BLOCKCHAIN
The foundation behind Bitcoin
Sourav Sen Gupta
Indian Statistical Institute, Kolkata
CRYPTOGRAPHY
Backbone of Blockchain Technology
Component 1 : Cryptographic Hash Functions
Map variable-length input to constant-length output.
HASH FUNCTIONS
h y
x
101011101011001…0010110100101 101110101001000110111100010101
Finding the pre-image of a given output is not easy.
HASH FUNCTIONS
h y
?
101011101011001…0010110100101 101110101001000110111100010101
Finding a colliding twin of a given input is not easy.
HASH FUNCTIONS
h y
x1
101011101011001…0010110100101
101110101001000110111100010101
x2
1100101001011001…110010100110
Finding any colliding pair of inputs is not easy.
It is of course possible, but not easy.
HASH FUNCTIONS
h y
x1
101011101011001…0010110100101
x2
1100101001011001…110010100110
101110101001000110111100010101
Minor input-mismatch to major output-mismatch.
HASH FUNCTIONS
h
y1
x1
101011101011001…0010110100101 101110101001000110111100010101
x2
101010101011001…0010110100101 y2 110010100101100100110010100110
Merkle-Damgard Construction
Example : SHA 256 — used in Bitcoin
CONSTRUCTIONS
f
m1
IV f
m2
f
mn
h
Sponge Construction
Example : SHA 3 — used in Ethereum
CONSTRUCTIONS
f
m1
f
m2
f
mn
f
h1
c
r
Provably secure scheme for Commitment
Random nonce r must have a high min-entropy for this scheme to be secure.
APPLICATIONS
h y
x
r
commit(x) :
c = h(r || x)
verify(c,r,x) :
h(r || x) == c
Provably secure scheme for tamper-detection
APPLICATIONS
h y
x
record(x) :
c = h(x)
verify(c,x) :
h(x) == c
Tamper-evident data pointer = Hash Pointer
Hash Pointer
DATA STRUCTURES
h hash(data)
data
addr(data)
Tamper-evident linked data structure = Block
DATA STRUCTURES
h
Block
HP(block)
data
timestamp
Block
HP(block)
data
timestamp
Tamper-evident linked-list = Blockchain
DATA STRUCTURES
Block
HP(block)
data
timestamp
Block
HP(block)
data
timestamp
Block
HP(block)
data
timestamp
Block
HP(block)
data
timestamp
Block
HP(block)
data
timestamp
Tamper-evident linked-list = Blockchain
DATA STRUCTURES
Block
HP(block)
data
timestamp
Block
HP(block)
data
timestamp
Block
HP(block)
data
timestamp
Block
HP(block)
data
timestamp
Block
HP(block)
data
timestamp
Block
HP(block)
data
timestamp
Block
HP(block)
data
timestamp
Block
HP(block)
data
timestamp
Block
HP(block)
data
timestamp
Block
HP(block)
data
timestamp
Tamper-evident binary-tree = MerkleTree
DATA STRUCTURES
Node
HP(left)
data
timestamp
HP(right)
Node
HP(left)
data
timestamp
HP(right)
Node
HP(left)
data
timestamp
HP(right)
Node
HP(left)
data
timestamp
HP(right)
Node
HP(left)
data
timestamp
HP(right)
HP(root)
Tamper-evident binary-tree = MerkleTree
DATA STRUCTURES
Node
HP(left)
data
timestamp
HP(right)
Node
HP(left)
data
timestamp
HP(right)
Node
HP(left)
data
timestamp
HP(right)
Node
HP(left)
data
timestamp
HP(right)
Node
HP(left)
data
timestamp
HP(right)
HP(root)
DATA STRUCTURES
Properties Blockchain Merkle Tree Merkle Trie
Size of Commitment O(1) O(1) O(1)
Append a Block/Node O(1) O(log n) O(k)
Update a Block/Node O(n) O(log n) O(k)
Proof of Membership O(n) O(log n) O(k)
Structural Abstraction List of Objects Set of Objects Set of (key, value)
Used for Construction Bitcoin Bitcoin Ethereum
QUESTIONS
Can any pointer-based data structure
be efficiently converted into a
Hash-Pointer based data structure?
Will such an exercise be at all useful in any use case?
Do these structures provide any additional advantage?
Component 2 : Digital Signature Schemes
Digital signature as a set of three algorithms
DIGITAL SIGNATURE
s = sign(sk,m) verify(pk,m,s)
pk
sk
?
keygen(n)
1
2 3
(sk, pk) = keygen(n) verify(pk,m,sign(sk,m)) = True
DIGITAL SIGNATURE
pk
sk
?
s = sign(sk,m) verify(pk,m,s)
keygen(n)
Given pk and access to sign(mi) as an oracle, an adversary should
not be able to create a valid fresh message-signature pair (m,s)
DIGITAL SIGNATURE
pk
sk
?
s = sign(sk,m) verify(pk,m,s)
keygen(n)
Elliptic Curve Digital Signature Algorithm (ECDSA)
ECDSA on curve E(Fp) : { (x,y) in Fp x Fp | y2 = x3 + 7 }
with base prime p = 2256 - 232 - 29 - 28 - 27 - 26 - 24 - 1
CONSTRUCTION
Fp
Q
Elliptic Curve group of size |E(Fp)| = q ~ p ~ 2256
ECDSA on curve E(Fp) : { (x,y) in Fp x Fp | y2 = x3 + 7 }
with base prime p = 2256 - 232 - 29 - 28 - 27 - 26 - 24 - 1
CONSTRUCTION
Parameters Format Range Bit-size
sk random Zq 256
pk sk x G E(Fp) 512
m hash(M) Zq 256
Signature (r, s) Zq x Zq 512
Publish the public key pk as your Identity
Use the secret key sk to prove your identity
APPLICATION
pk
sk
sk
verify(pk,m,sign(sk,m))
sk
?
BITCOIN
Blockchain in Practice
BITCOIN
Ledger of Transactions
between
Pseudonymous Identities
Semi-Decentralised Publicly-Verifiable
Tamper-Resistant Eventually-Consistent
Economic Transaction
that we are familiar with
NOT BITCOIN
Tx
NOT BITCOIN
Tx
Centralised Account-based Ledger
NOT BITCOIN
Tx
Decentralised Account-based Ledger
Tx
NOT BITCOIN YET
Tx
Decentralised Transaction-based Ledger
Tx Tx Tx Tx Tx
Tx
TRANSACTION
Tx
Network verifies the Signature
Tx
Signed by
TRANSACTION
Tx
Network verifies the Signature
Tx
Signed by
pk
sk
pk
Input :Array of previousTransactions | Output :Array of recipient Addresses
R1
TRANSACTION
Tx
Tx
pk2
sk1
Tx
pk1
Tx
pk3
sk2 sk3
pk
R2
pk
R3
pk
Sender(s)
Recipient(s)
Network verifies the Signature(s)
Input :Array of previousTransactions | Output :Array of recipient Addresses
R1
TRANSACTION
Tx
pk2
sk1
Tx
pk1
Tx
pk3
sk2 sk3
pk
R2
pk
R3
pk
Tx
Recipients
Signatures
Input
Transactions
Network verifies the Signature(s)
TRANSACTION Metadata
Input(s)
Output(s)
Data obtained from blockchain.info
LEDGER
Tx
Decentralised Transaction-based Ledger
Tx Tx Tx
Tx Tx Tx Tx
Tx Tx Tx Tx
Tx Tx Tx Tx Tx Tx Tx Tx
BLOCK
Data obtained from blockchain.info
BLOCK
Data obtained from blockchain.info
BLOCK
Data obtained from blockchain.info
BLOCK
Data obtained from blockchain.info
BLOCK
Data obtained from blockchain.info
BITCOIN
Tx
Tx
Tx
Tx
Mining
Transaction
MINING
Tx
Tx
Tx
Tx
Computational
Lottery (Puzzle)
Transaction
Winner writes
the next block
Existing blocks
at a given time
Find r such that
hash(r || m) < C
MINING
Data obtained from blockchain.info
MINING
Data obtained from blockchain.info
MINING
Data obtained from blockchain.info
MINING
Data obtained from blockchain.info
MINING
Data obtained from blockchain.info
BITCOIN
Tx
Tx
Tx
Tx
Mining
Transaction
BITCOIN
Framework — Decentralised peer-to-peer collaborative network
Goal : All peers should agree on a sequence of transactions
BITCOIN
Publicly-Verifiable
as the complete ledger and the hash function is public
BITCOIN
Tamper-Evident / Tamper-Resistant
as the ledger is connected through a chain of hash pointers
X X X
X
X X X
BITCOIN
Eventually-Consistent
as the longest chain eventually sustains as the main chain
BITCOIN
Data obtained from blockchain.info
BITCOIN
Data obtained from blockchain.info
BITCOIN
Data obtained from blockchain.info
BITCOIN
Semi-Decentralised
as the mining is dominated by computational power
BITCOIN
Data obtained from blockchain.info
BITCOIN
Data obtained from blockchain.info
Robin Yao (BW), Wang Chun (F2Pool), Marshall Long (FinalHash), Pan Zhibiao (Bitmain)
Liu Xiang Fu (Avalon), Sam Cole (KnCMiner) and Alex Petrov (BitFury)
BITCOIN
Semi-Decentralised Publicly-Verifiable
Tamper-Resistant Eventually-Consistent
ECONOMICS
The success story of Bitcoin
BITCOIN
Data obtained from blockchain.info
BITCOIN
Data obtained from blockchain.info
BITCOIN
Data obtained from blockchain.info
BITCOIN
Data obtained from blockchain.info
BITCOIN
Data obtained from blockchain.info
BITCOIN
Data obtained from blockchain.info
SECURITY
The threat from Bitcoin
BITCOIN
Transactions : Completely transparent and public
Identities : Opaque and pseudonymous addresses
~ 170 Million bitcoin addresses
~ 150 Million bitcoin transactions
~ 80 GB of compressed raw data
~ 80% of transactions have < 2 inputs
~ 90% of transactions have < 3 outputs
BITCOIN
BITCOIN
Identities : Opaque and pseudonymous addresses
Anyone can create arbitrarily many identities
All identities “look” the same on the network
~ 170 Million bitcoin addresses
~ 150 Million bitcoin transactions
Provides “anonymity” of Bitcoin transactions.
BITCOIN
Data obtained from blockchain.info
BITCOIN
Data obtained from blockchain.info
BITCOIN
Data obtained from blockchain.info
Dark Marketplaces to buy-and-sell Drugs
Dark Marketplaces to buy-and-sell Guns and Fake ID
BITCOIN
Identities : Opaque and pseudonymous addresses
Anyone can create arbitrarily many identities
All identities “look” the same on the network
~ 170 Million bitcoin addresses
~ 150 Million bitcoin transactions
Is it still possible to trace transactions and identities?
DE-ANONYMIZATION
Potential solution to the threat from Anonymity
R1
TRANSACTION
Tx
R2
Rm
S1
S2
Sn
EXAMPLE #1
Tx R1
S1
1FLa9NcXJPA2XvF34LRuB4zbXX4Ws32dpL 18rdKmjrg1EawxgiVT3ikLExj6GWS2MNCk
Note : Single recipient with an exact match of input to output — highly unlikely.
R1
EXAMPLE #2
Tx
R2
S1
1Ao6mKMEXxCVNVAuGjfLXZ3Zf43hd3yAEq
16pDB5bvoqRGvoH32GaJLfsEcaMc2T9xDr
1H3bY2Cv1pmn8ffTdyeRvZAUjNJC1giQHm
Note : Nice complete denomination along with a random change.
R1
EXAMPLE #3
Tx
R2
S1
1PXzMrz8KBNEkTt3Wnuqy4axiWszbyQKyE
1AASWBCGveXH6H5yTCZW2x7uZrawDiqp4U
19onWuLmjXGVfc7oUAEVuy9Yd3jxqhsUbK
Note : 0.01121504 BTC = 6.50 USD at the time of transaction.
EXAMPLE #4
Tx R1
S1
19SZcQ2CzJacQZE9rYwQjsfcBKMWDNwBWD
1PLjv1VzGEKxtM2FnRzg2FmDjen9trUBrh
Note :Two arbitrary inputs exactly match up to a desired output — highly unlikely.
S2
13Zjnzx8VxtLUEiYcrVXKp5sLucLMvBqaG
R1
EXAMPLE #5
Tx
R2
S1
1Djvb34FNpNXtrbbjaQeERZf68cyUdWyzd
1Nq612zwhEZDBNz2AeWKZxD6LvwiLm6cQU
1AffmSG4tcNRjcgTWTnS6TM3cWPeeA9EVd
Note :Two input transactions coupled for a payment plus some random change.
S2
17atn5sagYRBUvzgFLd9bUjWF4yStkdokW
6.13 USD
6.03 USD
4.10 USD
7.95 USD
CLUSTERING
1FLa9NcXJPA2XvF34LRuB4zbXX4Ws32dpL
18rdKmjrg1EawxgiVT3ikLExj6GWS2MNCk
1Ao6mKMEXxCVNVAuGjfLXZ3Zf43hd3yAEq 16pDB5bvoqRGvoH32GaJLfsEcaMc2T9xDr
1H3bY2Cv1pmn8ffTdyeRvZAUjNJC1giQHm
1PXzMrz8KBNEkTt3Wnuqy4axiWszbyQKyE
1AASWBCGveXH6H5yTCZW2x7uZrawDiqp4U
19onWuLmjXGVfc7oUAEVuy9Yd3jxqhsUbK
19SZcQ2CzJacQZE9rYwQjsfcBKMWDNwBWD
1PLjv1VzGEKxtM2FnRzg2FmDjen9trUBrh
13Zjnzx8VxtLUEiYcrVXKp5sLucLMvBqaG
1Djvb34FNpNXtrbbjaQeERZf68cyUdWyzd
1Nq612zwhEZDBNz2AeWKZxD6LvwiLm6cQU
1AffmSG4tcNRjcgTWTnS6TM3cWPeeA9EVd
17atn5sagYRBUvzgFLd9bUjWF4yStkdokW
IDENTIFICATION
1FLa9NcXJPA2XvF34LRuB4zbXX4Ws32dpL
18rdKmjrg1EawxgiVT3ikLExj6GWS2MNCk
1Ao6mKMEXxCVNVAuGjfLXZ3Zf43hd3yAEq 16pDB5bvoqRGvoH32GaJLfsEcaMc2T9xDr
1H3bY2Cv1pmn8ffTdyeRvZAUjNJC1giQHm
1PXzMrz8KBNEkTt3Wnuqy4axiWszbyQKyE
1AASWBCGveXH6H5yTCZW2x7uZrawDiqp4U
19onWuLmjXGVfc7oUAEVuy9Yd3jxqhsUbK
19SZcQ2CzJacQZE9rYwQjsfcBKMWDNwBWD
1PLjv1VzGEKxtM2FnRzg2FmDjen9trUBrh
13Zjnzx8VxtLUEiYcrVXKp5sLucLMvBqaG
1Djvb34FNpNXtrbbjaQeERZf68cyUdWyzd
1Nq612zwhEZDBNz2AeWKZxD6LvwiLm6cQU
1AffmSG4tcNRjcgTWTnS6TM3cWPeeA9EVd
17atn5sagYRBUvzgFLd9bUjWF4yStkdokW
CLUSTERING
The Unreasonable Effectiveness of Address Clustering — Harrigan and Fretter, May 2016
DE-ANONYMIZATION
Passive :Analytics on 80 GB of Bitcoin blockchain data
— Clustering of Bitcoin Addresses with suitable definition of Metrics
— Identification of the Clusters using known and/or leaked Addresses
Active : Injecting and tracking marked Bitcoin transactions
— Registering on Dark Marketplaces, Exchanges, and Mining Pools
— Using Addresses leaked from all these sources for Identification
Elliptic (https://www.elliptic.co/) does something similar in the UK.
We should try to build our own tool for de-anonymization.
BLOCKCHAIN
Versatile Toolkit for Protocols
Input :Array of previousTransactions | Output :Array of recipient Addresses
R1
TRANSACTION
Tx
pk2
sk1
Tx
pk1
Tx
pk3
sk2 sk3
pk
R2
pk
R3
pk
Tx
Recipients
Signatures
Input
Transactions
Network verifies the Signature(s)
TRANSACTION Metadata
Input(s)
Output(s)
Data obtained from blockchain.info
BITCOIN SCRIPT
Data obtained from blockchain.info
POTENTIAL
With a powerful Scripting Language
Developing “Smart Contracts” on Blockchain
Ethereum
Smart Contracts
Proof of Space
Retricoin Namecoin
Proof of Retrievability
Proof of Stake
Proof of Commitment
Bitcoin-NG
Perma-Coin
RSCoin
SpaceMint
GHOST
ZeroCoin
Zcash
Smart Properties
Proof of Existence
ADePT
Ripple
BitShares
Factom
BigchainDB
OneName
OpenBazaar
BitGold
BitNation
BitHealth
Thank you for listening!
“Bitcoin is an idea with disruptive ramifications.”

More Related Content

PDF
Blockchain and bitcoin
PPTX
Lecture2_598PV.pptx
PDF
Topic 2 Blockchain Fundamentals - Cryptography BW.pdf
PPTX
Blockchain and Bitcoin
PPTX
Blockchain
PDF
Introduction to blockchain and cryptocurrency technologies
PPTX
bitcoin_presentation
PPTX
Bitcoin MOOC Lecture 1.pptx
Blockchain and bitcoin
Lecture2_598PV.pptx
Topic 2 Blockchain Fundamentals - Cryptography BW.pdf
Blockchain and Bitcoin
Blockchain
Introduction to blockchain and cryptocurrency technologies
bitcoin_presentation
Bitcoin MOOC Lecture 1.pptx

Similar to Bitcoin.pdf (20)

PDF
Blockchain and Cryptography - A Primer
PPTX
Cryptocurrencies for Everyone (Dmytro Pershyn Technology Stream)
PDF
Bitcoin
PPTX
SMART Seminar Series: "Blockchain and its Applications". Presented by Prof Wi...
PPTX
Blockchain
PPTX
A Quick Start To Blockchain by Seval Capraz
PDF
Blockchain, cryptography and tokens — NYC Bar presentation
PDF
Bitcoin, Banking and the Blockchain
PPTX
Mining Opportunities of Block Chain and BitCoin
PPTX
Bitcoin and it's security related to transaction.pptx
PDF
Blockchain - a formal introduction
PPTX
Introduction to Cryptocurrency
PDF
Introduction To Blockchain Technology For Beginners
PPTX
Crypto & Crpyocurrencies Intro
PDF
BLOCKCHAIN CRYPTOGRAPHY AND SECURITY ISSUES
PPTX
Understanding Blockchain
PPTX
Bitcoin (Cryptocurrency)
PPTX
UNIT 1 (1).pptx of block chain technologies
PPTX
Day 1.pptx
PPTX
Blockchain Security and Demonstration
Blockchain and Cryptography - A Primer
Cryptocurrencies for Everyone (Dmytro Pershyn Technology Stream)
Bitcoin
SMART Seminar Series: "Blockchain and its Applications". Presented by Prof Wi...
Blockchain
A Quick Start To Blockchain by Seval Capraz
Blockchain, cryptography and tokens — NYC Bar presentation
Bitcoin, Banking and the Blockchain
Mining Opportunities of Block Chain and BitCoin
Bitcoin and it's security related to transaction.pptx
Blockchain - a formal introduction
Introduction to Cryptocurrency
Introduction To Blockchain Technology For Beginners
Crypto & Crpyocurrencies Intro
BLOCKCHAIN CRYPTOGRAPHY AND SECURITY ISSUES
Understanding Blockchain
Bitcoin (Cryptocurrency)
UNIT 1 (1).pptx of block chain technologies
Day 1.pptx
Blockchain Security and Demonstration
Ad

Recently uploaded (20)

PDF
Handouts for Housekeeping.pdfhsjsnvvbdjsnwb
PDF
Value-based IP Management at Siemens: A Cross-Divisional Analysis
PPTX
Side hustles: 14 powerful tips to embrace the future of work
PDF
How to run a consulting project from scratch
PDF
The Impact of Immigration on National Identity (www.kiu.ac.ug)
PPTX
Understanding Procurement Strategies.pptx Your score increases as you pick a ...
PDF
Challenges of Managing International Schools (www.kiu. ac.ug)
PDF
From Legacy to Velocity: how we rebuilt everything in 8 months.
PDF
Pink Cute Simple Group Project Presentation.pdf
PDF
Consumer Behavior in the Digital Age (www.kiu.ac.ug)
PPTX
Supply Chain under WAR (Managing Supply Chain Amid Political Conflict).pptx
PPT
Retail Management and Retail Markets and Concepts
PDF
IFRS Green Book_Part B for professional pdf
PDF
Cross-Cultural Leadership Practices in Education (www.kiu.ac.ug)
PDF
The Future of Marketing: AI, Funnels & MBA Careers | My Annual IIM Lucknow Talk
PPTX
Accounting Management SystemBatch-4.pptx
PPT
BCG内部幻灯片撰写. slide template BCG.slide template
PPTX
IMM marketing mix of four ps give fjcb jjb
PDF
Handouts for Housekeeping.pdfbababvsvvNnnh
DOCX
Center Enamel Can Provide Pressure Vessels for Maldives Chemical Industry.docx
Handouts for Housekeeping.pdfhsjsnvvbdjsnwb
Value-based IP Management at Siemens: A Cross-Divisional Analysis
Side hustles: 14 powerful tips to embrace the future of work
How to run a consulting project from scratch
The Impact of Immigration on National Identity (www.kiu.ac.ug)
Understanding Procurement Strategies.pptx Your score increases as you pick a ...
Challenges of Managing International Schools (www.kiu. ac.ug)
From Legacy to Velocity: how we rebuilt everything in 8 months.
Pink Cute Simple Group Project Presentation.pdf
Consumer Behavior in the Digital Age (www.kiu.ac.ug)
Supply Chain under WAR (Managing Supply Chain Amid Political Conflict).pptx
Retail Management and Retail Markets and Concepts
IFRS Green Book_Part B for professional pdf
Cross-Cultural Leadership Practices in Education (www.kiu.ac.ug)
The Future of Marketing: AI, Funnels & MBA Careers | My Annual IIM Lucknow Talk
Accounting Management SystemBatch-4.pptx
BCG内部幻灯片撰写. slide template BCG.slide template
IMM marketing mix of four ps give fjcb jjb
Handouts for Housekeeping.pdfbababvsvvNnnh
Center Enamel Can Provide Pressure Vessels for Maldives Chemical Industry.docx
Ad

Bitcoin.pdf