Bitcoin What We Know So Far Consensus Cryptographic Primitives - - PowerPoint PPT Presentation

bitcoin what we know so far
SMART_READER_LITE
LIVE PREVIEW

Bitcoin What We Know So Far Consensus Cryptographic Primitives - - PowerPoint PPT Presentation

Oct 27, 2022 415 likes •1.01k views

Bitcoin What We Know So Far Consensus Cryptographic Primitives Today Putting It All Together The Bitcoin System The First Primitive Data Structure Reference Reference Header Header Header Transactions Transactions

slide-1
SLIDE 1

Bitcoin

slide-2
SLIDE 2

What We Know So Far

  • Consensus
  • Cryptographic Primitives
slide-3
SLIDE 3

Today

  • Putting It All Together
  • The Bitcoin System
slide-4
SLIDE 4

The First Primitive

slide-5
SLIDE 5

Data Structure

slide-6
SLIDE 6

Header Header Header Reference Transactions Transactions Transactions Reference

slide-7
SLIDE 7

How Do You Communicate?

  • Broadcast
  • Relay
slide-8
SLIDE 8

Growing This Thing

  • Add blocks
  • Which include transactions
slide-9
SLIDE 9

Growing This

  • Incentive to add blocks
  • Miners
  • Full Node
  • Block subsidy
slide-10
SLIDE 10

The Subsidy

  • 12.5 BTC
  • Halves again mid-2020-ish
slide-11
SLIDE 11

The Coinbase Transaction

Header Transactions Header Coinbase
 ———————————
 Transactions

slide-12
SLIDE 12

Malicious?

  • Give yourself BTC
  • All manner of invalid transactions
slide-13
SLIDE 13

How Do You Deter This?

slide-14
SLIDE 14

Impose a Cost

  • What kind of cost?
  • Computational
slide-15
SLIDE 15

Ingredients

  • A Preimage-Attack Resistant Hash Function
  • SHA-256
  • An Evolving Challenge
  • Evolve in response to network realities
slide-16
SLIDE 16

The Challenge

  • H(x) < TARGET
slide-17
SLIDE 17

X?

  • Checksum of block header
  • Current protocol version
  • A reference to a prev block
  • A timestamp
  • ....
  • NONCE
slide-18
SLIDE 18

Nonce?

  • A one-time use value
slide-19
SLIDE 19

Mining

  • Miner can set this nonce
  • (note the rest are pretty much pre-

determined)

slide-20
SLIDE 20

The Challenge

  • Pick that nonce
  • So that the block hash < TARGET
slide-21
SLIDE 21

SHA-256

  • Output looks random
  • Preimage attack resistant
  • One-way
slide-22
SLIDE 22

TARGET

  • 00000FFFFF….
  • Hex string
  • Probability of leading zeros?
slide-23
SLIDE 23

TARGET

  • SHA-256?
slide-24
SLIDE 24

Proof Of Work

slide-25
SLIDE 25

Some Algebra

  • P = (TARGET+1) / 2^256
  • Likelihood of getting your value right
  • Expected value:
  • 2^256 / (TARGET+1)
slide-26
SLIDE 26

Protocol

  • Approx 10 minutes per block
  • So Given The Total Hash Rate (TH/s)
  • Compute Expected Time for block to be mined by

the network

slide-27
SLIDE 27

Estimating THR

  • Look at previous 2016 blocks
  • Update every 2016 blocks
  • DIFFICULTY
slide-28
SLIDE 28

Target

  • DIFFICULTY = (Difficulty target) / (current

target)

slide-29
SLIDE 29

An Evolving Challenge

  • Total Hashing Power
  • GPUs
  • ASICs
  • 80e6 TH/s
slide-30
SLIDE 30

Protocol Limits

  • 10 minutes per block
  • So total # of potential hashes:
  • 60 x 10 x 80e6 hashes in this period
  • Pick a target so that expected # of trials

aligns with this hash rate

slide-31
SLIDE 31

Commit?

slide-32
SLIDE 32

Commit

  • Other miners build on top of this block
slide-33
SLIDE 33

Race Conditions

slide-34
SLIDE 34

2 Miners

  • Both mine valid blocks
  • Both broadcast their blocks to the network
  • People accept both and start building on them
slide-35
SLIDE 35

Fork

  • It is unlikely:
  • Both branches will grow indefinitely equally
  • Someone in 1 branch will see a block from the
  • ther branch
  • PROTOCOL: Longest branch must be honored
slide-36
SLIDE 36
slide-37
SLIDE 37

Fork

  • Stale blocks
  • All coinbase transactions are discarded
  • Other transactions are part of the next pool to

build blocks from

slide-38
SLIDE 38

Fees

  • Block Reward:
  • Block subsidy
  • Transaction Fees
slide-39
SLIDE 39

Higher Fee

  • Miners likelier to include your transaction
  • How do you estimate what fee is good?
  • Records time of listen -> time to include
  • Reliable estimates
slide-40
SLIDE 40

Tale Of A Bitcoin

Coinbase 
 Transaction
 (Alice) Spend
 Coin
 (Bob) Spend
 Coin
 (Jair)

slide-41
SLIDE 41

Transaction Data Structure

  • Input (zero or more)
  • Output (one or more)
slide-42
SLIDE 42

A Coinbase Transaction

  • No inputs
slide-43
SLIDE 43

A Regular Transaction

  • (Signature (with pubkey), Amount)
slide-44
SLIDE 44

Alice Gives X BTC
 To Bob

  • (Sign_Pubkey(bob_pubkey), X)
  • (One of) the output
slide-45
SLIDE 45

Referencing A Txn

  • Double SHA-256(txn)
slide-46
SLIDE 46

Bob Spends X

  • Point to where X is:
  • Txn id
  • Point to the output that contains the BTC
  • Satisfy the conditions
  • (priv key)
slide-47
SLIDE 47

Transaction State

  • Spent
  • Unspent
slide-48
SLIDE 48

You Can Only Spend

  • The unspent
  • UTXO
slide-49
SLIDE 49

Block Header

  • Merkle Tree Root: Checksum of Transactions
slide-50
SLIDE 50

Double Spend

  • Alice, Bob
  • Alice pays Bob bitcoin
  • Alice creates 2 blocks:
  • Bitcoin x paid to Bob: t1
  • Bitcoin x paid to Alice: t2
slide-51
SLIDE 51

What Happens

  • Only 1 of these can be in the blockchain
  • Alice broadcasts t1
  • Hides t2
  • t1 is included in a block
slide-52
SLIDE 52

And Then

  • Alice begins working on t2
  • Broadcasts t2 out
slide-53
SLIDE 53

2 Cases

  • Alice controls >= 50% of the hash rate
  • Alice controls < 50% of the hash rate
slide-54
SLIDE 54

Case I

  • If Alice controls > 50% of the hash rate
  • Alice can exclusively mine blocks assuming the

block (Containing t2) is the right one

  • And Alice will win
slide-55
SLIDE 55

Case II

  • Depends on how much compute power Alice has
  • The longer you wait (i.e. more blocks built on

top of the block containing t1)

  • the lower the likelihood of getting

hoodwinked

slide-56
SLIDE 56

Waiting

  • Confirmations:
  • # of blocks passed since “the one”
slide-57
SLIDE 57

Altering The Chain

  • How?