SLIDE 1
Intro to Bitcoin Research
Joseph Bonneau CITP, Princeton
- r
“Why Bitcoin is a full employment act for security engineers”
Thanks to Andrew Miller, Arvind Narayanan, Jeremy Clark, Joshua Kroll, Ed Felten
Intro to Bitcoin Research or Why Bitcoin is a full employment act - - PowerPoint PPT Presentation
Intro to Bitcoin Research or Why Bitcoin is a full employment act - - PowerPoint PPT Presentation
Intro to Bitcoin Research or Why Bitcoin is a full employment act for security engineers Joseph Bonneau CITP, Princeton Thanks to Andrew Miller, Arvind Narayanan, Jeremy Clark, Joshua Kroll, Ed Felten Part I: Bitcoin in 6 easy steps
SLIDE 2
SLIDE 3
Double spending: why ecash is hard
BANK Alice Bob SignA(Transfer X to B) Charlie SignA(Transfer X to C) SignZ(Transfer X to A) Redeem X? Redeem X?
SLIDE 4
Step 1: Make the bank a global log
SignA(Transfer X to C) ... SignA(Transfer X to B) ... SignA(Transfer X to C)
(the block chain)
SignatureBANK SignatureBANK SignatureBANK SignatureBANK
SLIDE 5
Step 2: Participants vote on blocks
SignatureA SignatureB SignatureC ... SignatureA SignatureB SignatureC ... SignatureA SignatureB SignatureD ...
SLIDE 6
Step 3: A random user picks
N-2 N-1 SignA(Transfer X to C)
SignatureB SignatureA
N
SignatureC
N C
SLIDE 7
Step 4: Resolve conflicts by forking
SignA(Transfer X to B)
SignatureB SignatureA
SignA(Transfer X to C)
SignatureC SignatureD SignatureE
SLIDE 8
Step 5: Incentivise correct blocks
SignatureB SignatureA SignatureC SignatureD SignatureE
Mint(X, A) Mint(X, B) Mint(X, D) Mint(X, E) Mint(X, C)
SLIDE 9
Step 6: Choose by hash power!
Mint(X, A) Mint(X, B) Mint(X, C) SHA-256(BlockN-1, n) = 0x00000000000000003f89... SHA-256(BlockN-1, n) = 0x00000000000000008c71... Mining difficulty Mining difficulty
SLIDE 10
Preventing double spending
SignA(Transfer X to B) SignA(Transfer X to C) SignA(Transfer X to B)
Longest chain wins
SLIDE 11
Transaction confirmation (~6 blocks)
SLIDE 12
Bitcoin is transaction-based
IN: scriptSig ... scriptSig ... OUT: scriptPub A, 5.9 ... ... IN: scriptSig A OUT: scriptPubB, 5.0 scriptPubA, 0.9 IN: scriptSig A scriptSig A OUT: scriptPubC, 10.0 IN: scriptSig ... OUT: scriptPubA, 9.2 ...
SLIDE 13
Part II: Mining & Consensus
SLIDE 14
51% attacks
Goldfinger Attack?
SLIDE 15
Checkpointing
Bitcoin is not fully decentralized
SLIDE 16
Selfish mining
Observation: for 0.33 < x < 0.5, a fraction x of selfish miners can earn greater than a fraction x of rewards [Eyal, Sirer 2013]
Attempt to fork here Try again here Putative fork Putative fork Succesful fork!
SLIDE 17
Mining difficulty
bitcoinwisdom.com
SLIDE 18
Difficulty adjustment
bitcoinwisdom.com 10 minutes 2 weeks
SLIDE 19
Mining rewards
Brian Warner
SLIDE 20
Total network capacity
- 264 hashes per block (every 10 minutes!)
- 275 hashes in 2013
○ In exchange for ~US$250M
SLIDE 21
Bitcoin mining hardware
SLIDE 22
Why would anybody mine bitcoins?
Chilkoot pass, Klondike 1898
SLIDE 23
Mining pools
SLIDE 24
Part III: Bitcoin as a currency
SLIDE 25
Why does Bitcoin have value?
Consensus
- Consensus in state (blockchain)
- Consensus in payment
- Consensus in rules
[Kroll, Felten 2013]
SLIDE 26
Price during 2013
SLIDE 27
Black Markets
Silk Road: US$14M in Revenue in 2012 [Christin 2012]
SLIDE 28
Capital controls
SLIDE 29
E-commerce
SLIDE 30
Bitcoin exchanges
Around half of all exchanges have collapsed [Moore, Christin 2012]
SLIDE 31
Geographic distribution of nodes (as of Dec 2013) getaddr.bitnodes.io - 2013 Addy Yeow
SLIDE 32