Upgrade to Pro — share decks privately, control downloads, hide ads and more …

How Bitcoin Works

How Bitcoin Works

A high-level description of how Bitcoin works.

Christian Müller

August 25, 2011
Tweet

More Decks by Christian Müller

Other Decks in Technology

Transcript

  1. My Point of View • not an evangelist • not

    a critic either • not an economist • but a CS engineer
  2. Bitcoin • invented by Satoshi Nakamoto in 2009 • fulfills

    all 3 requirements and... • is decentralized (P2P network) • and anonymous*
  3. Problem 1: Ownership • Public Key Infrastructure: every participant owns

    at least one pair of keys • no coins or banknotes per se • transactions ◦ describe the money flow ◦ cryptographically signed logs • account balance computes the network
  4. Payment Example 10 BTC Bob’s PK hash Alice’s SK Signature

    Of Alice 10 BTC Bob’s PK hash Signature of Alice Alice pays 10 BTC to Bob Owned by Alice Owned by Bob
  5. Payment Example Eve’s PK hash 10 BTC Bob’s PK hash

    Signature of Alice Bob pays 10 BTC to Eve Owned by Eve 10 BTC Bob’s PK hash Signature of Alice Owned by Bob Eve’s PK hash Signature Of Bob Signature Of Bob Bob’s SK
  6. Anonymity? • no names or accounts • account number is

    a public key • any number of accounts 15VjRaDX9zpbA8LVnbrCAFzrVzN7ixHNsC
  7. Problem 2: Double-Spending • the innovation • non-reversible transactions •

    distributed DB storing all transactions • maintained collaboratively by the entire network, not by a single node!
  8. Blockchain ◦ blockchain (equal for all participants) ◦ about 1

    new block every 10 minutes ◦ a block contains transactions ◦ blocks are chained by hashes Block 0 Block i-2 Block i-1 Block i ... Hash(Block i-1,...) Block i Transactions Hash(Block i-2,...) Block i-1 Transactions Hash(Block i,...) Block i+1 Transactions
  9. Blockchain • Alice sends money to Bob: a transaction (TA)

    send to the network • participants collect TAs for the block they are currently computing • when a block was computed: all TAs are welded in (confirmed)
  10. Extending of the Blockchain • has to be computationally super

    expensive • s.t. impossible for 1 node • will be attempted by many nodes • once a next block found - broadcasting! • the new broadcasted block will be validated by other nodes
  11. How is a new block computed? Hash(Block i, TAs i+1,

    ...) Hash(Block i-1,...) Transactions i Hash(Block i,...) Block i+1 Transactions i+1 Block i
  12. How is a new block computed? Hash(Block i-1,...) Transactions i

    Hash(Block i,...) Block i+1 Transactions i+1 Block i Goal: Hash(Block i, TAs i+1, ...) < Target Hash ... 0 n-1 Target almost random mapping
  13. How is a new block computed? Hash(Block i-1,...) Transactions i

    Hash(Block i,...) Block i+1 Transactions i+1 Block i Goal: Hash(Block i, TAs i+1, Nonce i+1 ...) < Target Hash ... 0 n-1 Target almost random mapping Nonce i Nonce i+1
  14. How is a new block computed? Hash(Block i-1,...) Transactions i

    Hash(Block i,...) Block i+1 Transactions i+1 Block i Goal: Hash(Block i, TAs i+1, Nonce i+1 ...) < Target Nonce i Nonce i+1 • Target will be adapted by the network automatically, s.t. holds: about 1 new block every 10 minutes! • the growth pace of the blockchain depends on the computational power of the network
  15. How does it prevent the double-spending? • impossible to compromise

    a block inside the chain (-> recomputation of all subsequent blocks) • branching of the block chain ◦ 2 valid new blocks are possible! ◦ maintaining of the branching until one branch gets longer
  16. Problem 3: Money Production • Those who find a new

    block receive new money • at the moment 50 BTC (halves in about 200k blocks)
  17. Recap 1. New TAs are broadcast to all nodes 2.

    Each node collects new transactions into a block 3. Each node works on finding a difficult proof-of-work for its block 4. When a node finds a proof-of-work, it broadcasts the block to all nodes 5. Nodes accept a block only if all TAs in it are valid and not confirmed yet 6. Nodes express their acceptance of the block by working on creating the next block in the chain, using the hash of the accepted block as the previous hash
  18. Vulnerabilities • wallet.dat can be lost or stolen • man

    in the middle attack is trivial • anonymity is disputable • anarchy if the computational power > 1/2 of the entire network