Bitcoin cryptosecurity
•Descargar como PPTX, PDF•
1 recomendación•365 vistas
This presentation explains the cryptographic security involved in bitcoin. It covers the mechanics of bitcoin transactions & network.
Recomendados
Más contenido relacionado
Último
Último (20)
Destacado
Destacado (20)
Bitcoin cryptosecurity
- 1. Cryptosecurity of Bitcoin NAVEET KUMAR
- 2. Crypto Primitives Bitcoin Anatomy Transactions Decentralized Trust Mining Attack Vectors Agenda
- 3. Crypto Primitives: Hash H( )m (variable length) H(m) (fixed length) H(m) m H( ) m H(m) m’ Irreversible Collision Resistant
- 4. Crypto Primitives: Hash Pointer H( )m • Retrieval • Tamper Resistant Hash pointer List Prev: H( ) data Prev: H( ) data Prev: H( ) data Prev: H( ) data H( )
- 5. Crypto Primitives: Merkle Tree
- 6. Crypto Primitives: Digital Signature m E[H(m)]H(m) m E[H(m)] Hash Encrypt with sk Sign (sk,pk) = generate(keysize) sk = Signing key pk = Publick key m E[H(m)] m E[H(m)] H(m) H(m) Hash Decrypt with pk • Unforgeable • Public Verification
- 8. Transaction 2 BTCAlice Bob (SK,PK)Bob PKAlice PKBob Bitcoin Address(SK,PK)Alice PKAlice PKBob 2𝔹 Signed By Alice Bob Verifies
- 9. T1 In Out Prev T0 Value 2 BTC Index Out[0] ToAddr PKBob InScript SigAlice PKAlice OutScript OP_DUP OP_HASH160 PKBob OP_EQUALVERIFY OP_CHECKSIG Signed by Alice T2 In Out Prev T1 Value 2 BTC Index Out[0] ToAddr PKchuck InScript SigBob PKBob OutScript OP_DUP OP_HASH160 PKchuck OP_EQUALVERIFY OP_CHECKSIG Signed by Bob 2 BTCAlice Bob 2 BTCBob Chuck SigBob PKBob OP_DUP OP_HASH160 PKBob OP_EQUALVERIFY OP_CHECKSIG Script Challenge == True
- 10. Transaction Verification SigBob PKBob OP_DUP OP_HASH160 H(PKBob) OP_EQUALVERIFY OP_CHECKSIG SigBob PKBob PKBobH(PKbob) H(PKBob) Verified
- 11. Transaction Demo • Block => https://blockchain.info/block/000000000000000000bb85fac472cf2dfc357f694c98bd8ec007824a651b5f63 • Coinbase => https://blockchain.info/tx/4e2fa5424fdbf28291f1563166485164fa9538ce15c9d7304bee8de0c7a380ef • Transaction => https://blockchain.info/tx/810db6197cc629d2b5ac0f2b7b912f606f40f68974a1dde30fe1c174a6d9133a • First Trans => https://blockchain.info/block-height/170 • First Block => https://blockchain.info/block-height/0
- 12. Tx Tx ….. Tx Tx Tx ….. Tx A B Decentralized Trust M1 M3M2 Tx A B ….. Tx Tx Tx ….. Tx Tx Tx ….. Tx Tx Tx1 ….. Tx Tx Tx ….. Tx Tx Tx ….. Tx Tx A B ….. Tx Tx A B ….. Tx Longest Chain Wins
- 13. Tx Tx ….. Tx Tx Tx ….. Tx A B Double Spend Attack M1 M3M2 Tx A B ….. Tx Tx Tx ….. Tx Tx Tx ….. Tx Tx A A’ ….. Tx Tx Tx ….. Tx Tx Tx ….. Tx Tx A B ….. Tx A A’ 1st Tx Tx ….. Tx 2nd Tx Tx ….. Tx 3rd 6 Confirmations
- 14. Mining Coinbase Tx ….. Tx Reward for Mining = 12.5 BTC Proof of work H( nonce | pre_hash | tx1 | tx2 ) = [000….12] • Recalibrates in 14 days • Mean Mining time = 10 min / fraction_of_global_hash_power https://bitnodes.earn.com
- 15. Attack Vectors Net • 51% attacker • Full Nodes Crypto • SHA2 weakness • ECDSA weakness Ecosystem • Wallet • RFC ( Bitcoin Improvement Proposal )
- 16. Thanks
Notas del editor
- Irreversible => Brute force => 2^130 => Astronomical time Collision resistant => Huge Input, Small output space Commitment Sha 256
- Tamper resistant log Linked List => Blockchain Hash Pointer Head => Entire log can be retrieved O(n)
- Binary Tree Merkle Root Membership can be found => O(log n) Transactions are stored Merkle Tree in block
- Unforegeable Public verification Sign a Hash Pointer means signing the entire chain ECDSA => Elliptic Curve Digital Signature Algorithm Sk => private key, pk = bitcoin wallet address, Decentralized Identity management
- Block => Hash Pointer Blockchain => Hash Pointer List Transaction List => Merkle Tree Genesis block => https://blockchain.info/block-index/14849
- Wallet exchange Verification post block formation Alice had 2 BTC ? How only Bob Consumes ? Belongingness ?
- Transaction ref Multiple Input, Multiple Output To-Bitcoin address Script Challenge ( Only Bob can solve ) Bitcoin Scripting => op_codes & data Pay to Script
- Bitcoin scripting => Not turing complete language, Limit on Time & Memory It was meant for Bob ( Belong Only bob has a solution ( Anyone can verify Bob’s ownership if bob gives a solution )
- 1. Block => https://blockchain.info/block/000000000000000000bb85fac472cf2dfc357f694c98bd8ec007824a651b5f63 2. Coinbase => https://blockchain.info/tx/4e2fa5424fdbf28291f1563166485164fa9538ce15c9d7304bee8de0c7a380ef 3. Transaction(3rd) => 810db6197cc629d2b5ac0f2b7b912f606f40f68974a1dde30fe1c174a6d9133a
- P2P network => 8333 Gossip protocol ( relay node, full node ) Longest Node
- Transaction ref & Reuse Cryptographically No diff Confirmations : 6 required Probability of a block being invalid decrease exponentially Malicious Node : Add Invalid transaction Deny a transaction Double spent Penalize the malicous node
- Incentivize Add a Coin base transaction out of thin air All Active nodes Proof of work => 2^n ( n = leading zeros ) Recalibrates as hashing power can change Mean time = 10
- 51 % Malicious Nodes Steal Coins => No ( Can not solve script challenge ) Denial to a specific transaction => Yes Change reward amount => No ( breaking protocol ) Destroy Confidence => Yes ( disturbing the network ) RCE in Full Nodes SHA2 => Possible will be broken by 2040 ECDSA => Forge a signature => steal coins Wallet software => Find a vulnerability there