SlideShare a Scribd company logo

WEEK 4.pdfddddddddddddddddddddddddddddddddddddddddddd

•
D
deepak123mastermind

The document discusses various elements of blockchain technology, specifically focusing on the Bitcoin network, transaction processes, mining, and the mechanisms to prevent double spending. It describes how users can join the network, the flooding of transactions, block mining, and the complexities of maintaining consensus in a decentralized environment. Additionally, it addresses issues of anonymity, payment mechanisms, and the economic principles governing Bitcoin creation and exchange.

Career
1 of 117
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
Blockchain and its applications Prof. Shamik Sural Department of Computer Science & Engineering Indian Institute of Technology Kharagpur Lecture 16: Blockchain Elements - IV
• Joining a Bitcoin Network • Transaction Flooding • Block Mining • Block Propagation • Forking and Propagation of Longest Chain
• Bitcoin Node • Transaction Flooding • Block Reward • Block Propagation • Fork in Blockchain
Bitcoin P2P Network • An ad-hoc network with random topology, Bitcoin protocol runs over TCP • All nodes (users) in the bitcoin network are treated equally • New nodes can join any time, non-responding nodes are removed after 3 hours
Joining in a Bitcoin P2P Network
Joining in a Bitcoin P2P Network
Joining in a Bitcoin P2P Network Give me the address Seed Node
Joining in a Bitcoin P2P Network <address list> Seed Node
Joining in a Bitcoin P2P Network Seed Node
Joining in a Bitcoin P2P Network Get most recent blockchain
Joining in a Bitcoin P2P Network Start transaction
Transactions in a Bitcoin Network • Alice joins the Bitcoin network by opening her applet • Alice makes a transaction to Bob: A->B: BTC 10 • Alice includes the scripts with the transactions • Alice broadcasts this transaction in the Bitcoin network
Transaction Flooding in a Bitcoin Network
Transaction Flooding in a Bitcoin Network
Transaction Flooding in a Bitcoin Network Validate the Transaction
Transaction Flooding in a Bitcoin Network Flood the Transaction
Transaction Flooding in a Bitcoin Network I have already seen the transaction A->B:BTC10
Which Transactions Should You Relay? • The transaction is valid with current blockchain – No conflict – No double spending • The script matches with a pre-given set of whitelist scripts – Avoid unusual scripts, avoid infinite loops • Does not conflict with other transactions that I have relayed after getting the blockchain updated – avoid double spending
Transaction Flooding in a Bitcoin Network A->B:BTC10 Different nodes may have different transaction pools A->B:BTC10 A->B:BTC10 A->B:BTC10 A->B:BTC10 A->B:BTC10 C->D:BTC20 C->D:BTC20 C->D:BTC20 A->B:BTC10 C->D:BTC20 C->D:BTC20 Accept the first transactions that you have heard
Transaction Flooding in a Bitcoin Network A->B:BTC10 A->B:BTC10 A->B:BTC10 A->B:BTC10 A->B:BTC10 A->B:BTC10 C->D:BTC20 C->D:BTC20 C->D:BTC20 A->B:BTC10 C->D:BTC20 C->D:BTC20 Accept the first set of transactions that you have heard
Mining in a Bitcoin Network Miner collects all the transactions flooded and starts mining
Block Generation The miner who solves the puzzle first, generates a new block
Block Flooding Flood the blockchain with the new block included
Block Propagation Multiple miners can mine a new block simultaneously or in a near identical time “Forks” may get created
Block Propagation – Accept the Longest Chain Block 1 Block 2 Block 3 Block 4 Block 5 Block 6 Block 7 Block 8 Block 9 Block 11 Block 10 • “Accidental” forks occur rarely. Even if they occur, eventually only one becomes part of the longest chain • There are “intentional” forks of two type: hard forks and soft forks to come up with new versions like Bitcoin Cash, etc., or to upgrade software versions
Which Block to Relay • Block contains the correct hash based on the existing blockchain • All the transactions inside the block are valid – Check the scripts – Validate with the existing blockchain • The block is included in the current longest chain – Do not relay the forks
• Shown how a new node can join the bitcoin network • Creation and propagation of transactions • Accumulating transactions and mining new blocks • Propagation of new bitcoin blocks • Discussed how forking is handled in a blockchain
• Blockchain Basics: A Non-Technical Introduction in 25 Steps by Daniel Drescher, Apress (2017) • Blockchain: Hype or Innovation by Tatiana Gayvoronskaya and Christoph Meinel, Springer (2021) • Any other standard textbook on blockchain/bitcoin
WEEK 4.pdfddddddddddddddddddddddddddddddddddddddddddd
Blockchain and its applications Prof. Shamik Sural Department of Computer Science & Engineering Indian Institute of Technology Kharagpur Lecture 17: Blockchain Elements - V
• Start of the Bitcoin Network and Creation of Coins • Variation of Block Reward with Time • Handling of Double Spending Problem • Payment using Bitcoin and Anonymity • Bitcoin Exchange
• Block Reward • Double Spending • Anonymity • Bitcoin Exchange
Bitcoin Basics – Creation of Coins • Controlled Supply: Must be limited for the currency to have value – any maliciously generated currency needs to be rejected by the network • Bitcoins are generated during the mining – each time a user discovers a new block • The rate of block creation is adjusted every 2016 blocks to aim for a constant two week adjustment period • The last bitcoin will be mined in 2140 (estimated and unless changed)
Bitcoin Basics – Creation of Coins • Number of bitcoins generated per block is set to decrease geometrically, with a 50% reduction for every 210,000 blocks, or approximately 4 years • This reduces with time the amount of bitcoins generated per block – Theoretical limit for total bitcoins: Slightly less than 21 million – Miners will get less reward as time progresses – How to pay the mining fee – increase the transaction fee
Projected Number of Bitcoins Information Source: https://en.bitcoin.it/wiki/
Bitcoin Basics – Sending Payments • Alice wants to send bitcoin to Bob – Bob sends his address to Alice – Alice adds Bob’s address and the amount of bitcoins to transfer in a “transaction” message – Alice signs the transaction with her private key, and announces her public key for signature verification – Alice broadcasts the transaction on the Bitcoin network for all to see Information Source: https://en.bitcoin.it/wiki/
Double Spending • Same bitcoin is used for more than one transaction A:50 • Double spending Cash?? • In a centralized system for digital currency, the bank prevents double spending • How can we prevent double spending in a decentralized network?
Handle Double Spending using Blockchain • When multiple valid continuation to this chain appear, only the longest such branch is accepted and it is then extended further (longest chain) • Once a transaction is committed in the blockchain, everyone in the network can validate all the transactions by using Alice’s public address • The validation prevents double spending in bitcoin
Bitcoin Anonymity • Bitcoin is permission-less, you do not need to setup any “account”, or required any e-mail address, user name or password to login to the wallet • The public and the private keys do not need to be registered, the wallet can generate them for the users • The bitcoin address is used for transaction, not the user name or identity
Bitcoin Anonymity • A bitcoin address mathematically corresponds to a public key based on ECDSA – the digital signature algorithm used in bitcoin • A sample bitcoin address: 1PHYrmdJ22MKbJevpb3MBNpVckjZHt89hz • Each person can have many such addresses, each with its own balance – Difficult to know which person owns what amount
To Sum it All Up!! • Bitcoins do not really “exist” as any tangible or electronic object. • There is no bit”coin” as you see in its logo • Owning a bitcoin simply means you have access to a key pair that includes – A public key to which somebody else had sent some bitcoin – A matching private key that gives you the authority to send the previously received bitcoin to another address • If you lose your private key, you lose the corresponding bitcoin(s)
Physical Payment using Bitcoin • All that is needed is a (set of) private key(s) – Public key can be generated from the private key. • Safely store the private key – in your desktop, on the web, mobile phone, special hardware attachment, printed on a piece of paper as QR • For online payment, you can use the wallet and an appropriate mode of applying the private key • For off line payments like in store payments or paying to your friend, you can use your mobile phone to present the private key or use the hardcopy!! As simple as using PayTm, Google Pay and so on.
Bitcoin Exchange • Trading bitcoin as commodity • Centralized exchanges – (In India: WazirX, CoinDCX, Zebpay, CoinSwitch Kuber, etc.) – Identity verification using KYC documents – Maintain your balance in Bitcoin and another currency like INR. – You set the buying and selling prices and quantities – If necessary, you can take the money out in a referred currency – Some exchanges provide the payout option in anonymous prepaid cards • There can also be decentralized exchanges with appropriate procedures for handling similar requirements
• Generation (Mining) of new coins • Variation of block reward with time • Handling double spending • Anonymity in bitcoin • Paying using bitcoin and role of exchange
• Blockchain Basics: A Non-Technical Introduction in 25 Steps by Daniel Drescher, Apress (2017) • Blockchain: Hype or Innovation by Tatiana Gayvoronskaya and Christoph Meinel, Springer (2021) • Any other standard textbook on blockchain/bitcoin
WEEK 4.pdfddddddddddddddddddddddddddddddddddddddddddd
Blockchain and its applications Prof. Sandip Chakraborty Department of Computer Science & Engineering Indian Institute of Technology Kharagpur Lecture 18: Permissionless Model and Open Consensus
• Permissionless Model • Consensus Requirements for Open Networks • FLP Impossibility and Open Consensus
• Permissionless Models • Synchronous and Asynchronous • Failures in distributed system • Safety vs Liveness
Permissionless Model • Open network • Anyone can join in the network and initiate transactions • Participants are free to leave the network, and can join later again
Permissionless Model • Open network • Anyone can join in the network and initiate transactions • Participants are free to leave the network, and can join later again • Assumption: More than 50% of the participants are honest • A society cannot run if majority of its participants are dishonest !!
Permissionless Blockchain
Consensus Challenges • Participants do not know others • Cannot use message passing !! • Anyone can propose a new block • Who is going to add the next block in the blockchain? • The network is asynchronous • We do not have any global clock • A node may see the blocks in different orders
Consensus Challenges B1 B2 B3
Consensus Challenges B1 B2 B3 B3
Consensus Challenges B1 B2 B3 B3 B2
Consensus Challenges • Any types of monopoly needs to be prevented • A single user or a group of users should not gain the control – we don't trust anyone
Synchronous vs Asynchronous • Synchronous vs Asynchronous Networks • Synchronous: I am sure that I'll get the message in real time (theoretically no delay or minimum delay) • Asynchronous: I am not sure whether and when the message will arrive
Failure in a Network • Crash Fault: A node stops responding • Link Fault (or Network Fault): A link fails to deliver the message • Byzantine Fault: A node starts behaving maliciously
Failure in a Network • Crash Fault: A node stops responding • Link Fault (or Network Fault): A link fails to deliver the message • Byzantine Fault: A node starts behaving maliciously
Failure in a Network • Crash Fault: A node stops responding • Link Fault (or Network Fault): A link fails to deliver the message • Byzantine Fault: A node starts behaving maliciously B2 B4 B1 B1
Remember FLP Impossibility? • The Impossibility Theorem: Consensus is not possible in a perfect asynchronous network even with a single crash failure • Cannot ensure safety and liveness simultaneously
The Safety vs Liveness Dilemma The Nakamoto Consensus (Proof of Work) Liveness is more important than Safety Immediate focus is on liveness with a minimum safety guarantee, full safety will be ensured eventually
The Consensus Problem TX11 TX13 TX45 TX56 TX19 TX42 TX67 TX10 TX16 TX55 TX40 TX32 Miner 1 Miner 2 Miner 3
The Consensus Problem TX11 TX13 TX45 TX56 TX19 TX42 TX67 TX10 TX16 TX55 TX40 TX32 Miner 1 Miner 2 Miner 3 Unconfirmed TX Unconfirmed TX Unconfirmed TX Bitcoin Unconfirmed TX : https://www.blockchain.com/btc/unconfirmed-transactions
The Consensus Problem TX11 TX13 TX45 TX56 TX19 TX42 TX67 TX10 TX16 TX55 TX40 TX32 Miner 1 Miner 2 Miner 3 TX16 TX16 Unconfirmed TX Unconfirmed TX Unconfirmed TX TX16
The Consensus Problem TX11 TX13 TX45 TX56 TX19 TX42 TX67 TX10 TX16 TX55 TX40 TX32 Miner 1 Miner 2 Miner 3 TX16 TX17 TX17 TX16 TX17 Unconfirmed TX Unconfirmed TX Unconfirmed TX TX17
The Consensus Problem TX11 TX13 TX45 TX56 TX19 TX42 TX67 TX10 TX16 TX55 TX40 TX32 Miner 1 Miner 2 Miner 3 TX16 TX17 TX17 TX22 TX16 TX17 TX22 Unconfirmed TX Unconfirmed TX Unconfirmed TX TX22
The Consensus Problem TX11 TX13 TX45 TX56 TX19 TX42 TX67 TX10 TX16 TX55 TX40 TX32 Miner 1 Miner 2 Miner 3 TX16 TX17 TX87 TX49 TX37 TX17 TX22 TX87 TX37 TX88 TX16 TX17 TX22 TX31 Unconfirmed TX Unconfirmed TX Unconfirmed TX
The Consensus Problem TX11 TX13 TX45 TX56 TX19 TX42 TX67 TX10 TX16 TX55 TX40 TX32 Miner 1 Miner 2 Miner 3 TX16 TX17 TX87 TX49 TX37 TX17 TX22 TX87 TX37 TX88 TX16 TX17 TX22 TX31 Unconfirmed TX Unconfirmed TX Unconfirmed TX Which one would be the next block?
Conclusion • Message passing is not possible over an open network • FLP Impossibility: Safety vs Liveness • Priority over Liveness • More suitable for Blockchain? Include the correct block – whether it is final, think later • Different miners see different blocks • Which one to add?
WEEK 4.pdfddddddddddddddddddddddddddddddddddddddddddd
Blockchain and its applications Prof. Sandip Chakraborty Department of Computer Science & Engineering Indian Institute of Technology Kharagpur Lecture 19: Nakamoto Consensus (Proof of Work)
• Nakamoto Consensus • Block Mining
• PoW • Block Mining • Safety and Liveness
The Consensus Problem TX11 TX13 TX45 TX56 TX19 TX42 TX67 TX10 TX16 TX55 TX40 TX32 Miner 1 Miner 2 Miner 3 TX16 TX17 TX87 TX49 TX37 TX17 TX22 TX87 TX37 TX88 TX16 TX17 TX22 TX31 Unconfirmed TX Unconfirmed TX Unconfirmed TX Which one would be the next block?
Safety vs Liveness TX11 TX13 TX45 TX56 TX19 TX42 TX67 TX10 TX16 TX55 TX40 TX32 Miner 1 Miner 2 Miner 3 TX16 TX17 TX87 TX49 TX37 TX17 TX22 TX87 TX37 TX88 TX16 TX17 TX22 TX31 Unconfirmed TX Unconfirmed TX Unconfirmed TX Safety-1: The next block should be "correct" in practice • Transactions are verified, block contains correct Hash and Nonce
Safety vs Liveness TX11 TX13 TX45 TX56 TX19 TX42 TX67 TX10 TX16 TX55 TX40 TX32 Miner 1 Miner 2 Miner 3 TX16 TX17 TX87 TX49 TX37 TX17 TX22 TX87 TX37 TX88 TX16 TX17 TX22 TX31 Unconfirmed TX Unconfirmed TX Unconfirmed TX Safety-1: The next block should be "correct" in practice • Transactions are verified, block contains correct Hash and Nonce This can be ensured – the block mined by a miner is verified by all
Safety vs Liveness TX11 TX13 TX45 TX56 TX19 TX42 TX67 TX10 TX16 TX55 TX40 TX32 Miner 1 Miner 2 Miner 3 TX16 TX17 TX87 TX49 TX37 TX17 TX22 TX87 TX37 TX88 TX16 TX17 TX22 TX31 Unconfirmed TX Unconfirmed TX Unconfirmed TX Safety-2: All the miners should agree on a single block • The next block of the blockchain should be selected unanimously
Safety vs Liveness TX11 TX13 TX45 TX56 TX19 TX42 TX67 TX10 TX16 TX55 TX40 TX32 Miner 1 Miner 2 Miner 3 TX16 TX17 TX87 TX49 TX37 TX17 TX22 TX87 TX37 TX88 TX16 TX17 TX22 TX31 Unconfirmed TX Unconfirmed TX Unconfirmed TX Safety-2: All the miners should agree on a single block • The next block of the blockchain should be selected unanimously Miners do not know each other – how can they agree on the same block?
Safety vs Liveness TX11 TX13 TX45 TX56 TX19 TX42 TX67 TX10 TX16 TX55 TX40 TX32 Miner 1 Miner 2 Miner 3 TX16 TX17 TX87 TX49 TX37 TX17 TX22 TX87 TX37 TX88 TX16 TX17 TX22 TX31 Unconfirmed TX Unconfirmed TX Unconfirmed TX Safety-2: All the miners should agree on a single block • The next block of the blockchain should be selected unanimously PoW compromises here
Safety vs Liveness TX11 TX13 TX45 TX56 TX19 TX42 TX67 TX10 TX16 TX55 TX40 TX32 Miner 1 Miner 2 Miner 3 TX16 TX17 TX87 TX49 TX37 TX17 TX22 TX87 TX37 TX88 TX16 TX17 TX22 TX31 Unconfirmed TX Unconfirmed TX Unconfirmed TX Liveness: Add a block as long as it is correct (contains valid transactions from the unconfirmed TX list) and move further
Safety vs Liveness TX11 TX13 TX45 TX56 TX19 TX42 TX67 TX10 TX16 TX55 TX40 TX32 Miner 1 Miner 2 Miner 3 TX16 TX17 TX87 TX49 TX37 TX17 TX22 TX87 TX37 TX88 TX16 TX17 TX22 TX31 Unconfirmed TX Unconfirmed TX Unconfirmed TX Liveness: Add a block as long as it is correct (contains valid transactions from the unconfirmed TX list) and move further Two (or more) different miners may add two (or more) different blocks
Safety vs Liveness TX11 TX13 TX45 TX56 TX19 TX42 TX67 TX10 TX16 TX55 TX40 TX32 Miner 1 Miner 2 Miner 3 TX16 TX17 TX87 TX49 TX37 TX17 TX22 TX87 TX37 TX88 TX16 TX17 TX22 TX31 Unconfirmed TX Unconfirmed TX Unconfirmed TX Liveness: Add a block as long as it is correct (contains valid transactions from the unconfirmed TX list) and move further Two (or more) different miners may add two (or more) different blocks Will resolve this later!
Safety vs Liveness TX11 TX13 TX45 TX56 TX19 TX42 TX67 TX10 TX16 TX55 TX40 TX32 Miner 1 Miner 2 Miner 3 TX16 TX17 TX87 TX49 TX37 TX17 TX22 TX87 TX37 TX88 TX16 TX17 TX22 TX31 Unconfirmed TX Unconfirmed TX Unconfirmed TX TX16 TX17 TX37 TX87 TX17 TX22 TX87 TX37 TX22 TX17 TX16 TX31
Safety vs Liveness TX11 TX13 TX45 TX56 TX19 TX42 TX67 TX10 TX16 TX55 TX40 TX32 Miner 1 Miner 2 Miner 3 TX16 TX17 TX87 TX49 TX37 TX17 TX22 TX87 TX37 TX88 TX16 TX17 TX22 TX31 Unconfirmed TX Unconfirmed TX Unconfirmed TX TX16 TX17 TX37 TX87 TX17 TX22 TX87 TX37 TX22 TX17 TX16 TX31 • No fixed ordering of transactions • No fixed number of transactions per block • Limit on the Block size
Safety vs Liveness TX11 TX13 TX45 TX56 TX19 TX42 TX67 TX10 TX16 TX55 TX40 TX32 Miner 1 Miner 2 Miner 3 TX16 TX17 TX87 TX49 TX37 TX17 TX22 TX87 TX37 TX88 TX16 TX17 TX22 TX31 Unconfirmed TX Unconfirmed TX Unconfirmed TX TX16 TX17 TX37 TX87 TX17 TX22 TX87 TX37 TX22 TX17 TX16 TX31 • Generate the proof (nonce) • Generation: Complex • Verification: Easy ? ? ?
Safety vs Liveness TX11 TX13 TX45 TX56 TX19 TX42 TX67 TX10 TX16 TX55 TX40 TX32 Miner 1 Miner 2 Miner 3 TX16 TX17 TX87 TX49 TX37 TX17 TX22 TX87 TX37 TX88 TX16 TX17 TX22 TX31 Unconfirmed TX Unconfirmed TX Unconfirmed TX TX16 TX17 TX37 TX87 TX17 TX22 TX87 TX37 TX22 TX17 TX16 TX31 ? ? ? • Expectation: One of the miners will be able to generate the proof
Safety vs Liveness TX11 TX13 TX45 TX56 TX19 TX42 TX67 TX10 TX16 TX55 TX40 TX32 Miner 1 Miner 2 Miner 3 TX16 TX17 TX87 TX49 TX37 TX17 TX22 TX87 TX37 TX88 TX16 TX17 TX22 TX31 Unconfirmed TX Unconfirmed TX Unconfirmed TX TX16 TX17 TX37 TX87 TX17 TX22 TX87 TX37 TX22 TX17 TX16 TX31 ? ? NM3 • Expectation: One of the miners will be able to generate the proof
Safety vs Liveness TX11 TX13 TX45 TX56 TX19 TX42 TX67 TX10 TX16 TX55 TX40 TX32 Miner 1 Miner 2 Miner 3 TX16 TX17 TX87 TX49 TX37 TX17 TX22 TX87 TX37 TX88 TX16 TX17 TX22 TX31 Unconfirmed TX Unconfirmed TX Unconfirmed TX TX22 TX17 TX16 TX31 NM3 • Sign the block and broadcast • Gossip over the P2P network TX22 TX17 TX16 TX31
Safety vs Liveness TX11 TX13 TX45 TX56 TX19 TX42 TX67 TX10 TX16 TX55 TX40 TX32 Miner 1 Miner 2 Miner 3 TX87 TX49 TX37 TX87 TX37 TX88 Unconfirmed TX Unconfirmed TX Unconfirmed TX TX22 TX17 TX16 TX31 • Remove the committed transactions from unconfirmed TX list
Safety vs Liveness TX11 TX13 TX45 TX56 TX19 TX42 TX67 TX10 TX16 TX55 TX40 TX32 Miner 1 Miner 2 Miner 3 TX87 TX49 TX37 TX87 TX37 TX88 Unconfirmed TX Unconfirmed TX Unconfirmed TX TX22 TX17 TX16 TX31 • Start the next round ... Miner 4 Unconfirmed TX
Conclusion • Nakamoto Consensus (PoW) • Any correct blocks can be added • No guarantee that every miner will try to mine the same block • No guarantee that you can see your transaction in the latest block • What if two miners mine block simultaneously?
WEEK 4.pdfddddddddddddddddddddddddddddddddddddddddddd
Blockchain and its applications Prof. Sandip Chakraborty Department of Computer Science & Engineering Indian Institute of Technology Kharagpur Lecture 20: Limitations of PoW: Forking and Security
• PoW Forks • Attacks on PoW • The Monopoly Problem
• Forks • Security • 51% attack
PoW: Mining a New Block TX11 TX13 TX45 TX56 TX19 TX42 TX67 TX10 TX16 TX55 TX40 TX32 Miner 1 Miner 2 Miner 3 TX16 TX17 TX87 TX49 TX37 TX17 TX22 TX87 TX37 TX88 TX16 TX17 TX22 TX31 Unconfirmed TX Unconfirmed TX Unconfirmed TX TX22 TX17 TX16 TX31 NM3 • The miner who is able to solve the puzzle becomes the leader • The block from the leader is appended in the blockchain TX22 TX17 TX16 TX31
PoW: Mining a New Block TX11 TX13 TX45 TX56 TX19 TX42 TX67 TX10 TX16 TX55 TX40 TX32 Miner 1 Miner 2 Miner 3 TX16 TX17 TX87 TX49 TX37 TX17 TX22 TX87 TX37 TX88 TX16 TX17 TX22 TX31 Unconfirmed TX Unconfirmed TX Unconfirmed TX TX22 TX17 TX16 TX31 NM3 TX22 TX17 TX16 TX31 NM1 TX16 TX17 TX87 TX49 TX16 TX17 TX87 TX49 ? What if two miners solve the puzzle simultaneously?
PoW: Mining a New Block TX11 TX13 TX45 TX56 TX19 TX42 TX67 TX10 TX16 TX55 TX40 TX32 Miner 1 Miner 2 Miner 3 TX16 TX17 TX87 TX49 TX37 TX17 TX22 TX87 TX37 TX88 TX16 TX17 TX22 TX31 Unconfirmed TX Unconfirmed TX Unconfirmed TX TX22 TX17 TX16 TX31 TX22 TX17 TX16 TX31 TX16 TX17 TX87 TX49 Fork
PoW: Mining a New Block TX11 TX13 TX45 TX56 TX19 TX42 TX67 TX10 TX16 TX55 TX40 TX32 Miner 1 Miner 2 Miner 3 TX16 TX17 TX87 TX49 TX37 TX17 TX22 TX87 TX37 TX88 TX16 TX17 TX22 TX31 Unconfirmed TX Unconfirmed TX Unconfirmed TX TX22 TX17 TX16 TX31 TX22 TX17 TX16 TX31 TX16 TX17 TX87 TX49 Fork Consensus finality is not ensured – Safety not satisfied immediately • The network remains partitioned for some amount of time
PoW: Mining a New Block TX11 TX13 TX45 TX56 TX19 TX42 TX67 TX10 TX16 TX55 TX40 TX32 Miner 1 Miner 2 Miner 3 TX37 TX37 TX88 Unconfirmed TX Unconfirmed TX Unconfirmed TX TX22 TX17 TX16 TX31 TX22 TX17 TX16 TX31 TX16 TX17 TX87 TX49 Fork Momentary Decision: Miners remove the TXs corresponding to both the blocks, from their Unconfirmed TX list
PoW: Mining a New Block TX11 TX13 TX45 TX56 TX19 TX42 TX67 TX10 TX16 TX55 TX40 TX32 Miner 1 Miner 2 Miner 3 TX37 TX37 TX88 Unconfirmed TX Unconfirmed TX Unconfirmed TX TX22 TX17 TX16 TX31 TX22 TX17 TX16 TX31 TX16 TX17 TX87 TX49 Fork Forks are resolved eventually • For the next block creation, a miner accepts the previous block that it hears from the majority of the neighbor
PoW: Mining a New Block TX11 TX13 TX45 TX56 TX19 TX42 TX67 TX10 TX16 TX55 TX40 TX32 Miner 1 Miner 2 Miner 3 TX100 TX100 TX110 TX100 TX110 Unconfirmed TX Unconfirmed TX Unconfirmed TX TX22 TX17 TX16 TX31 TX22 TX17 TX16 TX31 TX16 TX17 TX87 TX49 Fork Forks are resolved eventually • For the next block creation, a miner accepts the previous block that it hears from the majority of the neighbor TX37 TX88 TX91 TX97
PoW: Mining a New Block TX11 TX13 TX45 TX56 TX19 TX42 TX67 TX10 TX16 TX55 TX40 TX32 Miner 1 Miner 2 Miner 3 TX100 TX100 TX110 TX100 TX110 Unconfirmed TX Unconfirmed TX Unconfirmed TX TX22 TX17 TX16 TX31 TX22 TX17 TX16 TX31 TX16 TX17 TX87 TX49 Fork Eventually, one block becomes part of the main chain TX37 TX88 TX91 TX97
PoW: Mining a New Block TX11 TX13 TX45 TX56 TX19 TX42 TX67 TX10 TX16 TX55 TX40 TX32 Miner 1 Miner 2 Miner 3 TX100 TX100 TX110 TX100 TX110 Unconfirmed TX Unconfirmed TX Unconfirmed TX TX22 TX17 TX16 TX31 TX22 TX17 TX16 TX31 TX16 TX17 TX87 TX49 Fork For a forked block, if the transactions are not yet committed, include them in the Unconfirmed TX list TX37 TX88 TX91 TX97
PoW: Mining a New Block TX11 TX13 TX45 TX56 TX19 TX42 TX67 TX10 TX16 TX55 TX40 TX32 Miner 1 Miner 2 Miner 3 TX100 TX87 TX49 TX100 TX110 TX87 TX49 TX100 TX110 TX87 TX49 Unconfirmed TX Unconfirmed TX Unconfirmed TX TX22 TX17 TX16 TX31 TX22 TX17 TX16 TX31 TX16 TX17 TX87 TX49 Fork For a forked block, if the transactions are not yet committed, include them in the Unconfirmed TX list TX37 TX88 TX91 TX97
PoW: Mining a New Block TX11 TX13 TX45 TX56 TX19 TX42 TX67 TX10 TX16 TX55 TX40 TX32 Miner 1 Miner 2 Miner 3 TX100 TX87 TX49 TX100 TX110 TX87 TX49 TX100 TX110 TX87 TX49 Unconfirmed TX Unconfirmed TX Unconfirmed TX TX22 TX17 TX16 TX31 TX22 TX17 TX16 TX31 TX16 TX17 TX87 TX49 Fork Eventual consensus finality: • (Bitcoin) Cannot use a transaction until confirmation of 6 blocks – ensured through scripts TX37 TX88 TX91 TX97
Security Measures for PoW • Sybil Attacks • Attacker attempts to fill the network with the clients under its control • Create multiple identities (multiple public key addresses) to control the network – refuse to relay valid blocks or relay attacked blocks • Solution: Diversify the connections – Bitcoin allows one outbound connection to per /16 block of IP addresses – cannot make both 202.141.81.2/16 and 202.141.80.18/16 as the peers
Security Measures for PoW • Denial of Service (DoS) • Send a lot of data to a node – block the processing power • Solution: Limit forwarding of blocks, disconnect a peer that sends too many transactions
Breaking PoW • Bitcoin PoW is computationally difficult to break, but not impossible • Attackers can deploy high power servers to do more work than the total work of the blockchain
Breaking PoW • A known case of successful double-spending • (November 2013) “it was discovered that the GHash.io mining pool appeared to be engaging in repeated payment fraud against BetCoin Dice, a gambling site” [Source: https://en.bitcoin.it/]
The Monopoly Problem • PoW depends on the computing resources available to a miner • Miners having more resources have more probability to complete the work
The Monopoly Problem • Monopoly can increase over time (Tragedy of the Commons) • Miners will get less reward over time • Users will get discouraged to join as the miner • Few miners with large computing resources may get control over the network
The Monopoly Problem • 51% Attack: A group of miners control more than 50% of the hash rate of the network • Hypothetical as of now for Bitcoin (as the network is large), but not impossible (happened for Kryptom – Ethereum based blockchain, in August, 2016)
Conclusion • PoW may result a fork – consensus finality is not ensured • The security of PoW is ensured with the condition that attackers cannot gain more than 50% of the hash power
WEEK 4.pdfddddddddddddddddddddddddddddddddddddddddddd

More Related Content

PDF
Report on Bitcoin- The cryptocurrency (November 2017)
AJSH & Co LLP
 
PDF
Bitcoin
ajshdelhi01
 
PDF
Bitcoins: Application of blockchain technology
Shiv Sahni
 
PPTX
Bitcoin I.pptx
AseemBhube1
 
PDF
Bitcoin intro
blockchained
 
PDF
CRYPTO CURRENCY-2022OD205.pdf
JESUNPK
 
PPTX
Bitcoin
Tejas Sarosiya
 
PPTX
Blockchain and Bitcoin
Hugo Rodrigues
 
Report on Bitcoin- The cryptocurrency (November 2017)
AJSH & Co LLP
 
Bitcoin
ajshdelhi01
 
Bitcoins: Application of blockchain technology
Shiv Sahni
 
Bitcoin I.pptx
AseemBhube1
 
Bitcoin intro
blockchained
 
CRYPTO CURRENCY-2022OD205.pdf
JESUNPK
 
Bitcoin
Tejas Sarosiya
 
Blockchain and Bitcoin
Hugo Rodrigues
 

Similar to WEEK 4.pdfddddddddddddddddddddddddddddddddddddddddddd (20)

PPTX
Cryptocurrencies for Everyone (Dmytro Pershyn Technology Stream)
IT Arena
 
PPTX
Bitcoin (Cryptocurrency)
Tsasaa Tsas
 
PPTX
Coin Center at EU Science and Technology Options Assessment Meeting Jan 25, 2015
CoinCenter
 
PPTX
Idea To IPO Blockchain Slides
Roger Royse
 
PPTX
Demysitifying Bitcoin and Blockchain
Ganesh Kondal
 
PDF
Blockchain meetup
QuantUniversity
 
PPTX
bitcoin_presentation
Dmytro Pershyn
 
PPTX
Crypto currency
Rushikesh Kulkarni
 
PDF
Bitcoin story of programable currency
Hossam Soffar
 
PDF
Bitcoin presentation
Francis Pouliot
 
PPTX
Bitcoin Transparency Using Blockchain.pptx
MuhammadHamza579668
 
PDF
Blockchain - Presentacion Betabeers Galicia 10/12/2014
WeKCo Coworking
 
PPTX
Block chain introduction to the world and how we can utilise it
MichealDsouza1
 
PDF
Bitcoin and Ransomware Analysis
inder_barara
 
PDF
Bitcoin and Ransomware Analysis
Inderjeet Singh
 
PPTX
Blockchain
Gopal Goel
 
PPTX
Blockchain Blockchain Blockchain Lec 1.pptx
nsyd08384
 
PPTX
BITCOIN EXPLAINED
Murlidhar Sarda
 
PPTX
Block chain introduction to the world and how we can utilise it
MichealDsouza1
 
PPTX
A Quick Start To Blockchain by Seval Capraz
Seval Çapraz
 
Cryptocurrencies for Everyone (Dmytro Pershyn Technology Stream)
IT Arena
 
Bitcoin (Cryptocurrency)
Tsasaa Tsas
 
Coin Center at EU Science and Technology Options Assessment Meeting Jan 25, 2015
CoinCenter
 
Idea To IPO Blockchain Slides
Roger Royse
 
Demysitifying Bitcoin and Blockchain
Ganesh Kondal
 
Blockchain meetup
QuantUniversity
 
bitcoin_presentation
Dmytro Pershyn
 
Crypto currency
Rushikesh Kulkarni
 
Bitcoin story of programable currency
Hossam Soffar
 
Bitcoin presentation
Francis Pouliot
 
Bitcoin Transparency Using Blockchain.pptx
MuhammadHamza579668
 
Blockchain - Presentacion Betabeers Galicia 10/12/2014
WeKCo Coworking
 
Block chain introduction to the world and how we can utilise it
MichealDsouza1
 
Bitcoin and Ransomware Analysis
inder_barara
 
Bitcoin and Ransomware Analysis
Inderjeet Singh
 
Blockchain
Gopal Goel
 
Blockchain Blockchain Blockchain Lec 1.pptx
nsyd08384
 
BITCOIN EXPLAINED
Murlidhar Sarda
 
Block chain introduction to the world and how we can utilise it
MichealDsouza1
 
A Quick Start To Blockchain by Seval Capraz
Seval Çapraz
 
Ad

Recently uploaded (20)

PPT
Leadership essentials to build your carrier
ahmedhasan769002
 
PDF
Invincible season 2 storyboard revisions seq3 by Mark G
MarkGalez
 
PDF
Applying Lean Six Sigma in Pre-Sales & Pre-Development: Setting the Stage for...
alekhyamandadi1
 
PDF
reStartEvents 8:7 Nationwide All-Clearances Employer Directory.pdf
Ken Fuller
 
PDF
Copy of HKISO FINAL ROUND Session 1 & 2 - S3 and SS.pdf
nothisispatrickduhh
 
PPTX
Visit tofgwudbsbvaagsgve Sub-Center.pptx
venkiprince758
 
PPTX
AMB Trainingt for School Teachers.pptx h
vidushirathiji
 
PDF
Business Valuation: Meaning, Importance & Top Methods
alishajoy059
 
PPTX
Interview skill/ //////////////////.pptx
TaruBadva1
 
PPTX
Public_Health_Informghiufdrgatics_PPT.pptx
venkiprince758
 
PPTX
single phase transformer working types and application
mitsumanna16
 
PPTX
LESSON 5 TLE 7SDHSJFJDFHDJFHDJFEWFFFEDDDD
roeltabuyo4
 
PDF
past progressivvvvvvvvvvvvvvvvvvvvvvvvvvvvve.pdf
felipemirandac1
 
PDF
Invincible Season 2 Storyboard Revisions by Mark G
MarkGalez
 
PDF
Professor Dr. Nazrul Islam - Curriculum Vitae.pdf
Dr. Nazrul Islam
 
PPTX
ALLIED HEALTH BScPhysicianAssistant.pptx
Lakshminarayanan Sadhasivan
 
PPTX
First Homeroom Meeting in Dahlia SY2025-2026
katrinacalado
 
PPTX
Cyber_Awareness_Presrerereerentation.pptx
shivamshirsath07
 
PPTX
arif og 2.pptx defence mechanism of gingiva
arifkhansm29
 
PDF
PowerPoint Presentation -- Khai Y -- 7891fd01905c67ba9330323ac4f6626e -- Anna...
AmmaraAdeel1
 
Leadership essentials to build your carrier
ahmedhasan769002
 
Invincible season 2 storyboard revisions seq3 by Mark G
MarkGalez
 
Applying Lean Six Sigma in Pre-Sales & Pre-Development: Setting the Stage for...
alekhyamandadi1
 
reStartEvents 8:7 Nationwide All-Clearances Employer Directory.pdf
Ken Fuller
 
Copy of HKISO FINAL ROUND Session 1 & 2 - S3 and SS.pdf
nothisispatrickduhh
 
Visit tofgwudbsbvaagsgve Sub-Center.pptx
venkiprince758
 
AMB Trainingt for School Teachers.pptx h
vidushirathiji
 
Business Valuation: Meaning, Importance & Top Methods
alishajoy059
 
Interview skill/ //////////////////.pptx
TaruBadva1
 
Public_Health_Informghiufdrgatics_PPT.pptx
venkiprince758
 
single phase transformer working types and application
mitsumanna16
 
LESSON 5 TLE 7SDHSJFJDFHDJFHDJFEWFFFEDDDD
roeltabuyo4
 
past progressivvvvvvvvvvvvvvvvvvvvvvvvvvvvve.pdf
felipemirandac1
 
Invincible Season 2 Storyboard Revisions by Mark G
MarkGalez
 
Professor Dr. Nazrul Islam - Curriculum Vitae.pdf
Dr. Nazrul Islam
 
ALLIED HEALTH BScPhysicianAssistant.pptx
Lakshminarayanan Sadhasivan
 
First Homeroom Meeting in Dahlia SY2025-2026
katrinacalado
 
Cyber_Awareness_Presrerereerentation.pptx
shivamshirsath07
 
arif og 2.pptx defence mechanism of gingiva
arifkhansm29
 
PowerPoint Presentation -- Khai Y -- 7891fd01905c67ba9330323ac4f6626e -- Anna...
AmmaraAdeel1
 
Ad

WEEK 4.pdfddddddddddddddddddddddddddddddddddddddddddd

  • 1. Blockchain and its applications Prof. Shamik Sural Department of Computer Science & Engineering Indian Institute of Technology Kharagpur Lecture 16: Blockchain Elements - IV
  • 2. • Joining a Bitcoin Network • Transaction Flooding • Block Mining • Block Propagation • Forking and Propagation of Longest Chain
  • 3. • Bitcoin Node • Transaction Flooding • Block Reward • Block Propagation • Fork in Blockchain
  • 4. Bitcoin P2P Network • An ad-hoc network with random topology, Bitcoin protocol runs over TCP • All nodes (users) in the bitcoin network are treated equally • New nodes can join any time, non-responding nodes are removed after 3 hours
  • 5. Joining in a Bitcoin P2P Network
  • 6. Joining in a Bitcoin P2P Network
  • 7. Joining in a Bitcoin P2P Network Give me the address Seed Node
  • 8. Joining in a Bitcoin P2P Network <address list> Seed Node
  • 9. Joining in a Bitcoin P2P Network Seed Node
  • 10. Joining in a Bitcoin P2P Network Get most recent blockchain
  • 11. Joining in a Bitcoin P2P Network Start transaction
  • 12. Transactions in a Bitcoin Network • Alice joins the Bitcoin network by opening her applet • Alice makes a transaction to Bob: A->B: BTC 10 • Alice includes the scripts with the transactions • Alice broadcasts this transaction in the Bitcoin network
  • 13. Transaction Flooding in a Bitcoin Network
  • 14. Transaction Flooding in a Bitcoin Network
  • 15. Transaction Flooding in a Bitcoin Network Validate the Transaction
  • 16. Transaction Flooding in a Bitcoin Network Flood the Transaction
  • 17. Transaction Flooding in a Bitcoin Network I have already seen the transaction A->B:BTC10
  • 18. Which Transactions Should You Relay? • The transaction is valid with current blockchain – No conflict – No double spending • The script matches with a pre-given set of whitelist scripts – Avoid unusual scripts, avoid infinite loops • Does not conflict with other transactions that I have relayed after getting the blockchain updated – avoid double spending
  • 19. Transaction Flooding in a Bitcoin Network A->B:BTC10 Different nodes may have different transaction pools A->B:BTC10 A->B:BTC10 A->B:BTC10 A->B:BTC10 A->B:BTC10 C->D:BTC20 C->D:BTC20 C->D:BTC20 A->B:BTC10 C->D:BTC20 C->D:BTC20 Accept the first transactions that you have heard
  • 20. Transaction Flooding in a Bitcoin Network A->B:BTC10 A->B:BTC10 A->B:BTC10 A->B:BTC10 A->B:BTC10 A->B:BTC10 C->D:BTC20 C->D:BTC20 C->D:BTC20 A->B:BTC10 C->D:BTC20 C->D:BTC20 Accept the first set of transactions that you have heard
  • 21. Mining in a Bitcoin Network Miner collects all the transactions flooded and starts mining
  • 22. Block Generation The miner who solves the puzzle first, generates a new block
  • 23. Block Flooding Flood the blockchain with the new block included
  • 24. Block Propagation Multiple miners can mine a new block simultaneously or in a near identical time “Forks” may get created
  • 25. Block Propagation – Accept the Longest Chain Block 1 Block 2 Block 3 Block 4 Block 5 Block 6 Block 7 Block 8 Block 9 Block 11 Block 10 • “Accidental” forks occur rarely. Even if they occur, eventually only one becomes part of the longest chain • There are “intentional” forks of two type: hard forks and soft forks to come up with new versions like Bitcoin Cash, etc., or to upgrade software versions
  • 26. Which Block to Relay • Block contains the correct hash based on the existing blockchain • All the transactions inside the block are valid – Check the scripts – Validate with the existing blockchain • The block is included in the current longest chain – Do not relay the forks
  • 27. • Shown how a new node can join the bitcoin network • Creation and propagation of transactions • Accumulating transactions and mining new blocks • Propagation of new bitcoin blocks • Discussed how forking is handled in a blockchain
  • 28. • Blockchain Basics: A Non-Technical Introduction in 25 Steps by Daniel Drescher, Apress (2017) • Blockchain: Hype or Innovation by Tatiana Gayvoronskaya and Christoph Meinel, Springer (2021) • Any other standard textbook on blockchain/bitcoin
  • 30. Blockchain and its applications Prof. Shamik Sural Department of Computer Science & Engineering Indian Institute of Technology Kharagpur Lecture 17: Blockchain Elements - V
  • 31. • Start of the Bitcoin Network and Creation of Coins • Variation of Block Reward with Time • Handling of Double Spending Problem • Payment using Bitcoin and Anonymity • Bitcoin Exchange
  • 32. • Block Reward • Double Spending • Anonymity • Bitcoin Exchange
  • 33. Bitcoin Basics – Creation of Coins • Controlled Supply: Must be limited for the currency to have value – any maliciously generated currency needs to be rejected by the network • Bitcoins are generated during the mining – each time a user discovers a new block • The rate of block creation is adjusted every 2016 blocks to aim for a constant two week adjustment period • The last bitcoin will be mined in 2140 (estimated and unless changed)
  • 34. Bitcoin Basics – Creation of Coins • Number of bitcoins generated per block is set to decrease geometrically, with a 50% reduction for every 210,000 blocks, or approximately 4 years • This reduces with time the amount of bitcoins generated per block – Theoretical limit for total bitcoins: Slightly less than 21 million – Miners will get less reward as time progresses – How to pay the mining fee – increase the transaction fee
  • 35. Projected Number of Bitcoins Information Source: https://en.bitcoin.it/wiki/
  • 36. Bitcoin Basics – Sending Payments • Alice wants to send bitcoin to Bob – Bob sends his address to Alice – Alice adds Bob’s address and the amount of bitcoins to transfer in a “transaction” message – Alice signs the transaction with her private key, and announces her public key for signature verification – Alice broadcasts the transaction on the Bitcoin network for all to see Information Source: https://en.bitcoin.it/wiki/
  • 37. Double Spending • Same bitcoin is used for more than one transaction A:50 • Double spending Cash?? • In a centralized system for digital currency, the bank prevents double spending • How can we prevent double spending in a decentralized network?
  • 38. Handle Double Spending using Blockchain • When multiple valid continuation to this chain appear, only the longest such branch is accepted and it is then extended further (longest chain) • Once a transaction is committed in the blockchain, everyone in the network can validate all the transactions by using Alice’s public address • The validation prevents double spending in bitcoin
  • 39. Bitcoin Anonymity • Bitcoin is permission-less, you do not need to setup any “account”, or required any e-mail address, user name or password to login to the wallet • The public and the private keys do not need to be registered, the wallet can generate them for the users • The bitcoin address is used for transaction, not the user name or identity
  • 40. Bitcoin Anonymity • A bitcoin address mathematically corresponds to a public key based on ECDSA – the digital signature algorithm used in bitcoin • A sample bitcoin address: 1PHYrmdJ22MKbJevpb3MBNpVckjZHt89hz • Each person can have many such addresses, each with its own balance – Difficult to know which person owns what amount
  • 41. To Sum it All Up!! • Bitcoins do not really “exist” as any tangible or electronic object. • There is no bit”coin” as you see in its logo • Owning a bitcoin simply means you have access to a key pair that includes – A public key to which somebody else had sent some bitcoin – A matching private key that gives you the authority to send the previously received bitcoin to another address • If you lose your private key, you lose the corresponding bitcoin(s)
  • 42. Physical Payment using Bitcoin • All that is needed is a (set of) private key(s) – Public key can be generated from the private key. • Safely store the private key – in your desktop, on the web, mobile phone, special hardware attachment, printed on a piece of paper as QR • For online payment, you can use the wallet and an appropriate mode of applying the private key • For off line payments like in store payments or paying to your friend, you can use your mobile phone to present the private key or use the hardcopy!! As simple as using PayTm, Google Pay and so on.
  • 43. Bitcoin Exchange • Trading bitcoin as commodity • Centralized exchanges – (In India: WazirX, CoinDCX, Zebpay, CoinSwitch Kuber, etc.) – Identity verification using KYC documents – Maintain your balance in Bitcoin and another currency like INR. – You set the buying and selling prices and quantities – If necessary, you can take the money out in a referred currency – Some exchanges provide the payout option in anonymous prepaid cards • There can also be decentralized exchanges with appropriate procedures for handling similar requirements
  • 44. • Generation (Mining) of new coins • Variation of block reward with time • Handling double spending • Anonymity in bitcoin • Paying using bitcoin and role of exchange
  • 45. • Blockchain Basics: A Non-Technical Introduction in 25 Steps by Daniel Drescher, Apress (2017) • Blockchain: Hype or Innovation by Tatiana Gayvoronskaya and Christoph Meinel, Springer (2021) • Any other standard textbook on blockchain/bitcoin
  • 47. Blockchain and its applications Prof. Sandip Chakraborty Department of Computer Science & Engineering Indian Institute of Technology Kharagpur Lecture 18: Permissionless Model and Open Consensus
  • 48. • Permissionless Model • Consensus Requirements for Open Networks • FLP Impossibility and Open Consensus
  • 49. • Permissionless Models • Synchronous and Asynchronous • Failures in distributed system • Safety vs Liveness
  • 50. Permissionless Model • Open network • Anyone can join in the network and initiate transactions • Participants are free to leave the network, and can join later again
  • 51. Permissionless Model • Open network • Anyone can join in the network and initiate transactions • Participants are free to leave the network, and can join later again • Assumption: More than 50% of the participants are honest • A society cannot run if majority of its participants are dishonest !!
  • 53. Consensus Challenges • Participants do not know others • Cannot use message passing !! • Anyone can propose a new block • Who is going to add the next block in the blockchain? • The network is asynchronous • We do not have any global clock • A node may see the blocks in different orders
  • 57. Consensus Challenges • Any types of monopoly needs to be prevented • A single user or a group of users should not gain the control – we don't trust anyone
  • 58. Synchronous vs Asynchronous • Synchronous vs Asynchronous Networks • Synchronous: I am sure that I'll get the message in real time (theoretically no delay or minimum delay) • Asynchronous: I am not sure whether and when the message will arrive
  • 59. Failure in a Network • Crash Fault: A node stops responding • Link Fault (or Network Fault): A link fails to deliver the message • Byzantine Fault: A node starts behaving maliciously
  • 60. Failure in a Network • Crash Fault: A node stops responding • Link Fault (or Network Fault): A link fails to deliver the message • Byzantine Fault: A node starts behaving maliciously
  • 61. Failure in a Network • Crash Fault: A node stops responding • Link Fault (or Network Fault): A link fails to deliver the message • Byzantine Fault: A node starts behaving maliciously B2 B4 B1 B1
  • 62. Remember FLP Impossibility? • The Impossibility Theorem: Consensus is not possible in a perfect asynchronous network even with a single crash failure • Cannot ensure safety and liveness simultaneously
  • 63. The Safety vs Liveness Dilemma The Nakamoto Consensus (Proof of Work) Liveness is more important than Safety Immediate focus is on liveness with a minimum safety guarantee, full safety will be ensured eventually
  • 65. The Consensus Problem TX11 TX13 TX45 TX56 TX19 TX42 TX67 TX10 TX16 TX55 TX40 TX32 Miner 1 Miner 2 Miner 3 Unconfirmed TX Unconfirmed TX Unconfirmed TX Bitcoin Unconfirmed TX : https://www.blockchain.com/btc/unconfirmed-transactions
  • 66. The Consensus Problem TX11 TX13 TX45 TX56 TX19 TX42 TX67 TX10 TX16 TX55 TX40 TX32 Miner 1 Miner 2 Miner 3 TX16 TX16 Unconfirmed TX Unconfirmed TX Unconfirmed TX TX16
  • 67. The Consensus Problem TX11 TX13 TX45 TX56 TX19 TX42 TX67 TX10 TX16 TX55 TX40 TX32 Miner 1 Miner 2 Miner 3 TX16 TX17 TX17 TX16 TX17 Unconfirmed TX Unconfirmed TX Unconfirmed TX TX17
  • 68. The Consensus Problem TX11 TX13 TX45 TX56 TX19 TX42 TX67 TX10 TX16 TX55 TX40 TX32 Miner 1 Miner 2 Miner 3 TX16 TX17 TX17 TX22 TX16 TX17 TX22 Unconfirmed TX Unconfirmed TX Unconfirmed TX TX22
  • 69. The Consensus Problem TX11 TX13 TX45 TX56 TX19 TX42 TX67 TX10 TX16 TX55 TX40 TX32 Miner 1 Miner 2 Miner 3 TX16 TX17 TX87 TX49 TX37 TX17 TX22 TX87 TX37 TX88 TX16 TX17 TX22 TX31 Unconfirmed TX Unconfirmed TX Unconfirmed TX
  • 70. The Consensus Problem TX11 TX13 TX45 TX56 TX19 TX42 TX67 TX10 TX16 TX55 TX40 TX32 Miner 1 Miner 2 Miner 3 TX16 TX17 TX87 TX49 TX37 TX17 TX22 TX87 TX37 TX88 TX16 TX17 TX22 TX31 Unconfirmed TX Unconfirmed TX Unconfirmed TX Which one would be the next block?
  • 71. Conclusion • Message passing is not possible over an open network • FLP Impossibility: Safety vs Liveness • Priority over Liveness • More suitable for Blockchain? Include the correct block – whether it is final, think later • Different miners see different blocks • Which one to add?
  • 73. Blockchain and its applications Prof. Sandip Chakraborty Department of Computer Science & Engineering Indian Institute of Technology Kharagpur Lecture 19: Nakamoto Consensus (Proof of Work)
  • 75. • PoW • Block Mining • Safety and Liveness
  • 76. The Consensus Problem TX11 TX13 TX45 TX56 TX19 TX42 TX67 TX10 TX16 TX55 TX40 TX32 Miner 1 Miner 2 Miner 3 TX16 TX17 TX87 TX49 TX37 TX17 TX22 TX87 TX37 TX88 TX16 TX17 TX22 TX31 Unconfirmed TX Unconfirmed TX Unconfirmed TX Which one would be the next block?
  • 77. Safety vs Liveness TX11 TX13 TX45 TX56 TX19 TX42 TX67 TX10 TX16 TX55 TX40 TX32 Miner 1 Miner 2 Miner 3 TX16 TX17 TX87 TX49 TX37 TX17 TX22 TX87 TX37 TX88 TX16 TX17 TX22 TX31 Unconfirmed TX Unconfirmed TX Unconfirmed TX Safety-1: The next block should be "correct" in practice • Transactions are verified, block contains correct Hash and Nonce
  • 78. Safety vs Liveness TX11 TX13 TX45 TX56 TX19 TX42 TX67 TX10 TX16 TX55 TX40 TX32 Miner 1 Miner 2 Miner 3 TX16 TX17 TX87 TX49 TX37 TX17 TX22 TX87 TX37 TX88 TX16 TX17 TX22 TX31 Unconfirmed TX Unconfirmed TX Unconfirmed TX Safety-1: The next block should be "correct" in practice • Transactions are verified, block contains correct Hash and Nonce This can be ensured – the block mined by a miner is verified by all
  • 79. Safety vs Liveness TX11 TX13 TX45 TX56 TX19 TX42 TX67 TX10 TX16 TX55 TX40 TX32 Miner 1 Miner 2 Miner 3 TX16 TX17 TX87 TX49 TX37 TX17 TX22 TX87 TX37 TX88 TX16 TX17 TX22 TX31 Unconfirmed TX Unconfirmed TX Unconfirmed TX Safety-2: All the miners should agree on a single block • The next block of the blockchain should be selected unanimously
  • 80. Safety vs Liveness TX11 TX13 TX45 TX56 TX19 TX42 TX67 TX10 TX16 TX55 TX40 TX32 Miner 1 Miner 2 Miner 3 TX16 TX17 TX87 TX49 TX37 TX17 TX22 TX87 TX37 TX88 TX16 TX17 TX22 TX31 Unconfirmed TX Unconfirmed TX Unconfirmed TX Safety-2: All the miners should agree on a single block • The next block of the blockchain should be selected unanimously Miners do not know each other – how can they agree on the same block?
  • 81. Safety vs Liveness TX11 TX13 TX45 TX56 TX19 TX42 TX67 TX10 TX16 TX55 TX40 TX32 Miner 1 Miner 2 Miner 3 TX16 TX17 TX87 TX49 TX37 TX17 TX22 TX87 TX37 TX88 TX16 TX17 TX22 TX31 Unconfirmed TX Unconfirmed TX Unconfirmed TX Safety-2: All the miners should agree on a single block • The next block of the blockchain should be selected unanimously PoW compromises here
  • 82. Safety vs Liveness TX11 TX13 TX45 TX56 TX19 TX42 TX67 TX10 TX16 TX55 TX40 TX32 Miner 1 Miner 2 Miner 3 TX16 TX17 TX87 TX49 TX37 TX17 TX22 TX87 TX37 TX88 TX16 TX17 TX22 TX31 Unconfirmed TX Unconfirmed TX Unconfirmed TX Liveness: Add a block as long as it is correct (contains valid transactions from the unconfirmed TX list) and move further
  • 83. Safety vs Liveness TX11 TX13 TX45 TX56 TX19 TX42 TX67 TX10 TX16 TX55 TX40 TX32 Miner 1 Miner 2 Miner 3 TX16 TX17 TX87 TX49 TX37 TX17 TX22 TX87 TX37 TX88 TX16 TX17 TX22 TX31 Unconfirmed TX Unconfirmed TX Unconfirmed TX Liveness: Add a block as long as it is correct (contains valid transactions from the unconfirmed TX list) and move further Two (or more) different miners may add two (or more) different blocks
  • 84. Safety vs Liveness TX11 TX13 TX45 TX56 TX19 TX42 TX67 TX10 TX16 TX55 TX40 TX32 Miner 1 Miner 2 Miner 3 TX16 TX17 TX87 TX49 TX37 TX17 TX22 TX87 TX37 TX88 TX16 TX17 TX22 TX31 Unconfirmed TX Unconfirmed TX Unconfirmed TX Liveness: Add a block as long as it is correct (contains valid transactions from the unconfirmed TX list) and move further Two (or more) different miners may add two (or more) different blocks Will resolve this later!
  • 85. Safety vs Liveness TX11 TX13 TX45 TX56 TX19 TX42 TX67 TX10 TX16 TX55 TX40 TX32 Miner 1 Miner 2 Miner 3 TX16 TX17 TX87 TX49 TX37 TX17 TX22 TX87 TX37 TX88 TX16 TX17 TX22 TX31 Unconfirmed TX Unconfirmed TX Unconfirmed TX TX16 TX17 TX37 TX87 TX17 TX22 TX87 TX37 TX22 TX17 TX16 TX31
  • 86. Safety vs Liveness TX11 TX13 TX45 TX56 TX19 TX42 TX67 TX10 TX16 TX55 TX40 TX32 Miner 1 Miner 2 Miner 3 TX16 TX17 TX87 TX49 TX37 TX17 TX22 TX87 TX37 TX88 TX16 TX17 TX22 TX31 Unconfirmed TX Unconfirmed TX Unconfirmed TX TX16 TX17 TX37 TX87 TX17 TX22 TX87 TX37 TX22 TX17 TX16 TX31 • No fixed ordering of transactions • No fixed number of transactions per block • Limit on the Block size
  • 87. Safety vs Liveness TX11 TX13 TX45 TX56 TX19 TX42 TX67 TX10 TX16 TX55 TX40 TX32 Miner 1 Miner 2 Miner 3 TX16 TX17 TX87 TX49 TX37 TX17 TX22 TX87 TX37 TX88 TX16 TX17 TX22 TX31 Unconfirmed TX Unconfirmed TX Unconfirmed TX TX16 TX17 TX37 TX87 TX17 TX22 TX87 TX37 TX22 TX17 TX16 TX31 • Generate the proof (nonce) • Generation: Complex • Verification: Easy ? ? ?
  • 88. Safety vs Liveness TX11 TX13 TX45 TX56 TX19 TX42 TX67 TX10 TX16 TX55 TX40 TX32 Miner 1 Miner 2 Miner 3 TX16 TX17 TX87 TX49 TX37 TX17 TX22 TX87 TX37 TX88 TX16 TX17 TX22 TX31 Unconfirmed TX Unconfirmed TX Unconfirmed TX TX16 TX17 TX37 TX87 TX17 TX22 TX87 TX37 TX22 TX17 TX16 TX31 ? ? ? • Expectation: One of the miners will be able to generate the proof
  • 89. Safety vs Liveness TX11 TX13 TX45 TX56 TX19 TX42 TX67 TX10 TX16 TX55 TX40 TX32 Miner 1 Miner 2 Miner 3 TX16 TX17 TX87 TX49 TX37 TX17 TX22 TX87 TX37 TX88 TX16 TX17 TX22 TX31 Unconfirmed TX Unconfirmed TX Unconfirmed TX TX16 TX17 TX37 TX87 TX17 TX22 TX87 TX37 TX22 TX17 TX16 TX31 ? ? NM3 • Expectation: One of the miners will be able to generate the proof
  • 90. Safety vs Liveness TX11 TX13 TX45 TX56 TX19 TX42 TX67 TX10 TX16 TX55 TX40 TX32 Miner 1 Miner 2 Miner 3 TX16 TX17 TX87 TX49 TX37 TX17 TX22 TX87 TX37 TX88 TX16 TX17 TX22 TX31 Unconfirmed TX Unconfirmed TX Unconfirmed TX TX22 TX17 TX16 TX31 NM3 • Sign the block and broadcast • Gossip over the P2P network TX22 TX17 TX16 TX31
  • 91. Safety vs Liveness TX11 TX13 TX45 TX56 TX19 TX42 TX67 TX10 TX16 TX55 TX40 TX32 Miner 1 Miner 2 Miner 3 TX87 TX49 TX37 TX87 TX37 TX88 Unconfirmed TX Unconfirmed TX Unconfirmed TX TX22 TX17 TX16 TX31 • Remove the committed transactions from unconfirmed TX list
  • 92. Safety vs Liveness TX11 TX13 TX45 TX56 TX19 TX42 TX67 TX10 TX16 TX55 TX40 TX32 Miner 1 Miner 2 Miner 3 TX87 TX49 TX37 TX87 TX37 TX88 Unconfirmed TX Unconfirmed TX Unconfirmed TX TX22 TX17 TX16 TX31 • Start the next round ... Miner 4 Unconfirmed TX
  • 93. Conclusion • Nakamoto Consensus (PoW) • Any correct blocks can be added • No guarantee that every miner will try to mine the same block • No guarantee that you can see your transaction in the latest block • What if two miners mine block simultaneously?
  • 95. Blockchain and its applications Prof. Sandip Chakraborty Department of Computer Science & Engineering Indian Institute of Technology Kharagpur Lecture 20: Limitations of PoW: Forking and Security
  • 96. • PoW Forks • Attacks on PoW • The Monopoly Problem
  • 98. PoW: Mining a New Block TX11 TX13 TX45 TX56 TX19 TX42 TX67 TX10 TX16 TX55 TX40 TX32 Miner 1 Miner 2 Miner 3 TX16 TX17 TX87 TX49 TX37 TX17 TX22 TX87 TX37 TX88 TX16 TX17 TX22 TX31 Unconfirmed TX Unconfirmed TX Unconfirmed TX TX22 TX17 TX16 TX31 NM3 • The miner who is able to solve the puzzle becomes the leader • The block from the leader is appended in the blockchain TX22 TX17 TX16 TX31
  • 99. PoW: Mining a New Block TX11 TX13 TX45 TX56 TX19 TX42 TX67 TX10 TX16 TX55 TX40 TX32 Miner 1 Miner 2 Miner 3 TX16 TX17 TX87 TX49 TX37 TX17 TX22 TX87 TX37 TX88 TX16 TX17 TX22 TX31 Unconfirmed TX Unconfirmed TX Unconfirmed TX TX22 TX17 TX16 TX31 NM3 TX22 TX17 TX16 TX31 NM1 TX16 TX17 TX87 TX49 TX16 TX17 TX87 TX49 ? What if two miners solve the puzzle simultaneously?
  • 100. PoW: Mining a New Block TX11 TX13 TX45 TX56 TX19 TX42 TX67 TX10 TX16 TX55 TX40 TX32 Miner 1 Miner 2 Miner 3 TX16 TX17 TX87 TX49 TX37 TX17 TX22 TX87 TX37 TX88 TX16 TX17 TX22 TX31 Unconfirmed TX Unconfirmed TX Unconfirmed TX TX22 TX17 TX16 TX31 TX22 TX17 TX16 TX31 TX16 TX17 TX87 TX49 Fork
  • 101. PoW: Mining a New Block TX11 TX13 TX45 TX56 TX19 TX42 TX67 TX10 TX16 TX55 TX40 TX32 Miner 1 Miner 2 Miner 3 TX16 TX17 TX87 TX49 TX37 TX17 TX22 TX87 TX37 TX88 TX16 TX17 TX22 TX31 Unconfirmed TX Unconfirmed TX Unconfirmed TX TX22 TX17 TX16 TX31 TX22 TX17 TX16 TX31 TX16 TX17 TX87 TX49 Fork Consensus finality is not ensured – Safety not satisfied immediately • The network remains partitioned for some amount of time
  • 102. PoW: Mining a New Block TX11 TX13 TX45 TX56 TX19 TX42 TX67 TX10 TX16 TX55 TX40 TX32 Miner 1 Miner 2 Miner 3 TX37 TX37 TX88 Unconfirmed TX Unconfirmed TX Unconfirmed TX TX22 TX17 TX16 TX31 TX22 TX17 TX16 TX31 TX16 TX17 TX87 TX49 Fork Momentary Decision: Miners remove the TXs corresponding to both the blocks, from their Unconfirmed TX list
  • 103. PoW: Mining a New Block TX11 TX13 TX45 TX56 TX19 TX42 TX67 TX10 TX16 TX55 TX40 TX32 Miner 1 Miner 2 Miner 3 TX37 TX37 TX88 Unconfirmed TX Unconfirmed TX Unconfirmed TX TX22 TX17 TX16 TX31 TX22 TX17 TX16 TX31 TX16 TX17 TX87 TX49 Fork Forks are resolved eventually • For the next block creation, a miner accepts the previous block that it hears from the majority of the neighbor
  • 104. PoW: Mining a New Block TX11 TX13 TX45 TX56 TX19 TX42 TX67 TX10 TX16 TX55 TX40 TX32 Miner 1 Miner 2 Miner 3 TX100 TX100 TX110 TX100 TX110 Unconfirmed TX Unconfirmed TX Unconfirmed TX TX22 TX17 TX16 TX31 TX22 TX17 TX16 TX31 TX16 TX17 TX87 TX49 Fork Forks are resolved eventually • For the next block creation, a miner accepts the previous block that it hears from the majority of the neighbor TX37 TX88 TX91 TX97
  • 105. PoW: Mining a New Block TX11 TX13 TX45 TX56 TX19 TX42 TX67 TX10 TX16 TX55 TX40 TX32 Miner 1 Miner 2 Miner 3 TX100 TX100 TX110 TX100 TX110 Unconfirmed TX Unconfirmed TX Unconfirmed TX TX22 TX17 TX16 TX31 TX22 TX17 TX16 TX31 TX16 TX17 TX87 TX49 Fork Eventually, one block becomes part of the main chain TX37 TX88 TX91 TX97
  • 106. PoW: Mining a New Block TX11 TX13 TX45 TX56 TX19 TX42 TX67 TX10 TX16 TX55 TX40 TX32 Miner 1 Miner 2 Miner 3 TX100 TX100 TX110 TX100 TX110 Unconfirmed TX Unconfirmed TX Unconfirmed TX TX22 TX17 TX16 TX31 TX22 TX17 TX16 TX31 TX16 TX17 TX87 TX49 Fork For a forked block, if the transactions are not yet committed, include them in the Unconfirmed TX list TX37 TX88 TX91 TX97
  • 107. PoW: Mining a New Block TX11 TX13 TX45 TX56 TX19 TX42 TX67 TX10 TX16 TX55 TX40 TX32 Miner 1 Miner 2 Miner 3 TX100 TX87 TX49 TX100 TX110 TX87 TX49 TX100 TX110 TX87 TX49 Unconfirmed TX Unconfirmed TX Unconfirmed TX TX22 TX17 TX16 TX31 TX22 TX17 TX16 TX31 TX16 TX17 TX87 TX49 Fork For a forked block, if the transactions are not yet committed, include them in the Unconfirmed TX list TX37 TX88 TX91 TX97
  • 108. PoW: Mining a New Block TX11 TX13 TX45 TX56 TX19 TX42 TX67 TX10 TX16 TX55 TX40 TX32 Miner 1 Miner 2 Miner 3 TX100 TX87 TX49 TX100 TX110 TX87 TX49 TX100 TX110 TX87 TX49 Unconfirmed TX Unconfirmed TX Unconfirmed TX TX22 TX17 TX16 TX31 TX22 TX17 TX16 TX31 TX16 TX17 TX87 TX49 Fork Eventual consensus finality: • (Bitcoin) Cannot use a transaction until confirmation of 6 blocks – ensured through scripts TX37 TX88 TX91 TX97
  • 109. Security Measures for PoW • Sybil Attacks • Attacker attempts to fill the network with the clients under its control • Create multiple identities (multiple public key addresses) to control the network – refuse to relay valid blocks or relay attacked blocks • Solution: Diversify the connections – Bitcoin allows one outbound connection to per /16 block of IP addresses – cannot make both 202.141.81.2/16 and 202.141.80.18/16 as the peers
  • 110. Security Measures for PoW • Denial of Service (DoS) • Send a lot of data to a node – block the processing power • Solution: Limit forwarding of blocks, disconnect a peer that sends too many transactions
  • 111. Breaking PoW • Bitcoin PoW is computationally difficult to break, but not impossible • Attackers can deploy high power servers to do more work than the total work of the blockchain
  • 112. Breaking PoW • A known case of successful double-spending • (November 2013) “it was discovered that the GHash.io mining pool appeared to be engaging in repeated payment fraud against BetCoin Dice, a gambling site” [Source: https://en.bitcoin.it/]
  • 113. The Monopoly Problem • PoW depends on the computing resources available to a miner • Miners having more resources have more probability to complete the work
  • 114. The Monopoly Problem • Monopoly can increase over time (Tragedy of the Commons) • Miners will get less reward over time • Users will get discouraged to join as the miner • Few miners with large computing resources may get control over the network
  • 115. The Monopoly Problem • 51% Attack: A group of miners control more than 50% of the hash rate of the network • Hypothetical as of now for Bitcoin (as the network is large), but not impossible (happened for Kryptom – Ethereum based blockchain, in August, 2016)
  • 116. Conclusion • PoW may result a fork – consensus finality is not ensured • The security of PoW is ensured with the condition that attackers cannot gain more than 50% of the hash power