Cs251

Lecture 9: Wallet & Anonymity Wallet A user has a lot of bitcoin address, each of which is H(p_k) or H(script). A wallet manages p_k/s_k, post/verify transactions, and show balances. A wallet can be Cloud wallets like Coinbase or desktop based like Electrum or hardware-based like Trezor. SPV or Simplified Payment Verification clients are not full mining nodes but can verify incoming payments. An SPV downloads all the block headers and then specifically requests a list of addresses which are in your wallet to fetch the transactions associated with those addresses from a server....

Lecture 8 - Alternative consensus Puzzle solutions are probabilistic proof of work. A typical puzzle utilization function can be modeled as P(challenge, randomness - nonce, difficulty, …) -> true/false P(c, r, d) for Bitcoin is SHA256^2(c, r, d) <= 2^256-d There are many objections to this. It wastes resources on a meaningless computation, it is highly parallelizable and has returns of scale, randomness, long wait time between blocks, and leads to the creation of the mining pools....

Lecture 7: Community, Economics, and Politics David Chaum - digital cash in 1981 Satoshi Nakamoto - Oct 2008, bitcoin.org was registered in Aug 2008 Genesis block was mined in Jan 2009 First BTC payment - Feb 2010 First online exchange - July 2010, the price went up 10x by then First GPU miner - Aug 2010 First mining pool - Sep 2010, Satoshi disappeared at this point Silk road launched - Jan 2011 First BTC conference - Nov 2011 Bitcoin requires three levels of consensus...

Lecture 6: Bitcoin Miner interactions and Game Theory Game Theory: P x S -> R x P P: Players S: Strategies R: Rewards Examples For the prisoner’s dilemma, tit-for-tat with some positive randomization is the best strategy. Trench soldiers in World War 2 decided to start aiming artillery at random “safe” locations instead of killing the enemy. This all happened without any communication. Mechanism design: Design the rules of the game with the outcome you want....

Lecture 5: Bitcoin mining How to mine Bitcoin Download and run Bitcoin-core to run full Bitcoin node Listen for a new transaction, assemble a pre-block Solve the puzzle (~270 attempts) Broadcast the block Profit The network runs on port 8333. Non-responding nodes are forgotten after 3 hours (5000-10000 nodes as of Sep 2016). Some seed nodes are hard-coded into the software. Zero transaction fee transactions were accepted until April 2012 before Satoshi Dice came around....

Lecture 4: Blockchains 80 bytes block consists of 32 bytes previous block hash, 32 bytes transactions Merkle tree hash, timestamp, bits, nonce, etc. Each block is <= 1MB to minimize the propagation times. Therefore, large transactions require more service fee to compensate miners to include the transaction in the block. Miner’s transaction checks ScriptSig (from spending transaction) || ScriptPubKey (from funding transaction) executes and this should produce non-empty stack. Empty stack or zero is false....

Lecture 3: Bitcoin overview There are three Bitcoin protocols Consensus Protocol - decides what the ledger is Transaction Protocol - assigns meaning to the ledger Network Protocol - the P2P protocol which decides what new should be added to the ledger Consensus Protocol Bitcoin fields (Virtual field) Hash - 4 bytes. SHA256-squared. This is not part of the block but is calculated on the fly. Version - 4 bytes. Set to 3, might never change....

Lecture 2: Creating a digital currency Desirable properties of a good digital ledger No deletion Temporal ordering Global consensus Semantic correctness Live - writable, no DOS, no censorship Attempts to create a digital currency in the increasing order of sophistication. A signing key based approach can confirm the authenticity of the transaction but cannot prevent double-spend. Append-only ledger with signing keys ensures a temporal ordering and global consensus, thus, prevents double-spending....

Lecture 1: Introduction Bitcoin is a cryptocurrency with distributed trust. The blockchain is a public append-only ledger. The append-only property is sufficient for having a currency. Hash functions: H: M -> T where |M| » |T| that is space of messages is larger than space of the hash. If H(m0) =H(m1) => collision. Hash function H is collision-resistant if it is hard to find the collision of H. For example, SHA-256 maps long strings to 256-bit hashes....