bitcoin
play

Bitcoin CS 161: Computer Security Prof. David Wagner April 15, 2016 - PowerPoint PPT Presentation

Jan 23, 2023 •28 likes •258 views

Bitcoin CS 161: Computer Security Prof. David Wagner April 15, 2016 Distributed Logging Lets do distributed peer-to-peer logging of public data. We have n computers; they all know each others public keys. Any computer can broadcast to

  1. Bitcoin CS 161: Computer Security Prof. David Wagner April 15, 2016

  2. Distributed Logging • Let’s do distributed peer-to-peer logging of public data. We have n computers; they all know each others’ public keys. Any computer can broadcast to all others (instantaneously, reliably). Any computer should be able to append a signed entry to the log, and to verify integrity of any previous log entry. • Security goal: Malicious computers should not be able to back-date entries or modify past log entries. Assume ≤ 3 computers are malicious. • Problem 1. Describe a protocol for this. What does Alice do to append an entry? What do other computers need to do?

  3. Your Solution • To append log entry e: • Other computers should:

  4. Distributed Logging • Problem 2. Let’s generalize. Suppose m of the n computers are malicious. If we make the obvious change to your protocol, for which m can it be made secure? • (a): for all m < n. • (b): for all m < n/2. • (c): for all m < n/3. • (d): for all m < √ n. • (e): for all m < O(lg n).

  5. Distributed Logging • Problem 2. Let’s generalize. Suppose m of the n computers are malicious. If we make the obvious change to your protocol, for which m can it be made secure? • (a): for all m < n. • (b): for all m < n/2. • (c): for all m < n/3. • (d): for all m < √ n. • (e): for all m < O(lg n).

  6. Distributed Money • Donna gets the brilliant idea to use this log to store financial transactions. Each person’s initial balance is public. • To transfer $10 from Alice to Bob, Alice appends a signed log entry saying “I transfer $10 to Bob” and broadcasts it. Everyone can compute the updated balance for Alice and Bob. • Problem 3. What are some ways that a malicious actor might try to attack this scheme? Is this a good scheme?

  7. Your Answers • Replay • Denial of service attacks • Broadcast doesn’t scale • TOCTTOU vulnerability

  8. Problems with This Scheme • Initial balance is arbitrary • Broadcasting is expensive and doesn’t scale • A conspiracy of n /2 malicious computers can fork the audit log and steal all the money • Sybil attacks: Anyone can set up millions of servers and thus have a 50% majority

  9. Problems with Naïve Scheme • Transactions aren’t authenticated • Double-spending • Synchronization: Not clear how to resolve inconsistencies • Sybil attacks: Anyone can set up millions of servers and thus take over most of the network; then they can steal all the money • Graph cut: If all nodes you’re connected to are malicious, they can lie to you (eclipse attack)

  10. Idea #1: Transactions are signed • Alice signs transaction paying money to Bob • Technical trick: money is represented by “coins”; Alice can pay Bob by transferring ownership of the coin to Bob, which she does by publishing “I give coin c to Bob”, Signature • Everyone can validate this by checking transfer is signed by current owner of coin • Technical trick: use public keys to identify users, instead of names or accounts

  11. Idea #2: Linearize • To prevent double-spending, “linearize” history: Public log has a sequence of transactions. • Only current owner of coin can transfer it to someone else, so there’s no ambiguity about who owns a coin

  12. Idea #3: Hashchain • To prevent retroactively changing history, store transaction log in an hash chain. • Hash chain is public, broadcasted on peer-to-peer network, and append-only: honest nodes will reject any broadcasts that do anything other than append to the log. • (Otherwise, Alice could append “I give coin c to Amazon”, get her book from Amazon, then undo and change that to “I give coin c to Barnes and Noble”.)

  13. Idea #4: “Longest chain” wins • Problem: Consistency • What if two different parts of network have different hash chains? • Solution: Whichever is “longer” wins; the other is discarded

  14. Problem: Consensus • Problem: Mallory can fork the hash chain • Say she buys Bob’s house from him for $500K in Bitcoins. Then, she goes back in time and, starting from the block chain just before this transaction was added to it, she starts appending new entries from there. Can she get others to accept this forked chain, so she gets her $500K back? Yes. pay Bob $500k

  15. Idea #5: Reward miners • Each item appended to hash chain must be a proof of work (its hash must start with 33 zero bits) • Give a reward to anyone who successfully appends – they receive a free coin

  16. Bitcoin • Public, distributed, peer-to-peer audit log of all transactions. • To append an entry to the log, the latest value must hash to something whose first 33 bits are zero; then broadcast it to everyone. • Anyone who appends an entry to the log is given a small reward, in new money (a fraction of a Bitcoin).

  17. Bitcoin • Public, distributed, peer-to-peer, hash-chained audit log of all transactions (“block chain”). • Mining: Each entry in block chain must come with a proof of work (its hash value starts with k zeros). Thus, appending takes computation. • Lottery: First to successfully append to block chain gets a small reward (if append is accepted by others). This creates new money. Each block contains a list of transactions, and identity of miner (who receives the reward). • Consensus: If there are multiple versions of the block chain, longest one wins.

  18. Bitcoin • Transactions: If Alice wants to give $10 to Bob, she signs this transaction. She gives the signed transaction to all miners and asks them to include it in the block they’re trying to append to the chain. • Honest miners check integrity of block chain entries and try to append to the latest, longest valid version of block chain. • Bob knows he has received $10 once this transaction appears in the consensus block chain.

  19. Consensus • Can Mallory fork the block chain? • Say she buys Bob’s from him for $10,000 in Bitcoins. Then, she goes back in time and, starting from the block chain just before this transaction was added to it, she starts appending new entries from there. Can she get others to accept this forked chain, so she gets her $10,000 back? pay Bob $10k

  20. Consensus • Can Mallory fork the block chain? • Answer: No, not unless she has ≥ 51% of the computing power in the world. Longest chain wins, and her forked one will be shorter (unless she can mine new entries faster than aggregate mining power of everyone else in the world). pay Bob $10k

  21. How Bitcoin Addresses Criticisms of Naïve Scheme • Initial balance is arbitrary : in Bitcoin, initial balances are zero • Broadcasting is expensive and doesn’t scale: gossip protocol • A conspiracy of n/2 malicious computers can fork the audit log and steal all the money: they’d have to own 51% of all the computing power in the Bitcoin world • Sybil attacks: Anyone can set up millions of servers and thus have a 50% majority: they’d have to own 51% of all the computing power in the Bitcoin world

  22. Discussion • How can Alice turn dollars into bitcoins, or vice versa? • Is Bitcoin anonymous? • Should I think of Bitcoin as a short-term currency or as a long-term investment? • Is it ethical to build a system that relies upon wasting CPU cycles (and thus energy)?

  23. Bitcoin Take-away • Crypto tools allow for sophisticated solutions to integrity and trust in peer-to-peer systems

Recommend

Introduc)on to Bitcoin CONTENTS What is Bitcoin Who created it? Who prints it? How does Bitcoin

Introduc)on to Bitcoin CONTENTS What is Bitcoin Who created it? Who prints it? How does Bitcoin

Introduc)on to Bitcoin CONTENTS What is Bitcoin Who created it? Who prints it? How does Bitcoin work? The characteris5cs of Bitcoin WHAT IS BITCOIN Bitcoin is a form of digital currency, created and held electronically. No one controls it.

839 views • 17 slides
Mechanics of Bitcoin Bitcoin Transactions Bitcoin Scripts Applications of Bitcoin

Mechanics of Bitcoin Bitcoin Transactions Bitcoin Scripts Applications of Bitcoin

Cryptocurrency Technologies Mechanics of Bitcoin Mechanics of Bitcoin Bitcoin Transactions Bitcoin Scripts Applications of Bitcoin Scripts Bitcoin Blocks The Bitcoin Network Limitations and Improvements Mechanics of

695 views • 33 slides
Bitcoin vs. Bitcoin Cash: Coexistence or Downfall of Bitcoin Cash? Yujin Kwon* , Hyoungshick Kim

Bitcoin vs. Bitcoin Cash: Coexistence or Downfall of Bitcoin Cash? Yujin Kwon* , Hyoungshick Kim

Bitcoin vs. Bitcoin Cash: Coexistence or Downfall of Bitcoin Cash? Yujin Kwon* , Hyoungshick Kim , Jinwoo Shin*, Yongdae Kim* *KAIST, Sungkyunkwan University 1 Governance conflict The number of Bitcoin transaction per month Bad scala bility

731 views • 46 slides
Bitcoin as a Platform We have built Bitcoin. What can we build on top of it? Commitments

Bitcoin as a Platform We have built Bitcoin. What can we build on top of it? Commitments

Cryptocurrency Technologies Bitcoin as a Platform Bitcoin as a Platform We have built Bitcoin. What can we build on top of it? Commitments Token tracking Multiparty lotteries Public randomness Prediction markets A fine stew

714 views • 38 slides
Information Propagation in the Bitcoin Network Christian Decker ETH Zurich Distributed

Information Propagation in the Bitcoin Network Christian Decker ETH Zurich Distributed

Information Propagation in the Bitcoin Network Christian Decker ETH Zurich Distributed Computing Group www.disco.ethz.ch What is Bitcoin? What is Bitcoin? + What is Bitcoin? = + Whats it worth? USD / Bitcoin exchange price 300

752 views • 48 slides
Bitcoin Mining The Task of Bitcoin Miners Mining Hardware Energy Consumption &amp;

Bitcoin Mining The Task of Bitcoin Miners Mining Hardware Energy Consumption &amp;

Cryptocurrency Technologies Bitcoin Mining Bitcoin Mining The Task of Bitcoin Miners Mining Hardware Energy Consumption &amp; Ecology Mining Pools Mining Incentives and Strategies Recap: Bitcoin Miners Bitcoin depends on

821 views • 35 slides
Bitcoin Tom Anderson Bitcoin Network of bitcoin peers (servers) run by volunteers Peers

Bitcoin Tom Anderson Bitcoin Network of bitcoin peers (servers) run by volunteers Peers

Bitcoin Tom Anderson Bitcoin Network of bitcoin peers (servers) run by volunteers Peers are not trusted: may be greedy or corrupt Each peer knows about all bitcoins and transactions Transaction (sender -&gt; receiver): sender

958 views • 23 slides
Intro to Bitcoin Research or Why Bitcoin is a full employment act for security engineers

Intro to Bitcoin Research or Why Bitcoin is a full employment act for security engineers

Intro to Bitcoin Research or Why Bitcoin is a full employment act for security engineers Joseph Bonneau CITP, Princeton Thanks to Andrew Miller, Arvind Narayanan, Jeremy Clark, Joshua Kroll, Ed Felten Part I: Bitcoin in 6 easy steps

752 views • 32 slides
Bitcoin and Anonymity Anonymity Basics How to de-anonymize Bitcoin Mixing

Bitcoin and Anonymity Anonymity Basics How to de-anonymize Bitcoin Mixing

Cryptocurrency Technologies Bitcoin and Anonymity Bitcoin and Anonymity Anonymity Basics How to de-anonymize Bitcoin Mixing Decentralized Mixing Zerocoin and Zerocash Tor and the Silk Road Bitcoin and Anonymity

524 views • 39 slides
Regulation of Bitcoin Jerry Brito Coin Center coincenter.org Is Bitcoin regulated? Is Bitcoin

Regulation of Bitcoin Jerry Brito Coin Center coincenter.org Is Bitcoin regulated? Is Bitcoin

Regulation of Bitcoin Jerry Brito Coin Center coincenter.org Is Bitcoin regulated? Is Bitcoin regulated? The so far unregulated digital currency has courted controversy because of its volatile value and its popularity among

1.17k views • 51 slides
nix-bitcoin robust Lightning nodes for hackers github.com/fort-nix/nix-bitcoin 2019-06-01

nix-bitcoin robust Lightning nodes for hackers github.com/fort-nix/nix-bitcoin 2019-06-01

nix-bitcoin robust Lightning nodes for hackers github.com/fort-nix/nix-bitcoin 2019-06-01 @n1ckler A smart home A Bitcoin node A lonely datacenter Robustness Do you trust binaries from some cache or do you build from source? Do

411 views • 29 slides
Bitcoin CS 161: Computer Security Prof. Raluca Ada Poipa April 24, 2018 What is Bitcoin?

Bitcoin CS 161: Computer Security Prof. Raluca Ada Poipa April 24, 2018 What is Bitcoin?

Bitcoin CS 161: Computer Security Prof. Raluca Ada Poipa April 24, 2018 What is Bitcoin? Bitcoin is a cryptocurrency: a digital currency whose rules are enforced by cryptography and not by a trusted party (e.g., bank) Core ideal: avoid

1.02k views • 36 slides
A Technical Introduction to Bitcoin Niklas Fors, 2018-02-20 Bitcoin Decentralized digital

A Technical Introduction to Bitcoin Niklas Fors, 2018-02-20 Bitcoin Decentralized digital

A Technical Introduction to Bitcoin Niklas Fors, 2018-02-20 Bitcoin Decentralized digital currency Anyone can be part of the network Global distributed ledger called blockchain First Appearance Bitcoin: A Peer-to-Peer Electronic

4.02k views • 48 slides
Ethereum and Solidity Prof. Tom Austin San Jos State University Bitcoin (BTC) Protocol

Ethereum and Solidity Prof. Tom Austin San Jos State University Bitcoin (BTC) Protocol

Ethereum and Solidity Prof. Tom Austin San Jos State University Bitcoin (BTC) Protocol designed by Satoshi Nakamoto in 2008 https://bitcoin.org/bitcoin.pdf First Bitcoin client launched in 2009 Peer-to-peer no centralized

501 views • 31 slides
Bitcoin Privacy : Bitcoin On- and Ofg-Chain On- and Ofg-Chain with Janine Janine Teacher

Bitcoin Privacy : Bitcoin On- and Ofg-Chain On- and Ofg-Chain with Janine Janine Teacher

Privacy : Bitcoin Privacy : Bitcoin On- and Ofg-Chain On- and Ofg-Chain with Janine Janine Teacher Independent investigative journalist Research focus: Bitcoin / cryptocurrencies, information security, privacy, surveillance, and

1.3k views • 85 slides
Bitcoin Arbitrage am Bitcoin-Markt 1 7 .07 .201 3 2 Agenda 1 Arbitrage 2 Arbitrage am

Bitcoin Arbitrage am Bitcoin-Markt 1 7 .07 .201 3 2 Agenda 1 Arbitrage 2 Arbitrage am

1 Abschlussprsentation Bitcoin Arbitrage am Bitcoin-Markt 1 7 .07 .201 3 2 Agenda 1 Arbitrage 2 Arbitrage am Bitcoin-Markt 3 Verhaltensmuster Arbitrageure 4 Arbitragetools 5 Ergebnisse und Fazit Was ist Arbitrage? Arbitrage

456 views • 33 slides
Blockchain and secure computation Vassilis Zikas RPI Winter School on Cryptocurrency and

Blockchain and secure computation Vassilis Zikas RPI Winter School on Cryptocurrency and

Blockchain and secure computation Vassilis Zikas RPI Winter School on Cryptocurrency and Blockchain Technologies Shanghai Jiao Tong University 2017 Bitcoin Bitcoin What is bitcoin and how does it work? Bitcoin What is bitcoin and how

2.08k views • 178 slides
ACTUALLY WORKS Jan Mller Mycelium How Does Bitcoin Actually Work? This talk is not about

ACTUALLY WORKS Jan Mller Mycelium How Does Bitcoin Actually Work? This talk is not about

HOW THE BITCOIN PROTOCOL ACTUALLY WORKS Jan Mller Mycelium How Does Bitcoin Actually Work? This talk is not about the political or economical impact of Bitcoin. This talk is not about how to buy, sell, spend, or secure your bitcoins.

674 views • 36 slides
Half-fast A Bitcoin Miner for the FPGA Overview Objectives and Motivation Bitcoin

Half-fast A Bitcoin Miner for the FPGA Overview Objectives and Motivation Bitcoin

Half-fast A Bitcoin Miner for the FPGA Overview Objectives and Motivation Bitcoin System Overview Hardware Software Challenges and Difficulties Lessons learned Objectives and Motivation Build a Bitcoin

229 views • 21 slides
Cryptocurrencies bitcoin, blockchain &amp; beyond Roger Wattenhofer ETH Zurich Distributed

Cryptocurrencies bitcoin, blockchain &amp; beyond Roger Wattenhofer ETH Zurich Distributed

Cryptocurrencies bitcoin, blockchain &amp; beyond Roger Wattenhofer ETH Zurich Distributed Computing Group Cryptocurrencies What is Bitcoin? = + + Technology The Bank of Bitcoin The Bank of Bitcoin User Balance A 2 B 5 C 8

1.25k views • 104 slides
Coexistence or Downfall of Bitcoin Cash? Yujin Kwon* , Hyoungshick Kim , Jinwoo Shin*, Yongdae

Coexistence or Downfall of Bitcoin Cash? Yujin Kwon* , Hyoungshick Kim , Jinwoo Shin*, Yongdae

Bitcoin vs. Bitcoin Cash: Coexistence or Downfall of Bitcoin Cash? Yujin Kwon* , Hyoungshick Kim , Jinwoo Shin*, Yongdae Kim* *KAIST, Sungkyunkwan University 1 Governance conflict The number of Bitcoin transaction per month Bad

797 views • 46 slides
Bitcoin Transactions Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of Electrical

Bitcoin Transactions Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of Electrical

Bitcoin Transactions Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of Electrical Engineering Indian Institute of Technology Bombay August 5, 2019 1 / 32 Bitcoin Transactions Bitcoin Payment Workflow 1. Request Bobs address 2.

1.17k views • 32 slides
Bitcoin Tom Anderson Admin Course evals My office hours next week are cancelled Bitcoin Goal

Bitcoin Tom Anderson Admin Course evals My office hours next week are cancelled Bitcoin Goal

Bitcoin Tom Anderson Admin Course evals My office hours next week are cancelled Bitcoin Goal Electronic money without trust $34B market value Created out of thin air, from a paper + some code Pros/cons of Cash + portable + cannot spend

749 views • 44 slides
A Proof-of-Stake protocol for consensus on Bitcoin subchains M. Bartoletti Stefano Lande A. S.

A Proof-of-Stake protocol for consensus on Bitcoin subchains M. Bartoletti Stefano Lande A. S.

A Proof-of-Stake protocol for consensus on Bitcoin subchains M. Bartoletti Stefano Lande A. S. Podda University of Cagliari, Italy Workshop on Trusted Smart Contracts, 2017 Bitcoin Bitcoin is a popular cryptocurrency that uses a blockchain to

540 views • 20 slides

More recommend