": 1E984zyYbNmeuumzEdqT8VSL8QGJi3byAD • "hello": 1HoSFymoqteYrmmr7s3jDDqmggoxacbk37 • "satoshi": 1ADJqstUMBB5zFquWg19UqZ7Zc6ePCpzLE • Bots are running 24/7 ready to take any bitcoin sent to brain wallets • Bots use massive hash tables of pre-computed brain wallets • I lost about 500 euros to one such bot • Best kind of wallet is a hardware wallet
  • 210.
    Key Guessing Attack •If you can successfully guess somebody's private key, you can take all their bitcoin • Individual addresses have 256-bit security • Assuming a good RNG was used, the chance of correctly guessing are virtually zero • Not the case if you use "brain wallets" which are insecure • Don't use brain wallets! • Famous brain wallets: • "bitcoin": 1E984zyYbNmeuumzEdqT8VSL8QGJi3byAD • "hello": 1HoSFymoqteYrmmr7s3jDDqmggoxacbk37 • "satoshi": 1ADJqstUMBB5zFquWg19UqZ7Zc6ePCpzLE • Bots are running 24/7 ready to take any bitcoin sent to brain wallets • Bots use massive hash tables of pre-computed brain wallets • I lost about 500 euros to one such bot • Best kind of wallet is a hardware wallet • Hardware wallets are resistant to any intrusion on your computer including viruses, remote attackers, etc
  • 211.
    Key Guessing Attack •If you can successfully guess somebody's private key, you can take all their bitcoin • Individual addresses have 256-bit security • Assuming a good RNG was used, the chance of correctly guessing are virtually zero • Not the case if you use "brain wallets" which are insecure • Don't use brain wallets! • Famous brain wallets: • "bitcoin": 1E984zyYbNmeuumzEdqT8VSL8QGJi3byAD • "hello": 1HoSFymoqteYrmmr7s3jDDqmggoxacbk37 • "satoshi": 1ADJqstUMBB5zFquWg19UqZ7Zc6ePCpzLE • Bots are running 24/7 ready to take any bitcoin sent to brain wallets • Bots use massive hash tables of pre-computed brain wallets • I lost about 500 euros to one such bot • Best kind of wallet is a hardware wallet • Hardware wallets are resistant to any intrusion on your computer including viruses, remote attackers, etc • Hardware wallet stores private key and signs transactions on behalf of the user
  • 212.
  • 213.
  • 214.
    51% Attack • Toperform this attack, attacker must possess over 50% of the hashing power
  • 215.
    51% Attack • Toperform this attack, attacker must possess over 50% of the hashing power 1. Attacker pays somebody in bitcoin for goods or services in transaction T, spending coin C to address A (recipient)
  • 216.
    51% Attack • Toperform this attack, attacker must possess over 50% of the hashing power 1. Attacker pays somebody in bitcoin for goods or services in transaction T, spending coin C to address A (recipient) 2. Attacker begins privately mining alternative blockchain which contains transaction T' instead, spending coin C to address A' (himself)
  • 217.
    51% Attack • Toperform this attack, attacker must possess over 50% of the hashing power 1. Attacker pays somebody in bitcoin for goods or services in transaction T, spending coin C to address A (recipient) 2. Attacker begins privately mining alternative blockchain which contains transaction T' instead, spending coin C to address A' (himself) 3. Once goods/services have arrived, attacker broadcasts alternative blockchain
  • 218.
    51% Attack • Toperform this attack, attacker must possess over 50% of the hashing power 1. Attacker pays somebody in bitcoin for goods or services in transaction T, spending coin C to address A (recipient) 2. Attacker begins privately mining alternative blockchain which contains transaction T' instead, spending coin C to address A' (himself) 3. Once goods/services have arrived, attacker broadcasts alternative blockchain 4. Since attacker's private blockchain will have higher height, network will be forced to accept it and re-organize
  • 219.
    51% Attack • Toperform this attack, attacker must possess over 50% of the hashing power 1. Attacker pays somebody in bitcoin for goods or services in transaction T, spending coin C to address A (recipient) 2. Attacker begins privately mining alternative blockchain which contains transaction T' instead, spending coin C to address A' (himself) 3. Once goods/services have arrived, attacker broadcasts alternative blockchain 4. Since attacker's private blockchain will have higher height, network will be forced to accept it and re-organize 5. Attacker will still have his bitcoin in alternative address, plus goods or services ("goods" are usually $$$)
  • 220.
    51% Attack • Toperform this attack, attacker must possess over 50% of the hashing power 1. Attacker pays somebody in bitcoin for goods or services in transaction T, spending coin C to address A (recipient) 2. Attacker begins privately mining alternative blockchain which contains transaction T' instead, spending coin C to address A' (himself) 3. Once goods/services have arrived, attacker broadcasts alternative blockchain 4. Since attacker's private blockchain will have higher height, network will be forced to accept it and re-organize 5. Attacker will still have his bitcoin in alternative address, plus goods or services ("goods" are usually $$$) • Any blockchain where one entity controls over 50% of hashing power should be considered compromised
  • 221.
    51% Attack • Toperform this attack, attacker must possess over 50% of the hashing power 1. Attacker pays somebody in bitcoin for goods or services in transaction T, spending coin C to address A (recipient) 2. Attacker begins privately mining alternative blockchain which contains transaction T' instead, spending coin C to address A' (himself) 3. Once goods/services have arrived, attacker broadcasts alternative blockchain 4. Since attacker's private blockchain will have higher height, network will be forced to accept it and re-organize 5. Attacker will still have his bitcoin in alternative address, plus goods or services ("goods" are usually $$$) • Any blockchain where one entity controls over 50% of hashing power should be considered compromised • Small blockchains are susceptible
  • 222.
    51% Attack • Toperform this attack, attacker must possess over 50% of the hashing power 1. Attacker pays somebody in bitcoin for goods or services in transaction T, spending coin C to address A (recipient) 2. Attacker begins privately mining alternative blockchain which contains transaction T' instead, spending coin C to address A' (himself) 3. Once goods/services have arrived, attacker broadcasts alternative blockchain 4. Since attacker's private blockchain will have higher height, network will be forced to accept it and re-organize 5. Attacker will still have his bitcoin in alternative address, plus goods or services ("goods" are usually $$$) • Any blockchain where one entity controls over 50% of hashing power should be considered compromised • Small blockchains are susceptible • Can be used for:
  • 223.
    51% Attack • Toperform this attack, attacker must possess over 50% of the hashing power 1. Attacker pays somebody in bitcoin for goods or services in transaction T, spending coin C to address A (recipient) 2. Attacker begins privately mining alternative blockchain which contains transaction T' instead, spending coin C to address A' (himself) 3. Once goods/services have arrived, attacker broadcasts alternative blockchain 4. Since attacker's private blockchain will have higher height, network will be forced to accept it and re-organize 5. Attacker will still have his bitcoin in alternative address, plus goods or services ("goods" are usually $$$) • Any blockchain where one entity controls over 50% of hashing power should be considered compromised • Small blockchains are susceptible • Can be used for: • Preventing certain transactions from being confirmed
  • 224.
    51% Attack • Toperform this attack, attacker must possess over 50% of the hashing power 1. Attacker pays somebody in bitcoin for goods or services in transaction T, spending coin C to address A (recipient) 2. Attacker begins privately mining alternative blockchain which contains transaction T' instead, spending coin C to address A' (himself) 3. Once goods/services have arrived, attacker broadcasts alternative blockchain 4. Since attacker's private blockchain will have higher height, network will be forced to accept it and re-organize 5. Attacker will still have his bitcoin in alternative address, plus goods or services ("goods" are usually $$$) • Any blockchain where one entity controls over 50% of hashing power should be considered compromised • Small blockchains are susceptible • Can be used for: • Preventing certain transactions from being confirmed • Double-spending
  • 225.
    51% Attack • Toperform this attack, attacker must possess over 50% of the hashing power 1. Attacker pays somebody in bitcoin for goods or services in transaction T, spending coin C to address A (recipient) 2. Attacker begins privately mining alternative blockchain which contains transaction T' instead, spending coin C to address A' (himself) 3. Once goods/services have arrived, attacker broadcasts alternative blockchain 4. Since attacker's private blockchain will have higher height, network will be forced to accept it and re-organize 5. Attacker will still have his bitcoin in alternative address, plus goods or services ("goods" are usually $$$) • Any blockchain where one entity controls over 50% of hashing power should be considered compromised • Small blockchains are susceptible • Can be used for: • Preventing certain transactions from being confirmed • Double-spending • Network interruption
  • 226.
    51% Attack • Toperform this attack, attacker must possess over 50% of the hashing power 1. Attacker pays somebody in bitcoin for goods or services in transaction T, spending coin C to address A (recipient) 2. Attacker begins privately mining alternative blockchain which contains transaction T' instead, spending coin C to address A' (himself) 3. Once goods/services have arrived, attacker broadcasts alternative blockchain 4. Since attacker's private blockchain will have higher height, network will be forced to accept it and re-organize 5. Attacker will still have his bitcoin in alternative address, plus goods or services ("goods" are usually $$$) • Any blockchain where one entity controls over 50% of hashing power should be considered compromised • Small blockchains are susceptible • Can be used for: • Preventing certain transactions from being confirmed • Double-spending • Network interruption • Cannot be used to:
  • 227.
    51% Attack • Toperform this attack, attacker must possess over 50% of the hashing power 1. Attacker pays somebody in bitcoin for goods or services in transaction T, spending coin C to address A (recipient) 2. Attacker begins privately mining alternative blockchain which contains transaction T' instead, spending coin C to address A' (himself) 3. Once goods/services have arrived, attacker broadcasts alternative blockchain 4. Since attacker's private blockchain will have higher height, network will be forced to accept it and re-organize 5. Attacker will still have his bitcoin in alternative address, plus goods or services ("goods" are usually $$$) • Any blockchain where one entity controls over 50% of hashing power should be considered compromised • Small blockchains are susceptible • Can be used for: • Preventing certain transactions from being confirmed • Double-spending • Network interruption • Cannot be used to: • Steal coins
  • 228.
    51% Attack • Toperform this attack, attacker must possess over 50% of the hashing power 1. Attacker pays somebody in bitcoin for goods or services in transaction T, spending coin C to address A (recipient) 2. Attacker begins privately mining alternative blockchain which contains transaction T' instead, spending coin C to address A' (himself) 3. Once goods/services have arrived, attacker broadcasts alternative blockchain 4. Since attacker's private blockchain will have higher height, network will be forced to accept it and re-organize 5. Attacker will still have his bitcoin in alternative address, plus goods or services ("goods" are usually $$$) • Any blockchain where one entity controls over 50% of hashing power should be considered compromised • Small blockchains are susceptible • Can be used for: • Preventing certain transactions from being confirmed • Double-spending • Network interruption • Cannot be used to: • Steal coins • Best protected against with:
  • 229.
    51% Attack • Toperform this attack, attacker must possess over 50% of the hashing power 1. Attacker pays somebody in bitcoin for goods or services in transaction T, spending coin C to address A (recipient) 2. Attacker begins privately mining alternative blockchain which contains transaction T' instead, spending coin C to address A' (himself) 3. Once goods/services have arrived, attacker broadcasts alternative blockchain 4. Since attacker's private blockchain will have higher height, network will be forced to accept it and re-organize 5. Attacker will still have his bitcoin in alternative address, plus goods or services ("goods" are usually $$$) • Any blockchain where one entity controls over 50% of hashing power should be considered compromised • Small blockchains are susceptible • Can be used for: • Preventing certain transactions from being confirmed • Double-spending • Network interruption • Cannot be used to: • Steal coins • Best protected against with: • Many miners
  • 230.
    51% Attack • Toperform this attack, attacker must possess over 50% of the hashing power 1. Attacker pays somebody in bitcoin for goods or services in transaction T, spending coin C to address A (recipient) 2. Attacker begins privately mining alternative blockchain which contains transaction T' instead, spending coin C to address A' (himself) 3. Once goods/services have arrived, attacker broadcasts alternative blockchain 4. Since attacker's private blockchain will have higher height, network will be forced to accept it and re-organize 5. Attacker will still have his bitcoin in alternative address, plus goods or services ("goods" are usually $$$) • Any blockchain where one entity controls over 50% of hashing power should be considered compromised • Small blockchains are susceptible • Can be used for: • Preventing certain transactions from being confirmed • Double-spending • Network interruption • Cannot be used to: • Steal coins • Best protected against with: • Many miners • Incentivizing mining pools (where individual miners are free to choose transactions)
  • 231.
    51% Attack • Toperform this attack, attacker must possess over 50% of the hashing power 1. Attacker pays somebody in bitcoin for goods or services in transaction T, spending coin C to address A (recipient) 2. Attacker begins privately mining alternative blockchain which contains transaction T' instead, spending coin C to address A' (himself) 3. Once goods/services have arrived, attacker broadcasts alternative blockchain 4. Since attacker's private blockchain will have higher height, network will be forced to accept it and re-organize 5. Attacker will still have his bitcoin in alternative address, plus goods or services ("goods" are usually $$$) • Any blockchain where one entity controls over 50% of hashing power should be considered compromised • Small blockchains are susceptible • Can be used for: • Preventing certain transactions from being confirmed • Double-spending • Network interruption • Cannot be used to: • Steal coins • Best protected against with: • Many miners • Incentivizing mining pools (where individual miners are free to choose transactions) • Competition
  • 232.
    51% Attack • Toperform this attack, attacker must possess over 50% of the hashing power 1. Attacker pays somebody in bitcoin for goods or services in transaction T, spending coin C to address A (recipient) 2. Attacker begins privately mining alternative blockchain which contains transaction T' instead, spending coin C to address A' (himself) 3. Once goods/services have arrived, attacker broadcasts alternative blockchain 4. Since attacker's private blockchain will have higher height, network will be forced to accept it and re-organize 5. Attacker will still have his bitcoin in alternative address, plus goods or services ("goods" are usually $$$) • Any blockchain where one entity controls over 50% of hashing power should be considered compromised • Small blockchains are susceptible • Can be used for: • Preventing certain transactions from being confirmed • Double-spending • Network interruption • Cannot be used to: • Steal coins • Best protected against with: • Many miners • Incentivizing mining pools (where individual miners are free to choose transactions) • Competition • Real-life examples:
  • 233.
    51% Attack • Toperform this attack, attacker must possess over 50% of the hashing power 1. Attacker pays somebody in bitcoin for goods or services in transaction T, spending coin C to address A (recipient) 2. Attacker begins privately mining alternative blockchain which contains transaction T' instead, spending coin C to address A' (himself) 3. Once goods/services have arrived, attacker broadcasts alternative blockchain 4. Since attacker's private blockchain will have higher height, network will be forced to accept it and re-organize 5. Attacker will still have his bitcoin in alternative address, plus goods or services ("goods" are usually $$$) • Any blockchain where one entity controls over 50% of hashing power should be considered compromised • Small blockchains are susceptible • Can be used for: • Preventing certain transactions from being confirmed • Double-spending • Network interruption • Cannot be used to: • Steal coins • Best protected against with: • Many miners • Incentivizing mining pools (where individual miners are free to choose transactions) • Competition • Real-life examples: • May 2018: Bitcoin Gold was 51% attacked - $18,000,000 stolen
  • 234.
    51% Attack • Toperform this attack, attacker must possess over 50% of the hashing power 1. Attacker pays somebody in bitcoin for goods or services in transaction T, spending coin C to address A (recipient) 2. Attacker begins privately mining alternative blockchain which contains transaction T' instead, spending coin C to address A' (himself) 3. Once goods/services have arrived, attacker broadcasts alternative blockchain 4. Since attacker's private blockchain will have higher height, network will be forced to accept it and re-organize 5. Attacker will still have his bitcoin in alternative address, plus goods or services ("goods" are usually $$$) • Any blockchain where one entity controls over 50% of hashing power should be considered compromised • Small blockchains are susceptible • Can be used for: • Preventing certain transactions from being confirmed • Double-spending • Network interruption • Cannot be used to: • Steal coins • Best protected against with: • Many miners • Incentivizing mining pools (where individual miners are free to choose transactions) • Competition • Real-life examples: • May 2018: Bitcoin Gold was 51% attacked - $18,000,000 stolen • December 2018: Vertcoin was 51% attacked - $100,000 stolen
  • 235.
    51% Attack • Toperform this attack, attacker must possess over 50% of the hashing power 1. Attacker pays somebody in bitcoin for goods or services in transaction T, spending coin C to address A (recipient) 2. Attacker begins privately mining alternative blockchain which contains transaction T' instead, spending coin C to address A' (himself) 3. Once goods/services have arrived, attacker broadcasts alternative blockchain 4. Since attacker's private blockchain will have higher height, network will be forced to accept it and re-organize 5. Attacker will still have his bitcoin in alternative address, plus goods or services ("goods" are usually $$$) • Any blockchain where one entity controls over 50% of hashing power should be considered compromised • Small blockchains are susceptible • Can be used for: • Preventing certain transactions from being confirmed • Double-spending • Network interruption • Cannot be used to: • Steal coins • Best protected against with: • Many miners • Incentivizing mining pools (where individual miners are free to choose transactions) • Competition • Real-life examples: • May 2018: Bitcoin Gold was 51% attacked - $18,000,000 stolen • December 2018: Vertcoin was 51% attacked - $100,000 stolen • Unlikely to happen to Bitcoin because:
  • 236.
    51% Attack • Toperform this attack, attacker must possess over 50% of the hashing power 1. Attacker pays somebody in bitcoin for goods or services in transaction T, spending coin C to address A (recipient) 2. Attacker begins privately mining alternative blockchain which contains transaction T' instead, spending coin C to address A' (himself) 3. Once goods/services have arrived, attacker broadcasts alternative blockchain 4. Since attacker's private blockchain will have higher height, network will be forced to accept it and re-organize 5. Attacker will still have his bitcoin in alternative address, plus goods or services ("goods" are usually $$$) • Any blockchain where one entity controls over 50% of hashing power should be considered compromised • Small blockchains are susceptible • Can be used for: • Preventing certain transactions from being confirmed • Double-spending • Network interruption • Cannot be used to: • Steal coins • Best protected against with: • Many miners • Incentivizing mining pools (where individual miners are free to choose transactions) • Competition • Real-life examples: • May 2018: Bitcoin Gold was 51% attacked - $18,000,000 stolen • December 2018: Vertcoin was 51% attacked - $100,000 stolen • Unlikely to happen to Bitcoin because: • Hash-power is massive and well-diversified
  • 237.
    51% Attack • Toperform this attack, attacker must possess over 50% of the hashing power 1. Attacker pays somebody in bitcoin for goods or services in transaction T, spending coin C to address A (recipient) 2. Attacker begins privately mining alternative blockchain which contains transaction T' instead, spending coin C to address A' (himself) 3. Once goods/services have arrived, attacker broadcasts alternative blockchain 4. Since attacker's private blockchain will have higher height, network will be forced to accept it and re-organize 5. Attacker will still have his bitcoin in alternative address, plus goods or services ("goods" are usually $$$) • Any blockchain where one entity controls over 50% of hashing power should be considered compromised • Small blockchains are susceptible • Can be used for: • Preventing certain transactions from being confirmed • Double-spending • Network interruption • Cannot be used to: • Steal coins • Best protected against with: • Many miners • Incentivizing mining pools (where individual miners are free to choose transactions) • Competition • Real-life examples: • May 2018: Bitcoin Gold was 51% attacked - $18,000,000 stolen • December 2018: Vertcoin was 51% attacked - $100,000 stolen • Unlikely to happen to Bitcoin because: • Hash-power is massive and well-diversified • Hash-power distribution is well known
  • 238.
    51% Attack • Toperform this attack, attacker must possess over 50% of the hashing power 1. Attacker pays somebody in bitcoin for goods or services in transaction T, spending coin C to address A (recipient) 2. Attacker begins privately mining alternative blockchain which contains transaction T' instead, spending coin C to address A' (himself) 3. Once goods/services have arrived, attacker broadcasts alternative blockchain 4. Since attacker's private blockchain will have higher height, network will be forced to accept it and re-organize 5. Attacker will still have his bitcoin in alternative address, plus goods or services ("goods" are usually $$$) • Any blockchain where one entity controls over 50% of hashing power should be considered compromised • Small blockchains are susceptible • Can be used for: • Preventing certain transactions from being confirmed • Double-spending • Network interruption • Cannot be used to: • Steal coins • Best protected against with: • Many miners • Incentivizing mining pools (where individual miners are free to choose transactions) • Competition • Real-life examples: • May 2018: Bitcoin Gold was 51% attacked - $18,000,000 stolen • December 2018: Vertcoin was 51% attacked - $100,000 stolen • Unlikely to happen to Bitcoin because: • Hash-power is massive and well-diversified • Hash-power distribution is well known • Miners want Bitcoin to succeed and price to go up. 51% attack would cause price crash
  • 239.
    Quantum Computing Threats ? BITCOINFUNDAMENTALS N. P. O'DONNELL, MAYNOOTH UNIVERSITY
  • 240.
  • 241.
    Quantum Computing Threats? • Bitcoin uses 256-bit EC cryptography
  • 242.
    Quantum Computing Threats? • Bitcoin uses 256-bit EC cryptography • To break a n-bit EC key a QC with 9n + 2 log2(n) + 10 qubits are needed (arXiv:1706.06752v3)
  • 243.
    Quantum Computing Threats? • Bitcoin uses 256-bit EC cryptography • To break a n-bit EC key a QC with 9n + 2 log2(n) + 10 qubits are needed (arXiv:1706.06752v3) • These need to be stable qubits
  • 244.
    Quantum Computing Threats? • Bitcoin uses 256-bit EC cryptography • To break a n-bit EC key a QC with 9n + 2 log2(n) + 10 qubits are needed (arXiv:1706.06752v3) • These need to be stable qubits • To "break bitcoin", this means 2,000 stable qubits are required
  • 245.
    Quantum Computing Threats? • Bitcoin uses 256-bit EC cryptography • To break a n-bit EC key a QC with 9n + 2 log2(n) + 10 qubits are needed (arXiv:1706.06752v3) • These need to be stable qubits • To "break bitcoin", this means 2,000 stable qubits are required • It's very difficult to build QCs with stable qubits, this is due to decoherence when entangled qubits interact with their environment
  • 246.
    Quantum Computing Threats? • Bitcoin uses 256-bit EC cryptography • To break a n-bit EC key a QC with 9n + 2 log2(n) + 10 qubits are needed (arXiv:1706.06752v3) • These need to be stable qubits • To "break bitcoin", this means 2,000 stable qubits are required • It's very difficult to build QCs with stable qubits, this is due to decoherence when entangled qubits interact with their environment • It's much easier to go from 1 to 2 qubits than to go from 100 to 101 qubits
  • 247.
    Quantum Computing Threats? • Bitcoin uses 256-bit EC cryptography • To break a n-bit EC key a QC with 9n + 2 log2(n) + 10 qubits are needed (arXiv:1706.06752v3) • These need to be stable qubits • To "break bitcoin", this means 2,000 stable qubits are required • It's very difficult to build QCs with stable qubits, this is due to decoherence when entangled qubits interact with their environment • It's much easier to go from 1 to 2 qubits than to go from 100 to 101 qubits • Adding qubit n introduces n – 1 new interactions to the system
  • 248.
    Quantum Computing Threats? • Bitcoin uses 256-bit EC cryptography • To break a n-bit EC key a QC with 9n + 2 log2(n) + 10 qubits are needed (arXiv:1706.06752v3) • These need to be stable qubits • To "break bitcoin", this means 2,000 stable qubits are required • It's very difficult to build QCs with stable qubits, this is due to decoherence when entangled qubits interact with their environment • It's much easier to go from 1 to 2 qubits than to go from 100 to 101 qubits • Adding qubit n introduces n – 1 new interactions to the system • Breaking bitcoin requires a QC that can run Shor's algorithm
  • 249.
    Quantum Computing Threats? • Bitcoin uses 256-bit EC cryptography • To break a n-bit EC key a QC with 9n + 2 log2(n) + 10 qubits are needed (arXiv:1706.06752v3) • These need to be stable qubits • To "break bitcoin", this means 2,000 stable qubits are required • It's very difficult to build QCs with stable qubits, this is due to decoherence when entangled qubits interact with their environment • It's much easier to go from 1 to 2 qubits than to go from 100 to 101 qubits • Adding qubit n introduces n – 1 new interactions to the system • Breaking bitcoin requires a QC that can run Shor's algorithm • Most QCs can't run Shor's Algorithm except with a tiny number of qubits (like 5)
  • 250.
    Quantum Computing Threats? • Bitcoin uses 256-bit EC cryptography • To break a n-bit EC key a QC with 9n + 2 log2(n) + 10 qubits are needed (arXiv:1706.06752v3) • These need to be stable qubits • To "break bitcoin", this means 2,000 stable qubits are required • It's very difficult to build QCs with stable qubits, this is due to decoherence when entangled qubits interact with their environment • It's much easier to go from 1 to 2 qubits than to go from 100 to 101 qubits • Adding qubit n introduces n – 1 new interactions to the system • Breaking bitcoin requires a QC that can run Shor's algorithm • Most QCs can't run Shor's Algorithm except with a tiny number of qubits (like 5) • Largest number ever factored on a real QC using Shor's is 21 (5 bits, 2012).
  • 251.
    Quantum Computing Threats? • Bitcoin uses 256-bit EC cryptography • To break a n-bit EC key a QC with 9n + 2 log2(n) + 10 qubits are needed (arXiv:1706.06752v3) • These need to be stable qubits • To "break bitcoin", this means 2,000 stable qubits are required • It's very difficult to build QCs with stable qubits, this is due to decoherence when entangled qubits interact with their environment • It's much easier to go from 1 to 2 qubits than to go from 100 to 101 qubits • Adding qubit n introduces n – 1 new interactions to the system • Breaking bitcoin requires a QC that can run Shor's algorithm • Most QCs can't run Shor's Algorithm except with a tiny number of qubits (like 5) • Largest number ever factored on a real QC using Shor's is 21 (5 bits, 2012). • Largest number ever factored on a real QC is 4,088,459 (22 bits) using IBM's 5-qubit processor (Grover's algorithm)
  • 252.
    Quantum Computing Threats? • Bitcoin uses 256-bit EC cryptography • To break a n-bit EC key a QC with 9n + 2 log2(n) + 10 qubits are needed (arXiv:1706.06752v3) • These need to be stable qubits • To "break bitcoin", this means 2,000 stable qubits are required • It's very difficult to build QCs with stable qubits, this is due to decoherence when entangled qubits interact with their environment • It's much easier to go from 1 to 2 qubits than to go from 100 to 101 qubits • Adding qubit n introduces n – 1 new interactions to the system • Breaking bitcoin requires a QC that can run Shor's algorithm • Most QCs can't run Shor's Algorithm except with a tiny number of qubits (like 5) • Largest number ever factored on a real QC using Shor's is 21 (5 bits, 2012). • Largest number ever factored on a real QC is 4,088,459 (22 bits) using IBM's 5-qubit processor (Grover's algorithm) • How could a 22-bit number be factored on a 5-bit QC?
  • 253.
    Quantum Computing Threats? • Bitcoin uses 256-bit EC cryptography • To break a n-bit EC key a QC with 9n + 2 log2(n) + 10 qubits are needed (arXiv:1706.06752v3) • These need to be stable qubits • To "break bitcoin", this means 2,000 stable qubits are required • It's very difficult to build QCs with stable qubits, this is due to decoherence when entangled qubits interact with their environment • It's much easier to go from 1 to 2 qubits than to go from 100 to 101 qubits • Adding qubit n introduces n – 1 new interactions to the system • Breaking bitcoin requires a QC that can run Shor's algorithm • Most QCs can't run Shor's Algorithm except with a tiny number of qubits (like 5) • Largest number ever factored on a real QC using Shor's is 21 (5 bits, 2012). • Largest number ever factored on a real QC is 4,088,459 (22 bits) using IBM's 5-qubit processor (Grover's algorithm) • How could a 22-bit number be factored on a 5-bit QC? • Answer: 2088459 = 2017 × 2027
  • 254.
    Quantum Computing Threats? • Bitcoin uses 256-bit EC cryptography • To break a n-bit EC key a QC with 9n + 2 log2(n) + 10 qubits are needed (arXiv:1706.06752v3) • These need to be stable qubits • To "break bitcoin", this means 2,000 stable qubits are required • It's very difficult to build QCs with stable qubits, this is due to decoherence when entangled qubits interact with their environment • It's much easier to go from 1 to 2 qubits than to go from 100 to 101 qubits • Adding qubit n introduces n – 1 new interactions to the system • Breaking bitcoin requires a QC that can run Shor's algorithm • Most QCs can't run Shor's Algorithm except with a tiny number of qubits (like 5) • Largest number ever factored on a real QC using Shor's is 21 (5 bits, 2012). • Largest number ever factored on a real QC is 4,088,459 (22 bits) using IBM's 5-qubit processor (Grover's algorithm) • How could a 22-bit number be factored on a 5-bit QC? • Answer: 2088459 = 2017 × 2027 • 2017 and 2027 differ by 2 bits; only 2 qubits of the 5 were used.
  • 255.
    Quantum Computing Threats? • Bitcoin uses 256-bit EC cryptography • To break a n-bit EC key a QC with 9n + 2 log2(n) + 10 qubits are needed (arXiv:1706.06752v3) • These need to be stable qubits • To "break bitcoin", this means 2,000 stable qubits are required • It's very difficult to build QCs with stable qubits, this is due to decoherence when entangled qubits interact with their environment • It's much easier to go from 1 to 2 qubits than to go from 100 to 101 qubits • Adding qubit n introduces n – 1 new interactions to the system • Breaking bitcoin requires a QC that can run Shor's algorithm • Most QCs can't run Shor's Algorithm except with a tiny number of qubits (like 5) • Largest number ever factored on a real QC using Shor's is 21 (5 bits, 2012). • Largest number ever factored on a real QC is 4,088,459 (22 bits) using IBM's 5-qubit processor (Grover's algorithm) • How could a 22-bit number be factored on a 5-bit QC? • Answer: 2088459 = 2017 × 2027 • 2017 and 2027 differ by 2 bits; only 2 qubits of the 5 were used. • Numbers were cherry-picked.
  • 256.
    Quantum Computing Threats? • Bitcoin uses 256-bit EC cryptography • To break a n-bit EC key a QC with 9n + 2 log2(n) + 10 qubits are needed (arXiv:1706.06752v3) • These need to be stable qubits • To "break bitcoin", this means 2,000 stable qubits are required • It's very difficult to build QCs with stable qubits, this is due to decoherence when entangled qubits interact with their environment • It's much easier to go from 1 to 2 qubits than to go from 100 to 101 qubits • Adding qubit n introduces n – 1 new interactions to the system • Breaking bitcoin requires a QC that can run Shor's algorithm • Most QCs can't run Shor's Algorithm except with a tiny number of qubits (like 5) • Largest number ever factored on a real QC using Shor's is 21 (5 bits, 2012). • Largest number ever factored on a real QC is 4,088,459 (22 bits) using IBM's 5-qubit processor (Grover's algorithm) • How could a 22-bit number be factored on a 5-bit QC? • Answer: 2088459 = 2017 × 2027 • 2017 and 2027 differ by 2 bits; only 2 qubits of the 5 were used. • Numbers were cherry-picked. • More promising results with quantum annealing:
  • 257.
    Quantum Computing Threats? • Bitcoin uses 256-bit EC cryptography • To break a n-bit EC key a QC with 9n + 2 log2(n) + 10 qubits are needed (arXiv:1706.06752v3) • These need to be stable qubits • To "break bitcoin", this means 2,000 stable qubits are required • It's very difficult to build QCs with stable qubits, this is due to decoherence when entangled qubits interact with their environment • It's much easier to go from 1 to 2 qubits than to go from 100 to 101 qubits • Adding qubit n introduces n – 1 new interactions to the system • Breaking bitcoin requires a QC that can run Shor's algorithm • Most QCs can't run Shor's Algorithm except with a tiny number of qubits (like 5) • Largest number ever factored on a real QC using Shor's is 21 (5 bits, 2012). • Largest number ever factored on a real QC is 4,088,459 (22 bits) using IBM's 5-qubit processor (Grover's algorithm) • How could a 22-bit number be factored on a 5-bit QC? • Answer: 2088459 = 2017 × 2027 • 2017 and 2027 differ by 2 bits; only 2 qubits of the 5 were used. • Numbers were cherry-picked. • More promising results with quantum annealing: • 376,289 = 571 × 659 was factored on D-wave 2000Q quantum annealer by Shuxian Jiang, Keith A. Britt, Travis S. Humble, and Sabre Kais (2018)
  • 258.
    Quantum Computing Threats? • Bitcoin uses 256-bit EC cryptography • To break a n-bit EC key a QC with 9n + 2 log2(n) + 10 qubits are needed (arXiv:1706.06752v3) • These need to be stable qubits • To "break bitcoin", this means 2,000 stable qubits are required • It's very difficult to build QCs with stable qubits, this is due to decoherence when entangled qubits interact with their environment • It's much easier to go from 1 to 2 qubits than to go from 100 to 101 qubits • Adding qubit n introduces n – 1 new interactions to the system • Breaking bitcoin requires a QC that can run Shor's algorithm • Most QCs can't run Shor's Algorithm except with a tiny number of qubits (like 5) • Largest number ever factored on a real QC using Shor's is 21 (5 bits, 2012). • Largest number ever factored on a real QC is 4,088,459 (22 bits) using IBM's 5-qubit processor (Grover's algorithm) • How could a 22-bit number be factored on a 5-bit QC? • Answer: 2088459 = 2017 × 2027 • 2017 and 2027 differ by 2 bits; only 2 qubits of the 5 were used. • Numbers were cherry-picked. • More promising results with quantum annealing: • 376,289 = 571 × 659 was factored on D-wave 2000Q quantum annealer by Shuxian Jiang, Keith A. Britt, Travis S. Humble, and Sabre Kais (2018) • Not cherry-picked, but these are still tiny numbers
  • 259.
    Quantum Computing Threats? • Bitcoin uses 256-bit EC cryptography • To break a n-bit EC key a QC with 9n + 2 log2(n) + 10 qubits are needed (arXiv:1706.06752v3) • These need to be stable qubits • To "break bitcoin", this means 2,000 stable qubits are required • It's very difficult to build QCs with stable qubits, this is due to decoherence when entangled qubits interact with their environment • It's much easier to go from 1 to 2 qubits than to go from 100 to 101 qubits • Adding qubit n introduces n – 1 new interactions to the system • Breaking bitcoin requires a QC that can run Shor's algorithm • Most QCs can't run Shor's Algorithm except with a tiny number of qubits (like 5) • Largest number ever factored on a real QC using Shor's is 21 (5 bits, 2012). • Largest number ever factored on a real QC is 4,088,459 (22 bits) using IBM's 5-qubit processor (Grover's algorithm) • How could a 22-bit number be factored on a 5-bit QC? • Answer: 2088459 = 2017 × 2027 • 2017 and 2027 differ by 2 bits; only 2 qubits of the 5 were used. • Numbers were cherry-picked. • More promising results with quantum annealing: • 376,289 = 571 × 659 was factored on D-wave 2000Q quantum annealer by Shuxian Jiang, Keith A. Britt, Travis S. Humble, and Sabre Kais (2018) • Not cherry-picked, but these are still tiny numbers • Does not use Shor's algorithm, but variant of Grover's algorithm. Doubtful if the method used can scale to large numbers
  • 260.
    Quantum Computing Threats? • Bitcoin uses 256-bit EC cryptography • To break a n-bit EC key a QC with 9n + 2 log2(n) + 10 qubits are needed (arXiv:1706.06752v3) • These need to be stable qubits • To "break bitcoin", this means 2,000 stable qubits are required • It's very difficult to build QCs with stable qubits, this is due to decoherence when entangled qubits interact with their environment • It's much easier to go from 1 to 2 qubits than to go from 100 to 101 qubits • Adding qubit n introduces n – 1 new interactions to the system • Breaking bitcoin requires a QC that can run Shor's algorithm • Most QCs can't run Shor's Algorithm except with a tiny number of qubits (like 5) • Largest number ever factored on a real QC using Shor's is 21 (5 bits, 2012). • Largest number ever factored on a real QC is 4,088,459 (22 bits) using IBM's 5-qubit processor (Grover's algorithm) • How could a 22-bit number be factored on a 5-bit QC? • Answer: 2088459 = 2017 × 2027 • 2017 and 2027 differ by 2 bits; only 2 qubits of the 5 were used. • Numbers were cherry-picked. • More promising results with quantum annealing: • 376,289 = 571 × 659 was factored on D-wave 2000Q quantum annealer by Shuxian Jiang, Keith A. Britt, Travis S. Humble, and Sabre Kais (2018) • Not cherry-picked, but these are still tiny numbers • Does not use Shor's algorithm, but variant of Grover's algorithm. Doubtful if the method used can scale to large numbers • If QC does break Bitcoin tomorrow, it will break everything else too. Banks, Governments, Hospitals, Airlines, Military, Big Tech...
  • 261.
    Quantum Computing Threats? • Bitcoin uses 256-bit EC cryptography • To break a n-bit EC key a QC with 9n + 2 log2(n) + 10 qubits are needed (arXiv:1706.06752v3) • These need to be stable qubits • To "break bitcoin", this means 2,000 stable qubits are required • It's very difficult to build QCs with stable qubits, this is due to decoherence when entangled qubits interact with their environment • It's much easier to go from 1 to 2 qubits than to go from 100 to 101 qubits • Adding qubit n introduces n – 1 new interactions to the system • Breaking bitcoin requires a QC that can run Shor's algorithm • Most QCs can't run Shor's Algorithm except with a tiny number of qubits (like 5) • Largest number ever factored on a real QC using Shor's is 21 (5 bits, 2012). • Largest number ever factored on a real QC is 4,088,459 (22 bits) using IBM's 5-qubit processor (Grover's algorithm) • How could a 22-bit number be factored on a 5-bit QC? • Answer: 2088459 = 2017 × 2027 • 2017 and 2027 differ by 2 bits; only 2 qubits of the 5 were used. • Numbers were cherry-picked. • More promising results with quantum annealing: • 376,289 = 571 × 659 was factored on D-wave 2000Q quantum annealer by Shuxian Jiang, Keith A. Britt, Travis S. Humble, and Sabre Kais (2018) • Not cherry-picked, but these are still tiny numbers • Does not use Shor's algorithm, but variant of Grover's algorithm. Doubtful if the method used can scale to large numbers • If QC does break Bitcoin tomorrow, it will break everything else too. Banks, Governments, Hospitals, Airlines, Military, Big Tech... • Such a QC would be the greatest weapon imaginable in information warfare
  • 262.
    Quantum Computing Threats? • Bitcoin uses 256-bit EC cryptography • To break a n-bit EC key a QC with 9n + 2 log2(n) + 10 qubits are needed (arXiv:1706.06752v3) • These need to be stable qubits • To "break bitcoin", this means 2,000 stable qubits are required • It's very difficult to build QCs with stable qubits, this is due to decoherence when entangled qubits interact with their environment • It's much easier to go from 1 to 2 qubits than to go from 100 to 101 qubits • Adding qubit n introduces n – 1 new interactions to the system • Breaking bitcoin requires a QC that can run Shor's algorithm • Most QCs can't run Shor's Algorithm except with a tiny number of qubits (like 5) • Largest number ever factored on a real QC using Shor's is 21 (5 bits, 2012). • Largest number ever factored on a real QC is 4,088,459 (22 bits) using IBM's 5-qubit processor (Grover's algorithm) • How could a 22-bit number be factored on a 5-bit QC? • Answer: 2088459 = 2017 × 2027 • 2017 and 2027 differ by 2 bits; only 2 qubits of the 5 were used. • Numbers were cherry-picked. • More promising results with quantum annealing: • 376,289 = 571 × 659 was factored on D-wave 2000Q quantum annealer by Shuxian Jiang, Keith A. Britt, Travis S. Humble, and Sabre Kais (2018) • Not cherry-picked, but these are still tiny numbers • Does not use Shor's algorithm, but variant of Grover's algorithm. Doubtful if the method used can scale to large numbers • If QC does break Bitcoin tomorrow, it will break everything else too. Banks, Governments, Hospitals, Airlines, Military, Big Tech... • Such a QC would be the greatest weapon imaginable in information warfare • No palpable sense of urgency from these entities to upgrade to post-quantum cryptography
  • 263.
    Quantum Computing Threats? • Bitcoin uses 256-bit EC cryptography • To break a n-bit EC key a QC with 9n + 2 log2(n) + 10 qubits are needed (arXiv:1706.06752v3) • These need to be stable qubits • To "break bitcoin", this means 2,000 stable qubits are required • It's very difficult to build QCs with stable qubits, this is due to decoherence when entangled qubits interact with their environment • It's much easier to go from 1 to 2 qubits than to go from 100 to 101 qubits • Adding qubit n introduces n – 1 new interactions to the system • Breaking bitcoin requires a QC that can run Shor's algorithm • Most QCs can't run Shor's Algorithm except with a tiny number of qubits (like 5) • Largest number ever factored on a real QC using Shor's is 21 (5 bits, 2012). • Largest number ever factored on a real QC is 4,088,459 (22 bits) using IBM's 5-qubit processor (Grover's algorithm) • How could a 22-bit number be factored on a 5-bit QC? • Answer: 2088459 = 2017 × 2027 • 2017 and 2027 differ by 2 bits; only 2 qubits of the 5 were used. • Numbers were cherry-picked. • More promising results with quantum annealing: • 376,289 = 571 × 659 was factored on D-wave 2000Q quantum annealer by Shuxian Jiang, Keith A. Britt, Travis S. Humble, and Sabre Kais (2018) • Not cherry-picked, but these are still tiny numbers • Does not use Shor's algorithm, but variant of Grover's algorithm. Doubtful if the method used can scale to large numbers • If QC does break Bitcoin tomorrow, it will break everything else too. Banks, Governments, Hospitals, Airlines, Military, Big Tech... • Such a QC would be the greatest weapon imaginable in information warfare • No palpable sense of urgency from these entities to upgrade to post-quantum cryptography • As things stand – a tiny computer such as an Apple watch is far better at breaking crypto and prime factorization than today's multi-million dollar QCs
  • 264.
    Quantum Computing Threats? • Bitcoin uses 256-bit EC cryptography • To break a n-bit EC key a QC with 9n + 2 log2(n) + 10 qubits are needed (arXiv:1706.06752v3) • These need to be stable qubits • To "break bitcoin", this means 2,000 stable qubits are required • It's very difficult to build QCs with stable qubits, this is due to decoherence when entangled qubits interact with their environment • It's much easier to go from 1 to 2 qubits than to go from 100 to 101 qubits • Adding qubit n introduces n – 1 new interactions to the system • Breaking bitcoin requires a QC that can run Shor's algorithm • Most QCs can't run Shor's Algorithm except with a tiny number of qubits (like 5) • Largest number ever factored on a real QC using Shor's is 21 (5 bits, 2012). • Largest number ever factored on a real QC is 4,088,459 (22 bits) using IBM's 5-qubit processor (Grover's algorithm) • How could a 22-bit number be factored on a 5-bit QC? • Answer: 2088459 = 2017 × 2027 • 2017 and 2027 differ by 2 bits; only 2 qubits of the 5 were used. • Numbers were cherry-picked. • More promising results with quantum annealing: • 376,289 = 571 × 659 was factored on D-wave 2000Q quantum annealer by Shuxian Jiang, Keith A. Britt, Travis S. Humble, and Sabre Kais (2018) • Not cherry-picked, but these are still tiny numbers • Does not use Shor's algorithm, but variant of Grover's algorithm. Doubtful if the method used can scale to large numbers • If QC does break Bitcoin tomorrow, it will break everything else too. Banks, Governments, Hospitals, Airlines, Military, Big Tech... • Such a QC would be the greatest weapon imaginable in information warfare • No palpable sense of urgency from these entities to upgrade to post-quantum cryptography • As things stand – a tiny computer such as an Apple watch is far better at breaking crypto and prime factorization than today's multi-million dollar QCs • Basically there's nothing to worry about.
  • 265.
    The End BITCOIN FUNDAMENTALS N.P. O'DONNELL, MAYNOOTH UNIVERSITY
  • 266.
    Questions? BITCOIN FUNDAMENTALS N. P.O'DONNELL, MAYNOOTH UNIVERSITY