1. No category

How Bitcoin Works - BFH

What is Bitcoin?
How Bitcoin Works
Bitcoin
• an open-source software
Kai Brünnler
• a peer-to-peer network
• a decentralized payment network
Research Institute for Security in the Information Society
Bern University of Applied Sciences
• a decentralized currency
Problems with Centralization
• Payment Networks
• censorship
• fees
• chargebacks
• identity theft
• onramp cost
• Currencies
• inflation
1 / 26
Outline
Outline
1 CentralCoin
1 CentralCoin
2 NaiveCoin
2 NaiveCoin
3 SerialNumberCoin
3 SerialNumberCoin
4 PublicAnnouncementCoin
4 PublicAnnouncementCoin
5 ElectionCoin
5 ElectionCoin
6 PuzzleCoin
6 PuzzleCoin
7 BlockchainCoin
7 BlockchainCoin
8 Bitcoin
8 Bitcoin
2 / 26
3 / 26
CentralCoin
CentralCoin
Alice
Bob
Alice
I, Alice, want to transfer
1.0 coins to Bob
Bob
I, Alice, want to transfer
1.0 coins to Bob
CentralCoin
Charlie
Alice
Bob
Charlie
CentralCoin
3.0
1.0
4.0
Charlie
Alice
Bob
Charlie
2.0
2.0
4.0
4 / 26
Outline
4 / 26
NaiveCoin
1 CentralCoin
2 NaiveCoin
3 SerialNumberCoin
• every node keeps ledger
• transactions are broadcast to all nodes
4 PublicAnnouncementCoin
• every node accepts all valid transactions it receives
5 ElectionCoin
6 PuzzleCoin
7 BlockchainCoin
8 Bitcoin
5 / 26
6 / 26
NaiveCoin
NaiveCoin
I, Alice, want to transfer
1.0 coins to Bob
Alice
Alice
Bob
Charlie
Bob
3.0
1.0
4.0
I, Alice, want to transfer
1.0 coins to Bob
Alice
Alice
Bob
Charlie
3.0
1.0
4.0
I, Alice, want to transfer
1.0 coins to Bob
Alice
Bob
Charlie
2.0
2.0
4.0
I, Alice, want to transfer
1.0 coins to Bob
Charlie
Alice
Bob
Charlie
Bob
2.0
2.0
4.0
Alice
Bob
Charlie
2.0
2.0
4.0
Charlie
3.0
1.0
4.0
7 / 26
Outline
Alice
Bob
Charlie
7 / 26
SerialNumberCoin
1 CentralCoin
2 NaiveCoin
3 SerialNumberCoin
• as before but coins have serial numbers
4 PublicAnnouncementCoin
5 ElectionCoin
6 PuzzleCoin
7 BlockchainCoin
8 Bitcoin
8 / 26
9 / 26
SerialNumberCoin
Alice
I, Alice, want to transfer
coin 12345 to Bob
Alice
Bob
Charlie
SerialNumberCoin
Bob
12345,...
...
...
Alice
Alice
Bob
Charlie
12345,...
...
...
I, Alice, want to transfer
coin 12345 to Bob
Alice
Bob
Charlie
I, Alice, want to transfer
coin 12345 to Bob
Bob
...
12345,...
...
Alice
Bob
Charlie
...
12345,...
...
Alice
Bob
Charlie
...
12345,...
...
I, Alice, want to transfer
coin 12345 to Bob
Charlie
Charlie
Alice
Bob
Charlie
12345,...
...
...
10 / 26
The Double Spending Attack
Alice
I, Alice, want to transfer
coin 12345 to Bob
10 / 26
The Double Spending Attack
Bob
Alice
Alice
Bob
Charlie
I, Alice, want to transfer
coin 12345 to Bob
Bob
12345,...
...
...
I, Alice, want to transfer
coin 12345 to Charlie
Alice
Bob
Charlie
...
12345,...
...
Alice
Bob
Charlie
...
...
12345,...
I, Alice, want to transfer
coin 12345 to Charlie
Charlie
Charlie
Alice
Bob
Charlie
12345,...
...
...
11 / 26
11 / 26
Outline
PublicAnnouncementCoin
1 CentralCoin
Protocol is as before, but now:
• instead of sending a transaction to everybody, a transaction is publicly announced
2 NaiveCoin
• and everybody only accepts transactions that are publicly announced
3 SerialNumberCoin
4 PublicAnnouncementCoin
Public Announcement is very different from just sending to everybody:
• not just everybody knows,
5 ElectionCoin
• but everybody knows and everybody knows that everybody knows, etc.!
6 PuzzleCoin
The double spending attack is now impossible.
7 BlockchainCoin
• that is essentially Bitcoin...
8 Bitcoin
• ...but how to implement public announcements on the internet?
12 / 26
Outline
13 / 26
ElectionCoin
1 CentralCoin
Protocol is like SerialNumberCoin, but now:
2 NaiveCoin
• every node keeps all received transactions in the unconfirmed transaction pool
3 SerialNumberCoin
• every 10 minutes nodes randomly elect a leader (say that’s possible)
4 PublicAnnouncementCoin
• the leader node updates its ledger according to its transaction pool and
broadcasts the ledger
5 ElectionCoin
• all nodes take over the ledger from the leader and discard their transaction pool
6 PuzzleCoin
7 BlockchainCoin
• Problem: Sybil Attack
8 Bitcoin
14 / 26
15 / 26
Outline
PuzzleCoin
1 CentralCoin
Protocol is like before, but now:
• all nodes try to solve a hard computational puzzle
• a node that solved it
• updates its ledger according to its transaction pool
• broadcasts the updated ledger together with the puzzle solution
2 NaiveCoin
3 SerialNumberCoin
4 PublicAnnouncementCoin
• a node takes over a ledger if it can verify the puzzle solution
5 ElectionCoin
• to incentivize nodes to do the hard computational work, they are rewarded with
6 PuzzleCoin
• the puzzle: find a number, called nonce, which, when hashed, gives a bitstring
coins for solving a puzzle
starting with a number of zeros
7 BlockchainCoin
Now a Sybil attack is hard.
8 Bitcoin
16 / 26
Outline
• Problem: What if two nodes find a solution at roughly the same time?
17 / 26
BlockchainCoin
1 CentralCoin
Protocol is like before, but now:
2 NaiveCoin
• each node not only stores balances, but the entire transaction history
• a node that solves a puzzle broadcasts its block of transactions and includes the
3 SerialNumberCoin
nonce and the hash of the previous block
4 PublicAnnouncementCoin
• each node takes over the longest available valid chain of blocks
• the puzzle: find a nonce, which, when hashed together with the transactions and
5 ElectionCoin
the previous hash, gives a bitstring starting with a number of zeros
6 PuzzleCoin
7 BlockchainCoin
8 Bitcoin
18 / 26
19 / 26
BlockchainCoin
Outline
1 CentralCoin
2 NaiveCoin
Now it’s no problem if two nodes solve the puzzle at the same time:
• Alice and Bob both find the nonce at the same time
3 SerialNumberCoin
• half the network takes over Alice’s block and the other half Bob’s block
4 PublicAnnouncementCoin
• at some point someone will find the next block,
• let’s say it’s Charlie, and Charlie is in Alice’ part of the network
5 ElectionCoin
• everybody (including Bob) will take over Charlie’s and thus Alice’ block, because
6 PuzzleCoin
it forms the longest chain
7 BlockchainCoin
Problem: Transacting single coins is cumbersome.
8 Bitcoin
21 / 26
20 / 26
Bitcoin
A Transaction
• there are no coins and no serial numbers in Bitcoin
{
"hash":"7c4025...",
"ver":1,
"vin_sz":1,
"vout_sz":1,
"lock_time":0,
"size":224,
"in":[{"prev_out":{"hash":"2007ae...","n":0},
"scriptSig":"304502... 042b2d..."}],
"out":[{"value":"0.31900000",
"scriptPubKey":"OP_DUP OP_HASH160 a7db6f OP_EQUALVERIFY OP_CHECKSIG"}]
• there are only transactions with inputs and outputs, each input is the output of a
previous transaction
}
22 / 26
23 / 26
Bitcoin Script
Other Blockchain Uses, Outlook
• scriptSig: Part of an input, unlocks the referenced output from a previous
transaction
Example: <signature>
• scriptPubKey: Part of an output, locks that output
• incorruptible and fairly cheap registry: land registries, notary services etc.
Example: <pubkey> OP CHECKSIG
• p2p tradable assets: stocks, art, luxury items, local currencies
• when a transaction input tries to spend an output, essentially the scriptSig and
• smart contracts (unstoppable programs that control funds): escrow, prediction
ScriptPubkey are concatenated and run, if in the end true is on the stack, the
input is valid
markets, p2p gaming
Bitcoin Script allows for applications like:
• both of these two given keys need to sign
• at least two of those three given keys need to sign
24 / 26
Sources
• Satoshi Nakamoto. Bitcoin: A Peer-to-Peer Electronic Cash System.
https://bitcoin.org/bitcoin.pdf
• Michael Nielsen. How the Bitcoin protocol actually works. http://www.
michaelnielsen.org/ddi/how-the-bitcoin-protocol-actually-works/
• Andreas Antonopoulos. Mastering Bitcoin. O’Reilly Media, 2014,
http://shop.oreilly.com/product/0636920032281.do
26 / 26
25 / 26

 Download  Report

Paperzz.com

Your Paperzz

© Copyright 2026 Paperzz