bitcoin transactions
play

Bitcoin Transactions Saravanan Vijayakumaran sarva@ee.iitb.ac.in - PowerPoint PPT Presentation

Jun 03, 2023 •839 likes •1.17k views

Bitcoin Transactions Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of Electrical Engineering Indian Institute of Technology Bombay August 5, 2019 1 / 32 Bitcoin Transactions Bitcoin Payment Workflow 1. Request Bobs address 2.

  1. Bitcoin Transactions Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of Electrical Engineering Indian Institute of Technology Bombay August 5, 2019 1 / 32

  2. Bitcoin Transactions

  3. Bitcoin Payment Workflow 1. Request Bob’s address 2. Generate address 3. Send Bob’s address 4. Construct Alice Bob t 5. Transmit 6. Query for t t Bitcoin network • Merchant Bob shares address out of band (not using Bitcoin P2P) • Customer Alice broadcasts transaction t which pays the address • Miners collect broadcasted transactions into a candidate block • One of the candidate blocks containing t is mined • Merchant waits for confirmations on t before providing goods 3 / 32

  4. Coinbase Transaction Format Block Format Coinbase Transaction Output Format Block Header nValue Amount x 1 Number of Output 0 scriptPubkeyLen Challenge Script C 1 Transactions n scriptPubkey Coinbase Transaction Amount x 2 Regular Output 1 Challenge Script C 2 Transaction 1 Regular Transaction 2 . . . Regular Transaction n − 1 • nValue contains number of satoshis locked in output • 1 Bitcoin = 10 8 satoshis • scriptPubkey contains the challenge script • scriptPubkeyLen contains byte length of challenge script 4 / 32

  5. Regular Transaction Format Input Format Previous Regular Tx Regular Transaction with Tx ID = I 1 hash n Tx ID = I 1 scriptSigLen Input 0 Output Index = 0 One or more scriptSig Response Script R 1 inputs nSequence Tx ID = I 1 Amount x 1 Output 0 Input 1 Output Index = 1 Challenge Script C 1 Response Script R 2 Amount x 2 Output 1 Tx ID = I 2 Challenge Script C 2 Input 2 Output Index = 0 Output Format Response Script R 3 nValue Previous Coinbase Tx Amount y 1 scriptPubkeyLen with Tx ID = I 2 Output 0 Challenge Script C 4 scriptPubkey Amount x 3 Output 0 Amount y 2 Challenge Script C 3 Output 1 Challenge Script C 5 • hash and n identify output being unlocked • scriptSig contains the response script 5 / 32

  6. Transaction ID Regular Transaction nVersion Number of Inputs N hash n scriptSigLen Input 0 scriptSig nSequence . . . hash n Double Input N − 1 scriptSigLen SHA-256 Tx ID scriptSig Hash nSequence Number of Outputs M nValue Output 0 scriptPubkeyLen scriptPubkey . . . nValue Output M − 1 scriptPubkeyLen scriptPubkey nLockTime 6 / 32

  7. Bitcoin Scripting Language

  8. Script • Forth-like stack-based language • One-byte opcodes Remaining Script Stack State OP_2 OP_3 OP_ADD 2 OP_3 OP_ADD 3 OP_ADD 2 5 8 / 32

  9. Challenge/Response Script Execution Remaining Script Stack State <Response Script> <Challenge Script> x 1 x 2 . . <Challenge Script> . x n y 1 y 2 . . . y m Response is valid if top element y 1 evaluates to True 9 / 32

  10. Challenge Script Example OP_HASH256 0x20 <256-bit string> OP_EQUAL � �� � S Remaining Script Stack State x OP_HASH256 0x20 S OP_EQUAL H ( x ) 0x20 S OP_EQUAL S OP_EQUAL H ( x ) 0 or 1 Unsafe challenge script! Guess why? 10 / 32

  11. Pay to Public Key • Challenge script: 0x21 <Public Key> OP_CHECKSIG • Response script: <Signature> Remaining Script Stack State <Signature> <Public Key> OP_CHECKSIG <Signature> <Public Key> OP_CHECKSIG <Public Key> OP_CHECKSIG <Signature> True/False 11 / 32

  12. Signatures Protect Transactions Message for Input 0 signatures Regular Transaction nVersion nVersion 0x02 0x02 hash0 hash0 n0 n0 Input 0 Input 0 scriptSigLen0 prevScriptPubkeyLen0 Fields scriptSig0 prevScriptPubkey0 nSequence0 nSequence0 hash1 hash1 n1 n1 Input 1 Input 1 scriptSigLen1 0x00 Fields scriptSig1 nSequence1 nSequence1 0x02 0x02 nValue0 Output 0 nValue0 scriptPubkeyLen0 Fields scriptPubkeyLen0 scriptPubkey0 Output 0 scriptPubkey0 nValue1 Output 1 nValue1 scriptPubkeyLen1 Fields scriptPubkeyLen1 scriptPubkey1 Output 1 scriptPubkey1 nLockTime nLockTime nHashType 12 / 32

  13. Transaction Merkle Root Block Header nVersion hashPrevBlock Number of hashMerkleRoot Transactions n nTime Coinbase nBits Transaction nNonce Regular Transaction 1 Regular Transaction 2 . . . Regular Transaction n − 1 • hashMerkleRoot contains root hash of transaction Merkle tree • Modifying any transaction will modify the block header h = H ( h 0 � h 1 ) h 0 = H ( h 00 � h 01 ) h 1 = H ( h 10 � h 10 ) h 00 = H ( t 0 ) h 01 = H ( t 1 ) h 10 = H ( t 2 ) h 10 t 0 t 1 t 2 13 / 32

  14. Key Takeaways • Coinbase transactions have no inputs; outputs have challenge scripts • Regular transaction inputs unlock previous outputs; outputs again have challenge scripts • Scripts are expressed in a stack-based language • Signatures prevent tampering of unconfirmed transactions 14 / 32

  15. Bitcoin Addresses

  16. Bitcoin Addresses • To receive bitcoins, a challenge script needs to be specified • Bitcoin addresses encode challenge scripts • Example: 1EHNa6Q4Jz2uvNExL497mE43ikXhwF6kZm • Bitcoin payment workflow (recap) • Merchant shares address out of band (not using Bitcoin P2P network) • Customer transmits transaction which pays the address • Merchant waits for transaction confirmations before providing goods/service 16 / 32

  17. Base58 Encoding 1EHNa6Q4Jz2uvNExL497mE43ikXhwF6kZm � 0091B24BF9F5288532960AC687ABB035127B1D28A50074FFE0 • Alphanumeric representation of bytestrings • From 62 alphanumeric characters 0, O, I, l are excluded Ch Int Ch Int Ch Int Ch Int Ch Int Ch Int Ch Int 1 0 A 9 K 18 U 27 d 36 n 45 w 54 2 1 B 10 L 19 V 28 e 37 o 46 x 55 3 2 C 11 M 20 W 29 f 38 p 47 y 56 4 3 D 12 N 21 X 30 g 39 q 48 z 57 5 4 E 13 P 22 Y 31 h 40 r 49 6 5 F 14 Q 23 Z 32 i 41 s 50 7 6 G 15 R 24 a 33 j 42 t 51 8 7 H 16 S 25 b 34 k 43 u 52 9 8 J 17 T 26 c 35 m 44 v 53 • Given a bytestring b n b n − 1 · · · b 0 • Encode each leading zero byte as a 1 • Get integer N = � n − m i = 0 b i 256 i • Get a k a k − 1 · · · a 0 where N = � k i = 0 a i 58 i • Map each integer a i to a Base58 character 17 / 32

  18. Pay to Public Key Hash Address Public Key SHA-256 S RIPEMD-160 R Prefix address version byte B � R Double SHA-256 C C 4 Extract first � four bytes B � R � C 4 Base58 P2PKH Address Encoding 18 / 32

  19. Why Hash the Public Key? Point Addition Private Key Public Key ECDLP • ECDLP = Elliptic Curve Discrete Logarithm Problem • ECDLP currently hard but no future guarantees • Hashing the public key gives extra protection P2PK Solve Private key Address ECDLP Find Find P2PKH Solve RIPEMD-160 SHA-256 Private key Address ECDLP preimage preimage 19 / 32

  20. P2PKH Transaction • Challenge script OP_DUP OP_HASH160 <PubKeyHash> OP_EQUALVERIFY OP_CHECKSIG Base58 P2PKH Address Decoding B � R � C 4 Discard last four bytes B � R Discard address R PubKeyHash version prefix byte • Response script: <Signature> <Public Key> 20 / 32

  21. P2PKH Script Execution (1/2) Remaining Script Stack State <Signature> <Public Key> OP_DUP OP_HASH160 <PubKeyHash> OP_EQUALVERIFY OP_CHECKSIG <Public Key> OP_DUP OP_HASH160 <Signature> <PubKeyHash> OP_EQUALVERIFY OP_CHECKSIG <Public Key> OP_DUP OP_HASH160 <Signature> <PubKeyHash> OP_EQUALVERIFY OP_CHECKSIG <Public Key> OP_HASH160 <Public Key> <PubKeyHash> OP_EQUALVERIFY OP_CHECKSIG <Signature> 21 / 32

  22. P2PKH Script Execution (2/2) Remaining Script Stack State <PubKeyHashCalc> <Public Key> <Signature> <PubKeyHash> OP_EQUALVERIFY OP_CHECKSIG <PubKeyHash> <PubKeyHashCalc> <Public Key> OP_EQUALVERIFY OP_CHECKSIG <Signature> <Public Key> <Signature> OP_CHECKSIG True/False 22 / 32

  23. m -of- n Multi-Signature Scripts • m -of- n multisig challenge script specifies n public keys m <Public Key 1> · · · <Public Key n> n OP_CHECKMULTISIG • Response script provides signatures created using any m out of the n private keys OP_0 <Signature 1> · · · <Signature m> . • Example: m = 2 and n = 3 • Challenge script OP_2 <PubKey1> <PubKey2> <PubKey3> OP_3 OP_CHECKMULTISIG • Response script OP_0 <Sig1> <Sig2> 23 / 32

  24. 2-of-3 Multisig Script Execution Remaining Script Stack State OP_0 <Sig1> <Sig2> OP_2 <PubKey1> <PubKey2> <PubKey3> OP_3 OP_CHECKMULTISIG <Sig2> OP_2 <PubKey1> <Sig1> <PubKey2> <PubKey3> OP_3 OP_CHECKMULTISIG <Empty Array> 3 <PubKey3> <PubKey2> <PubKey1> 2 OP_CHECKMULTISIG <Sig2> <Sig1> <Empty Array> True/False 24 / 32

  25. Pay to Script Hash Script • Specify arbitrary scripts as payment destinations • Challenge script OP_HASH160 <RedeemScriptHash> OP_EQUAL • Response script <Response To Redeem Script> <Redeem Script> • Example • 1-of-2 Multisig Challenge Script OP_1 <PubKey1> <PubKey2> OP_2 OP_CHECKMULTISIG • 1-of-2 Multisig Response Script OP_0 <Sig1> or OP_0 <Sig2> • P2SH Multisig challenge script OP_HASH160 <RedeemScriptHash> OP_EQUAL • P2SH Multisig response script OP_0 <Sig1> OP_1 <PubKey1> <PubKey2> OP_2 OP_CHECKMULTISIG � �� � � �� � Response to Redeem Script Redeem Script 25 / 32

Recommend

Mechanics of Bitcoin Bitcoin Transactions Bitcoin Scripts Applications of Bitcoin

Mechanics of Bitcoin Bitcoin Transactions Bitcoin Scripts Applications of Bitcoin

Cryptocurrency Technologies Mechanics of Bitcoin Mechanics of Bitcoin Bitcoin Transactions Bitcoin Scripts Applications of Bitcoin Scripts Bitcoin Blocks The Bitcoin Network Limitations and Improvements Mechanics of

695 views • 33 slides
Bitcoin Transactions, High-level Prof. Tom Austin San Jos State University Lab Review

Bitcoin Transactions, High-level Prof. Tom Austin San Jos State University Lab Review

Cryptocurrencies &amp; Security on the Blockchain Bitcoin Transactions, High-level Prof. Tom Austin San Jos State University Lab Review Bitcoin Blocks Collections of transactions Fixed size Collectively, form a blockchain

456 views • 22 slides
Bitcoin Tom Anderson Bitcoin Network of bitcoin peers (servers) run by volunteers Peers

Bitcoin Tom Anderson Bitcoin Network of bitcoin peers (servers) run by volunteers Peers

Bitcoin Tom Anderson Bitcoin Network of bitcoin peers (servers) run by volunteers Peers are not trusted: may be greedy or corrupt Each peer knows about all bitcoins and transactions Transaction (sender -&gt; receiver): sender

958 views • 23 slides
Fast and Secure Transactions Presenter: Dae Kwang Lee Adviser: Matthew Anderson What is Bitcoin?

Fast and Secure Transactions Presenter: Dae Kwang Lee Adviser: Matthew Anderson What is Bitcoin?

Bitcoin Blockchain: Fast and Secure Transactions Presenter: Dae Kwang Lee Adviser: Matthew Anderson What is Bitcoin? B C Decentralized peer-to-peer electronic payment system A Each node stores a copy of the public transaction history

263 views • 15 slides
Bitcoin What We Know So Far Consensus Cryptographic Primitives Today Putting It All

Bitcoin What We Know So Far Consensus Cryptographic Primitives Today Putting It All

Bitcoin What We Know So Far Consensus Cryptographic Primitives Today Putting It All Together The Bitcoin System The First Primitive Data Structure Reference Reference Header Header Header Transactions Transactions

1k views • 57 slides
Introduc)on to Bitcoin CONTENTS What is Bitcoin Who created it? Who prints it? How does Bitcoin

Introduc)on to Bitcoin CONTENTS What is Bitcoin Who created it? Who prints it? How does Bitcoin

Introduc)on to Bitcoin CONTENTS What is Bitcoin Who created it? Who prints it? How does Bitcoin work? The characteris5cs of Bitcoin WHAT IS BITCOIN Bitcoin is a form of digital currency, created and held electronically. No one controls it.

839 views • 17 slides
Lecture 3: Scaling Bitcoin Andrew Miller SJTU 2017 Winter School on Cryptocurrency and

Lecture 3: Scaling Bitcoin Andrew Miller SJTU 2017 Winter School on Cryptocurrency and

Lecture 3: Scaling Bitcoin Andrew Miller SJTU 2017 Winter School on Cryptocurrency and Blockchain Technologies - Jan 14, 2017 3.2 transactions per second VISA: 2000 transactions/sec on average, (2015) peak rate of 56,000 transactions/sec

1k views • 79 slides
A Suite of Tools for the Forensic Analysis of Bitcoin Transactions: Preliminary Report Stefano

A Suite of Tools for the Forensic Analysis of Bitcoin Transactions: Preliminary Report Stefano

A Suite of Tools for the Forensic Analysis of Bitcoin Transactions: Preliminary Report Stefano Bistarelli, Ivan Mercanti and Francesco Santini UNIVERSIT DEGLI STUDI DI PERUGIA Dipartimento di Matematica e Informatica EURO-PAR 2018 WS FPDAPP

501 views • 46 slides
Incentives in cryptocurrencies Joseph Bonneau Recap: Bitcoin miners Bitcoin depends on miners to:

Incentives in cryptocurrencies Joseph Bonneau Recap: Bitcoin miners Bitcoin depends on miners to:

ECRYPT Workshop on Cryptocurrencies Incentives in cryptocurrencies Joseph Bonneau Recap: Bitcoin miners Bitcoin depends on miners to: Store and broadcast the block chain Validate new transactions Vote (by hash power) on consensus

939 views • 68 slides
On Blockchain Commit Times An analysis of how miners choose Bitcoin transactions Johnnatan

On Blockchain Commit Times An analysis of how miners choose Bitcoin transactions Johnnatan

On Blockchain Commit Times An analysis of how miners choose Bitcoin transactions Johnnatan Messias http://johnnatan.me SDBD'20 Joint w/ Mohamed Alzayat, Balakrishnan Chandrasekaran, and Krishna P. Gummadi 1 1 The Current Status of the Top-2

2.84k views • 26 slides
Bitcoin &amp; RAFT Distributed Systems Nikita Borisov Topics for Today Finish Bitcoin

Bitcoin &amp; RAFT Distributed Systems Nikita Borisov Topics for Today Finish Bitcoin

Bitcoin &amp; RAFT Distributed Systems Nikita Borisov Topics for Today Finish Bitcoin Broadcast mechanism Overview of MP2 Raft consensus Bitcoin broadcast Need to broadcast: Transactions to all nodes, so they can be

453 views • 33 slides
All about mining Joseph Bonneau Recap: Bitcoin miners Bitcoin depends on miners to: Store

All about mining Joseph Bonneau Recap: Bitcoin miners Bitcoin depends on miners to: Store

Lecture 4 All about mining Joseph Bonneau Recap: Bitcoin miners Bitcoin depends on miners to: Store and broadcast the block chain Validate new transactions Vote (by hash power) on consensus Who are the miners? Lecture 4.1: The

1.16k views • 99 slides
Anonymity in Bitcoin Tumbler/Mixer Oct 9, 2019 Anonymity and Pseudonymity anonymous =

Anonymity in Bitcoin Tumbler/Mixer Oct 9, 2019 Anonymity and Pseudonymity anonymous =

Anonymity in Bitcoin Tumbler/Mixer Oct 9, 2019 Anonymity and Pseudonymity anonymous = Nameless, unidentifiable pseudonymous = Fake name, still traceable Tracing Bitcoin transactions Normal redeem script: Provide public key pk and proof

438 views • 33 slides
Mining, network, economics Joseph Bonneau Recap: Bitcoin miners

Mining, network, economics Joseph Bonneau Recap: Bitcoin miners

Lecture 2 Mining, network, economics Joseph Bonneau Recap: Bitcoin miners Bitcoin depends on miners to: Store and broadcast the block chain Validate new transactions Vote (by hash

1.1k views • 98 slides
Bitcoin vs. Bitcoin Cash: Coexistence or Downfall of Bitcoin Cash? Yujin Kwon* , Hyoungshick Kim

Bitcoin vs. Bitcoin Cash: Coexistence or Downfall of Bitcoin Cash? Yujin Kwon* , Hyoungshick Kim

Bitcoin vs. Bitcoin Cash: Coexistence or Downfall of Bitcoin Cash? Yujin Kwon* , Hyoungshick Kim , Jinwoo Shin*, Yongdae Kim* *KAIST, Sungkyunkwan University 1 Governance conflict The number of Bitcoin transaction per month Bad scala bility

731 views • 46 slides
Bitcoin II &amp; Introduction to Elliptic Curve Cryptography Sep. 11, 2019 Overview

Bitcoin II &amp; Introduction to Elliptic Curve Cryptography Sep. 11, 2019 Overview

Bitcoin II &amp; Introduction to Elliptic Curve Cryptography Sep. 11, 2019 Overview Bitcoin Transactions Elliptic Curve Cryptography Introduction Arithmetics Signature Bitcoin, the protocol A blockchain Each

992 views • 52 slides
THEORY IN PRACTICE Daniel Chechik, Rami Kogan Security Researchers Agenda What is Bitcoin

THEORY IN PRACTICE Daniel Chechik, Rami Kogan Security Researchers Agenda What is Bitcoin

BITCOIN TRANSACTION MALLEABILITY THEORY IN PRACTICE Daniel Chechik, Rami Kogan Security Researchers Agenda What is Bitcoin Bitcoin Transactions Transaction Malleability Vulnerability What Happened in MT.Gox Live Demo WHAT IS

1k views • 73 slides
Smart contracts and DApps Motiv tivation ation Bitcoin Distributed ledger of financial

Smart contracts and DApps Motiv tivation ation Bitcoin Distributed ledger of financial

Smart contracts and DApps Motiv tivation ation Bitcoin Distributed ledger of financial transactions (currency transfers) Provides secure, immutable, global ordering of financial transactions What if a &quot;transaction&quot; were

683 views • 53 slides
Bitcoin as a Platform We have built Bitcoin. What can we build on top of it? Commitments

Bitcoin as a Platform We have built Bitcoin. What can we build on top of it? Commitments

Cryptocurrency Technologies Bitcoin as a Platform Bitcoin as a Platform We have built Bitcoin. What can we build on top of it? Commitments Token tracking Multiparty lotteries Public randomness Prediction markets A fine stew

714 views • 38 slides
Proof of Stake Recap Bitcoin Incentives Block subsidy Transaction fees Recap

Proof of Stake Recap Bitcoin Incentives Block subsidy Transaction fees Recap

Proof of Stake Recap Bitcoin Incentives Block subsidy Transaction fees Recap Proof of Work Mining Transactions UTXO Nakamoto Consensus Longest chain Recap Scripting Bitcoin Stack Machine Recap

4.84k views • 47 slides
Information Propagation in the Bitcoin Network Christian Decker ETH Zurich Distributed

Information Propagation in the Bitcoin Network Christian Decker ETH Zurich Distributed

Information Propagation in the Bitcoin Network Christian Decker ETH Zurich Distributed Computing Group www.disco.ethz.ch What is Bitcoin? What is Bitcoin? + What is Bitcoin? = + Whats it worth? USD / Bitcoin exchange price 300

752 views • 48 slides
Bitcoin Mining The Task of Bitcoin Miners Mining Hardware Energy Consumption &amp;

Bitcoin Mining The Task of Bitcoin Miners Mining Hardware Energy Consumption &amp;

Cryptocurrency Technologies Bitcoin Mining Bitcoin Mining The Task of Bitcoin Miners Mining Hardware Energy Consumption &amp; Ecology Mining Pools Mining Incentives and Strategies Recap: Bitcoin Miners Bitcoin depends on

821 views • 35 slides
Intro to Bitcoin Research or Why Bitcoin is a full employment act for security engineers

Intro to Bitcoin Research or Why Bitcoin is a full employment act for security engineers

Intro to Bitcoin Research or Why Bitcoin is a full employment act for security engineers Joseph Bonneau CITP, Princeton Thanks to Andrew Miller, Arvind Narayanan, Jeremy Clark, Joshua Kroll, Ed Felten Part I: Bitcoin in 6 easy steps

752 views • 32 slides
Bitcoin and Anonymity Anonymity Basics How to de-anonymize Bitcoin Mixing

Bitcoin and Anonymity Anonymity Basics How to de-anonymize Bitcoin Mixing

Cryptocurrency Technologies Bitcoin and Anonymity Bitcoin and Anonymity Anonymity Basics How to de-anonymize Bitcoin Mixing Decentralized Mixing Zerocoin and Zerocash Tor and the Silk Road Bitcoin and Anonymity

524 views • 39 slides

More recommend