Bitcoin

• Bitcoin is a totally decentralized digital currency (no central bank / authority)
• Why would anyone want a decentralized currency?
• Traditional currencies:
  • Subject to manipulation
  • Costly transactions
  • Not anonymous
  • Unstable
  • Subject to state control

Bitcoin

• What problems might we encounter with a decentralized digital currency?
• • How do we know how much money people really have?
  • How do we make sure people don't counterfeit money?
  • How do we keep track of payments?
  • How do we prevent theft?

Bitcoin

• Bitcoin relies on a distributed public ledger.
  • With no central bank, everyone keeps track of every single transaction in the currency's history.
  • The entire record of the bitcoin currency is publicly available - thus, no need for a trusted third party.
• I have just as much money as the whole network thinks I have.

Bitcoin

• When someone wants to make a transaction, they send a message to the rest of the network: "Alice sends 5 BTC to Bob"
• The network receives the message and adds it to the ledger, which contains the entire history of bitcoin transactions.

Bitcoin

Summary of Basic Structure

• The history of bitcoin transactions is a series of "blocks" of information.
• Users broadcast transactions to the network. These are put in a queue.
• Users take a bunch of transactions from the queue and put them in "blocks".
• They then take the information in the block and try to solve a math puzzle that is specific to that information. (This is known as bitcoin mining.)
• The first one to solve the puzzle gets to add a block to the blockchain.

Bitcoin

Summary of Basic Structure

• After doing so, they broadcast the new blockchain around the network.
• Each user verifies that the puzzle was really solved, and then accepts the new blockchain.
• Users will verify and accept a blockchain if it is longer than the one they currently are working on.
• "Accepting" a blockchain means working on solving the puzzle associated with that new blockchain.

Bitcoin

• So, how much bitcoin I have depends on how much everyone in the network says I have.
• But I don't know everyone in the network! So how can I really trust them??

Bitcoin

• There are a few problems that bitcoin has to solve:
  • If I get a message saying "Alice sends 5 BTC to Bob," how do I know that the message was sent by Alice? (How do I know that the transaction is genuine?)
  • Different nodes will receive messages at different times. How do we make sure everyone agrees on the order of transactions?

Bitcoin

• Basically, the problems are:
  • Identity fraud
  • "Double-spending"
• The solutions are:
  • Digital signatures
  • Blockchain

Bitcoin

Double-spending

• Users spend bitcoin by broadcasting a message like "A sends X BTC to B"
• The network examines the history of transactions and insures that A really has X BTC to spend.
• But different nodes receive the message at different times.
• This makes possible a double-spending attack (spending the same bitcoin more than once).
• Note that this is impossible with paper currency.

Bitcoin

Double-spending

• The attack: Alice has 5 BTC, and she wants to buy Bob's watch for 5 BTC. So, she sends a message: "Alice sends 5 BTC to Bob."
• Bob receives the message and ships the watch to Alice.
• However, before the rest of the network has registered this transaction, Alice sends another message saying "Alice sends 5 BTC to Carol."

Bitcoin

Double-spending

• Some of the nodes will think that Alice already sent her 5 BTC to Bob and will reject the "second" transaction.
• Others will think that Alice sent her 5 BTC to Carol first and will reject the "first" transaction.
• If the second transaction happens to be the one that is accepted by the whole network, then Bob will not receive his 5 BTC, even though he already shipped his watch to Alice.

Bitcoin

Double-spending

• So:
  • The bitcoin ledger is maintained by passing messages around the network.
  • A proposed transaction becomes "real" when it is accepted by the whole network.
  • Given the physical facts of a network, different nodes will receive different messages at different times.
  • Therefore, since there can be disagreement about the order of transactions, an attacker can try to double-spend the same bitcoin if the seller completes the transactions before the network has agreed to the correct order.

Bitcoin

Blockchain

• The essence of bitcoin is a solution to the following problem:
  • ​How can I have trust in a system/network, without trusting any individual member of the network?
    
• The solution is an idea known as the blockchain​.

Bitcoin

Blockchain

• We assume that the majority of the people in the network can be trusted (attackers are a minority).
• So, the idea is that in order to make changes to the system, we require people to do some task that is too hard for one person to (consistently) do alone.
• This is known as a proof of work.

Bitcoin

Blockchain

• Analogy: Suppose that the bitcoin ledger was a piece of paper that was hidden under a big boulder. In order to change the ledger, you have to move the boulder, but this can't be done alone.
• Therefore, if the boulder is moved, this is proof of work that many people in the group agreed to the change.

Bitcoin

Blockchain

• The blockchain employs a similar kind of concept.
• To propose a change to the bitcoin ledger, you have to solve a math puzzle that can only be solved by randomly guessing numbers.
• The chances of guessing correctly are very small, and each puzzle builds on the last one, so it's unlikely that the same person will solve it twice in a row.
• The fact that the puzzle has been solved is proof that no individual user is controlling the bitcoin ledger.

Bitcoin

Hash Functions

• A cryptographic hash function is a mathematical function which, given an input of any length, returns an output of a fixed length, which
  • appears random, and
  • is impossible to guess how changing the input would affect the output.

Bitcoin

Hash Functions

• The "math puzzle" that users must solve to mine bitcoin is:
  • Take the current blockchain,
  • Add the new transactions and some other info so that the hash of the new block satisfies some arbitrary property (e.g. "beginning with eight 0's")
• Since hash functions are unpredictable, the only way to solve the puzzle is by guessing.

Bitcoin

Hash Functions

• So, everyone in the network is trying to solve the hash, but because you can only solve it by guessing, everyone is equally likely to "win" - therefore, it's extremely unlikely for one person to win more than once.

Bitcoin

Summary

• This is how fraud is prevented in the bitcoin network.
• Assume that the cheaters are in the minority.
• For fraud to occur, the fraudsters would have to be able to produce many new blocks in a row.
• But given the distributed mining structure, this is mathematically impossible.

Bitcoin

Summary

• Furthermore, if a group of attackers decide to cheat the network, then the other users will no longer trust bitcoin... in which case it would be useless!
• Therefore, it is intrinsic that too much fraud is simply pointless.

Bitcoin

Summary

• The key insight behind the blockchain is that it enables a network of anonymous users to cooperate with each other and trust the system as a whole, without trusting any individual user or third party.