Bitcoin: P2P Digital Currency Pern Hui Chia Q2S NTNU Trial - - PowerPoint PPT Presentation

bitcoin p2p digital currency
SMART_READER_LITE
LIVE PREVIEW

Bitcoin: P2P Digital Currency Pern Hui Chia Q2S NTNU Trial - - PowerPoint PPT Presentation

Feb 16, 2024 139 likes •511 views

Experimental Bitcoin: P2P Digital Currency Pern Hui Chia Q2S NTNU Trial lecture, 7 Dec 2012, Trondheim Outline Background : Bitcoin How it works Risks & measures Economics and society Summary Bitcoin | Outline

slide-1
SLIDE 1

Pern Hui Chia

Q2S NTNU Trial lecture, 7 Dec 2012, Trondheim

Bitcoin: P2P Digital Currency

Experimental

slide-2
SLIDE 2

Outline

  • Background : Bitcoin
  • How it works
  • Risks & measures
  • Economics and society
  • Summary

Bitcoin | Outline 2

slide-3
SLIDE 3

Background

slide-4
SLIDE 4

Background

  • Money – payment of goods and services

– Bartering => commodity money => coinage => bank notes

  • E-banking, credit/debit cards
  • Digital currencies : convenience, anonymity, decentralization

Source: wikipedia.org

Bitcoin | Background 4

slide-5
SLIDE 5

Use of digital currencies

  • Convenience : Paypal, Second Life L$, World of Warcraft Gold, ..
  • Anonymity:

– Cash – relatively anonymous means of payment – E cash (Chaum, Fiat & Naor 1988)

  • Anonymous and safe payments
  • Suitable for small transactions compared to costly credit cards

– Many other academic papers followed.. but none takes off

Bitcoin | Background 5

slide-6
SLIDE 6
  • Decentralization

– Why not central issuers & authorities?

  • Single point of failure – company bankrupts
  • Depreciation – unexpected money-printing by governments
  • Restriction – freedom to support Wikileaks?

– B-money (Dai 1998) – crypto-anarchy, need not governments

  • Pseudonyms, computationally hard puzzle
  • Trusted arbitrators / servers – manage disputes given incentives/fines

– Bitcoin (Nakamoto 2008) – no trust needed, assume majority are benign

Use of digital currencies (continued)

Bitcoin | Background 6

slide-7
SLIDE 7

Timeline [21]

2008 Oct: Satoshi Nakamoto (alias), Bitcoin paper 2009 Jan: Genesis block, open-source project 2010 May: 10000 BTC traded with 2 pizzas Jul: Mt.Gox established 2011 Jun: $31 per BTC Jun: Theft (25k BTC), breach into Mt.Gox, $0.01 per BTC 2012 Dec: $13 per BTC

Source: wikipedia.org

Bitcoin | Background 7

slide-8
SLIDE 8

Numbers [16,17]

  • 10.5 million BTC issued

– Rate per 4 year: 10.5m, 5.2m, 2.6m, .. – Total BTC (2140) = 21m

  • Early Dec 2012:

– $13 per BTC – Market capital >$138m – 31k daily transactions

  • 2.4m BTC

2140 2009 21m

Controlled Money Supply

Bitcoin | Background 8

slide-9
SLIDE 9
  • Fiat currency – not backed by reserves nor government
  • Value = vendors/businesses accepting the currency
  • E-commerce: computer games, web hosting, IT services, clothing (alpaca socks), …
  • BitPay signs 1000 online merchants [18]
  • Also physical restaurants (green), hotels (blue), others (red)

Source: en.bitcoin.it/wiki

slide-10
SLIDE 10

Why Bitcoin?

  • Success factors (Barber et al. 2012)

– Expected money supply

  • No unexpected money-printing=> no devaluation / inflation

– No control of central authority – attract libertarians (and illegal activities) – Openness: open-source, APIs => 3rd party services (mixer, exchanges) flourishes – Infinite divisibility – Achilles’ heel of strong anonymity

  • Satoshi = 0.00000001 BTC, could be further divided

– Others

  • Low transactional costs
  • Instant & irreversible transactions

Bitcoin | Background 10

slide-11
SLIDE 11

How it works – simple, nothing fancy

slide-12
SLIDE 12

A distributed ledger system

  • Not coins

– Unlike e-cash (Chaum et al. 1988) where bank generates & verifies coins

  • Distributed ledgers

– Transaction history (not balances) – Public

Source: Bitcoin: A technical Introduction [15]

slide-13
SLIDE 13

Design

  • Strong ownership – digital signatures

– Cannot spend w/o private keys – Sign [ hash ( public key of recipient + amount + previous transaction ) ] – Multiple inputs (payer accounts), multiple outputs (recipients public keys)

Source: Nakamoto 2008

Bitcoin | Design 13

slide-14
SLIDE 14

Design (continued)

  • Preventing double-spending w/o trusted entities

– Need:

  • Temporal order in transaction history
  • Network consensus
  • Temporal order – chained hashes

– 1-way-ness ensures data exists (transaction occurs) at the time of hashing

  • Consensus – OK if can protect integrity

– Proof-of-Work – computational puzzles, hard to cheat – Successful nodes rewarded with Bitcoin == ‘gold mining’

Bitcoin | Design 14

slide-15
SLIDE 15

Design (continued)

  • Proof of Work (PoW)

– Put unconfirmed transactions in blocks – Compute hash (SHA-256) – Success = hash has #leading-zeros e.g., 00000000000004d7d38d84545b...

  • Difficulty tunable: #hashing increases exponentially with #zero
  • Expected time: ~10 minutes per success

– Else, increment nonce & re-compute

Bitcoin | Design 15

slide-16
SLIDE 16

Design (continued)

  • Racing & consensus:

– New transactions broadcasted (best-effort) – Individual miners group transactions in respective block

  • Start solve proof-of-work

– If found, solution (block) broadcasted to all – Miners accept solved-block if all transactions in block are valid

  • Transactions confirmed +1
  • Miners work on the next block

– Forks (racing) possible – always accept the longest chain

  • Harder to cheat (double-spend) as chain gets longer

– Need to re-do proof-of-work

Bitcoin | Design 16

slide-17
SLIDE 17
  • Not designed for strong anonymity

– Depends on anonymous public keys – Users encouraged to create new key pairs per transaction – costless – But,

  • Transaction history publicly available
  • Pseudonyms can be linked – not true anonymity

Design (continued)

Bitcoin | Design 17

slide-18
SLIDE 18

Risks & Measures

slide-19
SLIDE 19

Risk: 51% attack

  • 2000 miners, 25T hashes / s
  • Breaks if majority are bad

– Extremely powerful pooled miners

  • Deepbit

Slush BTC Guild BitMinter – But, can only double-spend

  • BTC value can skydive
  • More profitable to be

benign (Nakamoto 2008)

>50%

Source: blockchain.info, 3 Dec 2012

slide-20
SLIDE 20

Risk: Double spending

  • Double-spending by individuals

– Slow transactions – wait (tens of minutes) – Fast transactions (e.g., buying in stores, taxi)

  • Hard
  • Recommended:

– Listening period: wait for P2P delays – Observers: self-report double-spends

  • But, low-cost attack still possible (Karame et al. 2012)

– Nodes should alert double-spending proactively

Bitcoin POS

Source: http:// en.bitcoin.it/wiki

Bitcoin | Risks & Measures 20

slide-21
SLIDE 21

Risk: Theft / Loss

  • Malware: theft of keys

– Threshold cryptography – store keys in multiple locations (Barber et al. 2012)

  • Hacking: breach of third party wallets

– Can they protect our keys?

  • Loss of keys => BTC lost

– Secure backup needed

Bitcoin | Risks & Measures 21

slide-22
SLIDE 22

Risk: Not so anonymous

  • Anonymity by hiding identities, multiple keys (pseudonyms)

– Not a prominent design goal

  • Tracing transaction history (Reid & Harrigan 2011)

– Passive tracing can already learn a lot

  • Structural analysis – associated keys, balance per key, ..
  • External information – vendor’s keys, keys used for public donation, ..
  • Context discovery, flow and temporal analysis

– Active tracing – marked coins, collaborative attacks

Bitcoin | Risks & Measures 22

slide-23
SLIDE 23

Risk: Not so anonymous (continued)

  • Bitcoin usage in daily activities (Androulaki et al. 2012)

– Metrics: address unlinkability, profile indistinguishability – Possible information leaks:

  • Key association:

– Multi-input transactions – Shadow key created to receive change » Current implementation doesn’t pay multiple recipients

  • Behavioral clustering – geo-location, proximity to shops, user preferences

– Mixers & exchanges can help, but centralized?!

Bitcoin | Risks & Measures 23

slide-24
SLIDE 24
  • Network characteristics (Ron & Shamir 2012)

– Skewed distribution: account balance, # transactions, # keys – 73% transactions < 10 BTC – Few are using the system extensively

  • Easily recognizable when big?

– Other result: 78% minted coins not used

  • Active circulation of small subset of Bitcoin => good for privacy?

Risk: Skewed Distributions

Bitcoin | Risks & Measures 24

slide-25
SLIDE 25

Risk: Others

  • Botnet miners [22]
  • Denial of Service

– Attack may not be profitable but can destroy trust => devaluation

  • Usability

– Easy to make mistakes (or phished) with pseudonyms – Transactions irreversible

Bitcoin | Risks & Measures 25

slide-26
SLIDE 26

Economics & Society

slide-27
SLIDE 27

Economics & Society: The Positive

  • Against uncontrolled money-printing / devaluation
  • Can cater for low-cost transactions (no credit card charges)
  • Incentive compatible – need miners (PoW), reward miners

– New coins or transaction fees – But, miners may be incentivized not to propagate information (Babaioff et al. 2011)

  • Holding up information = time advantage to solve next PoW
  • Solution: Information propagator (previous solvers) should be rewarded

Bitcoin | Economics & Society 27

slide-28
SLIDE 28
  • Information freedom:

– WordPress accepts Bitcoin – make publishing democratic (Skelton 2012)

  • PayPal blocks access in 60 countries (CC companies similar)
  • Payment freedom:

– Wikileaks gets Bitcoin donation (Matonis 2012)

Bitcoin | Economics & Society 28

slide-29
SLIDE 29

Economics & Society: The Negative

  • Financial & environmental costs (Becker et al. 2012)

– Consider

  • Budget = costs of debit transactions ($283B, 30% for electricity)
  • Goal = maintain integrity i.e., >50% computing power
  • 3 attack scenarios:

– Supercomputer (K in Japan), – Successful botnet (~30m bots) – Virtual protest (10% of 843M Facebook users) – Only moderate cost reduction possible : <1 magnitude order – Large ecological footprint : 0.4 – 2% global CO2 emission – Should reuse byproducts of PoW or heat

  • E.g., carbon-dating commitments (Clark & Essex 2012)

Bitcoin | Economics & Society 29

slide-30
SLIDE 30
  • Legal issues:

– No protection against misbehaviors: double-spending, theft of keys, DoS, or losses – EFF – stop using Bitcoin as a donation option (Cohn 2011)

  • Complex legal issues, not to mislead users

– EU Electronic Money Directive (Jacobs 2011)

  • May apply to exchanges, and pooled mining
  • Financial regulations: obtain license from authority, know the customers, ..
  • Illicit activities

– Silk Road – underground drug marketplace – hidden service in Tor (Christin 2012) – Money laundering / tax evasion?

  • E-Gold: charged with money-laundering & operating an unlicensed

money-transmitting business [19]

Bitcoin | Economics & Society 30

slide-31
SLIDE 31
  • Other critiques

– Ponzi scheme? Deflation => early adopters advantage – Consumers prefer local currencies? – Volatile values, hard to price goods

  • $3 to $14 per BTC (this year)

Bitcoin | Economics & Society 31

slide-32
SLIDE 32

Summary

slide-33
SLIDE 33

Summary

  • Simple, elegant design
  • But, users should be aware of risks

– Assume majority honesty – No strong anonymity

  • Use cases debatable

– No single point of failure (or uncontrolled money-printing), freedom – But, illegal activities and misuses – Low-cost? Think green

Bitcoin | Summary 33

slide-34
SLIDE 34

Reference

1.

  • J. Becker, D. Breuker, T. Heide, J. Holler, H. P. Rauer, and R. Böhme, Can We Afford Integrity by

Proof-of-Work? Scenarios Inspired by the Bitcoin Currency, WEIS 2012. 2.

  • E. Androulaki, G. Karame, M. Roeschlin, T. Scherer and S. Capkun. Evaluating User Privacy in

Bitcoin, TR, 2012. 3.

  • D. Ron and A. Shamir. Quantitative Analysis of the Full Bitcoin Transaction Graph, TR, 2012

4.

  • G. O. Karame, E. Androulaki, and S. Capkun. Two Bitcoins at the Price of One? Double-Spending

Attacks on Fast Payments in Bitcoin, CCS 2012. 5.

  • N. Christin. Traveling the Silk Road: A measurement analysis of a large anonymous online

marketplace, TR 2012. 6.

  • S. Barber, X. Boyen, E. Shi, and E. Uzun. Bitter to Better -- How to Make Bitcoin a Better Currency,

FC 2012. 7.

  • J. Clark and A. Essex. CommitCoin: Carbon Dating Commitments with Bitcoin, FC 2012.

8.

  • M. Babaioff, S. Dobzinski, S. Oren, and A. Zohar. On Bitcoin and Red Balloons, SIGecon

Exchanges, 10(3), 2011. 9.

  • F. Reid and M. Harrigan. An Analysis of Anonymity in the Bitcoin System, PASSAT 2011.
  • 10. S. Nakamoto. Bitcoin: A Peer-to-Peer Electronic Cash System, 2009.
  • 11. E. Jacobs. Bitcoin : A Bit Too Far? Journal of Internet Banking & Commerce, Vol. 16 Issue 2, 2011.

Bitcoin | Reference 34

slide-35
SLIDE 35

Reference

  • 12. C. Cohn. EFF and Bitcoin. https://www.eff.org/deeplinks/2011/06/eff-and-bitcoin, 2011.
  • 13. A. Skelton. http://en.blog.wordpress.com/2012/11/15/pay-another-way-bitcoin/, Nov 2012.
  • 14. J. Matonis. http://www.forbes.com/sites/jonmatonis/2012/08/20/wikileaks-bypasses-financial-

blockade-with-bitcoin/, Aug 2012.

  • 15. Brian Warner. Bitcoin: A Technical Introduction, available at:

http://people.mozilla.com/~bwarner/bitcoin/slides.html, under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

  • 16. http://blockchain.info/stats. Last accessed: 4 Dec 2012.
  • 17. http://bitcoincharts.com/bitcoin/. Last accessed: 4 Dec 2012.
  • 18. http://www.americanbanker.com/issues/177_176/bitpay-signs-1000-merchants-to-accept-bitcoin-

payments-1052538-1.html. Last accessed: 4 Dec 2012.

  • 19. http://www.wired.com/threatlevel/2009/06/e-gold/. Last accessed: 4 Dec 2012.
  • 20. http://en.wikipedia.org/wiki/History_of_money. Last accessed: 4 Dec 2012.
  • 21. https://en.bitcoin.it/wiki/History. Last accessed: 4 Dec 2012.
  • 22. http://www.symantec.com/connect/blogs/bitcoin-botnet-mining. Last accessed: 4 Dec 2012.

Bitcoin | Reference 35

slide-36
SLIDE 36

Thank you. Questions?

Pern Hui Chia

chia@q2s.ntnu.no

Bitcoin | Thank you 36