SlideShare una empresa de Scribd logo

bitcoin

Descargar como PPTX, PDF
A
AasimRasheed3

cryptoworld

Educación
1 de 35
Secure Digital Currency: Bitcoin Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources. See the last slide for acknowledgements!
Online Transactions • Physical cash – Non-traceable (well, mostly!) – Secure (mostly) – Low inflation • Can’t be used online directly Electronic credit or debit transactions Bank sees all transactions Merchants can track/profile customers CS660 - Advanced Information Assurance - UMassAmherst 2
E-Cash • Secure – Single use – Reliable • Low inflation • Privacy-preserving
E-Cash Crypto Protocols  Chaum82: blind signatures for e-cash  Chaum88: retroactive double spender identification  Brandis95: restricted blind signatures  Camenisch05: compact offline e-cash • Various practical issues: – Need for trusted central party – Computationally expensive – Etc. CS660 - Advanced Information Assurance - UMassAmherst 4
Bitcoin • A distributed, decentralized digital currency system • Released by Satoshi Nakamoto 2008 • Effectively a bank run by an ad hoc network – Digital checks – A distributed transaction log
Size of the BitCoin Economy • Number of BitCoins in circulation 11.8 million (December 2013) • Total number of BitCoins generated cannot exceed 21 million • Average price of a Bitcoin: around $300  Price has been unstable. • Total balances held in BTC 1B$ compared with 1,200B$ circulating in USD. • 30 Transactions per min. (Visa transaction 200,000 per minute.)
BitCoin: Challenges • Creation of a virtual coin/note – How is it created in the first place? – How do you prevent inflation? (What prevents anyone from creating lots of coins?) • Validation – Is the coin legit? (proof-of-work) – How do you prevent a coin from double-spending? • Buyer and Seller protection in online transactions – Buyer pays, but the seller doesn’t deliver – Seller delivers, buyer pays, but the buyer makes a claim. • Trust on third-parties – Rely on proof instead of trust – Verifiable by everyone – No central bank or clearing house
Security in Bitcoin • Authentication – Am I paying the right person? Not some other impersonator? • Integrity – Is the coin double-spent? – Can an attacker reverse or change transactions? • Availability – Can I make a transaction anytime I want? • Confidentiality – Are my transactions private? Anonymous?
Security in Bitcoin • Authentication  Public Key Crypto: Digital Signatures – Am I paying the right person? Not some other impersonator? • Integrity  Digital Signatures and Cryptographic Hash – Is the coin double-spent? – Can an attacker reverse or change transactions? • Availability Broadcast messages to the P2P network – Can I make a transaction anytime I want? • Confidentiality Pseudonymity – Are my transactions private? Anonymous?
Public Key Crypto: Encryption • Key pair: public key and private key
Public Key Crypto: Digital Signature • First, create a message digest using a cryptographic hash • Then, encrypt the message digest with your private key Authentication Integrity Non-repudiation
12 Cryptographic Hash Functions • Consistent: hash(X) always yields same result • One-way: given Y, hard to find X s.t. hash(X) = Y • Collision resistant: given hash(W) = Z, hard to find X such that hash(X) = Z Hash FnMessage of arbitrary length Fixed Size Hash
Back to BitCoin • Validation – Is the coin legit? (proof-of-work)  Use of Cryptographic Hashes – How do you prevent a coin from double-spending?  Broadcast to all nodes • Creation of a virtual coin/note – How is it created in the first place?  Provide incentives for miners – How do you prevent inflation? (What prevents anyone from creating lots of coins?)  Limit the creation rate of the BitCoins
Bitcoin • Electronic coin == chain of digital signatures • BitCoin transfer: Sign(Previous transaction + New owner’s public key) • Anyone can verify (n-1)th owner transferred this to the nth owner. • Anyone can follow the history Given a BitCoin
Bitcoin Transactions Public key 0xa8fc93875a972ea Signature 0xa87g14632d452cd Public key 0xc7b2f68...
Use of Cryptographic Hashes  Proof-of-work  Block contains transactions to be validated and previous hash value.  Pick a nouce such that H(prev hash, nounce, Tx) < E. E is a variable that the system specifies. Basically, this amounts to finding a hash value who’s leading bits are zero. The work required is exponential in the number of zero bits required.  Verification is easy. But proof-of-work is hard.
Preventing Double-spending • The only way is to be aware of all transactions. • Each node (miner) verifies that this is the first spending of the Bitcoin by the payer. • Only when it is verified it generates the proof- of-work and attach it to the current chain.
Bitcoin Network • Each P2P node runs the following algorithm: – New transactions are broadcast to all nodes. – Each node (miners) collects new transactions into a block. – Each node works on finding a proof-of-work for its block. (Hard to do. Probabilistic. The one to finish early will probably win.) – When a node finds a proof-of-work, it broadcasts the block to all nodes. – Nodes accept the block only if all transactions in it are valid (digital signature checking) and not already spent (check all the transactions). – Nodes express their acceptance by working on creating the next block in the chain, using the hash of the accepted block as the previous hash.
Tie breaking • Two nodes may find a correct block simultaneously. – Keep both and work on the first one – If one grows longer than the other, take the longer one Two different block chains (or blocks) may satisfy the required proof- of-work.
Reverting is Hard • Reverting gets exponentially hard as the chain grows. 1. Modify the transaction (revert or change the payer) 2. Recompute nonce 3. Recompute the next nonce
Practical Limitation • At least 10 mins to verify a transaction. – Agree to pay – Wait for one block (10 mins) for the transaction to go through. – But, for a large transaction ($$$) wait longer. Because if you wait longer it becomes more secure. For large $$$, you wait for six blocks (1 hour).
Optimizations • Merkle Tree – Only keep the root hash • Delete the interior hash values to save disk • Block header only contains the root hash • Block header is about 80 bytes • 80 bytes * 6 per/hr * 24 hrs * 365 = 4.2 MB/year – Why keep use a Merkle tree?
Simplified payment verification • Any user can verify a transaction easily by asking a node. • First, get the longest proof-of-work chain • Query the block that the transaction to be verified (tx3) is in. • Only need Hash01 and Hash2 to verify; not the entire Tx’s.
BitCoin Economics  Rate limiting on the creation of a new block  Adapt to the “network’s capacity”  A block created every 10 mins (six blocks every hour)  How? Difficulty is adjusted every two weeks to keep the rate fixed as capacity/computing power increases  N new Bitcoins per each new block: credited to the miner  incentives for miners  N was 50 initially. In 2013, N=25.  Halved every 210,000 blocks (every four years)  Thus, the total number of BitCoins will not exceed 21 million. (After this miner takes a fee)
Privacy Implications • No anonymity, only pseudonymity • All transactions remain on the block chain– indefinitely! • Retroactive data mining – Target used data mining on customer purchases to identify pregnant women and target ads at them (NYT 2012), ended up informing a woman’s father that his teenage daughter was pregnant – Imagine what credit card companies could do with the data CS660 - Advanced Information Assurance - UMassAmherst 25
Zerocoin • A distributed approach to private electronic cash • Extends Bitcoin by adding an anonymous currency on top of it • Zerocoins are exchangeable for bitcoins
What is a zerocoin? A zerocoin is: Economically: a promissory note redeemable for a bitcoin Cryptographically: an opaque envelope containing a serial number used to prevent double spending 823848273471012983
Commitments • Allow you to commit to and later reveal a value • Binding: value cannot be tampered with • Blinding: value cannot be read until revealed 812... 812..
Zerocoins: where do they come from? • Anyone can make one • Choose a random serial number and commit to it • Mint a zerocoin by putting a mint transaction in the block chain which “spends” a bitcoin and includes the commitment • Spending a zerocoin gives the recipient a bitcoin
Zerocoins: ...and where do they go? • The “spent” bitcoins end up escrowed • To spend a zerocoin – You reveal the serial number – Prove it is from some zerocoin in the block chain – Put the spent serial number in the block chain
Zero-knowledge proofs • Zero-knowledge [Goldwasser, Micali 1980s, and beyond] • Prove knowledge of a witness satisfying a statement • Specific variant: non-interactive proof of knowledge • Here we prove we know: 1.The serial number of a zerocoin 2.That the coin is in the block chain
Zero-knowledge proof • Inefficient approach – Identify all valid zerocoins in the block chain (call them ) – Prove that S is the serial number of a coin C and – This “OR” proof is O(N) • Zerocoin uses cryptographic accumulators – Sublinear
Zerocoin protocol Generate a commitment to a random serial number S: (Store serial number S and randomness r) Accumulate all valid coins, compute witness wi Reveal S and prove knowledge of witness to commitment accumulation and its randomness r where is prime
Discussion • The future of Bitcoin? • Attacks on Zerocoin? • Should we tradeoff privacy for usability? Is privacy a main principle? CS660 - Advanced Information Assurance - UMassAmherst 34
Acknowledgement • Some of the slides, content, or pictures are borrowed from the following resources, and some pictures are obtained through Google search without being referenced below: • L24-BitCoin and Security, many of the slides borrowed from this presentation with modifications. • Ian Miers, Zerocoin: Anonymous Distributed E-Cash from Bitcoin, IEE S&P slides • 35 CS660 - Advanced Information Assurance - UMassAmherst

Recomendados

Analyzing Bitcoin Security
Analyzing Bitcoin SecurityAnalyzing Bitcoin Security
Analyzing Bitcoin SecurityPhilippe Camacho, Ph.D.
 
SSH.ppt
SSH.pptSSH.ppt
SSH.pptjoekr1
 
Bitcoin: A Peer-to-Peer Electronic Cash System
Bitcoin: A Peer-to-Peer Electronic Cash SystemBitcoin: A Peer-to-Peer Electronic Cash System
Bitcoin: A Peer-to-Peer Electronic Cash SystemParas Jain
 
Secure shell protocol
Secure shell protocolSecure shell protocol
Secure shell protocolBaspally Sai Anirudh
 
Bitcoin A Peer-to-Peer Electronic Cash System
Bitcoin A Peer-to-Peer Electronic Cash SystemBitcoin A Peer-to-Peer Electronic Cash System
Bitcoin A Peer-to-Peer Electronic Cash SystemFlavio Vit
 
ssh.ppt
ssh.pptssh.ppt
ssh.pptjoekr1
 
Secure Shell(ssh)
Secure Shell(ssh)Secure Shell(ssh)
Secure Shell(ssh)Pina Parmar
 
Ssh (The Secure Shell)
Ssh (The Secure Shell)Ssh (The Secure Shell)
Ssh (The Secure Shell)Mehedi Farazi
 

Recomendados

Analyzing Bitcoin Security
Analyzing Bitcoin SecurityAnalyzing Bitcoin Security
Analyzing Bitcoin SecurityPhilippe Camacho, Ph.D.
 
SSH.ppt
SSH.pptSSH.ppt
SSH.pptjoekr1
 
Bitcoin: A Peer-to-Peer Electronic Cash System
Bitcoin: A Peer-to-Peer Electronic Cash SystemBitcoin: A Peer-to-Peer Electronic Cash System
Bitcoin: A Peer-to-Peer Electronic Cash SystemParas Jain
 
Secure shell protocol
Secure shell protocolSecure shell protocol
Secure shell protocolBaspally Sai Anirudh
 
Bitcoin A Peer-to-Peer Electronic Cash System
Bitcoin A Peer-to-Peer Electronic Cash SystemBitcoin A Peer-to-Peer Electronic Cash System
Bitcoin A Peer-to-Peer Electronic Cash SystemFlavio Vit
 
ssh.ppt
ssh.pptssh.ppt
ssh.pptjoekr1
 
Secure Shell(ssh)
Secure Shell(ssh)Secure Shell(ssh)
Secure Shell(ssh)Pina Parmar
 
Ssh (The Secure Shell)
Ssh (The Secure Shell)Ssh (The Secure Shell)
Ssh (The Secure Shell)Mehedi Farazi
 
Introduction to Blockchain and Smart Contracts
Introduction to Blockchain and Smart ContractsIntroduction to Blockchain and Smart Contracts
Introduction to Blockchain and Smart ContractsSaad Zaher
 
SSH - Secure Shell
SSH - Secure ShellSSH - Secure Shell
SSH - Secure ShellPeter R. Egli
 
Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)
Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)
Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)Svetlin Nakov
 
Consensus Algorithms.pptx
Consensus Algorithms.pptxConsensus Algorithms.pptx
Consensus Algorithms.pptxRajapriya82
 
Ssh
SshSsh
SshRaghu nath
 
Bitcoin Addresses
Bitcoin AddressesBitcoin Addresses
Bitcoin Addressesashmoran
 
Bitcoin (Cryptocurrency)
Bitcoin (Cryptocurrency)Bitcoin (Cryptocurrency)
Bitcoin (Cryptocurrency)Tsasaa Tsas
 
Zero Knowledge Proofs: What they are and how they work
Zero Knowledge Proofs: What they are and how they workZero Knowledge Proofs: What they are and how they work
Zero Knowledge Proofs: What they are and how they workAll Things Open
 
Layer 2 Scaling Solutions
Layer 2 Scaling SolutionsLayer 2 Scaling Solutions
Layer 2 Scaling SolutionsAleksandar Svetski
 
Bitcoin Keys, Addresses & Wallets
Bitcoin Keys, Addresses & WalletsBitcoin Keys, Addresses & Wallets
Bitcoin Keys, Addresses & WalletsChristopher Allen
 
Bitcoin - the Basics
Bitcoin - the BasicsBitcoin - the Basics
Bitcoin - the BasicsVesa Linja-aho
 
How do bitcoin transactions work?
How do bitcoin transactions work?How do bitcoin transactions work?
How do bitcoin transactions work?Pavel Kravchenko, PhD
 
Bitcoin Protocols 1.0 and 2.0 Explained in the Series: Blockchain: The Inform...
Bitcoin Protocols 1.0 and 2.0 Explained in the Series: Blockchain: The Inform...Bitcoin Protocols 1.0 and 2.0 Explained in the Series: Blockchain: The Inform...
Bitcoin Protocols 1.0 and 2.0 Explained in the Series: Blockchain: The Inform...Melanie Swan
 
Public key cryptography and RSA
Public key cryptography and RSAPublic key cryptography and RSA
Public key cryptography and RSAShafaan Khaliq Bhatti
 
Bitcoin
BitcoinBitcoin
BitcoinJoel John
 
Formation BLOCKCHAIN
Formation BLOCKCHAINFormation BLOCKCHAIN
Formation BLOCKCHAINMourad HASSINI
 
ECDSA/EdDSA
ECDSA/EdDSAECDSA/EdDSA
ECDSA/EdDSAJacobBrazeal
 
bitcoin technology
bitcoin technologybitcoin technology
bitcoin technologyShivani Darshan
 
MobiliteaTime #7 : Blockchain
MobiliteaTime #7 : BlockchainMobiliteaTime #7 : Blockchain
MobiliteaTime #7 : BlockchainUSERADGENTS
 
Blockchain
BlockchainBlockchain
BlockchainWael Othmani
 
CRYPTO CURRENCY-2022OD205.pdf
CRYPTO CURRENCY-2022OD205.pdfCRYPTO CURRENCY-2022OD205.pdf
CRYPTO CURRENCY-2022OD205.pdfJESUNPK
 
BITCOIN EXPLAINED
BITCOIN EXPLAINEDBITCOIN EXPLAINED
BITCOIN EXPLAINEDMurlidhar Sarda
 

Más contenido relacionado

La actualidad más candente

Introduction to Blockchain and Smart Contracts
Introduction to Blockchain and Smart ContractsIntroduction to Blockchain and Smart Contracts
Introduction to Blockchain and Smart ContractsSaad Zaher
 
Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)
Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)
Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)Svetlin Nakov
 
Consensus Algorithms.pptx
Consensus Algorithms.pptxConsensus Algorithms.pptx
Consensus Algorithms.pptxRajapriya82
 
Bitcoin Addresses
Bitcoin AddressesBitcoin Addresses
Bitcoin Addressesashmoran
 
Bitcoin (Cryptocurrency)
Bitcoin (Cryptocurrency)Bitcoin (Cryptocurrency)
Bitcoin (Cryptocurrency)Tsasaa Tsas
 
Zero Knowledge Proofs: What they are and how they work
Zero Knowledge Proofs: What they are and how they workZero Knowledge Proofs: What they are and how they work
Zero Knowledge Proofs: What they are and how they workAll Things Open
 
Bitcoin Keys, Addresses & Wallets
Bitcoin Keys, Addresses & WalletsBitcoin Keys, Addresses & Wallets
Bitcoin Keys, Addresses & WalletsChristopher Allen
 
Bitcoin Protocols 1.0 and 2.0 Explained in the Series: Blockchain: The Inform...
Bitcoin Protocols 1.0 and 2.0 Explained in the Series: Blockchain: The Inform...Bitcoin Protocols 1.0 and 2.0 Explained in the Series: Blockchain: The Inform...
Bitcoin Protocols 1.0 and 2.0 Explained in the Series: Blockchain: The Inform...Melanie Swan
 
MobiliteaTime #7 : Blockchain
MobiliteaTime #7 : BlockchainMobiliteaTime #7 : Blockchain
MobiliteaTime #7 : BlockchainUSERADGENTS
 

La actualidad más candente (20)

Introduction to Blockchain and Smart Contracts
Introduction to Blockchain and Smart ContractsIntroduction to Blockchain and Smart Contracts
Introduction to Blockchain and Smart Contracts
 
SSH - Secure Shell
SSH - Secure ShellSSH - Secure Shell
SSH - Secure Shell
 
Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)
Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)
Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)
 
Consensus Algorithms.pptx
Consensus Algorithms.pptxConsensus Algorithms.pptx
Consensus Algorithms.pptx
 
Ssh
SshSsh
Ssh
 
Bitcoin Addresses
Bitcoin AddressesBitcoin Addresses
Bitcoin Addresses
 
Bitcoin (Cryptocurrency)
Bitcoin (Cryptocurrency)Bitcoin (Cryptocurrency)
Bitcoin (Cryptocurrency)
 
Zero Knowledge Proofs: What they are and how they work
Zero Knowledge Proofs: What they are and how they workZero Knowledge Proofs: What they are and how they work
Zero Knowledge Proofs: What they are and how they work
 
Layer 2 Scaling Solutions
Layer 2 Scaling SolutionsLayer 2 Scaling Solutions
Layer 2 Scaling Solutions
 
Bitcoin Keys, Addresses & Wallets
Bitcoin Keys, Addresses & WalletsBitcoin Keys, Addresses & Wallets
Bitcoin Keys, Addresses & Wallets
 
Bitcoin - the Basics
Bitcoin - the BasicsBitcoin - the Basics
Bitcoin - the Basics
 
How do bitcoin transactions work?
How do bitcoin transactions work?How do bitcoin transactions work?
How do bitcoin transactions work?
 
Bitcoin Protocols 1.0 and 2.0 Explained in the Series: Blockchain: The Inform...
Bitcoin Protocols 1.0 and 2.0 Explained in the Series: Blockchain: The Inform...Bitcoin Protocols 1.0 and 2.0 Explained in the Series: Blockchain: The Inform...
Bitcoin Protocols 1.0 and 2.0 Explained in the Series: Blockchain: The Inform...
 
Public key cryptography and RSA
Public key cryptography and RSAPublic key cryptography and RSA
Public key cryptography and RSA
 
Bitcoin
BitcoinBitcoin
Bitcoin
 
Formation BLOCKCHAIN
Formation BLOCKCHAINFormation BLOCKCHAIN
Formation BLOCKCHAIN
 
ECDSA/EdDSA
ECDSA/EdDSAECDSA/EdDSA
ECDSA/EdDSA
 
bitcoin technology
bitcoin technologybitcoin technology
bitcoin technology
 
MobiliteaTime #7 : Blockchain
MobiliteaTime #7 : BlockchainMobiliteaTime #7 : Blockchain
MobiliteaTime #7 : Blockchain
 
Blockchain
BlockchainBlockchain
Blockchain
 

Similar a bitcoin

CRYPTO CURRENCY-2022OD205.pdf
CRYPTO CURRENCY-2022OD205.pdfCRYPTO CURRENCY-2022OD205.pdf
CRYPTO CURRENCY-2022OD205.pdfJESUNPK
 
Bitcoin apa apa saja tentang bitcoin
Bitcoin apa apa saja tentang bitcoinBitcoin apa apa saja tentang bitcoin
Bitcoin apa apa saja tentang bitcoinseolangit7
 
Investment Club Presentation 1 2021
Investment Club Presentation 1 2021Investment Club Presentation 1 2021
Investment Club Presentation 1 2021SamPurcell4
 
14 Jan17- Nullmeets -Blockchain concept decoded by Ninad Sarang
14 Jan17- Nullmeets -Blockchain concept decoded by Ninad Sarang14 Jan17- Nullmeets -Blockchain concept decoded by Ninad Sarang
14 Jan17- Nullmeets -Blockchain concept decoded by Ninad SarangNinad Sarang
 
An in depth presentation of Cryptocurrency.
An in depth presentation of Cryptocurrency.An in depth presentation of Cryptocurrency.
An in depth presentation of Cryptocurrency.SanjeebSamanta1
 
BIT COIN ,MINING & ATM
BIT COIN ,MINING & ATMBIT COIN ,MINING & ATM
BIT COIN ,MINING & ATMSumbal Jahan
 
Bitcoin and Ransomware Analysis
Bitcoin and Ransomware AnalysisBitcoin and Ransomware Analysis
Bitcoin and Ransomware AnalysisInderjeet Singh
 
Bitcoin and Ransomware Analysis
Bitcoin and Ransomware AnalysisBitcoin and Ransomware Analysis
Bitcoin and Ransomware Analysisinder_barara
 
Blockchain - Presentacion Betabeers Galicia 10/12/2014
Blockchain - Presentacion Betabeers Galicia 10/12/2014Blockchain - Presentacion Betabeers Galicia 10/12/2014
Blockchain - Presentacion Betabeers Galicia 10/12/2014WeKCo Coworking
 
BitCoin explained
BitCoin explainedBitCoin explained
BitCoin explainedHarelc
 
Blockchain and Bitcoin
Blockchain and BitcoinBlockchain and Bitcoin
Blockchain and BitcoinHugo Rodrigues
 

Similar a bitcoin (20)

CRYPTO CURRENCY-2022OD205.pdf
CRYPTO CURRENCY-2022OD205.pdfCRYPTO CURRENCY-2022OD205.pdf
CRYPTO CURRENCY-2022OD205.pdf
 
BITCOIN EXPLAINED
BITCOIN EXPLAINEDBITCOIN EXPLAINED
BITCOIN EXPLAINED
 
Bitcoin apa apa saja tentang bitcoin
Bitcoin apa apa saja tentang bitcoinBitcoin apa apa saja tentang bitcoin
Bitcoin apa apa saja tentang bitcoin
 
Bitcoin
BitcoinBitcoin
Bitcoin
 
Investment Club Presentation 1 2021
Investment Club Presentation 1 2021Investment Club Presentation 1 2021
Investment Club Presentation 1 2021
 
14 Jan17- Nullmeets -Blockchain concept decoded by Ninad Sarang
14 Jan17- Nullmeets -Blockchain concept decoded by Ninad Sarang14 Jan17- Nullmeets -Blockchain concept decoded by Ninad Sarang
14 Jan17- Nullmeets -Blockchain concept decoded by Ninad Sarang
 
Blockchain
BlockchainBlockchain
Blockchain
 
An in depth presentation of Cryptocurrency.
An in depth presentation of Cryptocurrency.An in depth presentation of Cryptocurrency.
An in depth presentation of Cryptocurrency.
 
BIT COIN ,MINING & ATM
BIT COIN ,MINING & ATMBIT COIN ,MINING & ATM
BIT COIN ,MINING & ATM
 
Bitcoins
BitcoinsBitcoins
Bitcoins
 
bitcoin_presentation
bitcoin_presentationbitcoin_presentation
bitcoin_presentation
 
Bitcoin and Ransomware Analysis
Bitcoin and Ransomware AnalysisBitcoin and Ransomware Analysis
Bitcoin and Ransomware Analysis
 
Bitcoin and Ransomware Analysis
Bitcoin and Ransomware AnalysisBitcoin and Ransomware Analysis
Bitcoin and Ransomware Analysis
 
Bitcoin
BitcoinBitcoin
Bitcoin
 
Blockchain - Presentacion Betabeers Galicia 10/12/2014
Blockchain - Presentacion Betabeers Galicia 10/12/2014Blockchain - Presentacion Betabeers Galicia 10/12/2014
Blockchain - Presentacion Betabeers Galicia 10/12/2014
 
Blockchain
BlockchainBlockchain
Blockchain
 
Crypto101.pptx
Crypto101.pptxCrypto101.pptx
Crypto101.pptx
 
BitCoin explained
BitCoin explainedBitCoin explained
BitCoin explained
 
Blockchain and Bitcoin
Blockchain and BitcoinBlockchain and Bitcoin
Blockchain and Bitcoin
 
01 what is blockchain
01 what is blockchain01 what is blockchain
01 what is blockchain
 

Último

On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsMebane Rash
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibitjbellavia9
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxVishalSingh1417
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Jisc
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - Englishneillewis46
 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...pradhanghanshyam7136
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...Poonam Aher Patil
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxDenish Jangid
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701bronxfugly43
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxJisc
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfAdmir Softic
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxheathfieldcps1
 
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxSKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxAmanpreet Kaur
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptxMaritesTamaniVerdade
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfNirmal Dwivedi
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseAnaAcapella
 
Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomPooky Knightsmith
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfSherif Taha
 

Último (20)

On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - English
 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxSKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
 
Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the Classroom
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdf
 

bitcoin

  • 1. Secure Digital Currency: Bitcoin Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources. See the last slide for acknowledgements!
  • 2. Online Transactions • Physical cash – Non-traceable (well, mostly!) – Secure (mostly) – Low inflation • Can’t be used online directly Electronic credit or debit transactions Bank sees all transactions Merchants can track/profile customers CS660 - Advanced Information Assurance - UMassAmherst 2
  • 3. E-Cash • Secure – Single use – Reliable • Low inflation • Privacy-preserving
  • 4. E-Cash Crypto Protocols  Chaum82: blind signatures for e-cash  Chaum88: retroactive double spender identification  Brandis95: restricted blind signatures  Camenisch05: compact offline e-cash • Various practical issues: – Need for trusted central party – Computationally expensive – Etc. CS660 - Advanced Information Assurance - UMassAmherst 4
  • 5. Bitcoin • A distributed, decentralized digital currency system • Released by Satoshi Nakamoto 2008 • Effectively a bank run by an ad hoc network – Digital checks – A distributed transaction log
  • 6. Size of the BitCoin Economy • Number of BitCoins in circulation 11.8 million (December 2013) • Total number of BitCoins generated cannot exceed 21 million • Average price of a Bitcoin: around $300  Price has been unstable. • Total balances held in BTC 1B$ compared with 1,200B$ circulating in USD. • 30 Transactions per min. (Visa transaction 200,000 per minute.)
  • 7. BitCoin: Challenges • Creation of a virtual coin/note – How is it created in the first place? – How do you prevent inflation? (What prevents anyone from creating lots of coins?) • Validation – Is the coin legit? (proof-of-work) – How do you prevent a coin from double-spending? • Buyer and Seller protection in online transactions – Buyer pays, but the seller doesn’t deliver – Seller delivers, buyer pays, but the buyer makes a claim. • Trust on third-parties – Rely on proof instead of trust – Verifiable by everyone – No central bank or clearing house
  • 8. Security in Bitcoin • Authentication – Am I paying the right person? Not some other impersonator? • Integrity – Is the coin double-spent? – Can an attacker reverse or change transactions? • Availability – Can I make a transaction anytime I want? • Confidentiality – Are my transactions private? Anonymous?
  • 9. Security in Bitcoin • Authentication  Public Key Crypto: Digital Signatures – Am I paying the right person? Not some other impersonator? • Integrity  Digital Signatures and Cryptographic Hash – Is the coin double-spent? – Can an attacker reverse or change transactions? • Availability Broadcast messages to the P2P network – Can I make a transaction anytime I want? • Confidentiality Pseudonymity – Are my transactions private? Anonymous?
  • 10. Public Key Crypto: Encryption • Key pair: public key and private key
  • 11. Public Key Crypto: Digital Signature • First, create a message digest using a cryptographic hash • Then, encrypt the message digest with your private key Authentication Integrity Non-repudiation
  • 12. 12 Cryptographic Hash Functions • Consistent: hash(X) always yields same result • One-way: given Y, hard to find X s.t. hash(X) = Y • Collision resistant: given hash(W) = Z, hard to find X such that hash(X) = Z Hash FnMessage of arbitrary length Fixed Size Hash
  • 13. Back to BitCoin • Validation – Is the coin legit? (proof-of-work)  Use of Cryptographic Hashes – How do you prevent a coin from double-spending?  Broadcast to all nodes • Creation of a virtual coin/note – How is it created in the first place?  Provide incentives for miners – How do you prevent inflation? (What prevents anyone from creating lots of coins?)  Limit the creation rate of the BitCoins
  • 14. Bitcoin • Electronic coin == chain of digital signatures • BitCoin transfer: Sign(Previous transaction + New owner’s public key) • Anyone can verify (n-1)th owner transferred this to the nth owner. • Anyone can follow the history Given a BitCoin
  • 15. Bitcoin Transactions Public key 0xa8fc93875a972ea Signature 0xa87g14632d452cd Public key 0xc7b2f68...
  • 16. Use of Cryptographic Hashes  Proof-of-work  Block contains transactions to be validated and previous hash value.  Pick a nouce such that H(prev hash, nounce, Tx) < E. E is a variable that the system specifies. Basically, this amounts to finding a hash value who’s leading bits are zero. The work required is exponential in the number of zero bits required.  Verification is easy. But proof-of-work is hard.
  • 17. Preventing Double-spending • The only way is to be aware of all transactions. • Each node (miner) verifies that this is the first spending of the Bitcoin by the payer. • Only when it is verified it generates the proof- of-work and attach it to the current chain.
  • 18. Bitcoin Network • Each P2P node runs the following algorithm: – New transactions are broadcast to all nodes. – Each node (miners) collects new transactions into a block. – Each node works on finding a proof-of-work for its block. (Hard to do. Probabilistic. The one to finish early will probably win.) – When a node finds a proof-of-work, it broadcasts the block to all nodes. – Nodes accept the block only if all transactions in it are valid (digital signature checking) and not already spent (check all the transactions). – Nodes express their acceptance by working on creating the next block in the chain, using the hash of the accepted block as the previous hash.
  • 19. Tie breaking • Two nodes may find a correct block simultaneously. – Keep both and work on the first one – If one grows longer than the other, take the longer one Two different block chains (or blocks) may satisfy the required proof- of-work.
  • 20. Reverting is Hard • Reverting gets exponentially hard as the chain grows. 1. Modify the transaction (revert or change the payer) 2. Recompute nonce 3. Recompute the next nonce
  • 21. Practical Limitation • At least 10 mins to verify a transaction. – Agree to pay – Wait for one block (10 mins) for the transaction to go through. – But, for a large transaction ($$$) wait longer. Because if you wait longer it becomes more secure. For large $$$, you wait for six blocks (1 hour).
  • 22. Optimizations • Merkle Tree – Only keep the root hash • Delete the interior hash values to save disk • Block header only contains the root hash • Block header is about 80 bytes • 80 bytes * 6 per/hr * 24 hrs * 365 = 4.2 MB/year – Why keep use a Merkle tree?
  • 23. Simplified payment verification • Any user can verify a transaction easily by asking a node. • First, get the longest proof-of-work chain • Query the block that the transaction to be verified (tx3) is in. • Only need Hash01 and Hash2 to verify; not the entire Tx’s.
  • 24. BitCoin Economics  Rate limiting on the creation of a new block  Adapt to the “network’s capacity”  A block created every 10 mins (six blocks every hour)  How? Difficulty is adjusted every two weeks to keep the rate fixed as capacity/computing power increases  N new Bitcoins per each new block: credited to the miner  incentives for miners  N was 50 initially. In 2013, N=25.  Halved every 210,000 blocks (every four years)  Thus, the total number of BitCoins will not exceed 21 million. (After this miner takes a fee)
  • 25. Privacy Implications • No anonymity, only pseudonymity • All transactions remain on the block chain– indefinitely! • Retroactive data mining – Target used data mining on customer purchases to identify pregnant women and target ads at them (NYT 2012), ended up informing a woman’s father that his teenage daughter was pregnant – Imagine what credit card companies could do with the data CS660 - Advanced Information Assurance - UMassAmherst 25
  • 26. Zerocoin • A distributed approach to private electronic cash • Extends Bitcoin by adding an anonymous currency on top of it • Zerocoins are exchangeable for bitcoins
  • 27. What is a zerocoin? A zerocoin is: Economically: a promissory note redeemable for a bitcoin Cryptographically: an opaque envelope containing a serial number used to prevent double spending 823848273471012983
  • 28. Commitments • Allow you to commit to and later reveal a value • Binding: value cannot be tampered with • Blinding: value cannot be read until revealed 812... 812..
  • 29. Zerocoins: where do they come from? • Anyone can make one • Choose a random serial number and commit to it • Mint a zerocoin by putting a mint transaction in the block chain which “spends” a bitcoin and includes the commitment • Spending a zerocoin gives the recipient a bitcoin
  • 30. Zerocoins: ...and where do they go? • The “spent” bitcoins end up escrowed • To spend a zerocoin – You reveal the serial number – Prove it is from some zerocoin in the block chain – Put the spent serial number in the block chain
  • 31. Zero-knowledge proofs • Zero-knowledge [Goldwasser, Micali 1980s, and beyond] • Prove knowledge of a witness satisfying a statement • Specific variant: non-interactive proof of knowledge • Here we prove we know: 1.The serial number of a zerocoin 2.That the coin is in the block chain
  • 32. Zero-knowledge proof • Inefficient approach – Identify all valid zerocoins in the block chain (call them ) – Prove that S is the serial number of a coin C and – This “OR” proof is O(N) • Zerocoin uses cryptographic accumulators – Sublinear
  • 33. Zerocoin protocol Generate a commitment to a random serial number S: (Store serial number S and randomness r) Accumulate all valid coins, compute witness wi Reveal S and prove knowledge of witness to commitment accumulation and its randomness r where is prime
  • 34. Discussion • The future of Bitcoin? • Attacks on Zerocoin? • Should we tradeoff privacy for usability? Is privacy a main principle? CS660 - Advanced Information Assurance - UMassAmherst 34
  • 35. Acknowledgement • Some of the slides, content, or pictures are borrowed from the following resources, and some pictures are obtained through Google search without being referenced below: • L24-BitCoin and Security, many of the slides borrowed from this presentation with modifications. • Ian Miers, Zerocoin: Anonymous Distributed E-Cash from Bitcoin, IEE S&P slides • 35 CS660 - Advanced Information Assurance - UMassAmherst