Bitcoin

Transcript

1. @dimosr7 [email protected] Dimos Raptis Bitcoin: A Peer-to-Peer Electronic Cash System

   Papers We Love (London) January 24, 2019

2. The problem • Financial system based on trust • Single-point-of-failures

   • Reconciliation increases transaction costs • Possibility of reversal requires even more trust (fraud detection) • What if we could transact without a 3rd party ?

3. How it all started • E-cash - No trusted third

   party • Fully peer-to-peer • Participants can be anonymous • Proof-of-work system that powers • Minting • Double-spending prevention • Based on the technology of digital signatures & hash functions

4. Hash functions • Deterministic • Easy to compute • Non-invertible

   (first pre-image) • Second pre-image resistance

5. Digital Signatures

6. Coins and Transactions Input (2) [from Alice] Input (10) [from

   Alice] Output (12) [to Bob] Transaction TX103 Output (2) [to Alice] Transaction TX101 … Output (10) [to Alice] Transaction TX102 … UTXO * Capacity for splits

7. Coins and Transactions How can we prevent people from spending

   the same coin in different transactions ? But, where do all the coins come from ?

8. The genesis Output (100) [to …] Transaction TX0 No input

   And the party begins … * + transaction rewards

9. Transaction validation • The concept of a timestamp server •

   Proof-of-work mechanism • Hard to produce • Easy to verify • For tx: find nonce, so that hash(tx + nonce) has x trailing zeros • Useful properties • Voting scheme based on CPU • Adjustable difficulty of validation • *Transactions collected in blocks

10. The protocol 1. New transactions are broadcast to all nodes

    2. Each node collects new transactions into a block 3. Each node works on finding a difficult proof-of-work for its block 4. When a node finds a proof-of-work, it broadcasts the block to all nodes 5. Nodes accept the block only if all transactions in it are valid and not already spent 6. Nodes express their acceptance of the block by working on creating the next block in the chain, using the hash of the accepted block as the previous hash * The longest chain dominates

11. Double spending PKA PKB PKZ Broadcast tx to PKA Broadcast

    block w/ tx Send product In parallel, work in separate chain, containing tx to PKB Broadcast new chain Broadcast new chain

12. Double-spending prevention mechanisms • The attacker needs to be more

    powerful than the rest of the network (51% attack) • Computing power can be leveraged more efficiently mining coins • Performing double-spending undermines the wealth of the attacker itself (proof-of-stake)

13. The calculations • P: probability an honest node finds the

    next block • Q: probability the attacker finds the next node • Qz : probability the attacker will ever catch up from z blocks behind q=0.1 z=0 Qz =1.0000000 z=1 Qz =0.2045873 z=2 Qz =0.0509779 z=3 Qz =0.0131722 z=4 Qz =0.0034552 z=5 Qz =0.0009137 z=6 Qz =0.0002428 z=7 Qz =0.0000647 q=0.3 z=0 Qz =1.0000000 z=5 Qz =0.1773523 z=10 Qz =0.0416605 z=15 Qz =0.0101008 z=20 Qz =0.0024804 z=25 Qz =0.0006132 z=30 Qz =0.0001522 z=35 Qz =0.0000379 Solving for Qz < 0.1% q=0.10 z=5 q=0.15 z=8 q=0.20 z=11 q=0.25 z=15 q=0.30 z=24 q=0.35 z=41

14. Enhancements • Deterministic wallets for increased privacy • Space savings

    via Merkle trees • Garbage collection of spent TXOs • Lightweight transaction verification

15. Mining power distribution Source: https://www.buybitcoinworldwide.com/mining/pools/

16. Power consumption

17. Transaction finality

18. Conclusion • A novel BFT consensus algorithm • Blockchain as

    a building block • Re-view of our trust model

19. @dimosr7 [email protected] Dimos Raptis Thank you Papers We Love (London)

    January 24, 2019