Bitcoin: Concepts, Practice, and Research Directions

Bitcoin: Concepts, Practice, and Research Directions

Ittay Eyal, Emin Gün Sirer
Computer Science, Cornell University
DISC Bitcoin Tutorial, October 2014
Copyright © 2014 Ittay Eyal, Emin Gün Sirer
Bitcoin:
Concepts, Practice, and
Research Directions
Copyright © 2014 Ittay Eyal, Emin Gün Sirer
Fiat
Gold
Barter
2
Gold
Fiat
Bitcoin
Copyright © 2014 Ittay Eyal, Emin Gün Sirer
Barter
2008: The Bitcoin white paper
2009: Reference implementation
[Satoshi Nakamoto]
3
Gold
•
•
•
•
Fiat
Bitcoin
Copyright © 2014 Ittay Eyal, Emin Gün Sirer
Barter
Decentralized control
Decentralized minting
Easy to transfer
Novel tech, new applications
4
Banks:
criminals, who
print money
and lend it as
debt.
Gold
Fiat
Bitcoin
Copyright © 2014 Ittay Eyal, Emin Gün Sirer
Barter
taxation is a crime!
Bitcoin or oligarchy?
Separate church and state?
Separate bank and state!
5
Mt. Gox USD/BTC
Copyright © 2014 Ittay Eyal, Emin Gün Sirer
Great Success!
1000$
100$
10$
1.00$
0.10$
Oct’10
[http://bitcoincharts.com/]
Jan’14
6
Mt. Gox USD/BTC
Copyright © 2014 Ittay Eyal, Emin Gün Sirer
Great Success!
1000$
Litecoin
Ethereum 100$
10$
Namecoin
Oct’10
[http://bitcoincharts.com/]
Dogecoin
Worldcoin
1.00$
0.10$
Jan’14
7
Copyright © 2014 Ittay Eyal, Emin Gün Sirer
Mostly Great Success
USD/BTC (Bitstamp)
1000
800
600
400
200
0
Dec-11
Jul-12
[http://bitcoincharts.com/]
Jan-13
Aug-13
Feb-14
Sep-14
8
Copyright © 2014 Ittay Eyal, Emin Gün Sirer
Acceptance
9
Copyright © 2014 Ittay Eyal, Emin Gün Sirer
Acceptance
10
Copyright © 2014 Ittay Eyal, Emin Gün Sirer
Acceptance
11
Copyright © 2014 Ittay Eyal, Emin Gün Sirer
Acceptance
12
•
•
•
•
•
•
•
•
Farmers
Payment services
Investors
Start-ups
Venture Capital
Miners
Developers
Researchers
Copyright © 2014 Ittay Eyal, Emin Gün Sirer
Many Players
13
•
•
•
•
Protocol
Security
Research
Non-technical
Copyright © 2014 Ittay Eyal, Emin Gün Sirer
Roadmap
14
Part I
Protocol
Ittay Eyal, Emin Gün Sirer
Computer Science, Cornell University
DISC Bitcoin Tutorial, October 2014
Copyright © 2014 Ittay Eyal, Emin Gün Sirer
Bitcoin:
Concepts, Practice, and
Research Directions
•
•
•
•
•
Overview
The Blockchain
Block propagation
Mining
Transactions
Copyright © 2014 Ittay Eyal, Emin Gün Sirer
Part 1 – Protocol
2
Copyright © 2014 Ittay Eyal, Emin Gün Sirer
Protocol Overview
Alice
1. Stealing
2. Double-spending
Bob

Copyright © 2014 Ittay Eyal, Emin Gün Sirer
Key Issues
Not a local solution
4
MA
Copyright © 2014 Ittay Eyal, Emin Gün Sirer
Global Ledger
AB
BC
5
MA
Copyright © 2014 Ittay Eyal, Emin Gün Sirer
Global Ledger
AB
AC
6
MA
Copyright © 2014 Ittay Eyal, Emin Gün Sirer
Global Ledger
AB
BC
7
MA
Copyright © 2014 Ittay Eyal, Emin Gün Sirer
Addresses and Transactions
AB
𝑡𝑥𝑛𝐴𝐵 , 𝑃𝐾 𝐶 , 𝑠𝑔𝑛𝑆𝐾(𝐵)
BC
8
Transaction structure (roughly):
input 1
input 2
output 1, amount 1
Copyright © 2014 Ittay Eyal, Emin Gün Sirer
Addresses and Transactions
output 2, amount 2
input 3
input 4
output 3, amount 3
Inputs are fully spent.
9
Alice
Bob
Copyright © 2014 Ittay Eyal, Emin Gün Sirer
Goal
1. No stealing
2. No double-spending
11
Copyright © 2014 Ittay Eyal, Emin Gün Sirer
The Blockchain
Global Ledger of all transactions
1.
2.
3.
4.
Requirements
No central control
High availability, security
Impossible to manipulate
Distributed minting
Copyright © 2014 Ittay Eyal, Emin Gün Sirer
Global Ledger
13
Sounds like
my bank!
Global Ledger of all transactions
1.
2.
3.
4.
Requirements
No central control
High availability, security
Impossible to manipulate
Distributed minting
Copyright © 2014 Ittay Eyal, Emin Gün Sirer
Global Ledger
Doesn’t
sound like
my bank.
14
•
•
•
•
Distributed system
Open
Consensus (not exactly)
Byzantine model
Copyright © 2014 Ittay Eyal, Emin Gün Sirer
Global Ledger
15
Ledger
Blockchain
Copyright © 2014 Ittay Eyal, Emin Gün Sirer
The Blockchain
block
16
Ledger
Blockchain
Copyright © 2014 Ittay Eyal, Emin Gün Sirer
The Blockchain
block
17
Ledger
Blockchain
Copyright © 2014 Ittay Eyal, Emin Gün Sirer
The Blockchain
block
18
• Clients issue unforgeable transactions.
• Miners collate transactions and …
• add them to blockchain by solving cryptopuzzles,
• for which they receive a reward (minted coins).
Copyright © 2014 Ittay Eyal, Emin Gün Sirer
The Blockchain
19
Copyright © 2014 Ittay Eyal, Emin Gün Sirer
Transaction and Block Propagation
• Nodes propagate legal transactions and blocks.
• Blocks are difficult to create
20
Time
Txns’ Merkle
Root
Nonce
Copyright © 2014 Ittay Eyal, Emin Gün Sirer
Hash of Previous header
target
Auto-adjusting difficulty cryptopuzzle:
SHA256(SHA256(block-header)) < target
21
Copyright © 2014 Ittay Eyal, Emin Gün Sirer
Forks
• Longest chain of blocks
• Tiebreaker: earliest
A weak form of consensus
22
• Requirement: compute majority is honest
• Hardest chain of blocks (aggregate difficulty)
• Or the one you heard of first.
Copyright © 2014 Ittay Eyal, Emin Gün Sirer
Fork Resolution
23
• Requirement: compute majority is honest
• Hardest chain of blocks (aggregate difficulty)
• Or the one you heard of first.
Copyright © 2014 Ittay Eyal, Emin Gün Sirer
Fork Resolution
Dishonest majority controls blockchain
(More on that later)
24
Copyright © 2014 Ittay Eyal, Emin Gün Sirer
Block Propagation
40
Average 12.6
6.5
Copyright © 2014 Ittay Eyal, Emin Gün Sirer
Block Propagation
For blocks larger than 20𝑘𝐵:
1𝑘𝐵 ⟹ +80𝑚𝑠𝑒𝑐
[Decker and Wattenhofer ‘13]
26
Average 12.6
40
6.5
Large miners connected
directly with low latency.
Copyright © 2014 Ittay Eyal, Emin Gün Sirer
Block Propagation
For blocks larger than 20𝑘𝐵:
1𝑘𝐵 ⟹ +80𝑚𝑠𝑒𝑐
[Decker and Wattenhofer ‘13]
27
40
Average 12.6
6.5
Copyright © 2014 Ittay Eyal, Emin Gün Sirer
Block Propagation
For blocks larger than 20𝑘𝐵:
1𝑘𝐵 ⟹ +80𝑚𝑠𝑒𝑐
Header before block?
[Decker and Wattenhofer ‘13]
28
Copyright © 2014 Ittay Eyal, Emin Gün Sirer
Mining
• Prize:
• Mining: Newly minted coins
(today 25฿, total 21 million at 2140)
• Transaction fees (up to ~10−4 ฿/1KB).
Copyright © 2014 Ittay Eyal, Emin Gün Sirer
Motivation?
How?
• Coinbase transaction
• Transactions fees
30
Copyright © 2014 Ittay Eyal, Emin Gün Sirer
Mining
Difficulty rise:
Total Network Hash Rate
Hash Rate [TH/sec]
20,000
2,000
200
20
Mar’13
[Blockchain.info]
(More on that later)
Jul’13
Jan’14
31
Copyright © 2014 Ittay Eyal, Emin Gün Sirer
Mining
Difficulty rise:
Total Network Hash Rate
Hash Rate [TH/sec]
20,000
2,000
200
20
Mar’13
[Blockchain.info]
(More on that later)
Jul’13
Jan’14
32
Example:
(700 USD/BTC)
Copyright © 2014 Ittay Eyal, Emin Gün Sirer
Mining Pools
• Avg revenue:
6.71$ / day
• HW break even: ~1.5 years (w/ free power)
• Time to block:
over 7 years
33
Bitcoin
Network
Copyright © 2014 Ittay Eyal, Emin Gün Sirer
Mining Pools
• Pool with power 𝛼 gets 𝛼 of blocks
• Each miner makes the average (- pool fee)
34
Copyright © 2014 Ittay Eyal, Emin Gün Sirer
Mining Pools
35
Copyright © 2014 Ittay Eyal, Emin Gün Sirer
Mining Pools
How can they tell?
36
Bitcoin
Network
hash(⋅) < pool-target
Copyright © 2014 Ittay Eyal, Emin Gün Sirer
Mining Pools
37
Copyright © 2014 Ittay Eyal, Emin Gün Sirer
Mining Pools
(More on that later)
[Blockchain.info, February 2014]
38
Copyright © 2014 Ittay Eyal, Emin Gün Sirer
Transactions
Ledger
Blockchain
Copyright © 2014 Ittay Eyal, Emin Gün Sirer
Transactions
block
40
Copyright © 2014 Ittay Eyal, Emin Gün Sirer
Transactions
41
input 1
output 1, amount 1
Copyright © 2014 Ittay Eyal, Emin Gün Sirer
Transactions
input 2
output 2, amount 2
input 3
42
input 1
output 1, amount 1
Copyright © 2014 Ittay Eyal, Emin Gün Sirer
Transactions
input 2
output 2, amount 2
input 3
43
output: scriptPubKey
Input: scriptSig
Copyright © 2014 Ittay Eyal, Emin Gün Sirer
Pay-to-PubkeyHash
44
scriptPubKey: OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG
scriptSig:
<sig> <pubKey>
output: scriptPubKey
Input: scriptSig
Address is the public key hash.
Owner signs with matching private key.
Copyright © 2014 Ittay Eyal, Emin Gün Sirer
Pay-to-PubkeyHash
45
scriptPubKey: OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG
scriptSig:
<sig> <pubKey>
Stack
Verification
script
<sig>
Copyright © 2014 Ittay Eyal, Emin Gün Sirer
Pay-to-PubkeyHash
<pubKey>
OP_DUP
OP_HASH160
<pubKeyHash>
OP_EQUALVERIFY
OP_CHECKSIG
46
scriptPubKey: OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG
scriptSig:
<sig> <pubKey>
Stack
Verification
script
Copyright © 2014 Ittay Eyal, Emin Gün Sirer
Pay-to-PubkeyHash
<pubKey>
OP_DUP
OP_HASH160
<sig>
<pubKeyHash>
OP_EQUALVERIFY
OP_CHECKSIG
47
scriptPubKey: OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG
scriptSig:
<sig> <pubKey>
Stack
Verification
script
Copyright © 2014 Ittay Eyal, Emin Gün Sirer
Pay-to-PubkeyHash
OP_DUP
<pubKey>
OP_HASH160
<sig>
<pubKeyHash>
OP_EQUALVERIFY
OP_CHECKSIG
48
scriptPubKey: OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG
scriptSig:
<sig> <pubKey>
Stack
Verification
script
Copyright © 2014 Ittay Eyal, Emin Gün Sirer
Pay-to-PubkeyHash
<pubKey>
<pubKey>
OP_HASH160
<sig>
<pubKeyHash>
OP_EQUALVERIFY
OP_CHECKSIG
49
scriptPubKey: OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG
scriptSig:
<sig> <pubKey>
Stack
Verification
script
Copyright © 2014 Ittay Eyal, Emin Gün Sirer
Pay-to-PubkeyHash
hash160(<pubKey>)
<pubKey>
<sig>
<pubKeyHash>
OP_EQUALVERIFY
OP_CHECKSIG
50
scriptPubKey: OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG
scriptSig:
<sig> <pubKey>
Stack
Verification
script
Copyright © 2014 Ittay Eyal, Emin Gün Sirer
Pay-to-PubkeyHash
<pubKeyHash>
hash160(<pubKey>)
<pubKey>
<sig>
OP_EQUALVERIFY
OP_CHECKSIG
51
scriptPubKey: OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG
scriptSig:
<sig> <pubKey>
Stack
Verification
script
Copyright © 2014 Ittay Eyal, Emin Gün Sirer
Pay-to-PubkeyHash
<pubKey>
<sig>
OP_CHECKSIG
52
scriptPubKey: OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG
scriptSig:
<sig> <pubKey>
Stack
Verification
script
Copyright © 2014 Ittay Eyal, Emin Gün Sirer
Pay-to-PubkeyHash
Return true.
53
• Coinbase
No input
• Pay to Script Hash (P2SH)
Script in signature (receiver side)
Copyright © 2014 Ittay Eyal, Emin Gün Sirer
Other Transaction Types
• Multisig
Require k/n signatures
54