Birla Institute of Technology & Science – Pilani

Hyderabad Campus
st
1 Semester 2022-2023
Blockchain Technology (BITS F452) – Comprehensive Examination (Regular) – KEY
Q1.(a)
The maximum gas fee is 0.0042 ETH. Now user1 sends 2 ETH to user2. The amount which
comes from user1’s Ethereum wallet is 2.0042 ETH. At the end of this transaction, user2
receives 2 ETH. An Ethereum miner would receive 0.0042 ETH.

(b)
(i) User A places an Ether gas limit of 65000 units for an ETH transfer which involves smart
contracts. The EVM consumes 21000 units and refunds 44000 units.
(ii) User B sets a gas limit of 20,000 whereas the actual transaction required 21000 units and the
transaction is to send 1 ETH to another user C. The EVM consumes 20,000 units. The
transaction status is incomplete. The amount of ETH received at user C is 0. The gas units at
user B is 0. The amount of ETH which user B will hold on to is 1. The gas units lost by user B is
20,000 .

(c) Given block number 6; its base fee is 160.2 gwei; the base fee increases by a maximum of
12.5% per block if the target block size is exceeded
The maximum base fee to be added to create a transaction on block number 9 can be computed
as:
For block number 7, its base fee = current base fee x 112.5
= 160.2 x 112. 5 = 180.2 gwei
Similarly, for block number 8, its base fee = current base fee x 112.5
= 180.2 x 112.5 = 202.7 gwei

Thus, the maximum base fee to be added to create a transaction on block number 9 is:
= current base fee x 112.5
= 202.7 x 112.5 = 228.03
= 228.1 gwei
Q2. (a)
In the given transaction, the input imports 50 BTC from output # 0 in transaction f5d8… The
output sends 50 BTC to the bitcoin address 4043…(expressed here in hexadecimal form)
instead of the regular base58 form. When the recipient wants to spend this money, the recipient
will reference the output # 0 of this transaction in an input of its own transaction.

(b)

Script words Script word categories Script word-Category mapping

A: OP_1NEGATE 1. Arithmetic A => 4
B: OP_NOP 2. Stack B => 5
C: OP_IFDUP 3. Bitwise logic C => 2
D: OP_EQUALVERIFY 4. Constant D => 3
E: OP_NEGATE 5. Flow control E => 1

(c)

<sig> <pubKey> OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG

Q3. (a) A cryptographic hash function allows us to represent a huge amount of data (varying
sized) by converting it to a small fixed sized hash value. The modes of a Merkle tree (also called
a hash tree) are all hash values . The Merkle tree for the given set of transactions is as follows.
The set of transactions (T1,T2,T3,T4) is summarized as the Merkle root hash H1234.
Merkle root
H1234
T1

H12
T1 H34
T1

H1
T1 T1
H2 T1
H3 T1
H4

T1 T1
T2 T1
T3 T1
T4
Let us say, we receive a transaction T3 that we wish to validate. With a Merkle tree the only information
we need is the hash of the sibling of the transaction, and the hash of each sibling up the branch to the hash
pointer. This is called the authentication path. In the example, we need the hash of T4, the sibling of T3;
that is we need H4 using which we can recompute the Merkle root. We need only re-compute this branch
to produce a hash pointer than matches the one we have stored, not the entire tree. If the computed hash
root value matches with the existing Merkle root, then it is sure that T3 is part of the block b1.

(b) Given 5 transactions in a block, the Merkle tree can be constructed as follows:
 • All Bitcoins exist as UTXOs (Unspent Transaction Output), where a transaction consumes an

existing UTXO (called Input) to generate a new UTXO (called Output), and the consumed UTXO

is no longer valid.

• Each UTXO has a signature associated with it belonging to the owner and must be present during

a given transaction in order for the transaction to be considered valid.

• The transaction ID and the UTXO’s output serial number for that transaction are used to uniquely

identify the UTXO, and all available UTXOs are stored inside a collection of data called the

UTXO set.

• This means that it is possible to implement that storing every UTXO that has not yet been spent in

the database and exposing it to the Bitcoin network, and destroying and deleting the already

consumed UTXOs from the database.

• As each UTXO is uniquely labelled, a node can easily determine whether some transactions

consume the same UTXO within a block.

• If two transactions refer to the same UTXO ID, the second transaction is invalid, and the block

cannot be verified as valid by honest nodes.

Thus, we can conclude that though, the Merkle tree will theoretically lead to a double-spending problem
due to the duplicate hashes if the number of transactions is not equal to the nth power of 2, in reality, it is
impossible to forge transactions with the same content inside the real block. Thus duplicating an odd
transaction does not lead to double-spending attack.
Q4. (a)
Blockchain consensus Type of attack which it can Consensus – attack prevention
algorithm resist mapping
(i) Proof of Work 1. network preservation (i) - 3
attack
(ii) Proof of Stake 2. node malfunction attack (ii) - 5
(iii) Delegated Proof of Stake 3. DDoS attack (iii) - 4
(iv) Proof of Elapsed Time 4. Double spending attack (iv) - 1
(v) Proof of Burn 5. 51% attack (v) - 2

(b)
(i) The user needs to deposit 32 ETH into a deposit account to participate as a validator.

(ii) The time in Proof of Stake is divided into slots of duration (12 seconds) and epochs
(32 #slots)

(iii) Atleast 2/3rd of the total staked ETH is required to declare a transaction’s finality.

(iv) An attacker would need to commit to losing atleast 1/3rd of the total staked ETH to revert a
finalized block.

(v) Yes, in PoS, an honest validator can decide to forcibly remove the attacker from the network and
destroy their staked ETH. The reason is that, in Ethereum PoS design, this option has been proposed as
one of the strongest defenses against 51% attack.
Q5. (a)
(i) Frontier project:
block_diff = parent_diff + parent_diff // 2048 * (1 if block_timestamp - parent_timestamp < 13
else -1) + int(2**((block.number // 100000) - 2))

(ii) Homestead project:

block_diff = parent_diff + parent_diff // 2048 * max(1 - (block_timestamp - parent_timestamp) //
10, -99) + int(2**((block.number // 100000) - 2))
(iii) Unlike the Homestead version, the Frontier version does not take into account how far
off from 13 seconds the block time was. A block mined 1 second after the previous one has the
same effect on the difficulty as the one mined after 12 seconds.
(b)
(i) If the number of guesses per second on the bitcoin blockchain network as on May 2011 was
1012, the corresponding hash rate is 1012 hashes/sec or 1 TH/sec.
(ii)
The Bitcoin difficulty value started at 1. For every 2016 blocks that are found, the
timestamps of the blocks are compared to find out how much time it took to find the blocks;
let it be T. We want 2016 # blocks to take 2 weeks. If T is different, then we multiply the
difficulty by (2 weeks/T) . As an example, if it took only 10 days, it means the difficulty is
too low and thus will be increased by 40%. Generally, the difficulty will decrease after the
network hashrate drops. If the correction factor is greater than 4 (or less than 1/4), then the
factor 4 or the factor 1/4 are used instead, to prevent the change to be too abrupt.
Q6.
(a)
(i) Multisig (multiple-signature) contracts are smart contract accounts that require multiple valid
signatures to execute a transaction. Generally, multisigs require N signatures out of M possible
acceptable signatures so that a transaction is executed. Here the possible number of acceptable
signatures is given as 123. Majority of key holders must agree and sign inorder for the contract to
execute.
Thus, the funds are still retrievable even if 61 signatures are lost.

(ii) The minimum number of key holders who must agree and sign, in order for the multi-
sig contract to execute is N = 62
(b).
(i). Ethereum follows a state machine model where transactions modify states on the Ethereum
network and states are expressed as key-value pairs.
• A Merkle-Patricia tree is used to represent the states in the Ethereum platform. Like the
Merkle trees, the modes of the Merkle – Patricia tree contain hash values.
• This hash is also used as the key that refers to the node.
• Key-values of the Ethereum state are used as paths on the Merkle-Patricia tree.
• A leaf node consists of two items: its path and value.
• In the Ethereum state, since there are branch nodes that have only one child node, the
Merkle-Patricia tree compresses branch nodes that contain only one child into extension
nodes that have a path and the hash of the child.

(ii) The three types of nodes in the Merkle Patricia tree is extension node, branch node and lead
node. The taxonomy is as follows:

extension

branch

leaf extension leaf

leaf

branch

leaf extension
(iii)
Given the following key value pairs {(0x0, null), (0x1, null), (0x9, null), (0xA, 2000), (0xB,
null), (0xC, null), (0xD, null), (0xE, 3000), (0xF, null)} as the leaf nodes and 0XBE as the root
node, the Merkle Patricia Tree can be constructed as follows:

The value in the key 0XBEA is 2000. The value in the key 0XBEE is 3000.
Q7. (a) Given a blockchain BC1 with 3 blocks mined with a difficulty target of 1 and 2 blocks
mined with an increased difficulty target of 4. The chain work for a blockchain is the total
number of expected hashes.
The number of hashes expected to mine each block can be computed as
hashes = 2256 /( target +1)
=> 3 blocks mined with target of 1
So hashes = 3 x 2256 /( 1 +1)= 3 x 2255
=> 2 blocks mined with target of 4.
So hashes = 2 x 2256 /( 4 +1) = 2 x 2254 approx. = 2255
Therefore the total chain work for the blockchain BC1 is 3 x 2 255 + 1 x 2255 = 2255 (3 +1)
= 2255 (4) = 2255 (22) = 2257

(b)
• A block must specify a parent, and it must specify 0 or more uncle blocks
• A uncle block included in block B must have the following properties:
• It must be a direct child of the kth generation ancestor of B, where 2 <= k <= 7
• It cannot be an ancestor of B
• A uncle block must have a valid block header, but does not need to be a
previously verified or even valid block
• A uncle block must be different from all uncles included in previous blocks and
all other uncles included in the same block (non-double-inclusion)
• For every uncle block U in block B, the miner of B gets an additional 3.125% added to
its coinbase reward and the miner of U gets 93.75% of a standard coinbase reward.