bitcoins
play

Bitcoins Chester Rebeiro Assistant Professor Department of - PowerPoint PPT Presentation

Bitcoins Chester Rebeiro Assistant Professor Department of Computer Science and Engineering IIT Madras Traditional Currencies Alice gives bill to Bob, Bob gives coffee to Alice CR 2 Characteristics of Paper Money No double spending


  1. Bitcoins Chester Rebeiro Assistant Professor Department of Computer Science and Engineering IIT Madras

  2. Traditional Currencies Alice gives bill to Bob, Bob gives coffee to Alice CR 2

  3. Characteristics of Paper Money • No double spending – Once Alice given Bill to Bob, she cannot use the same bill for another transaction • Not Reversible – Once transaction is done, cannot be undone • Transactions need not be between trusted parties – Alice and Bob don’t need to trust each other • Privacy – Besides Alice and Bob, no body else knows about the transaction CR 3

  4. Electronic Money • What if Alice and Bob want to transact over the Internet • Naïve Approach – Alice sends a file ($5.jpg) to Bob $5.jpg $5.jpg Problems Bob Alice • Double Spending • Multiple parties may $5.jpg own $5.jpg Sally CR 4

  5. PayPal (Trusted 3 rd Party) Alice’s account minus $5 verify Alice : $29 every transaction Walter : $12 Carr : $23 Bob : $121 Ledger Bob’s account plus $5 3 rd party Bob Alice Advantages Disadvantages Double Spending prevented Third party can revert transactions Alice and Bob can be untrusted No privacy, since third party is present CR 5

  6. Bitcoins • Crypto currency (called bitcoins (BTC)) • Invented by unkown person or group (goes by the name Satoshi Nakamoto) • Uses cryptography to achieve • Uses cryptography to achieve – Privacy – Untrusted transactions Just as in traditional currency – Unreversible – No double spending CR 6

  7. Bank vs Bitcoins Bank Bitcoins Bank is trusted No trusted party. Bitcoins with anonymous strangers. But the system is built in such a way that trust is achieved. Centralized ledger that records every Decentralized ledgers on Internet . All transaction ledgers record every transaction User only know their own transactions All transactions are known to everyone. However, transactions are encoded. Users can only see the transactions. Actual CR senders and receivers cannot be identified. 7

  8. The Bitcoin Irony • Bitcoins have – no bank – no trusted third party (like Paypal) – no paper money – But still works and can achieve trust !!! – Trust achieved by a large group of connected people who can be untrusted CR 8

  9. Big Idea Ledgers maintained by several (1000s) of computers on the Internet ledgers ledgers CR 9

  10. Transactions • Every transactions logged in all ledgers • Every transaction is checked if it has been previously done – Verification done by 1000s of computers • Double spending not possible – Since all transactions are logged update update update send 5 BTC to bob update ledger update update BTC : bitcoins CR update 10

  11. Ledgers Bank Ledger Bitcoin Ledger (Transactions) minus $5 Alice : $29 Alice � Bob 5BTC Walter : $12 Bob � Carr 3BTC plus $5 plus $5 Carr : $23 Carr : $23 Carr � Alice 1BTC Bob : $121 John � Emily .3BTC Jane -> Alice 4BTC Joe � Alice 3BTC called blockchain CR 11

  12. Under the hood Under the hood CR 12

  13. Bitcoin Private Keys Private keys: Alice’s Private Key • Most important component • Used to show ownership of funds Alice Alice’s Public Key Alice’s Public Key • If lost, money is lost (no way of reterving) • If stolen, money can be stolen • Every private key must be unique • Generating private key, by simply picking a random number from 0 to 2 256 CR 13

  14. Bitcoin Public Keys • Derived from the private key by a complex process called elliptic curve scalar multiplication • Remember oneway ness, • Remember oneway ness, Alice’s Private Alice’s Public Key Key CR 14

  15. Bitcoin Addresses • Share with anyone who wants to send you money (appears in transactions as the recipient of funds) • Derived from the public key Bitcoin address Bitcoin address 1J7mdg5rbQyUHENYdx39WVWK7fsLpEoXZy Bitcoin address (QR code) CR 15

  16. More Oneways Alice’s Private Alice’s Public Key Key Alice’s Address Alice generates the private key Only Alice can generate the public key and address CR 16

  17. Wallets • Collection of secret keys owned by a user • Different types of wallets possible Randomly generated private Keys generated in a hierarchy keys CR 17

  18. Bitcoin Transactions How does Alice transfer 5 bitcoins to Bob? Hash of Input and Output (destination address) Transaction Hash OUTPUT INPUT Bob’s 5BTC Address Locktime Like a post dated cheque Digitally signed with Alice’s CR Private key (Proof of Ownership) 18

  19. Transaction Hash • A transaction hash uniquely identifies a transaction • Even a small change in the transaction will cause a complete change in the transaction hash 1021ab3582939214221 68434322468acd935 INPUT INpUT OUTPUT OUTPUT Locktime Locktime 632346299790305735 ab428582b423523 INPUT OuTPUT INPUt OUTPUT Locktime Locktime CR 19

  20. Transaction Input Where did Alice get the 5BTC from? 1021ab3582939214221 Jane to Alice 3BTC a234345456234462cbacdef a234345456234462cbacdef from Jane to Bob : 5BTC from Kane to Alice: 1BTC ab3582939211231 Kane to Alice 3BTC change From unspent previous transactions (which are recorded in current transaction) CR 20

  21. Transaction Input contd. Just record the previous transaction hashes 1021ab3582939214221 Jane Alice 3BTC a234345456234462cbacdef a234345456234462cbacdef 1021ab358C to Bob : 5BTC ab3582933.. to Alice: 1BTC ab3582939211231 Kane Alice 3BTC change Transaction hash uniquely identify transactions CR 21

  22. The Chain of Transactions 1021aCC 20442C. a234345456234462C 20442CC 1021aC 1021aC 5623aC. 5623aCC 5623aCC a342bC Genesis First transaction ever created CR 22

  23. Cascaded 1021aCC 3321CC 20442C. 5623C. a234345456234462C bdefac32342C 20442CC 5623CC 3321aC 3321aC 3255aC. 3255aC. 5623aC. 5623aC. • A change in one transaction causes a change in the all others because 5623aCC 3255aCC 1. the transaction hash changes a342aC 2. hash included in subsequent transactions so subsequent hashes change CR 23

  24. Bitcoin Ledger is actually a list of transaction hashes so privacy is maintained Alice � Bob 5BTC 23343J.. Bob � Carr 3BTC 434134J.. Carr � Alice 1BTC Carr � Alice 1BTC 43684J.. 43684J.. John � Emily .3BTC 21232J.. Jane -> Alice 4BTC 67847J.. Is actually Joe � Alice 3BTC 656464J. Bitcoin Ledger (Transaction hashes) The ledger contains all bitcoin transactions ever made since Bitcoins started CR 24

  25. Transaction Input • To send 5 bit coins Alice needs to find transactions worth at least 5 unspent bitcoins in the ledger that were sent to her. How does Alice claim these transactions as hers? hers? 23343J.. 3 BTC 1021ab3C.. 43684J.. 1021ab358C 21232J.. ab3582933.. 67847J.. 3 BTC ab358293C. Used as the input for transaction from Alice to Bob CR 25

  26. How to Claim Transactions? 1021ab3582939214221 Alice Alice’s address a234345456234462cbacdef Locking script 1021ab358C Unlocking script This is a mathematical puzzle. Anyone who can solve this puzzle Can claim the bitcoins This is the answer the mathematical Puzzle Since Alice has the solution, she can claim the previous transaction Based on digital signatures CR 26

  27. Locking and Unlocking Scripts • Uses a script (a simple programming language) – Locking has one half of the script – Unlocking has the other half of the script • Anyone can join the scripts to validate it (thus • Anyone can join the scripts to validate it (thus validating the transactions) • Since a script is used, the puzzles are flexible. CR 27

  28. Locking and Unlocking Scripts • Example : Pay-to-Public Key Locking Script: <Public key of Alice> Unlocking Script : <Dig. signature from Alice’s private key> private key> Script: <Dig. Signature from Alice’s private key> <Public key of Alice> OP_CHECKSIG CR 28

  29. Validation of Scripts <Dig. Signature from Alice’s private key> <Public key of Alice> Everyone else OP_CHECKSIG Alice Alice’s Alice’s Alice’s Transaction Public Key Transaction Private Key Signature for M Sign Verify function function Message M was indeed Signature signed by Alice CR for M So Alice can claim the transaction 29

  30. Validation with Signatures • Signature is dependent on the transaction – Therefore changes made to the transaction can be detected • Since every transaction is different, every signature is different. – Therefore signature cannot be reused CR 30

  31. Double Spending How to ensure that Alice is not trying to spend bitcoins twice? • Check every previous 23343J.. 434134J.. transaction in the blockchain transaction in the blockchain 43684J.. 43684J.. 21232J.. • Ensure that the inputs used by 67847J.. Alice have not been used again 656464J. • Made fast by an index of unused transactions CR 31

  32. So farJ 1. We have seen how Alice creates a transaction 2. We have seen how the transaction can be validated. – For authenticity – And for double spending But, who does the validation, Remember, Bitcoin relies on 1000s of computers and each computer maintains a ledger CR 32

Recommend


More recommend