applied craptography bitcoin and other cryptocurrencies
play

Applied Craptography: Bitcoin and Other Cryptocurrencies 1 Meme - PowerPoint PPT Presentation

Dec 30, 2022 •229 likes •768 views

Computer Science 161 Fall 2016 Popa and Weaver Applied Craptography: Bitcoin and Other Cryptocurrencies 1 Meme of the Day Computer Science 161 Fall 2016 Popa and Weaver 2 Outline Computer Science 161 Fall 2016 Popa and Weaver

  1. Computer Science 161 Fall 2016 Popa and Weaver Applied Craptography: 
 Bitcoin and Other 
 Cryptocurrencies 1

  2. Meme of the 
 Day Computer Science 161 Fall 2016 Popa and Weaver 2

  3. Outline Computer Science 161 Fall 2016 Popa and Weaver • The Cryptography: • Hash Chains • Proof of Work • Putting it together: The Bitcoin Public Ledger • The Craptography: • Irreversibility + Volatility -> Only good for crime • How to make money in Bitcoin: Theft • Gross ine ffi ciencies • Public Data -> Clustering • Record History -> Prosecution Futures • Even more “coolness”: Ethereum Aka “Lets program our dollar bills in JavaScript!” 😃 😃 😃 😃 😃 😃 😃 • 3

  4. Bitcoin's Goal Computer Science 161 Fall 2016 Popa and Weaver • A decentralized, distributed digital currency • Decentralized: no point of authority or control • Distributed: lots of independent systems, no central point of trust • Digital Currency: Just that, a currency • Bitcoin is censorship resistant money : • Nobody can say "don't spend your money on X" • Bitcoin's Crypto: Interesting • Bitcoin's Economics: Broken • Bitcoin's Community: Bat-Shit Insane 4

  5. Bitcoin’s Public Key Signature Algorithm 
 ECDSA Computer Science 161 Fall 2016 Popa and Weaver • Elliptic Curve Digital Signature Algorithm • So di ff erent math but conceptually similar to El Gamal and DSA • 256b private key (32 bytes) • Public key is 65 bytes • Bitcoin “address” is not the public key but the hash of the public key • RIPEMD-160(SHA-256(K pub )) • Why double hashing? Its a common weirdness in Bitcoin. • After adding a checksum and Base 58 encoding you get a “Bitcoin address” of type 1 you can send money to • 1FuckBTCqwBQexxs9jiuWTiZeoKfSo9Vyi is a valid address • I spent a lot of CPU time randomly generating private keys to find one that would match the desired prefix 5

  6. Interesting Implications of 
 Hashed Public Keys Computer Science 161 Fall 2016 Popa and Weaver • The ECDSA public key is twice as large as the private key • So hashing makes the public key a lot smaller • But it makes the signatures themselves larger • Since any signature also needs to include the full public key • Validation of a signature becomes a 2-part process • Validate that H(K pub ) = Address • Validate that the signature is valid • But if a private key is only used once , attacks which require the public key in advance can not work! 6

  7. Why This Matters: 
 Quantum Computing Computer Science 161 Fall 2016 Popa and Weaver • A Quantum computer rips through elliptic curve schemes as well as classic discrete log (Di ffi e/Hellman) and RSA type schemes • Given the public key it is trivial to find the private key • Since the private key controls money, this would be catastrophic • But at the same time, we don’t know how to build a quantum computer big enough to factor a number much larger than 15 • If you never use a private key more than once… • By instead transferring all unspent money to a new random private key • A Quantum Computer can’t steal your money! • Many cryptographic systems need to worry today about Quantum computers which don’t yet exist. 7

  8. Hash Chains Computer Science 161 Fall 2016 Popa and Weaver • If a data structure includes a hash of the previous block of data Block N H(Block N-1) • This forms a “hash chain” lots of other data • So rather than the hash of a block validating just the block • Block N - 1 
 The inclusion of the previous block’s hash validates all the H(Block N-2) previous blocks lots of other data • This also makes it easy to add blocks to data structures • Only need to hash block + hash of previous block, rather Block N - 2 
 H(Block N-3) than rehash everything: 
 lots of other data How you can e ffi ciently hash an "append only" datastructure 8

  9. Merkle Trees Computer Science 161 Fall 2016 Popa and Weaver • Lets say you have a lot of elements • And you want to add or modify elements • And you want to make the hash of the set easy to update • Enter hash trees/merkle trees • Elements 0, 1, 2, 3, 4, 5... • H(0), H(1), H(2)... • H(H(0) + H(1)), H(H(2)+H(3))... • The final hash is the root of the top of the tree. Image Stolen from Wikipedia • And so on until you get to the root • Allows you to add an element and update lg(n) hashes 
 Rather than having to rehash all the data 9

  10. Proof of Work 
 To Establish History Computer Science 161 Fall 2016 Popa and Weaver • Idea: If creating a block requires so much e ff ort • And it includes a pointer to all previous blocks • Changing history becomes expensive: • To rewrite the last k blocks of history requires the same amount of e ff ort as recording those k blocks the first time around • But at the same time, it must be cheap to verify the work was done • Easy proof of work: generation partial hash collisions • If the first N bits of a hash have to be zero… • You are expected to need to try 2 N times to find a collision • But you only need to do a single hash invocation to check if someone else did the work 10

  11. Taken Together this creates Bitcoin Computer Science 161 Fall 2016 Popa and Weaver • Every Bitcoin address (H(K pub )) has a corresponding balance in a public ledger (the Blockchain) • To spend Bitcoin… • Sign a message saying “Pay to address A” • Signature includes the address it is coming from • Broadcast that message through the Bitcoin P2P network • The rest of the P2P network… • Confirms that both the signature is valid and the balance exists • Then attempts to “mine” it into a new block on the Blockchain • This acts to confirm the transaction 11

  12. Bitcoin Transactions Computer Science 161 Fall 2016 Popa and Weaver • A transaction consists of one or more inputs and 0 or more outputs • Each input refers to a single unspent transaction output: 
 the input spends the entire output in the transaction • Each input is signed by the corresponding private key and includes the public key • Each output simply refers to a destination address and amount • If you want to make change, just send that to a new destination address or send it back to one of the input addresses • Sum(outputs) <= Sum(inputs) • Any extra is paid to whoever mines the block (the Transaction Fee) • Validating transactions: • All inputs must refer to previously unspent outputs • No double-spending, but requires knowing ALL previous Bitcoin transactions to validate! • All inputs must cryptographically validate 12

  13. The Blockchain… 
 Protected by Proof of Work Computer Science 161 Fall 2016 Popa and Weaver • All Bitcoin miners take all unverified transactions they want and compose them into a single block • Block header contains a timestamp, a nonce, the hash of the previous block, and the hash of all transactions for this block • Transactions are hashed in a Merkle tree to make it easy to add transactions to the block in progress • Now all the miners try to find a hash collision: • Modifying the block so that H(Block) < “di ffi culty” value • First by modifying the nonce value and/or timestamp and then modifying the coinbase • Once one finds a hash collision, it broadcasts the new block to the entire Bitcoin network • Every other miner first verifies that block and then starts working on the next block • Rule is always trust the longest chain • Now to rewrite history to depth N it takes the same amount of work as used to generate the chain you are rewriting • But at the same time, the current chain keeps growing! 13

  14. The Coinbase Transaction Computer Science 161 Fall 2016 Popa and Weaver • The first transaction in any block is special • It actually has 0 inputs, instead it has a small amount of arbitrary data called the "coinbase" • The coinbase data serves two purposes: • It allows the miner to make a comment • EG, claim credit, vote on proposals, etc • It can be easily changed for searching for hash collisions • When changing the coinbase now the miner needs to update the Merkel tree • The output of this transaction is the miner's reward • The miner fills it out as "pay to me" • Both the current block reward (now at 12.5 BTC/block) and any value not otherwise spent 14

  15. Bitcoin Balances Computer Science 161 Fall 2016 Popa and Weaver • Each address has a balance associated with it • The balance is in “Satoshi”, a fixed-point value = 0.00000001 BTC • There have been Bitcoin systems with bugs related to fixed vs floating point issues • This is actually the sum of all unspent outputs sent to this address • Calculating an address's balance requires looking at every Bitcoin transaction ever done • This is a problem! • Bitcoin requires knowing every transaction from the dawn of the Blockchain in order to know that things are valid • And currently this data grows by 1 MB every 10 minutes! 15

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Cryptocurrencies bitcoin, blockchain &amp; beyond Roger Wattenhofer ETH Zurich Distributed

Cryptocurrencies bitcoin, blockchain &amp; beyond Roger Wattenhofer ETH Zurich Distributed

Cryptocurrencies bitcoin, blockchain &amp; beyond Roger Wattenhofer ETH Zurich Distributed Computing Group Cryptocurrencies What is Bitcoin? = + + Technology The Bank of Bitcoin The Bank of Bitcoin User Balance A 2 B 5 C 8

1.25k views • 104 slides
Incentives in cryptocurrencies Joseph Bonneau Recap: Bitcoin miners Bitcoin depends on miners to:

Incentives in cryptocurrencies Joseph Bonneau Recap: Bitcoin miners Bitcoin depends on miners to:

ECRYPT Workshop on Cryptocurrencies Incentives in cryptocurrencies Joseph Bonneau Recap: Bitcoin miners Bitcoin depends on miners to: Store and broadcast the block chain Validate new transactions Vote (by hash power) on consensus

939 views • 68 slides
Anonymity in Cryptocurrencies Foteini Baldimtsi Bitcoin Anonymity? Satoshi Nakamoto, 2008

Anonymity in Cryptocurrencies Foteini Baldimtsi Bitcoin Anonymity? Satoshi Nakamoto, 2008

Anonymity in Cryptocurrencies Foteini Baldimtsi Bitcoin Anonymity? Satoshi Nakamoto, 2008 Bitcoin is only pseudonymous Public Key Address 133GT5661q8RuSKrrv8q2Pb4RwS 146KL5461d8KuSPxvv8q2Nd6K2q Posted on the ... Blockchain Alice

821 views • 40 slides
The Changing Nature of Cryptocurrencies: Bitcoin and Its Copies During Their Cloning Thomas H. A.

The Changing Nature of Cryptocurrencies: Bitcoin and Its Copies During Their Cloning Thomas H. A.

Introduction Tested hypothesis Econometric approach Results Robustness Conclusion The Changing Nature of Cryptocurrencies: Bitcoin and Its Copies During Their Cloning Thomas H. A. Joubert Panth eon Assas University Departement of

394 views • 21 slides
Algorand: Scaling Byzantine Agreements for Cryptocurrencies Hyunjin Kim KAIST Introduction

Algorand: Scaling Byzantine Agreements for Cryptocurrencies Hyunjin Kim KAIST Introduction

Algorand: Scaling Byzantine Agreements for Cryptocurrencies Hyunjin Kim KAIST Introduction Previous Presentations: How secure PoW is? -Attack on Bitcoin Mining pool -Attack on Bitcoin Communication -Attack on Bitcoin Consensus

601 views • 46 slides
The Age of Cryptocurrencies: Bitcoin and Sisters Ghada Almashaqbeh Columbia University April

The Age of Cryptocurrencies: Bitcoin and Sisters Ghada Almashaqbeh Columbia University April

The Age of Cryptocurrencies: Bitcoin and Sisters Ghada Almashaqbeh Columbia University April 2019 Outline Motivation. Main concepts. Operation; transactions, mining, blockchain, consensus. Main problems and potential

550 views • 32 slides
Bitcoin and Beyond The World of CryptoCurrencies Math 2018 to date Lecturer, NTU,

Bitcoin and Beyond The World of CryptoCurrencies Math 2018 to date Lecturer, NTU,

Bitcoin and Beyond The World of CryptoCurrencies Math 2018 to date Lecturer, NTU, Singapore Math 2014 - 2017 Lecturer, ISI Kolkata, India EE, CS 2010 - 2014 PhD, Computer Science 2006 - 2008 MMath, Pure Mathematics 2002 -

1.14k views • 90 slides
Bitcoin Privacy : Bitcoin On- and Ofg-Chain On- and Ofg-Chain with Janine Janine Teacher

Bitcoin Privacy : Bitcoin On- and Ofg-Chain On- and Ofg-Chain with Janine Janine Teacher

Privacy : Bitcoin Privacy : Bitcoin On- and Ofg-Chain On- and Ofg-Chain with Janine Janine Teacher Independent investigative journalist Research focus: Bitcoin / cryptocurrencies, information security, privacy, surveillance, and

1.3k views • 85 slides
Cryptocurrencies How Bitcoin Works Colin Boyd Department of Information Security and

Cryptocurrencies How Bitcoin Works Colin Boyd Department of Information Security and

Cryptocurrencies How Bitcoin Works Colin Boyd Department of Information Security and Communications Technology, NTNU Finse Winter School May 2018 The blockchain hype Blockchain is causing a hype and optimism that has rarely been seen in the

974 views • 68 slides
Applied Cryptography Applied Craptography Network Security 1 Meme of the Day Computer

Applied Cryptography Applied Craptography Network Security 1 Meme of the Day Computer

Computer Science 161 Fall 2016 Popa and Weaver Applied Cryptography Applied Craptography Network Security 1 Meme of the Day Computer Science 161 Fall 2016 Popa and Weaver 2 Outline Computer Science 161 Fall 2016 Popa and Weaver

530 views • 41 slides
Introduc)on to Bitcoin CONTENTS What is Bitcoin Who created it? Who prints it? How does Bitcoin

Introduc)on to Bitcoin CONTENTS What is Bitcoin Who created it? Who prints it? How does Bitcoin

Introduc)on to Bitcoin CONTENTS What is Bitcoin Who created it? Who prints it? How does Bitcoin work? The characteris5cs of Bitcoin WHAT IS BITCOIN Bitcoin is a form of digital currency, created and held electronically. No one controls it.

839 views • 17 slides
Mechanics of Bitcoin Bitcoin Transactions Bitcoin Scripts Applications of Bitcoin

Mechanics of Bitcoin Bitcoin Transactions Bitcoin Scripts Applications of Bitcoin

Cryptocurrency Technologies Mechanics of Bitcoin Mechanics of Bitcoin Bitcoin Transactions Bitcoin Scripts Applications of Bitcoin Scripts Bitcoin Blocks The Bitcoin Network Limitations and Improvements Mechanics of

695 views • 33 slides
Bitcoin Transactions, High-level Prof. Tom Austin San Jos State University Lab Review

Bitcoin Transactions, High-level Prof. Tom Austin San Jos State University Lab Review

Cryptocurrencies &amp; Security on the Blockchain Bitcoin Transactions, High-level Prof. Tom Austin San Jos State University Lab Review Bitcoin Blocks Collections of transactions Fixed size Collectively, form a blockchain

456 views • 22 slides
Cryptocurrencies Course: EPL682 Advanced Security Topics Instructor: Elias Athanasopoulos

Cryptocurrencies Course: EPL682 Advanced Security Topics Instructor: Elias Athanasopoulos

Cryptocurrencies Course: EPL682 Advanced Security Topics Instructor: Elias Athanasopoulos SoK: Research perspective and challenges for Bitcoin and cryptocurrency Joseph Bonneau , Andrew Miller , Jeremy Clark, Arvind Narayanan

794 views • 43 slides
A Primer on Economics for Cryptocurrencies School on Security &amp; Privacy for Blockchains and

A Primer on Economics for Cryptocurrencies School on Security &amp; Privacy for Blockchains and

A Primer on Economics for Cryptocurrencies School on Security &amp; Privacy for Blockchains and Distributed Ledger Technologies Rainer Bhme Motivation We have tried quite some time ago to explain Bitcoin to economists: Bhme, R.,

657 views • 47 slides
Beyond Bitcoin FIA Law &amp; Compliance Division May 17, 2018 Katten Muchin Rosenman LLP Henry

Beyond Bitcoin FIA Law &amp; Compliance Division May 17, 2018 Katten Muchin Rosenman LLP Henry

Beyond Bitcoin FIA Law &amp; Compliance Division May 17, 2018 Katten Muchin Rosenman LLP Henry Bregstein Gary DeWaal Kevin M. Foley Christian T. Kemnitz Ayah K. Sultan Allison C. Yacker Types of Cryptocurrencies There are three

387 views • 37 slides
Unresectable Mesenteric Masses: Fact or Fiction J. Philip Boudreaux, MD FACS Professor of

Unresectable Mesenteric Masses: Fact or Fiction J. Philip Boudreaux, MD FACS Professor of

Unresectable Mesenteric Masses: Fact or Fiction J. Philip Boudreaux, MD FACS Professor of Surgery LSUHSC New Orleans Chairman, Department of Surgery Ochsner Medical Center - Kenner Med edic ical v l vs S s Surgic ical M l Man

417 views • 39 slides
This document presents both the slides and extensive speakers notes used in a recent

This document presents both the slides and extensive speakers notes used in a recent

This document presents both the slides and extensive speakers notes used in a recent presentation to the Society of Petroleum Engineers in Melbourne. ******************************************************************************* Thank you to

707 views • 12 slides
7 IN DEALING WITH PARTNER VIOLENCE David Katerndahl, MD, MA Department of Family and Community

7 IN DEALING WITH PARTNER VIOLENCE David Katerndahl, MD, MA Department of Family and Community

7 IN DEALING WITH PARTNER VIOLENCE David Katerndahl, MD, MA Department of Family and Community Medicine University of Texas Health Science Center San Antonio, Texas SPEAKER DISCLOSURE Dr. Katerndahl has disclosed that he has no actual or

650 views • 52 slides
advances and Challenges (Ethernet) Anupam Jagdish Chomal Principal Software Engineer DellEMC

advances and Challenges (Ethernet) Anupam Jagdish Chomal Principal Software Engineer DellEMC

Data center Networking: New advances and Challenges (Ethernet) Anupam Jagdish Chomal Principal Software Engineer DellEMC Isilon Bitcoin mining Contd Main reason for bitcoin mines at Iceland is the natural cooling for servers and cheap

473 views • 29 slides
CATEX Hurricane Zachary EXERCISE, EXERCISE,EXERCISE East Coast CATEX Power Restoration Functional

CATEX Hurricane Zachary EXERCISE, EXERCISE,EXERCISE East Coast CATEX Power Restoration Functional

CATEX Hurricane Zachary EXERCISE, EXERCISE,EXERCISE East Coast CATEX Power Restoration Functional Exercise 2013 This document was prepared under a grant from FEMA's Grants Programs Directorate, U.S. Department of Homeland Security. Points of

213 views • 9 slides
Cleveland-Cliffs to Acquire ArcelorMittal USA SEPTEMBER 28, 2020 FORWARD-LOOKING STATEMENTS This

Cleveland-Cliffs to Acquire ArcelorMittal USA SEPTEMBER 28, 2020 FORWARD-LOOKING STATEMENTS This

Cleveland-Cliffs to Acquire ArcelorMittal USA SEPTEMBER 28, 2020 FORWARD-LOOKING STATEMENTS This presentation contains forward - looking statements within the meaning of the federal securities laws, including Section 27A of the Securities

573 views • 18 slides
Management Without (Detailed) Models Alva L. Couch Mark Burgess Marc Chiarini A critical

Management Without (Detailed) Models Alva L. Couch Mark Burgess Marc Chiarini A critical

Management Without (Detailed) Models Alva L. Couch Mark Burgess Marc Chiarini A critical juncture Autonomic computing as conceptualized by many will work if: There are more precise models . We can compose control loops .

325 views • 29 slides
Efficient Analysis of Dynamical Properties in Stochastic Chemical Kinetic Models Hiroyuki

Efficient Analysis of Dynamical Properties in Stochastic Chemical Kinetic Models Hiroyuki

Efficient Analysis of Dynamical Properties in Stochastic Chemical Kinetic Models Hiroyuki Kuwahara Lane Center for Computational Biology Carnegie Mellon University CMACS April 2, 2010 Hiroyuki Kuwahara Efficient Analysis of Dynamical

573 views • 53 slides

More recommend