This document provides an overview of key concepts in blockchain and Bitcoin including decentralization, cryptography, transactions, wallets, mining, and the Bitcoin network. It discusses block and transaction structures, public and private keys, proof-of-work mining, and applications of blockchain technology such as escrow and micropayments. The history of Bitcoin mining from CPUs to ASICs is covered as well as the centralization of mining in pools.

1. BLOCKCHAIN
區塊鏈

2. CRYPTOGRAPHY
HASH
ENCRYPTION

3. DECENTRALIZATION

4. ITCOIN

5. 1. Decentralized
2. Anonymous
3. Completely Transparent
4. Less Fees
5. Easy to use

6. • Block Structure
• Key, Address and Wallet
• Transaction
• Mining and Consensus
• Network

7. BLOCK
Chain of Blocks Inside a block
Merkle Tree

8. Chain of Blocks
Genesis
Block
prev #8FA
That is all you need!

9. Inside a block:
Merkle Tree
What’s a Merkle Tree?
Binary Hash Tree
Data

10. How to locate transaction
Assume P transactions in the Merkle tree,
We need O(logN) hashes to construct a path
to verify if a transaction exist here
authentication path :
HL , HIJ , HMNOP , HABCDEFGH

11. How to locate transaction
Assume P transactions in the Merkle tree,
We need O(logN) hashes to construct a path
to verify if a transaction exist here
authentication path :
HL , HIJ , HMNOP , HABCDEFGH

12. Block Header?

13. • Block Structure
• Key, Address and Wallet
• Transaction
• Mining and Consensus
• Network

14. KEY,ADDRESS
AND WALLET
Password
Account
e-Wallet

15. KEY
Private Key Public Key
≒ Address

16. PRIVATE KEY
• SINGLE SHA256
BlockChainForTheWIN
5KjTnMMnFKd2rWZKejXXkWWkd1LJwhnHrKpBxXujRvr8nTjZwp6

17. PUBLIC
KEY
ECDSA
• Curve : y2 mod p = x3＋7 mod p
• G : base point
• p : prime number

18. ADDRESS
• HASH 160
• BASE58 ENCODING
04f29a7f486c90281f9396945e99ab35e
2ed732c008ada71e8e745da38dc63ac9
7b723fe731555dfba9dd60c0cc8fbc8f26
c35739f10c068125e6394839a47eb1e
7c4c8fc7afbf33660bef88460b8ef86bcc9d1134
1CLEWPDWRkTV2wEKZsDGPUWR1yXZwxsPQ
k

19. KEY
Private Key
Public Key
Address
ECDSA
HASH160 + Base58Check

20. KEY(PUBLIC)
• COMPRESSED • UNCOMPRESSED
(x, y)
k = 04xyk = 02x, if y is even
k = 03x, if y is odd
• 66 hex digits • 130 hex digits
04f29a7f486c90281f9396945e99ab35e2ed732c008a
da71e8e745da38dc63ac97b723fe731555dfba9dd60c
0cc8fbc8f26c35739f10c068125e6394839a47eb1e
02f29a7f486c90281f9396945e99ab35e2
ed732c008ada71e8e745da38dc63ac97

21. WALLET

22. WALLET
Non-deterministic Wallet : random generated
Deterministic Wallet(Seeded Wallet)

23. Mnemonic Code Word
1. Create a random sequence (entropy) of 128 to 256 bits
2. Create a checksum of the random sequence by taking the
first few bits of its SHA256 hash
3. Add the checksum to the end of the random sequence
4. Divide the sequence into sections of 11 bits, using those to
index a dictionary of 2048 pre-defined words
5. Produce 12-24 words representing the mnemonic code

24. Mnemonic Code Word
1. Create a random sequence (entropy) of 128 to 256 bits
2. Create a checksum of the random sequence by taking the
first few bits of its SHA256 hash
3. Add the checksum to the end of the random sequence
4. Divide the sequence into sections of 11 bits, using those to
index a dictionary of 2048 pre-defined words
5. Produce 12-24 words representing the mnemonic code

25. Hierarchical Deterministic Wallets
Each parent key can have 4 billion children keys

26. Hierarchical Deterministic Wallets
• tree structure can be used to express additional organizational
meaning
• users can create a sequence of public keys without having
access to the corresponding private keys
• insecure server or in a receive-only capacity

27. Hierarchical Deterministic Wallets

28. Hierarchical Deterministic Wallets
• parent private key and public key (256bit)
• seed called a chain code (256bit)
• index number (32bit)
Extended Keys : key + chain code

29. Hierarchical Deterministic Wallets
• Potential problems

30. Hierarchical Deterministic Wallets
• Solution : Hardened Child Key Derivation
• use parent private key to derive child chain code
• best practice, the level-1 children of the master keys are
always derived through the hardened derivation, to prevent
compromise of the master keys

31. Hierarchical Deterministic Wallets
• Index numbers for normal and hardened derivation
• Normal : 0 ~ 2^31 -1 , first one displayed as 0
• Hardened : 2^31 ~ 2^32 -1 , first one displayed as 0’
• HD wallet key identifier (path)

32. FORMAT

33. Key Format
• Private Key
• Wallet Import Format(WIF) : a way of encoding a private
key so as to make it easier to copy
• Public Key

34. Other Format
• Encrypted Private Key
• private key(usually in WIF) + passphrase
• => Base58Check encoded encrypted private key
with the prefix 6P
• need passphrase to decrypt

35. • Block Structure
• Key, Address and Wallet
• Transaction
• Mining and Consensus
• Network

36. TRANSACTION

37. TRANSACTION

38. Life Cycle
• Most important thing in Bitcoin network
• All designs in Bitcoin are created for transaction’s creation,
broadcast and verification
• Life cycle :
CREAT
ED
SIGNE
D
BROADCAS
TED
VERIFIED
AND
COLLECT
ED
Every node will
send validated
transaction to its
3~4 neighbors.

39. UTXO
• Unspent Transaction Output
• locked to specific owner
• no balance of a bitcoin address account; only scattered UTXO
• balance is the sum of UTXO of that address
Account-based ledger
Alice transfer $10 to me
Bob transfer $5 to me
transfer $13 to David
transfer $10 to Alice
Transaction-based ledger
Input from a1,$10, to me
Input from b1,$5, to me
Input from c1,c2,$13, to David
Input from c3,$5, to Alice
only need to verify output from specific transaction

40. UTXO
• Unspent Transaction Output
• locked to specific owner
• no balance of a bitcoin address account; only scattered UTXO
• balance is the sum of UTXO of that address
Account-based ledger
Alice transfer $10 to me
Bob transfer $5 to me
transfer $13 to David
transfer $10 to Alice
Transaction-based ledger
Input from a1,$10, to me
Input from b1,$5, to me
Input from c1,c2,$13, to David
Input from c3,$5, to Alice
only need to verify output from specific transaction
• efficient verification
• consolidating funds : merge my own
coins together to one address
• joint payments : combine payments
from multiple person
• change address : the change are
changed to another address

41. UTXO
• Unspent Transaction Output
• locked to specific owner
• no balance of a bitcoin address account; only scattered UTXO
• balance is the sum of UTXO of that address
Account-based ledger
Alice transfer $10 to me
Bob transfer $5 to me
transfer $13 to David
transfer $10 to Alice
Transaction-based ledger
Input from a1,$10, to me
Input from b1,$5, to me
Input from c1,c2,$13, to David
Input from c3,$5, to Alice
only need to verify output from specific transaction
• efficient verification
• consolidating funds : merge my own
coins together to one address
• joint payments : combine payments
from multiple person
• change address : the change are
changed to another address

42. Structure
• Metadata
• Locktime
• the earliest time that a transaction is valid and can be
relayed on the network or added to the blockchain
• = 0 : no locktime limit
• < 500 million : block height
• > 500 million : Unix Epoch timestamp

43. Structure
• Input : UTXO

44. Structure
• Output

45. Script
• Output
• How to unlock?
• concatenate input with output
• Input

46. Script
• Output
• How to unlock?
• concatenate input with output
• Input
• 5 standard transaction
• Pay-to-public-key-hash (P2PKH) Majority
• Public-key
• Multi-Signature
• Pay-to-Script-Hash(P2SH)
• Data Output(OP_RETURN)

47. Script

48. Script

49. Script
• Pay-to-public-key-hash (P2PKH)
• Majority
• Public-key
• Public key is store in the locking script
rather than Public key hash
• generated by older mining software that
has not been updated to use P2PKH

50. Script
• Multi-Signature
• Locking script
• M <Public Key 1> <Public Key 2> ... <Public
Key N> N OP_CHECKMULTISIG
• Unlocking script
• OP_0 <Signature B> <Signature C>
• Data Output(OP_RETURN)
• allows developers to add 40 bytes of non-payment
data to a transaction output
• un-spendable output

51. Script
• Pay-to-Script-Hash(P2SH)
• pay to a script matching this hash, a script which
will be presented later when this output is spent
• P2SH addresses are Base58Check encodings of
the 20 byte hash of a script
• use version prefix 5, which results in Base58Check
encoded addresses starting with 3
• the redeem script can be invalid , which will result
in un-spendable bitcoin

52. Script
• Pay-to-Script-Hash(P2SH)
• pay to a script matching this hash, a script which
will be presented later when this output is spent
• P2SH addresses are Base58Check encodings of
the 20 byte hash of a script
• use version prefix 5, which results in Base58Check
encoded addresses starting with 3
• the redeem script can be invalid , which will result
in un-spendable bitcoin

53. Script
• Pay-to-Script-Hash(P2SH)
• pay to a script matching this hash, a script which
will be presented later when this output is spent
• P2SH addresses are Base58Check encodings of
the 20 byte hash of a script
• use version prefix 5, which results in Base58Check
encoded addresses starting with 3
• the redeem script can be invalid , which will result
in un-spendable bitcoin

54. Script
• Pay-to-Script-Hash(P2SH)
• pay to a script matching this hash, a script which
will be presented later when this output is spent
• P2SH addresses are Base58Check encodings of
the 20 byte hash of a script
• use version prefix 5, which results in Base58Check
encoded addresses starting with 3
• the redeem script can be invalid , which will result
in un-spendable bitcoin
advantage:
nodes keep less record

55. Transaction Fee
• = sum of output - sum of input
• independent of the transaction’s bitcoin value,
but generally determined by size of a
transaction
• others are more willing to put a transaction into
a block if it’s fee is high
• is used to stop spam transactions and DDoS

56. • Block Structure
• Key, Address and Wallet
• Transaction
• Mining and Consensus
• Network

57. NING AND CONSENS

58. NING AND CONSENS

59. NING AND CONSENS

60. MINER

61. Task of Bitcoin Miners
• maintaining block chain and listen for new
blocks
• listen for transactions : listen and validate
• assemble a new block
• compute the answer(nonce) and broadcast the
block

62. Proof of Work
• spam email check
• difficult to produce but easy to verify
• a base string + nonce -> hash
• nonce : number used only once
• base string : Hello, world!
• target : hash begins with certain zeros

63. Proof of Work
• spam email check
• difficult to produce but easy to verify
• a base string + nonce -> hash
• nonce : number used only once
• base string : Hello, world!
• target : hash begins with certain zeros

64. Difficulty
• averagely 10 mins per block generation
• determine the difficulty
• adjust every 2 weeks
• next_difficulty = previous_difficulty * (2
weeks) / (time to mine last 2016 blocks)

65. Coinbase Transaction
• a null hash pointer
• a parameter contain arbitrary data , usually used
to signal support by miners for different new
features (vote)
• BIP , Bitcoin Improvement Proposal
• value contains block reward and all the
transaction fees of the block

66. Coinbase Transaction only transaction fees left

67. Broadcast
• previous block hash value + nonce
• put the nonce into block header
• broadcast to network
• easy verify by other miners

68. THREAT

69. Problem & Attack
• steal bitcoin?
• protected by digital signature
• steal private keys
• fork
• P2P network latency
• miner will go with the main(longest) chain
• lose if not on the main chain
• double-spend attack?
• a block is generated about every 10 minutes
• should wait at least 6 blocks(confirmation)

70. Problem & Attack
• Sybil attacks
• refuse to relay blocks and transactions,
disconnecting you from the network
• open to double-spending attacks
• 51% attack
• could change the main chain

71. Problem & Attack
• Sybil attacks
• refuse to relay blocks and transactions,
disconnecting you from the network
• open to double-spending attacks
• 51% attack
• could change the main chain

72. APPLICATION

73. Application of Bitcoin
• Escrow Application
• MULTISIG and a third party
• green address
• bank-controlled address
• bank guarantee it will not double-spend (real
world guarantee) , so recipient won’t have to
worry about confirmations of the transaction
which would take an hour
• trackable

74. Application of Bitcoin
• micro-payment
• bond : broadcast by recipient in the beginning
• refund : MULTISIG , requires both sender and
receiver to sign ; spend the money of bond ,
transfer them to both sender and recipient
• lock time : set the time t when recipient fail to
broadcast the payment by t , sender can get
the whole money back instead of money being
hold hostage by recipient

75. Application of Bitcoin B A BBond refund
100

76. Ecosystem - a cyclic nature
ValueSecurity
Mining
Digital Signature
Tamper-resistent
Market Price
Massive Users

77. Mining History
• CPU Mining
• while Loop
• too slow
• GPU Mining
• parallelism , overclocking
• floating point units, power consuming, cooling

78. Mining History
Source: LeonardH, cryptocurrenciestalk.com

79. Mining History
• FPGA Mining
• Field Programmable Gate Array, Verilog
• allowing the owner of the card to customize it
or reconfigure it
• better performance, cooling
• malfunction and errors, difficult to optimize the
32bit addition step, less accessible

80. Mining History

81. Mining History
• ASIC Mining
• Application Specific Integrated Circuits
• chips designed, built, and optimized for the
sole purpose of mining Bitcoins
• rapidly increasing network hash rate, shipping
speed is crucial
• short lifetime

82. Mining History

83. Mining History
• Today
• professional mining, not friendly to individual

84. Mining History
• Where to set up?
• climate: cool
• cost of electricity: cheap
• network position
• ideal place
• Republic of Georgia
• Iceland

85. Mining History

86. Mining Pool
• Miner
• only one mission: computing
• Pool Manager
• listen to transactions and verify
• build blocks
• update software

87. Mining Pool
• Rewards
• based on work done
share

88. Mining Pool
• Rewards
• based on work done
share

89. Mining Pool
• pay-per-share
• flat fee on every share, even no valid block
found
• manager absorb the risk
• took advantage by competitors
• proportional

90. Mining Pool
• started around 2010
• 51% mining pools
2014/62014/8
2015/42016/3

91. Mining Pool
• good for small miners, fast update
• centralization, few fully-validating nodes

92. • Block Structure
• Key, Address and Wallet
• Transaction
• Mining and Consensus
• Network

93. Bitcoin Network
• bitcoin P2P protocol
• extended bitcoin network
• bitcoin P2P protocol
• mining pool protocol
• Stratum protocol

94. Bitcoin Network
• Node Functions

95. Bitcoin Network
• Node Types

96. Bitcoin Network
• Node Types

97. SPV client
• Simplified Payment Verification nodes
• retrieve only block headers, 1000 times smaller
than full blockchain
• request for specific transaction from peers
• Sybil attack
• double spending attack
• privacy revealed
• Bloom Filter

98. Bloom Filter
• probabilistic search filter, a way to describe a
desired pattern without specifying it exactly
• a variable-size array of N binary digits
• a variable number of M hash functions, output
between 1 and N
• varying the level of accuracy and therefore
privacy by picking different N & M

99. Bloom Filter
• To add a pattern to the bloom filter, the pattern is
hashed by each hash function in turn
• corresponding bit of hash output is set to 1

100. Bloom Filter
collision
probabilistic :
more collision, less accuracy

101. Bloom Filter Maybe YES, Definitely NO

102. Bitcoin Network

103. • Block Structure
• Key, Address and Wallet
• Transaction
• Mining and Consensus
• Network