1. Bitcoin - Decentralised Open-Source Peer-to-Peer
Cryptocurrency
Bogdan Suvar, David Gureya
Instituto Superior T´cnico
e
{bogdan.suvar, david.gureya}@ist.utl.pt
December 9, 2013
Bogdan Suvar, David Gureya (EMDC)
Bitcoin
December 9, 2013
1 / 19
4. Motivation
Popular P2P and first cryptocurrency
Pseudonimity and Anonymity (with Tor)
Decentralised
Limitations and vulnerabilities
Alternatives
Bogdan Suvar, David Gureya (EMDC)
Bitcoin
December 9, 2013
3 / 19
5. Motivation
Figure: Interest by Google searches over the past 3 years
Bogdan Suvar, David Gureya (EMDC)
Bitcoin
December 9, 2013
4 / 19
7. Background
Proof Of Work systems
Challenge-response CPU-bound computation. Initially used for DOS,
spam
Asymmetric cryptography
Used for transactions. Transactions represent bitcoins. Private keys
are used to sign transactions, public keys are used for destination
Cryptographic hash functions
Generate a hash that starts with a certain number of 0s (difficulty).
Easy to validate, hard to find
Bogdan Suvar, David Gureya (EMDC)
Bitcoin
December 9, 2013
6 / 19
8. Background
Proof Of Work systems
Challenge-response CPU-bound computation. Initially used for DOS,
spam
Asymmetric cryptography
Used for transactions. Transactions represent bitcoins. Private keys
are used to sign transactions, public keys are used for destination
Cryptographic hash functions
Generate a hash that starts with a certain number of 0s (difficulty).
Easy to validate, hard to find
Bogdan Suvar, David Gureya (EMDC)
Bitcoin
December 9, 2013
6 / 19
9. Background
Proof Of Work systems
Challenge-response CPU-bound computation. Initially used for DOS,
spam
Asymmetric cryptography
Used for transactions. Transactions represent bitcoins. Private keys
are used to sign transactions, public keys are used for destination
Cryptographic hash functions
Generate a hash that starts with a certain number of 0s (difficulty).
Easy to validate, hard to find
Bogdan Suvar, David Gureya (EMDC)
Bitcoin
December 9, 2013
6 / 19
11. Wallet
Contents
keypairs for each of the addresses
transactions done to/from
key pool
default keys
user preferences
accounts
Security
Physical: paper, hardware
Back-up
Password
One wallet per installation
Bogdan Suvar, David Gureya (EMDC)
Bitcoin
December 9, 2013
7 / 19
12. Transactions
Definition
A signed part of data that is broadcasted to the network and collected into
blocks. It references a previous transaction and a certain number of
bitcoins to (one or more) public key(s).
How it works
1
Digitally sign:
output of the previous transaction
recipient’s public key hash
value (satoshi’s)
2
Broadcast it on the network
3
Wait to be included in a block ( 10 minutes)
4
Add block of transactions to the ledger
Bogdan Suvar, David Gureya (EMDC)
Bitcoin
December 9, 2013
8 / 19
13. Blocks
Definition
The blocks permanently record all the Bitcoin transactions on the network
- similar to a ledger. New blocks are added at the end of the record, to a
block chain
Contents
List of transactions
Nonce (see POW)
Header
Mining
Generate a new hash of the block header + nonce until the right one was
found. Reward = 25 BTC and it halves every 4 years. A new block is
created every 10 minutes.
Bogdan Suvar, David Gureya (EMDC)
Bitcoin
December 9, 2013
9 / 19
14. Network Overview
Communication via TCP
Ports: default 8333, but CLI configurable
IPv6 support
Node bootstraping:
1
2
Send messages to a hardcoded list of nodes (seed nodes)
(default) DNS request to a list of hostnames
Heartbeat: keepalive message every 30 min; connection closes after
90 min
Bogdan Suvar, David Gureya (EMDC)
Bitcoin
December 9, 2013
10 / 19
15. Node Discovery
Node steps:
1
Discover their external IP address (via dyndns.org or showmyip.com)
2
Receive callback addresses of nodes that connect to them
3
DNS requests for IP addresses
4
Use the ”seed” (hardcoded) addresses
5
Exchange addresses with other nodes
6
Store (timestamped) addresses in a database for startup
7
Enter new, custom, addresses from the command line
8
Read addresses from user provided text file on startup
Bogdan Suvar, David Gureya (EMDC)
Bitcoin
December 9, 2013
11 / 19
16. Node Discovery
Node steps:
1
Discover their external IP address (via dyndns.org or showmyip.com)
2
Receive callback addresses of nodes that connect to them
3
DNS requests for IP addresses
4
Use the ”seed” (hardcoded) addresses
5
Exchange addresses with other nodes
6
Store (timestamped) addresses in a database for startup
7
Enter new, custom, addresses from the command line
8
Read addresses from user provided text file on startup
Bogdan Suvar, David Gureya (EMDC)
Bitcoin
December 9, 2013
11 / 19
17. Node Discovery
Node steps:
1
Discover their external IP address (via dyndns.org or showmyip.com)
2
Receive callback addresses of nodes that connect to them
3
DNS requests for IP addresses
4
Use the ”seed” (hardcoded) addresses
5
Exchange addresses with other nodes
6
Store (timestamped) addresses in a database for startup
7
Enter new, custom, addresses from the command line
8
Read addresses from user provided text file on startup
Bogdan Suvar, David Gureya (EMDC)
Bitcoin
December 9, 2013
11 / 19
18. Node Discovery
Node steps:
1
Discover their external IP address (via dyndns.org or showmyip.com)
2
Receive callback addresses of nodes that connect to them
3
DNS requests for IP addresses
4
Use the ”seed” (hardcoded) addresses
5
Exchange addresses with other nodes
6
Store (timestamped) addresses in a database for startup
7
Enter new, custom, addresses from the command line
8
Read addresses from user provided text file on startup
Bogdan Suvar, David Gureya (EMDC)
Bitcoin
December 9, 2013
11 / 19
19. Node Discovery
Node steps:
1
Discover their external IP address (via dyndns.org or showmyip.com)
2
Receive callback addresses of nodes that connect to them
3
DNS requests for IP addresses
4
Use the ”seed” (hardcoded) addresses
5
Exchange addresses with other nodes
6
Store (timestamped) addresses in a database for startup
7
Enter new, custom, addresses from the command line
8
Read addresses from user provided text file on startup
Bogdan Suvar, David Gureya (EMDC)
Bitcoin
December 9, 2013
11 / 19
20. Node Discovery
Node steps:
1
Discover their external IP address (via dyndns.org or showmyip.com)
2
Receive callback addresses of nodes that connect to them
3
DNS requests for IP addresses
4
Use the ”seed” (hardcoded) addresses
5
Exchange addresses with other nodes
6
Store (timestamped) addresses in a database for startup
7
Enter new, custom, addresses from the command line
8
Read addresses from user provided text file on startup
Bogdan Suvar, David Gureya (EMDC)
Bitcoin
December 9, 2013
11 / 19
21. Node Discovery
Node steps:
1
Discover their external IP address (via dyndns.org or showmyip.com)
2
Receive callback addresses of nodes that connect to them
3
DNS requests for IP addresses
4
Use the ”seed” (hardcoded) addresses
5
Exchange addresses with other nodes
6
Store (timestamped) addresses in a database for startup
7
Enter new, custom, addresses from the command line
8
Read addresses from user provided text file on startup
Bogdan Suvar, David Gureya (EMDC)
Bitcoin
December 9, 2013
11 / 19
22. Node Discovery
Node steps:
1
Discover their external IP address (via dyndns.org or showmyip.com)
2
Receive callback addresses of nodes that connect to them
3
DNS requests for IP addresses
4
Use the ”seed” (hardcoded) addresses
5
Exchange addresses with other nodes
6
Store (timestamped) addresses in a database for startup
7
Enter new, custom, addresses from the command line
8
Read addresses from user provided text file on startup
Bogdan Suvar, David Gureya (EMDC)
Bitcoin
December 9, 2013
11 / 19
23. Address request handling
Upong receiving a node’s request for addresses:
1
Count all the addresses in the past 3 hours
2
If there are more than 2500, select the first 2500 randomly
3
Return addresses to the requestor
Bogdan Suvar, David Gureya (EMDC)
Bitcoin
December 9, 2013
12 / 19
24. Address request handling
Upong receiving a node’s request for addresses:
1
Count all the addresses in the past 3 hours
2
If there are more than 2500, select the first 2500 randomly
3
Return addresses to the requestor
Bogdan Suvar, David Gureya (EMDC)
Bitcoin
December 9, 2013
12 / 19
25. Address request handling
Upong receiving a node’s request for addresses:
1
Count all the addresses in the past 3 hours
2
If there are more than 2500, select the first 2500 randomly
3
Return addresses to the requestor
Bogdan Suvar, David Gureya (EMDC)
Bitcoin
December 9, 2013
12 / 19
27. Vulnerabilities
Sniffing
No encryption, since all transaction data is visible to all nodes.
Attacker could monitor all incoming and outgoing data and later
target specific users.
Bogdan Suvar, David Gureya (EMDC)
Bitcoin
December 9, 2013
13 / 19
28. Vulnerabilities
Sniffing
No encryption, since all transaction data is visible to all nodes.
Attacker could monitor all incoming and outgoing data and later
target specific users.
DoS attack
Moderate protection exists: Client accepts only Transaction messages.
Malicious node may use Transaction messages for DoS - costs a lot of
coins. Result: the node could be disconnected from the network or
hamper other trans. to be sent.
Bogdan Suvar, David Gureya (EMDC)
Bitcoin
December 9, 2013
13 / 19
29. Vulnerabilities
Sniffing
No encryption, since all transaction data is visible to all nodes.
Attacker could monitor all incoming and outgoing data and later
target specific users.
DoS attack
Moderate protection exists: Client accepts only Transaction messages.
Malicious node may use Transaction messages for DoS - costs a lot of
coins. Result: the node could be disconnected from the network or
hamper other trans. to be sent.
Segmentation
Nodes handle disputes on data integerity. Transactions could appear
confirmed in one segment then, upon joining the other segment, be
invalidated.
Bogdan Suvar, David Gureya (EMDC)
Bitcoin
December 9, 2013
13 / 19
30. Vulnerabilities
Sniffing
No encryption, since all transaction data is visible to all nodes.
Attacker could monitor all incoming and outgoing data and later
target specific users.
DoS attack
Moderate protection exists: Client accepts only Transaction messages.
Malicious node may use Transaction messages for DoS - costs a lot of
coins. Result: the node could be disconnected from the network or
hamper other trans. to be sent.
Segmentation
Nodes handle disputes on data integerity. Transactions could appear
confirmed in one segment then, upon joining the other segment, be
invalidated.
51% Attacks
Computationally unfeasible: attacker must have 51% more computing
power than all the other miners combined. Reason: control block
history.
Bogdan Suvar, David Gureya (EMDC)
Bitcoin
December 9, 2013
13 / 19
31. Scalability
Transactions
Visa: avg. 2000 tps, peak: 4k tps; holiday: avg 8k tps; burst>10k
Paypall: avg. 46 tps, peak: 100 tps;
Bitcoin (today): (artificially) limited to 7 tps
CPU
Node verifies (SHA256) a trans. which it doesn’t have. Hashing 1MB
takes 10 miliseconds = 4k tps achievable in mainstream CPUs (i7s) [3]
Network
For 2k tps, trans.= 0.5 kb;((2k * 512)/1024)/1024 = 0.97MBs (7.8Mbps)
Storage
Blocks can be over 0.5 GB for high tps. Pruning is possible.
Bogdan Suvar, David Gureya (EMDC)
Bitcoin
December 9, 2013
14 / 19
51. References
Satoshi Nakamoto (2008)
Bitcoin: A peer-to-peer electronic cash system
Piotr Piasecki (2012)
Design and security analysis of Bitcoin infrastructure using application deployed on
Google App Engine
Technical University of Gdansk
Bitcoin Wiki(2013)
Bitcoin - Scalability
Karl Whelan (2013)
So What’s So Special About Bitcoin?
Forbes
Vitalkin Buterin (2013)
Primecoin: The cryptocurrency whose mining is actually useful
Bitcoin Magazine
Bogdan Suvar, David Gureya (EMDC)
Bitcoin
December 9, 2013
18 / 19