Bitcoins and Blockchains

Chester Rebeiro

Assistant Professor
Department of Computer Science and Engineering
IIT Madras
 Traditional Currencies

Alice gives bill to Bob, Bob gives coffee to Alice

CR! 2
 Characteristics of Paper Money
• No double spending
– Once Alice given Bill to Bob, she cannot use the same bill for
another transaction

• Not Reversible
– Once transaction is done, cannot be undone

• Transactions need not be between trusted parties

– Alice and Bob don’t need to trust each other

• Privacy
– Besides Alice and Bob, no body else knows about the
transaction

CR! 3
 Electronic Money
• What if Alice and Bob want to transact over the Internet
• Naïve Approach
– Alice sends a file ($5.jpg) to Bob

$5.jpg

Problems
Alice Bob
• Double Spending

• Multiple parties may

$5.jpg
own $5.jpg

Sally
CR! 4
 PayPal (Trusted 3rd Party)
verify
Alice’s account minus
every transaction Alice : $29 $5
Walter : $12
Carr : $23
Bob : $121
Ledger Bob’s account plus $5
3rd party

Alice Bob

Advantages Disadvantages

Double Spending prevented Third party can revert transactions

Alice and Bob can be untrusted No privacy, since third party is present

CR! 5
 Bitcoins
• Crypto currency (called bitcoins (BTC))
• Invented by unkown person or group (goes by
the name Satoshi Nakamoto)
• Uses cryptography to achieve
– Privacy
– Untrusted transactions
Just as in traditional currency
– Unreversible
– No double spending

CR! 6
 The Bitcoin Irony
• Bitcoins have
– no bank
– no trusted third party (like Paypal)
– no paper money

– But still works and can achieve trust !!!

– Trust achieved by a large group of connected people
who can be untrusted

CR! 7
 Big Idea
Ledgers maintained by several (1000s) of computers on the
Internet

ledgers

ledgers

CR! 8
 Transactions
• Every transactions logged in all ledgers
• Every transaction is checked if it has been previously done
– Verification done by 1000s of computers
• Double spending not possible
– Since all transactions are logged
update
update
send 5 BTC
to bob update

update ledger

update

BTC : bitcoins update

CR! 9
 Ledgers

Bank Ledger Bitcoin Ledger

(Transactions)
minus $5
Alice : $29 Alice à Bob 5BTC
Walter : $12 Bob à Carr 3BTC
Carr : $23 plus $5 Carr à Alice 1BTC
Bob : $121 John àEmily .3BTC
Jane -> Alice 4BTC
Joe à Alice 3BTC

called blockchain

CR! 10
 Under the hood

CR! 11
 Bitcoin Private Keys
Alice’s Private Private keys:
Key
• Most important component

• Used to show ownership of funds

Alice
Alice’s Public Key • If lost, money is lost (no way of
reterving)

• If stolen, money can be stolen

• Every private key must be unique

• Generating private key, by simply

picking a random number from 0 to
2256

CR! 12
 Bitcoin Public Keys
• Derived from the private key by a complex
process called elliptic curve scalar
multiplication
• Remember oneway ness,

Alice’s Private
Alice’s Public Key
Key

CR! 13
 Bitcoin Addresses
• Share with anyone who wants to send you money
(appears in transactions as the recipient of funds)
• Derived from the public key

Bitcoin address
1J7mdg5rbQyUHENYdx39WVWK7fsLpEoXZy

Bitcoin address (QR code)

CR! 14
 More Oneways

Alice’s Private
Alice’s Public Key
Key

Alice’s Address

Alice generates the private key

Only Alice can generate the public key and address

CR! 15
 Wallets
• Collection of secret keys owned by a user
• Different types of wallets possible

Randomly generated private Keys generated in a hierarchy

keys

CR! 16
 Bitcoin Transactions
How does Alice transfer 5 bitcoins to Bob?

Hash of Input and Output

(destination address)
Transaction Hash

OUTPUT
INPUT
Bob’s
5BTC Address

Locktime

Like a post dated cheque

Digitally signed with Alice’s
CR! Private key (Proof of Ownership)
17
 Transaction Hash
• A transaction hash uniquely identifies a transaction
• Even a small change in the transaction will cause a complete
change in the transaction hash

1021ab3582939214221 68434322468acd935

INPUT OUTPUT INpUT OUTPUT

Locktime Locktime

632346299790305735 ab428582b423523

INPUT OuTPUT INPUt OUTPUT

Locktime Locktime

CR! 18
 Transaction Input
Where did Alice get the 5BTC from?
1021ab3582939214221

Jane to Alice
3BTC
a234345456234462cbacdef

from Jane to Bob : 5BTC

ab3582939211231 from Kane to Alice: 1BTC

Kane to Alice
3BTC change

From unspent previous transactions

(which are recorded in current transaction)
CR! 19
 Transaction Input contd.
Just record the previous transaction
hashes
1021ab3582939214221

Jane Alice
3BTC
a234345456234462cbacdef

1021ab358… to Bob : 5BTC

ab3582939211231 ab3582933.. to Alice: 1BTC

Kane Alice
3BTC change

Transaction hash uniquely identify

transactions
CR! 20
 The Chain of Transactions
1021a……

20442….
a234345456234462…

20442……
1021a…
5623a….

5623a…… 5623a……

a342b… Genesis

First transaction ever created

CR! 21
 Cascaded
1021a……
3321……

20442….
5623….
a234345456234462…
bdefac32342…

20442……
5623……
3321a…
3255a….
5623a….
• A change in one transaction
causes a change in the all
5623a……
3255a…… others because
1. the transaction hash
a342a… changes
2. hash included in
subsequent transactions
so subsequent hashes change
CR! 22
 Bitcoin Ledger
is actually a list of transaction hashes so privacy
is maintained
Alice à Bob 5BTC 23343…..
Bob à Carr 3BTC 434134…..
Carr à Alice 1BTC 43684…..
John àEmily .3BTC 21232…..
Jane -> Alice 4BTC 67847…..
Joe à Alice 3BTC Is actually 656464….
Bitcoin Ledger
(Transaction hashes)

The ledger contains all bitcoin transactions ever made

since Bitcoins started
CR! 23
 Transaction Input
• To send 5 bit coins Alice needs to find transactions worth
at least 5 unspent bitcoins in the ledger that were sent to
her.
How does Alice claim
these transactions as
hers?
23343…..
1021ab3….. 3 BTC
43684…..
1021ab358…
21232…..
67847….. ab3582933..
ab358293…. 3 BTC Used as the input
for transaction from Alice to Bob

CR! 24
 How to Claim Transactions?
1021ab3582939214221
Alice
Alice’s address
a234345456234462cbacdef
Locking script
1021ab358…
Unlocking
script
This is a mathematical puzzle.
Anyone who can solve this puzzle
Can claim the bitcoins
This is the answer the mathematical
Puzzle
Since Alice has the solution, she can claim
the previous transaction

Based on digital
signatures
CR! 25
 Locking and Unlocking Scripts
• Uses a script (a simple programming language)
– Locking has one half of the script
– Unlocking has the other half of the script
• Anyone can join the scripts to validate it (thus
validating the transactions)
• Since a script is used, the puzzles are flexible.

CR! 26
 Locking and Unlocking Scripts
• Example : Pay-to-Public Key
Locking Script: <Public key of Alice>
Unlocking Script : <Dig. signature from Alice’s
private key>

Script:
<Dig. Signature from Alice’s private key>
<Public key of Alice>
OP_CHECKSIG

CR! 27
 Validation of Scripts
<Dig. Signature from Alice’s private key>
<Public key of Alice> Everyone else
OP_CHECKSIG

Alice
Alice’s
Alice’s Transaction Public Key
Transaction Private Key

Signature
Sign for M
Verify
function
function

Message M was indeed

Signature signed by Alice
for M
CR! So Alice can claim the transaction 28
 Validation with Signatures
• Signature is dependent on the transaction
– Therefore changes made to the transaction
can be detected

• Since every transaction is different, every

signature is different.
– Therefore signature cannot be reused

CR! 29
 Double Spending
How to ensure that Alice is not trying to
spend bitcoins twice?

23343….. • Check every previous

434134…..
43684….. transaction in the blockchain
21232…..
67847…..
• Ensure that the inputs used by
656464…. Alice have not been used again
• Made fast by an index of
unused transactions

CR! 30
 So far…
1. We have seen how Alice creates a transaction
2. We have seen how the transaction can be validated.
– For authenticity
– And for double spending

But, who does the validation,

Remember, Bitcoin relies on
1000s of computers and
each computer maintains a
ledger

CR! 31
 Who validates transactions?
• Alice sends transaction to any node in the bitcoin network
• Node validates, adds it to the ledger, and then sends it to other
nodes
• In a few seconds several 1000 nodes have validated and
broadcasted the transaction

CR! 32
 Ordering Transactions
• Transactions hop from one node to another in a random manner
• It is therefore possible for nodes to have different ledgers
• A dishonest node could prioritize one transaction over another
• Could lead to double spending What goes in the
ledger here?

CR! 33
 Double spending
(due to transaction order)
• Alice initiates a transaction , waits for Bob to deliver her coffee
• Then immediately initiates another transaction with the same inputs

CR! 34
 Bitcoins solution for ordering
transactions

Block Chains
Blocks

Miners

More Puzzles

CR! 35
 Blocks & Blockchains
• Ledgers are now stored as blockchains
• Each blockchain now has blocks instead of transactions
• Blocks contain multiple transactions

Block chain block hash

All the way
to the genesis
Block 556…. 32464… 4534…. 12114….
(Block 1)

transactions
All the way
to the
genesis Block N-3 Block N-2 Block N-1 Block N
transaction
Transaction chain
CR! 36
 Miners Candidate blocks

• Special nodes in the network

called miners
• Miners track bitcoin
transactions and add them to
‘candidate blocks’
• Due to transaction ordering
issues, candidate blocks in
each miner may be different

How do the miners

reach a consensus?
CR! 37
 Mathematical Puzzle
• All miners
simultaneously try to
solve a mathematical
puzzle
• The puzzle takes
around 10 minutes to
solve

CR! 38
 Solving the Puzzle
• When a miner solves the
puzzle, he announces
the result to all others
• His candidate block is
adopted by all others and
I solved it
added to the block chain
• Incentives for the winning
miners

CR! 39
 Mathematical Puzzle
• Three Requirements
– Should be difficult to solve
– But still solvable in 10 minutes
• Independent of the computing power of the miners
– Once solved, the solution should be easily verified
• The only way to solve the puzzle must be by
randomly trying different inputs

CR! 40
 Hash function randomness
Short
Text Hash fixed length
Function
hash

The hash is completely random.

The only way to find an output is to make random guesses of the input.

CR! 41
 A Puzzle
Concatenate a number to the message ‘M’ so
that the hash begins with a 0.

M = “I am
Satoshi
Nakamoto”

CR! 42
 Satisfying the requirements
• Should be difficult to solve
– The only way to solve the puzzle is by
randomly varying the inputs
• Once solved, the solution should be easily
verified
– Easily checked!!!
• Solvable in 10 minutes. Independent of the
computing power of the miners.
– Scalable difficulty (next!!!)
CR! 43
 Scalable Difficulty
• Why?
– Computing power of miners increases with technology
– More miners in the network over time
– Problem difficulty should be adjusted so that solution (on
average) obtained in 10 minutes
• How?
Concatenate a number to the message ‘M’ so that the
hash begins with N zeros.
– If N is less (easily solved)
– If N is large (more difficult to solve)
– Every 2016 blocks, difficulty adjsted depending on average time
taken for the last 2016 blocks

CR! 44
 Summarizing Miners

• Miners do three tasks simultaneously

Add incoming
transactions to
candidate block

Try to solve Add candidate

B roadcast
the If solved
solution
block to
puzzle blockchain

Lookout if any Add winner’s

B roadcast
one has solved If solved candidate block
solution
the puzzle to blockchain
CR! 45
 Summary of Bitcoins
1. Build a transaction from previous unused bitcoins

1021ab3582939214221

Jane to
3BTC Alice

ab3582939214221

Jane to
3BTC Alice

Each input in the transaction

also has the unlocking script,
which
will allow Alice to claim the
transactions

1021ab358
ab35829… out

CR! 46
 Summary of Bitcoins
1. Build a transaction from previous unused bitcoins

1021ab3582939214221

Create a hash of the transaction

Jane to
3BTC Alice

ab3582939214221

Jane to
3BTC Alice

The output has the locking

script based on Bob’s public
key

Several outputs can be present

but must sum up to the total
358293921422112322a input transaction
Locking
1021ab358 script,
ab35829… Value

CR! 47
 Summary of Bitcoins
2. Push transaction to network, where it is broadcasted

358293921422112322a

Locking
1021ab358 script,
ab35829… Value

CR! 48
 Summary of Bitcoins
2. Miners on network validate Alice’s transaction.
If found valid, add to a candidate block

358293921422112322a

Locking
1021ab358 script,
ab35829… Value

CR! 49
 Summary of Bitcoins
3. Miners simultaneously try to solve a mathematical
puzzle. If a miner succeeds, the result is broadcasted.
The winning miner’s candidate block is adopted by all others

358293921422112322a

Locking
1021ab358 script,
ab35829… Value

CR! 50
 Summary of Bitcoins
4. The transaction shows up in Bob’s wallet and
can be claimed in any transaction Bob makes

CR! 51
 Conclusions
• Bitcoins are an alternative to physical
currency
• Trust is achieved by using cryptography
and by large number of users
• Still not fool proof (attacks stell exist)
– Tokyo based bitcoin exchange Mt. Gox
hacked

CR! 52
 Potential Problems
• Theft of private keys
• Tracing coin’s history
• Sybil attack : Attacker controllers large number of nodes
in the network
• Side channel analysis
• Denial of Service Attakcs
• Malware in systems
• Energy requirements for mining

CR! 53