author | Christian Urban <christian dot urban at kcl dot ac dot uk> |
Fri, 17 Apr 2015 11:49:10 +0100 | |
changeset 371 | 690d778b9127 |
parent 367 | 3f0738fc8230 |
child 426 | 6d13b8da019e |
permissions | -rw-r--r-- |
318
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
1 |
\documentclass{article} |
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
2 |
\usepackage{../style} |
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
3 |
\usepackage{../graphics} |
320
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
4 |
\usepackage{../langs} |
318
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
5 |
|
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
6 |
\begin{document} |
366
34a8f73b2c94
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
360
diff
changeset
|
7 |
\fnote{\copyright{} Christian Urban, 2014} |
318
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
8 |
|
336
3cb200fa6d6a
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
323
diff
changeset
|
9 |
\section*{Handout 8 (Bitcoins)} |
318
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
10 |
|
319
e6afcdabd3ea
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
318
diff
changeset
|
11 |
In my opinion Bitcoins are an elaborate Ponzi |
318
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
12 |
scheme\footnote{\url{http://en.wikipedia.org/wiki/Ponzi_scheme}}---still |
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
13 |
the ideas behind them are really beautiful and not too |
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
14 |
difficult to understand. Since many colourful claims about |
320
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
15 |
Bitcoins float around in the mainstream and not-so-mainstream |
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
16 |
media, it will be instructive to re-examine such claims from a |
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
17 |
more technically informed vantage point. For example, it is |
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
18 |
often claimed that Bitcoins are anonymous and free from any |
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
19 |
potential government meddling. It turns out that the first |
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
20 |
claim ignores a lot of research in de-anonymising social |
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
21 |
networks, and the second underestimates the persuasive means a |
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
22 |
government has at its disposal. |
319
e6afcdabd3ea
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
318
diff
changeset
|
23 |
|
320
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
24 |
There are a lot of articles, blogposts, research papers |
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
25 |
etc.~available about Bitcoins. Below I will follow closely the |
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
26 |
very readable explanations from |
318
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
27 |
|
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
28 |
\begin{center} |
319
e6afcdabd3ea
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
318
diff
changeset
|
29 |
\url{http://www.michaelnielsen.org/ddi/how-the-bitcoin-protocol-actually-works/} \;\;and\smallskip\\ |
318
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
30 |
\url{http://www.imponderablethings.com/2013/07/how-bitcoin-works-under-hood.html} |
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
31 |
\end{center} |
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
32 |
|
320
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
33 |
\noindent The latter also contains a link to a nice youtube |
323
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
34 |
video about the technical details behind Bitcoins. I will |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
35 |
also use some of their pictures. |
318
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
36 |
|
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
37 |
Let us start with the question who invented Bitcoins? You |
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
38 |
could not make up the answer, but we actually do not know who |
319
e6afcdabd3ea
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
318
diff
changeset
|
39 |
the inventor is. All we know is that the first paper |
318
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
40 |
|
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
41 |
\begin{center} |
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
42 |
\url{https://bitcoin.org/bitcoin.pdf} |
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
43 |
\end{center} |
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
44 |
|
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
45 |
\noindent is signed by Satoshi Nakamoto, which however is |
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
46 |
likely only a pen name. There is a lot of speculation who |
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
47 |
could be the inventor, or inventors, but we simply do not |
339
0e78c809b17f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
336
diff
changeset
|
48 |
know. This part of Bitcoins is definitely anonymous so far. The paper |
320
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
49 |
above is from the end of 2008; the first Bitcoin transaction |
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
50 |
was made in January 2009. The rules in Bitcoin are set up so |
321
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
51 |
that there will only ever be 21 Million Bitcoins with the |
320
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
52 |
maximum reached around the year 2140. Currently there are |
321
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
53 |
already 11 Million Bitcoins in `existence'. Contrast this with |
320
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
54 |
traditional fiat currencies where money can be printed almost |
321
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
55 |
at will. The smallest unit of a Bitcoin is called a Satoshi, |
320
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
56 |
which is the $10^{-8}$th part of a Bitcoin. Remember a Penny |
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
57 |
is the $10^{-2}$th part of a Pound. |
318
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
58 |
|
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
59 |
The two main cryptographic building blocks of Bitcoins are |
321
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
60 |
cryptographic hashing functions (SHA-256) and public-private |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
61 |
keys using the elliptic-curve encryption scheme for digital |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
62 |
signatures. Hashes are used to generate `fingerprints' of data |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
63 |
that ensure integrity (absence of tampering). Public-private |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
64 |
keys are used for signatures. For example sending a message, |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
65 |
say $msg$, together with the encrypted version |
318
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
66 |
|
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
67 |
\[ |
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
68 |
msg, \{msg\}_{K^{priv}} |
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
69 |
\] |
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
70 |
|
320
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
71 |
\noindent allows everybody with access to the corresponding |
323
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
72 |
public key $K^{pub}$ to verify that the message came from the |
320
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
73 |
person who knew the private key. Signatures are used in |
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
74 |
Bitcoins for verifying the addresses where the Bitcoins are |
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
75 |
sent from. Addresses in Bitcoins are essentially the public |
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
76 |
keys. There are $2^{160}$ possible addresses, which is such a |
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
77 |
vast amount that there is not even a check for duplicates, or |
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
78 |
already used addresses. If you start with a random number to |
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
79 |
generate a public-private key pair it is very unlikely that |
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
80 |
you step on somebody else's shoes. Compare this with the |
339
0e78c809b17f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
336
diff
changeset
|
81 |
email-addresses you wanted to register with, say |
0e78c809b17f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
336
diff
changeset
|
82 |
Gmail, but which are always already taken. |
318
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
83 |
|
323
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
84 |
One major difference between Bitcoins and traditional banking |
346
5a6e8b7d20f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
339
diff
changeset
|
85 |
is that you do not have a place, or few places, that record the |
321
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
86 |
balance on your account. Traditional banking involves a |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
87 |
central ledger which specifies the current balance in each |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
88 |
account, for example |
318
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
89 |
|
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
90 |
\begin{center} |
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
91 |
\begin{tabular}{l|r} |
321
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
92 |
account owner & balance\\\hline |
318
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
93 |
Alice & \pounds{10.01}\\ |
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
94 |
Bob & \pounds{4.99}\\ |
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
95 |
Charlie & -\pounds{1.23}\\ |
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
96 |
Eve & \pounds{0.00} |
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
97 |
\end{tabular} |
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
98 |
\end{center} |
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
99 |
|
319
e6afcdabd3ea
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
318
diff
changeset
|
100 |
\noindent Bitcoins work differently in that there is no such |
e6afcdabd3ea
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
318
diff
changeset
|
101 |
central ledger, but instead a public record of all |
e6afcdabd3ea
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
318
diff
changeset
|
102 |
transactions ever made. This means spending money corresponds |
320
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
103 |
to sending messages of the (oversimplified) form |
318
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
104 |
|
319
e6afcdabd3ea
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
318
diff
changeset
|
105 |
\begin{equation} |
e6afcdabd3ea
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
318
diff
changeset
|
106 |
\{\text{I, Alice, am giving Bob one Bitcoin.}\}_{K^{priv}_{Alice}} |
e6afcdabd3ea
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
318
diff
changeset
|
107 |
\end{equation} |
318
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
108 |
|
320
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
109 |
\noindent These messages, called transactions, are the only |
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
110 |
data that is ever stored in the Bitcoin system (we will come |
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
111 |
to the precise details later on). The transactions are |
321
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
112 |
encrypted with Alice's private key so that everybody, |
323
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
113 |
including Bob, can use Alice's public key $K^{pub}_{Alice}$ to |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
114 |
verify that this message came really from Alice, or more |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
115 |
precisely from the person who knows $K^{priv}_{Alice}$. |
319
e6afcdabd3ea
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
318
diff
changeset
|
116 |
|
321
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
117 |
The problem with such messages in a distributed system is that |
323
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
118 |
what happens if Bob receives 10, say, of these transactions? |
321
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
119 |
Did Alice intend to send him 10 Bitcoins, or did the message |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
120 |
get duplicated by for example an attacker re-playing a sniffed |
319
e6afcdabd3ea
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
318
diff
changeset
|
121 |
message? What is needed is a kind of serial number for such |
346
5a6e8b7d20f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
339
diff
changeset
|
122 |
transactions. This means transaction messages shoul look more like |
318
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
123 |
|
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
124 |
\begin{center} |
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
125 |
$\{\text{I, Alice, am giving Bob Bitcoin \#1234567.}\}_{K^{priv}_{Alice}}$ |
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
126 |
\end{center} |
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
127 |
|
319
e6afcdabd3ea
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
318
diff
changeset
|
128 |
\noindent There are two difficulties, however, that need to be |
321
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
129 |
solved with serial numbers. One is who is assigning serial |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
130 |
numbers to Bitcoins and also how can Bob verify that Alice |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
131 |
actually owns this Bitcoin to pay him? In a system with a bank |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
132 |
as trusted third-party, Bob could do the following: |
318
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
133 |
|
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
134 |
\begin{itemize} |
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
135 |
\item Bob asks the bank whether the Bitcoin with that serial |
322
8c07340af3b9
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
321
diff
changeset
|
136 |
number belongs to Alice and Alice hasn't already spent |
318
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
137 |
this Bitcoin. |
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
138 |
\item If yes, then Bob tells the bank he accepts this Bitcoin. |
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
139 |
The bank updates the records to show that the Bitcoin |
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
140 |
with that serial number is now in Bob’s possession and |
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
141 |
no longer belongs to Alice. |
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
142 |
\end{itemize} |
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
143 |
|
319
e6afcdabd3ea
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
318
diff
changeset
|
144 |
\noindent But for this banks would need to be trusted and |
e6afcdabd3ea
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
318
diff
changeset
|
145 |
would also be an easy target for any government interference, |
e6afcdabd3ea
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
318
diff
changeset
|
146 |
for example. Think of the early days of music sharing where |
339
0e78c809b17f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
336
diff
changeset
|
147 |
the company Napster was the trusted third-party but also the single point of ``failure'' which |
323
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
148 |
was taken offline by law enforcement. Bitcoins is more like a |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
149 |
system such as BitTorrent without a single central entity that |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
150 |
can be taken offline.\footnote{There is some Bitcoin |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
151 |
infrastructure that is not so immune from being taken offline: |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
152 |
for example Bitcoin exchanges, HQs of Bitcoin mining pools, |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
153 |
Bitcoin developers and so on.} |
318
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
154 |
|
339
0e78c809b17f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
336
diff
changeset
|
155 |
Bitcoins solve the problem of not being able to rely on a bank |
320
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
156 |
by making everybody the ``bank''. Everybody who cares can have |
339
0e78c809b17f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
336
diff
changeset
|
157 |
the entire transaction history starting with the first |
319
e6afcdabd3ea
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
318
diff
changeset
|
158 |
transaction made in January 2009. This history of transactions |
323
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
159 |
is called the \emph{blockchain}. Bob, for example, can use his |
319
e6afcdabd3ea
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
318
diff
changeset
|
160 |
copy of the blockchain for determining whether Alice owned the |
321
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
161 |
Bitcoin he received, and if she did, he transmits the message |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
162 |
that he owns it now to every other participant on the Bitcoin |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
163 |
network. An illustration of a three-block segment of the |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
164 |
blockchain is (simplified) as follows |
318
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
165 |
|
321
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
166 |
\begin{equation} |
318
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
167 |
\includegraphics[scale=0.4]{../pics/bitcoinblockchain0.png} |
321
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
168 |
\label{segment} |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
169 |
\end{equation} |
318
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
170 |
|
321
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
171 |
\noindent The chain grows with time. Each block contains a |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
172 |
list of individual transactions, written txn in the picture |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
173 |
above, and also a reference to the previous block, written |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
174 |
prev. The data in a block (txn's and prev) is hashed so that |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
175 |
the reference and transactions in them cannot be tampered |
323
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
176 |
with. This hash is also the unique serial number of each |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
177 |
block. Since this previous-block-reference is also part of the |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
178 |
hash, the whole chain is robust against tampering. I let you |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
179 |
think why this is the case?\ldots{}But does it actually |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
180 |
eliminate all possibilities of fraud? |
319
e6afcdabd3ea
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
318
diff
changeset
|
181 |
|
320
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
182 |
We can check the consistency of the blockchain by checking |
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
183 |
whether all the references and hashes are correctly recorded. |
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
184 |
I have not tried it myself, but it is said that with the |
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
185 |
current amount of data (appr.~12GB) it takes roughly a day to |
321
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
186 |
check the consistency of the blockchain on a normal computer. |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
187 |
Fortunately this ``extended'' consistency check usually only |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
188 |
needs to be done once. Afterwards the blockchain only needs to |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
189 |
be updated consistently. |
318
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
190 |
|
321
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
191 |
Recall I wrote earlier that Bitcoins do not maintain a ledger, |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
192 |
which lists all the current balances in each account. Instead |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
193 |
only transactions are recorded. While a current balance of an |
320
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
194 |
account is not immediately available, it is possible to |
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
195 |
extract from the blockchain a transaction graph that looks |
321
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
196 |
like the picture shown in Figure~\ref{txngraph}. Each |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
197 |
rectangle represents a single transaction. Take for example |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
198 |
the rightmost lower transaction from Charles to Emily. This |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
199 |
transaction has as receiver the address of Emily and as the |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
200 |
sender the address of Charles. In this way no Bitcoins can |
319
e6afcdabd3ea
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
318
diff
changeset
|
201 |
appear out of thin air (we will discuss later how Bitcoins are |
e6afcdabd3ea
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
318
diff
changeset
|
202 |
actually generated). If Charles did not have a transaction of |
e6afcdabd3ea
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
318
diff
changeset
|
203 |
at least the amount he wants to give Emily to his name |
e6afcdabd3ea
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
318
diff
changeset
|
204 |
(i.e.~send to an address with his public-private key) then |
e6afcdabd3ea
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
318
diff
changeset
|
205 |
there is no way he can make a payment to Emily. Equally, if |
e6afcdabd3ea
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
318
diff
changeset
|
206 |
now Emily wants to pay for a coffee, say, with the Bitcoin she |
320
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
207 |
received from Charles she can essentially only forward the |
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
208 |
message she received. The only slight complication with this |
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
209 |
setup in Bitcoins is that ``incoming'' Bitcoins can be |
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
210 |
combined in a transaction and ``outgoing'' Bitcoins can be |
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
211 |
split. For example in the leftmost upper transactions in |
321
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
212 |
Figure~\ref{txngraph}, Fred makes a payment to Alice. But this |
319
e6afcdabd3ea
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
318
diff
changeset
|
213 |
payment (or transaction) combines the Bitcoins that were send |
e6afcdabd3ea
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
318
diff
changeset
|
214 |
by Jane to Fred and also by Juan to Fred. This allows you to |
321
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
215 |
``consolidate'' your funds: if it were only possible to split |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
216 |
transactions, then the amounts would get smaller and smaller. |
320
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
217 |
|
323
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
218 |
In Bitcoins you have the ability to both combine incoming |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
219 |
transactions, but also to split outgoing transactions to |
346
5a6e8b7d20f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
339
diff
changeset
|
220 |
potentially more than one receiver. The latter is also needed. |
323
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
221 |
Consider again the rightmost transactions in |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
222 |
Figure~\ref{txngraph} and suppose Alice is a coffeeshop owner |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
223 |
selling coffees for 1 Bitcoin. Charles received a transaction |
339
0e78c809b17f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
336
diff
changeset
|
224 |
from Zack over 5 Bitcoins, say. How does Charles pay for the |
323
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
225 |
coffee? There is no explicit notion of \emph{change} in the |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
226 |
Bitcoin system. What Charles has to do instead is to make one |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
227 |
single transaction with 1 Bitcoin to Alice and with 4 Bitcoins |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
228 |
going back to himself, which then Charles can use to give to |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
229 |
Emily, for example. |
318
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
230 |
|
319
e6afcdabd3ea
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
318
diff
changeset
|
231 |
\begin{figure}[t] |
318
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
232 |
\begin{center} |
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
233 |
\includegraphics[scale=0.4]{../pics/blockchain.png} |
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
234 |
\end{center} |
319
e6afcdabd3ea
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
318
diff
changeset
|
235 |
\caption{Transaction graph that is implicitly recorded in the |
e6afcdabd3ea
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
318
diff
changeset
|
236 |
public blockchain.\label{txngraph}} |
e6afcdabd3ea
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
318
diff
changeset
|
237 |
\end{figure} |
e6afcdabd3ea
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
318
diff
changeset
|
238 |
|
321
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
239 |
Let us consider another example. Suppose Emily received 4 |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
240 |
Bitcoins from Charles and independently received another |
319
e6afcdabd3ea
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
318
diff
changeset
|
241 |
transaction (not shown in the picture) that sends 6 Bitcoins |
e6afcdabd3ea
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
318
diff
changeset
|
242 |
to her. If she now wants to buy a coffee from Alice for 1 |
321
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
243 |
Bitcoin, she has two possibilities: She could just forward the |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
244 |
transaction from Charles over 4 Bitcoins to Alice split in |
319
e6afcdabd3ea
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
318
diff
changeset
|
245 |
such a way that Alice receives 1 Bitcoin and Emily sends the |
323
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
246 |
remaining 3 Bitcoins back to herself. In this case she would |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
247 |
now be in the possession of two unspend Bitcoin transactions, |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
248 |
one over 3 Bitcoins and the independent one over 6 Bitcoins. |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
249 |
Or, Emily could combine both transactions (one over 4 Bitcoins |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
250 |
from Charles and the independent one over 6 Bitcoins) and then |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
251 |
split this amount with 1 Bitcoin going to Alice and 9 Bitcoins |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
252 |
going back to herself. |
319
e6afcdabd3ea
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
318
diff
changeset
|
253 |
|
320
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
254 |
I think this is a good time for you to pause to let this |
323
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
255 |
concept of transactions to really sink in\ldots{}You should |
339
0e78c809b17f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
336
diff
changeset
|
256 |
come to the conclusion that there is really no need for a central ledger and no |
323
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
257 |
need for an account balance as familiar from traditional |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
258 |
banking. The closest what Bitcoin has to offer for the notion |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
259 |
of a balance in a bank account are the unspend transactions |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
260 |
that a person (more precisely a public-private key address) |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
261 |
received. That means transactions that can still be forwarded. |
319
e6afcdabd3ea
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
318
diff
changeset
|
262 |
|
320
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
263 |
After the pause also consider the fact that whatever |
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
264 |
transaction is recorded in the blockchain will be in the |
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
265 |
``historical record'' for the Bitcoin system. If a transaction |
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
266 |
says 1 Bitcoin goes from address $A$ to address $B$, then this |
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
267 |
is what will be---$B$ has then the possibility to spend the |
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
268 |
corresponding Bitcoins, whether the transaction was done |
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
269 |
fraudulently or not. There is no exception to this rule. |
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
270 |
Interestingly this is also how Bitcoins can get lost: One |
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
271 |
possibility is that you send Bitcoins to an address for which |
321
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
272 |
nobody has generated a private key, for example because of a |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
273 |
typo in the address field---bad luck for fat |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
274 |
fingers\footnote{\url{http://en.wikipedia.org/wiki/Typographical_error}} |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
275 |
in the Bitcoin system. The reason is that nobody has a private |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
276 |
key for this erroneous address and consequently cannot forward |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
277 |
the transaction anymore. Another possibility is that you |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
278 |
forget your private key and you had messages forwarded to the |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
279 |
corresponding public key. Also in this case bad luck: you will |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
280 |
never be able to forward this message again, because you will |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
281 |
not be able to form a valid message that sends this to |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
282 |
somebody else (we will see the details of this later). But |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
283 |
this is also a way how you can get robbed of your Bitcoins. By |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
284 |
old-fashioned hacking-into-a-computer crime, for example, an |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
285 |
attacker might get hold of your private key and then quickly |
323
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
286 |
forwards the Bitcoins that are in your name to an address the |
321
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
287 |
attacker controls. You will never again have access to these |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
288 |
Bitcoins, because for the Bitcoin system they are assumed to |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
289 |
be spent. And remember with Bitcoins you cannot appeal to any |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
290 |
higher authority. Once the Bitcoins are gone, they are gone. |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
291 |
This is much different in traditional banking where at least |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
292 |
you can try to harass the bank to roll back the transaction. |
319
e6afcdabd3ea
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
318
diff
changeset
|
293 |
|
321
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
294 |
This brings us to back to problem of double spend. Suppose Bob |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
295 |
is a merchant. How can he make sure that Alice does not cheat |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
296 |
him? She could for example send a transaction to Bob. But also |
320
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
297 |
forward the ``same'' transaction to Charlie, or even herself. |
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
298 |
If Alice manages to get the second transaction into the |
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
299 |
blockchain, Bob will be cheated out of his money. The problem |
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
300 |
in such conflicting situations is how should the network |
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
301 |
update their blockchain? You might end up with a picture like |
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
302 |
this |
319
e6afcdabd3ea
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
318
diff
changeset
|
303 |
|
e6afcdabd3ea
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
318
diff
changeset
|
304 |
\begin{center} |
320
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
305 |
\includegraphics[scale=0.4]{../pics/bitcoindisagreement.png} |
319
e6afcdabd3ea
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
318
diff
changeset
|
306 |
\end{center} |
e6afcdabd3ea
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
318
diff
changeset
|
307 |
|
321
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
308 |
\noindent where Alice convinced some part of the ``world'' |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
309 |
that she is still the owner of the Bitcoin and some other part |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
310 |
of the ``world'' thinks it's Bob's. How should such a |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
311 |
disagreement be resolved? This is actually the main hurdle |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
312 |
where Bitcoin really innovated. The answer is that Bob needs |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
313 |
to convince ``enough'' people on the network that the |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
314 |
transaction from Alice to him is legit. |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
315 |
|
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
316 |
What does, however, ``enough'' mean in a distributed system? |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
317 |
If Alice sets up a network of a billion, say, puppy identities |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
318 |
and whenever Bob tries to convince, or validate, that he is |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
319 |
the rightful owner of the Bitcoin, then the puppy identities |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
320 |
agree. Bob would then have no reason to not give Alice her |
323
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
321 |
coffee. But behind his back she has convinced everybody else |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
322 |
on the network that she is still the rightful owner of the |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
323 |
Bitcoin. After being outvoted, Bob would be a tad peeved. |
320
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
324 |
|
321
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
325 |
The reflex reaction to such a situation would be to make the |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
326 |
process of validating a transaction as cheap as possible. The |
346
5a6e8b7d20f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
339
diff
changeset
|
327 |
intention is that Bob will easily get enough peers to agree with him |
321
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
328 |
that he is the rightful owner. But such a solution has always |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
329 |
the limitation of Alice setting up an even bigger network of |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
330 |
puppy identities. The really cool idea of Bitcoin is to go |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
331 |
into the other direction of making the process of transaction |
320
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
332 |
validation (artificially) as expensive as possible, but reward |
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
333 |
people for helping with the validation. This is really a novel |
321
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
334 |
and counterintuitive idea that makes the whole system of |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
335 |
Bitcoins work so beautifully. |
320
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
336 |
|
321
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
337 |
\subsubsection*{Proof-of-Work Puzzles} |
319
e6afcdabd3ea
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
318
diff
changeset
|
338 |
|
320
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
339 |
In order to make the process of transaction validation |
323
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
340 |
difficult, Bitcoin uses a kind of puzzle. Solving the puzzles |
321
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
341 |
is called \emph{Bitcoin mining}, where whoever solves a puzzle |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
342 |
will be awarded some Bitcoins. At the beginning this was 50 |
320
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
343 |
Bitcoins, but the rules of Bitcoin are set up such that this |
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
344 |
amount halves every 210,000 transactions or so. Currently you |
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
345 |
will be awarded 25 Bitcoins for solving a puzzle. Because the |
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
346 |
amount will halve again and then later again and again, around |
321
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
347 |
the year 2140 it will go below the level of 1 Satoshi. In that |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
348 |
event no new Bitcoins will ever be created again and the |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
349 |
amount of Bitcoins stays fixed. There will be still an |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
350 |
incentive to help with validating transactions, because there |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
351 |
is the possibility in Bitcoins to offer a transaction fee to |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
352 |
whoever solves a puzzle. At the moment this fee is usually set |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
353 |
to 0, since the incentive for miners is the 25 Bitcoins that |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
354 |
are currently awarded for solving puzzles. |
320
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
355 |
|
321
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
356 |
What do the puzzles that miners have to solve look like? The |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
357 |
puzzles can be illustrated roughly as follows: Given a string, |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
358 |
say \code{"Hello, world!"}, what is the salt so that the hash |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
359 |
starts with a long run of zeros? Let us look at a concrete |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
360 |
example. Recall that Bitcoins use the hash-function SHA-256. |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
361 |
Suppose we call this hash function \code{h}, then we could try |
320
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
362 |
the salt \code{0} as follows: |
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
363 |
|
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
364 |
\begin{quote} |
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
365 |
\code{h("Hello, world!0") =}\\ |
321
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
366 |
\mbox{}\quad\footnotesize\pcode{1312af178c253f84028d480a6adc1e25e81caa44c749ec81976192e2ec934c64} |
320
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
367 |
\end{quote} |
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
368 |
|
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
369 |
\noindent OK this does not have any zeros at all. We could |
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
370 |
next try the salt \code{1}: |
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
371 |
|
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
372 |
\begin{quote} |
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
373 |
\code{h("Hello, world!1") =}\\ |
321
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
374 |
\mbox{}\quad\footnotesize\pcode{e9afc424b79e4f6ab42d99c81156d3a17228d6e1eef4139be78e948a9332a7d8} |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
375 |
\end{quote} |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
376 |
|
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
377 |
\noindent Again this hash value does not contain any leading |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
378 |
zeros. We could now try out every salt until we reach |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
379 |
|
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
380 |
\begin{quote} |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
381 |
\code{h("Hello, world!4250") =}\\ |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
382 |
\mbox{}\quad\footnotesize\pcode{0000c3af42fc31103f1fdc0151fa747ff87349a4714df7cc52ea464e12dcd4e9} |
320
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
383 |
\end{quote} |
bd5775cc8a45
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
319
diff
changeset
|
384 |
|
321
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
385 |
\noindent where we have four leading zeros. If four zeros are |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
386 |
enough, then the puzzle would be solved with this salt. The |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
387 |
point is that we can very quickly check whether a salt solves |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
388 |
a puzzle, but it is hard to find one. Latest research suggest |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
389 |
it is an NP-problem. If we want the output hash value to begin |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
390 |
with 10 zeroes, say, then we will, on average, need to try |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
391 |
$16^{10} \approx 10^{12}$ different salts before we find a |
323
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
392 |
suitable one. |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
393 |
|
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
394 |
In Bitcoins the puzzles are not solved according to how many |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
395 |
leading zeros a hash-value has, but rather whether it is below |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
396 |
a \emph{target}. The hardness of the puzzle can actually be |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
397 |
controlled by changing the target according to the available |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
398 |
computational power available. I think the adjustment of the |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
399 |
hardness of the problems is done every 2060 blocks |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
400 |
(appr.~every two weeks). I am not sure whether this is an |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
401 |
automatic process. The aim of the adjustment is that on |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
402 |
average the Bitcoin network will most likely solve a puzzle |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
403 |
within 10 Minutes. |
321
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
404 |
|
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
405 |
\begin{center} |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
406 |
\includegraphics[scale=0.37]{../pics/blockchainsolving.png} |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
407 |
\end{center} |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
408 |
|
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
409 |
\noindent It could be solved quicker, but equally it could |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
410 |
take longer, but on average after 10 Minutes somebody on the |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
411 |
network will have found a solution. |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
412 |
|
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
413 |
Remember that the puzzles are a kind of proof-of-work that |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
414 |
make the validation of transactions artificially expensive. |
323
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
415 |
Consider the following picture with a blockchain and some |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
416 |
unconfirmed transactions. |
321
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
417 |
|
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
418 |
\begin{equation} |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
419 |
\includegraphics[scale=0.38]{../pics/bitcoin_unconfirmed.png} |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
420 |
\label{unconfirmed} |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
421 |
\end{equation} |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
422 |
|
346
5a6e8b7d20f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
339
diff
changeset
|
423 |
\noindent The puzzle is stated as follows: There are some |
323
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
424 |
unconfirmed transactions. Choosing some of them, the miner |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
425 |
(i.e.~the person/computer that tries to solve a puzzle) will |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
426 |
form a putative block to be added to the blockchain. This |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
427 |
putative block will contain the transactions and the reference |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
428 |
to the previous block. The serial number of such a block is |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
429 |
simply the hash of all the data. The puzzle can then be stated |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
430 |
as the ``string'' corresponding to the block and which salt is |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
431 |
needed in order to have the hashed value being below the |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
432 |
target. Other miners will choose different transactions and |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
433 |
therefore work on a slightly different putative block and |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
434 |
puzzle. |
321
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
435 |
|
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
436 |
The intention of the proof-of-work puzzle is that the |
323
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
437 |
blockchain is at every given moment linearly ordered, see the |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
438 |
picture shown in \eqref{unconfirmed}. If we don’t have such a |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
439 |
linear ordering at any given moment then it may not be clear |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
440 |
who owns which Bitcoins. Assume a miner David is lucky and |
346
5a6e8b7d20f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
339
diff
changeset
|
441 |
finds a suitable salt to confirm some transactions. Should he |
323
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
442 |
celebrate? Not yet. Typically the blockchain will look as |
321
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
443 |
follows |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
444 |
|
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
445 |
\begin{center} |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
446 |
\includegraphics[scale=0.65]{../pics/block_chain1.png} |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
447 |
\end{center} |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
448 |
|
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
449 |
\noindent But every so often there will be a fork |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
450 |
|
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
451 |
\begin{center} |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
452 |
\includegraphics[scale=0.65]{../pics/block_chain_fork.png} |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
453 |
\end{center} |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
454 |
|
323
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
455 |
\noindent What should be done in this case? Well, the tie is |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
456 |
broken if another block is solved, like so: |
321
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
457 |
|
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
458 |
\begin{center} |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
459 |
\includegraphics[scale=0.4]{../pics/bitcoin_blockchain_branches.png} |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
460 |
\end{center} |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
461 |
|
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
462 |
\noindent The rule in Bitcoins is: If a fork occurs, people on |
323
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
463 |
the network keep track of all forks (they can see). But at any |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
464 |
given time, miners only work to extend whichever fork is |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
465 |
longest in their copy of the block chain. Why should miners |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
466 |
work on the longest fork? Well their incentive is to mine |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
467 |
Bitcoins. If somebody else already solved a puzzle, then it |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
468 |
makes more sense to work on a new puzzle and obtain the |
346
5a6e8b7d20f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
339
diff
changeset
|
469 |
Bitcoins for solving that puzzle, rather than waste efforts on |
323
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
470 |
a fork that is shorter and therefore less likely to be |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
471 |
``accepted''. Note that whoever solved a puzzle on the |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
472 |
``loosing'' fork will actually not get any Bitcoins as reward. |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
473 |
Tough luck. |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
474 |
|
321
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
475 |
|
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
476 |
\subsubsection*{Alice against the Rest of the World} |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
477 |
|
323
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
478 |
Let us see how the blockchain and the proof-of-work puzzles |
321
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
479 |
avoid the problem of double spend. If Alice wants to cheat |
323
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
480 |
Bob, she would need to pull off the following ploy: |
321
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
481 |
|
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
482 |
\begin{center} |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
483 |
\includegraphics[scale=0.4]{../pics/bitcoin_blockchain_double_spend.png} |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
484 |
\end{center} |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
485 |
|
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
486 |
\noindent Alice makes a transaction to Bob for paying, for |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
487 |
example, for an online order. This transaction is confirmed, |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
488 |
or validated, in block 2. Bob ships the goods around block 4. |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
489 |
In this moment, Alice needs to get into action and try to |
323
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
490 |
validate the fraudulent transaction to herself instead. At |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
491 |
this moment she is in a race against all the computing power |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
492 |
of the ``rest of the world''. Because the incentive of the |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
493 |
rest of the world is to work on the longest chain, that is the |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
494 |
one with the transaction from Alice to Bob: |
321
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
495 |
|
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
496 |
\begin{center} |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
497 |
\includegraphics[scale=0.4]{../pics/bitcoin_doublespend_blockchain_race.png} |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
498 |
\end{center} |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
499 |
|
323
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
500 |
\noindent As shown in the picture she has to solve the puzzles |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
501 |
2a to 5a one after the other, because the hash of a block is |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
502 |
determined via the reference by all the data in the previous |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
503 |
block. She might be very lucky to solve one puzzle for a block |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
504 |
before the rest of the world, but to be lucky many times is |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
505 |
very unlikely. This principle of having to race against the |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
506 |
rest of the world avoids the ploy of double spend. |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
507 |
|
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
508 |
In order to raise the bar for Alice even further, merchants |
346
5a6e8b7d20f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
339
diff
changeset
|
509 |
accepting Bitcoins use the following rule of thumb: A |
323
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
510 |
transaction is ``confirmed'' if |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
511 |
|
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
512 |
\begin{itemize} |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
513 |
\item[(1)] it is part of a block in the longest fork, and |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
514 |
\item[(2)] at least 5 blocks follow it in the longest fork. In |
346
5a6e8b7d20f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
339
diff
changeset
|
515 |
this case we say that the transaction has 6 |
5a6e8b7d20f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
339
diff
changeset
|
516 |
confirmations. |
323
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
517 |
\end{itemize} |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
518 |
|
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
519 |
\noindent A simple calculation shows that this amount of |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
520 |
confirmations can take up to 1 hour and more. While this seems |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
521 |
excessively long, from the merchant's point of view it is not |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
522 |
that long at all. For this recall that ordinary creditcards |
321
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
523 |
can have their transactions been rolled-back for 6 months or |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
524 |
so. The point however is that the odds for Alice being able to |
323
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
525 |
cheat are very low, unless she can muster more than 50\% of |
346
5a6e8b7d20f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
339
diff
changeset
|
526 |
the world Bitcoin mining capacity. In this case she could |
5a6e8b7d20f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
339
diff
changeset
|
527 |
out-race the rest of the world. The point is however that |
5a6e8b7d20f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
339
diff
changeset
|
528 |
amassing such an amount of computing power is practically |
5a6e8b7d20f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
339
diff
changeset
|
529 |
impossible for a single person or even a moderately large |
5a6e8b7d20f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
339
diff
changeset
|
530 |
group. |
321
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
531 |
|
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
532 |
Connected with the 6-confirmation rule is an interesting |
346
5a6e8b7d20f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
339
diff
changeset
|
533 |
phenomenon. On average, it would take several years for a typical |
5a6e8b7d20f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
339
diff
changeset
|
534 |
computer to solve a proof-of-work puzzle, so an individual’s chance of |
5a6e8b7d20f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
339
diff
changeset
|
535 |
ever solving one before the rest of the world, which typically takes |
5a6e8b7d20f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
339
diff
changeset
|
536 |
only 10 minutes, is negligibly low. Therefore many people join groups |
5a6e8b7d20f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
339
diff
changeset
|
537 |
called \emph{mining pools} that collectively work to solve blocks, and |
5a6e8b7d20f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
339
diff
changeset
|
538 |
distribute rewards based on work contributed. These mining pools act |
5a6e8b7d20f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
339
diff
changeset
|
539 |
somewhat like lottery pools among co-workers, except that some of |
5a6e8b7d20f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
339
diff
changeset
|
540 |
these pools are quite large, and comprise more than 20\% of all the |
5a6e8b7d20f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
339
diff
changeset
|
541 |
computers in the network. It is said that BTC, a large mining pool, |
5a6e8b7d20f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
339
diff
changeset
|
542 |
has limited its number of members in order to not solve more than 6 |
5a6e8b7d20f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
339
diff
changeset
|
543 |
blocks in a row. Otherwise this would undermine the trust in Bitcoins, |
5a6e8b7d20f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
339
diff
changeset
|
544 |
which is also not in the interest of BTC, I guess. Some statistics on |
5a6e8b7d20f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
339
diff
changeset
|
545 |
mining pools can be seen at |
323
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
546 |
|
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
547 |
\begin{center} |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
548 |
\url{https://blockchain.info/pools} |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
549 |
\end{center} |
321
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
550 |
|
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
551 |
\subsubsection*{Bitcoins for Real} |
250fd40211c7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
320
diff
changeset
|
552 |
|
346
5a6e8b7d20f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
339
diff
changeset
|
553 |
Let us now turn to the nitty gritty details. As a participant in the |
5a6e8b7d20f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
339
diff
changeset
|
554 |
Bitcoin networ you need to generate and store a public-private key |
5a6e8b7d20f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
339
diff
changeset
|
555 |
pair. The public key you need to advertise in order to receive |
5a6e8b7d20f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
339
diff
changeset
|
556 |
payments (transactions). The private key needs to be securely stored. |
323
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
557 |
For this there seem to be three possibilities |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
558 |
|
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
559 |
\begin{itemize} |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
560 |
\item an electronic wallet on your computer |
346
5a6e8b7d20f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
339
diff
changeset
|
561 |
\item a cloud-based storage (offered by some Bitcoin services) |
323
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
562 |
\item paper-based |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
563 |
\end{itemize} |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
564 |
|
346
5a6e8b7d20f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
339
diff
changeset
|
565 |
\noindent The first two options of course offer convenience for making |
5a6e8b7d20f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
339
diff
changeset
|
566 |
and receiving transactions. But given the nature of the private keys |
5a6e8b7d20f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
339
diff
changeset
|
567 |
and how much security relies on them (recall if somebody gets hold of |
5a6e8b7d20f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
339
diff
changeset
|
568 |
it, your Bitcoins are quickly lost forever) I would opt for the third |
5a6e8b7d20f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
339
diff
changeset
|
569 |
option for anything except for trivial amounts of Bitcoins. As we have |
5a6e8b7d20f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
339
diff
changeset
|
570 |
seen earlier in the course, securing a computer system that it can |
5a6e8b7d20f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
339
diff
changeset
|
571 |
withstand a breakin is still very much an unsolved problem. |
323
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
572 |
|
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
573 |
An interesting fact with Bitcoin keys is that there is no |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
574 |
check for duplicate addresses. This means when generating a |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
575 |
public-private key, you should really start with a carefully |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
576 |
chosen random number such that there is really no chance to |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
577 |
step on somebody's feet in the $2^{160}$ space of |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
578 |
possibilities. Again if you share an address with somebody |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
579 |
else, he or she has access to all your unspend transactions. |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
580 |
The absence of such a check is easily explained: How would one |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
581 |
do this in a distributed system? The answer you can't. It is |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
582 |
possible to do some sanity check of addresses that are already |
346
5a6e8b7d20f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
339
diff
changeset
|
583 |
used in the blockchain, but this is not a fail-proof method. |
323
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
584 |
One really has to trust on the enormity of the $2^{160}$ |
346
5a6e8b7d20f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
339
diff
changeset
|
585 |
space for addresses. |
323
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
586 |
|
346
5a6e8b7d20f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
339
diff
changeset
|
587 |
Let us now look at the concrete data that is stored in an transaction |
323
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
588 |
message: |
319
e6afcdabd3ea
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
318
diff
changeset
|
589 |
|
322
8c07340af3b9
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
321
diff
changeset
|
590 |
\lstinputlisting[language=Scala]{../slides/msg} |
8c07340af3b9
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
321
diff
changeset
|
591 |
|
323
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
592 |
\noindent The hash in Line 1 is the hash of all the data that |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
593 |
follows. It is a kind of serial number for the transaction. |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
594 |
Line 2 contains a version number in case there are some |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
595 |
incompatible changes to be made. Lines 3 and 4 specify how |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
596 |
many incoming transactions are combined and how many outgoing |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
597 |
transactions there are. In our example there are one for each. |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
598 |
Line 5 specifies a lock time for when the transaction is |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
599 |
supposed to become active---this is usually set to 0 to become |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
600 |
active immediately. Line 6 specifies the size of the message; |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
601 |
it has nothing to do with the Bitcoins that are transferred. |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
602 |
Lines 7 to 11 specify where the Bitcoins in the transaction |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
603 |
are coming from. The has in line 9 specifies the incoming |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
604 |
transaction and the \pcode{n} in Line 10 specifies which |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
605 |
output of the transaction is referred to. The signature in |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
606 |
line 11 specifies the address (public key $K^{pub}$) from |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
607 |
where the Bitcoins are taken and the digital signature of the |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
608 |
address, that is $\{K^{pub}\}_{K^{priv}}$. Lines 12 to 15 |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
609 |
specify the value of the first outgoing transaction. In this |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
610 |
case 0.319 Bitcoins. The hash in Line 14 specifies the address |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
611 |
to where the Bitcoins are transferred. |
322
8c07340af3b9
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
321
diff
changeset
|
612 |
|
323
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
613 |
As can be seen there is no need to issue serial numbers for |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
614 |
transactions, the hash of the transaction data can do this |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
615 |
job. The hash will contain the sender addresses and |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
616 |
hash-references to the incoming transactions, as well as the |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
617 |
public key of the incoming transaction. This uniquely |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
618 |
identifies a transaction and the hash is the unique |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
619 |
fingerprint of it. The in-field also contains the address to |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
620 |
which a earlier transaction is made. The digital signature |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
621 |
ensures everybody can check that the person who makes this |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
622 |
transaction is in the possession of the private key. Otherwise |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
623 |
the signature would not match up with the public-key address. |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
624 |
|
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
625 |
When mining the blockchain it only needs to be ensured that |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
626 |
the transactions are consistent (all hashes and signatures |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
627 |
match up). Then we need to generate the correct previous-block |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
628 |
link and solve the resulting puzzle. Once the block is |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
629 |
accepted, everybody can check the integrity of the whole |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
630 |
blockchain. |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
631 |
|
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
632 |
A word of warning: The point of a lottery is that some people |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
633 |
win. But equally, that most people lose. Mining Bitcoins has |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
634 |
pretty much the same point. According to the article below, a |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
635 |
very large machine (very, very large in terms of June 2014) |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
636 |
could potentially mine \$40 worth of Bitcoins a day, but would |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
637 |
require magnitudes more of electricity costs to do so. |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
638 |
|
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
639 |
\begin{center} |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
640 |
\url{http://bitcoinmagazine.com/13774/government-bans-professor-mining-bitcoin-supercomputer/} |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
641 |
\end{center} |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
642 |
|
367
3f0738fc8230
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
366
diff
changeset
|
643 |
\noindent Bitcoin mining nowadays is only competitive, or |
3f0738fc8230
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
366
diff
changeset
|
644 |
profitable, if you get the energy for free, or use special |
3f0738fc8230
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
366
diff
changeset
|
645 |
purpose computing devices. |
3f0738fc8230
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
366
diff
changeset
|
646 |
|
3f0738fc8230
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
366
diff
changeset
|
647 |
This about ``free'' energy can actually hurt you very badly in |
3f0738fc8230
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
366
diff
changeset
|
648 |
unexpected ways. You probably have heard about, or even used, |
3f0738fc8230
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
366
diff
changeset
|
649 |
Amazon's Elastic Compute Cloud (EC2). Essentially, Amazon is |
3f0738fc8230
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
366
diff
changeset
|
650 |
selling computing power that you can use to run your web site, |
3f0738fc8230
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
366
diff
changeset
|
651 |
for example. It is \emph{elastic} in the sense that if you |
3f0738fc8230
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
366
diff
changeset
|
652 |
have a lot of visitors, you pay a lot, if you have only a few, |
3f0738fc8230
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
366
diff
changeset
|
653 |
then it is cheap. In order to bill you they, you need to set |
3f0738fc8230
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
366
diff
changeset
|
654 |
up an account with Amazon and receive some secret keys in |
3f0738fc8230
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
366
diff
changeset
|
655 |
order to authenticate you. The clever (but also dangerous) bit |
3f0738fc8230
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
366
diff
changeset
|
656 |
is that you upload the code of your web site to GitHub and |
3f0738fc8230
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
366
diff
changeset
|
657 |
Amazon will pull it from there. You can probably already guess |
3f0738fc8230
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
366
diff
changeset
|
658 |
where this is going: in order to learn about Amazon's API, it |
3f0738fc8230
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
366
diff
changeset
|
659 |
gives out some limited computing power for free. Somebody used |
3f0738fc8230
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
366
diff
changeset
|
660 |
this offer in order to teach himself Ruby on Rails with a |
3f0738fc8230
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
366
diff
changeset
|
661 |
mildly practical website. Unfortunately, he uploaded also his |
3f0738fc8230
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
366
diff
changeset
|
662 |
secret keys to GitHub (this is really an easy mistake). Now, |
3f0738fc8230
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
366
diff
changeset
|
663 |
nasty people crawl GitHub for the purpose of stealing such |
3f0738fc8230
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
366
diff
changeset
|
664 |
secret keys. What can they do with this? Well, they quickly |
3f0738fc8230
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
366
diff
changeset
|
665 |
max out the limit of computing power with Amazon and mine |
3f0738fc8230
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
366
diff
changeset
|
666 |
Bitcoins (under somebody else's account). Fortunately for this |
3f0738fc8230
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
366
diff
changeset
|
667 |
guy, Amazon was aware of this scam and in a goodwill gesture |
3f0738fc8230
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
366
diff
changeset
|
668 |
refunded him the money the nasty guys incurred over |
3f0738fc8230
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
366
diff
changeset
|
669 |
night with their Bitcoin mining. If you want to read the |
3f0738fc8230
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
366
diff
changeset
|
670 |
complete story, google for ``My \$2375 Amazon EC2 Mistake''. |
3f0738fc8230
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
366
diff
changeset
|
671 |
|
322
8c07340af3b9
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
321
diff
changeset
|
672 |
|
346
5a6e8b7d20f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
339
diff
changeset
|
673 |
\subsubsection*{Anonymity with Bitcoins} |
322
8c07340af3b9
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
321
diff
changeset
|
674 |
|
8c07340af3b9
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
321
diff
changeset
|
675 |
One question one often hears is how anonymous is it actually |
323
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
676 |
to pay with Bitcoins? Paying with paper money used to be a |
367
3f0738fc8230
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
366
diff
changeset
|
677 |
quite anonymous act (unlike paying with credit cards, for |
323
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
678 |
example). But this has changed nowadays: You cannot come to a |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
679 |
bank anymore with a suitcase full of money and try to open a |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
680 |
bank account. Strict money laundering and taxation laws mean |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
681 |
that not even Swiss banks are prepared to take such money and |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
682 |
open a bank account. That is why Bitcoins are touted as |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
683 |
filling this niche again of anonymous payments. |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
684 |
|
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
685 |
While Bitcoins are intended to be anonymous, the reality is |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
686 |
slightly different. I fully agree with the statement by |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
687 |
Nielsen from the blog article I referenced at the beginning: |
322
8c07340af3b9
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
321
diff
changeset
|
688 |
|
8c07340af3b9
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
321
diff
changeset
|
689 |
\begin{quote}\it{}``Many people claim that Bitcoin can be used |
8c07340af3b9
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
321
diff
changeset
|
690 |
anonymously. This claim has led to the formation of |
8c07340af3b9
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
321
diff
changeset
|
691 |
marketplaces such as Silk Road (and various successors), which |
8c07340af3b9
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
321
diff
changeset
|
692 |
specialize in illegal goods. However, the claim that Bitcoin |
8c07340af3b9
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
321
diff
changeset
|
693 |
is anonymous is a myth. The block chain is public, meaning |
8c07340af3b9
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
321
diff
changeset
|
694 |
that it’s possible for anyone to see every Bitcoin transaction |
8c07340af3b9
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
321
diff
changeset
|
695 |
ever. Although Bitcoin addresses aren't immediately associated |
8c07340af3b9
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
321
diff
changeset
|
696 |
to real-world identities, computer scientists have done a |
8c07340af3b9
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
321
diff
changeset
|
697 |
great deal of work figuring out how to de-anonymise |
8c07340af3b9
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
321
diff
changeset
|
698 |
`anonymous' social networks. The block chain is a marvellous |
8c07340af3b9
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
321
diff
changeset
|
699 |
target for these techniques. I will be extremely surprised if |
8c07340af3b9
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
321
diff
changeset
|
700 |
the great majority of Bitcoin users are not identified with |
8c07340af3b9
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
321
diff
changeset
|
701 |
relatively high confidence and ease in the near future.'' |
8c07340af3b9
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
321
diff
changeset
|
702 |
\end{quote} |
8c07340af3b9
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
321
diff
changeset
|
703 |
|
347
efad8155513f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
346
diff
changeset
|
704 |
\noindent The only thing I can add to this is that with the Bitcoin |
efad8155513f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
346
diff
changeset
|
705 |
blockchain we will in the future have even more pleasure hearing |
efad8155513f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
346
diff
changeset
|
706 |
confessions from reputable or not-so-reputable people, like the |
efad8155513f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
346
diff
changeset
|
707 |
infamous ``I did not inhale'' from an US |
efad8155513f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
346
diff
changeset
|
708 |
president.\footnote{\url{www.youtube.com/watch?v=Bktd_Pi4YJw}} The |
efad8155513f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
346
diff
changeset
|
709 |
whole point of the blockchain is that it public and will always be. |
323
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
710 |
|
347
efad8155513f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
346
diff
changeset
|
711 |
There are some precautions one can take for boosting anonymity, for |
efad8155513f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
346
diff
changeset
|
712 |
example to use a new public-private key pair for every new |
efad8155513f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
346
diff
changeset
|
713 |
transaction, and to access Bitcoin only through the Tor network. But |
efad8155513f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
346
diff
changeset
|
714 |
the transactions in Bitcoins are designed such that they allow one to |
efad8155513f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
346
diff
changeset
|
715 |
combine incoming transactions. In such cases we know they must have |
efad8155513f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
346
diff
changeset
|
716 |
been made by the single person who knew the corresponding private |
efad8155513f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
346
diff
changeset
|
717 |
keys. So using different public-private keys for each transaction |
efad8155513f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
346
diff
changeset
|
718 |
might not actually make the de-anonymisation task much harder. And the |
efad8155513f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
346
diff
changeset
|
719 |
point about de-ano\-nymising `anonymous' social networks is that the |
efad8155513f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
346
diff
changeset
|
720 |
information is embedded into the structure of the transition |
efad8155513f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
346
diff
changeset
|
721 |
graph. And this cannot be erased with Bitcoins. |
346
5a6e8b7d20f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
339
diff
changeset
|
722 |
|
347
efad8155513f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
346
diff
changeset
|
723 |
One paper that has fun with spotting transactions made to Silk Road (2.0) |
efad8155513f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
346
diff
changeset
|
724 |
and also to Wikileaks is |
346
5a6e8b7d20f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
339
diff
changeset
|
725 |
|
5a6e8b7d20f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
339
diff
changeset
|
726 |
\begin{center} |
5a6e8b7d20f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
339
diff
changeset
|
727 |
\url{http://people.csail.mit.edu/spillai/data/papers/bitcoin-transaction-graph-analysis.pdf} |
5a6e8b7d20f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
339
diff
changeset
|
728 |
\end{center} |
5a6e8b7d20f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
339
diff
changeset
|
729 |
|
5a6e8b7d20f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
339
diff
changeset
|
730 |
\noindent |
5a6e8b7d20f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
339
diff
changeset
|
731 |
A paper that gathers some statistical data about the blockchain is |
5a6e8b7d20f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
339
diff
changeset
|
732 |
|
5a6e8b7d20f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
339
diff
changeset
|
733 |
\begin{center} |
5a6e8b7d20f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
339
diff
changeset
|
734 |
\url{https://eprint.iacr.org/2012/584.pdf} |
5a6e8b7d20f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
339
diff
changeset
|
735 |
\end{center} |
5a6e8b7d20f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
339
diff
changeset
|
736 |
|
5a6e8b7d20f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
339
diff
changeset
|
737 |
\subsubsection*{Government Meddling} |
322
8c07340af3b9
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
321
diff
changeset
|
738 |
|
347
efad8155513f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
346
diff
changeset
|
739 |
Finally, what are the options for a typical Western government to |
efad8155513f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
346
diff
changeset
|
740 |
meddle with Bitcoins? This is of course one feature the proponents of |
efad8155513f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
346
diff
changeset
|
741 |
Bitcoins also tout: namely that there aren't any options. In my |
efad8155513f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
346
diff
changeset
|
742 |
opinion this is far too naive and far from the truth. Let us assume |
efad8155513f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
346
diff
changeset
|
743 |
some law enforcement agencies would not have been able to uncover the |
efad8155513f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
346
diff
changeset
|
744 |
baddies from Silk Road 1.0 and 2.0 (they have done so by uncovering |
efad8155513f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
346
diff
changeset
|
745 |
the Tor network, which is an incredible feat on its own). Would the |
efad8155513f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
346
diff
changeset
|
746 |
government in question have stopped? I do not think so. The next |
efad8155513f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
346
diff
changeset
|
747 |
target would have been Bitcoin. If I were the government, this is |
efad8155513f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
346
diff
changeset
|
748 |
what I would consider: |
322
8c07340af3b9
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
321
diff
changeset
|
749 |
|
8c07340af3b9
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
321
diff
changeset
|
750 |
\begin{itemize} |
347
efad8155513f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
346
diff
changeset
|
751 |
\item The government could compel ``mayor players'' to blacklist |
efad8155513f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
346
diff
changeset
|
752 |
Bitcoins (for example at Bitcoin exchanges, which are usually |
efad8155513f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
346
diff
changeset
|
753 |
located somewhere in the vicinity of the government's reach). This |
efad8155513f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
346
diff
changeset
|
754 |
would impinge on what is called \emph{fungibility} of Bitcoins and |
efad8155513f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
346
diff
changeset
|
755 |
make them much less attractive to baddies. Suddenly their |
efad8155513f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
346
diff
changeset
|
756 |
``hard-earned'' Bitcoin money cannot be spent anymore. The attraction |
efad8155513f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
346
diff
changeset
|
757 |
of this option is that this blacklisting can be easily done |
efad8155513f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
346
diff
changeset
|
758 |
``whole-sale'' and therefore be really be an attractive target for |
efad8155513f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
346
diff
changeset
|
759 |
governments \& Co. |
323
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
760 |
\item The government could attempt to coerce the developer |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
761 |
community of the Bitcoin tools. While this might be a |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
762 |
bit harder, we know certain governments are ready to |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
763 |
take such actions (we have seen this with Lavabit, just |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
764 |
that the developers there refused to play ball and shut |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
765 |
down their complete operation). |
322
8c07340af3b9
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
321
diff
changeset
|
766 |
\item The government could also put pressure on mining pools |
323
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
767 |
in order to blacklist transactions from baddies. Or be a |
347
efad8155513f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
346
diff
changeset
|
768 |
big miner itself. Given the gigantic facilities that |
323
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
769 |
are built for institutions like the NSA (pictures from |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
770 |
the Utah dessert) |
322
8c07340af3b9
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
321
diff
changeset
|
771 |
|
8c07340af3b9
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
321
diff
changeset
|
772 |
\begin{center} |
8c07340af3b9
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
321
diff
changeset
|
773 |
\includegraphics[scale=0.04]{../pics/nsautah1.jpg} |
8c07340af3b9
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
321
diff
changeset
|
774 |
\hspace{3mm} |
8c07340af3b9
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
321
diff
changeset
|
775 |
\includegraphics[scale=0.031]{../pics/nsautah2.jpg} |
8c07340af3b9
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
321
diff
changeset
|
776 |
\end{center} |
8c07340af3b9
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
321
diff
changeset
|
777 |
|
347
efad8155513f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
346
diff
changeset
|
778 |
this would not be such a high bar to jump over. Remember it |
efad8155513f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
346
diff
changeset
|
779 |
``only'' takes to be temporarily in control of 50\%-plus of the |
efad8155513f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
346
diff
changeset
|
780 |
mining capacity in order to undermine the trust in the |
efad8155513f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
346
diff
changeset
|
781 |
system. Given sophisticated stories like Stuxnet (where we still |
efad8155513f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
346
diff
changeset
|
782 |
do not know the precise details) maybe even such large |
efad8155513f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
346
diff
changeset
|
783 |
facilities are not really needed. What happens, for example, if |
efad8155513f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
346
diff
changeset
|
784 |
a government starts DoS attacks on existing miners? They have |
efad8155513f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
346
diff
changeset
|
785 |
complete control (unfortunately) of all mayor connectivity |
efad8155513f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
346
diff
changeset
|
786 |
providers, i.e.~ISPs. |
323
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
787 |
|
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
788 |
There are estimates that the Bitcoin mining capacity |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
789 |
outperforms the top 500 supercomputers in the world, |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
790 |
combined(!): |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
791 |
|
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
792 |
\begin{center}\small |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
793 |
\url{http://www.forbes.com/sites/reuvencohen/2013/11/28/global-bitcoin-computing-power-now-256-times-faster-than-top-500-supercomputers-combined/} |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
794 |
\end{center} |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
795 |
|
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
796 |
But my gut feeling is that these are too simplistic |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
797 |
calculations. In security (and things like Bitcoins) the |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
798 |
world is never just black and white. The point is once |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
799 |
the trust is undermined, the Bitcoin system would need |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
800 |
to be evolved to Bitcoins 2.0. But who says that Bitcoin |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
801 |
2.0 will honour the Bitcoins from Version 1.0? |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
802 |
\end{itemize} |
322
8c07340af3b9
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
321
diff
changeset
|
803 |
|
346
5a6e8b7d20f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
339
diff
changeset
|
804 |
\noindent A government would potentially not really |
323
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
805 |
need to follow up with such threads. Just the rumour that it |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
806 |
would, could be enough to get the Bitcoin-house-of-cards to |
336
3cb200fa6d6a
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
323
diff
changeset
|
807 |
tumble. Some governments have already such an ``impressive'' |
323
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
808 |
trackrecord in this area, such a thread would be entirely |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
809 |
credible. Because of all this, I would not have too much hope |
347
efad8155513f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
346
diff
changeset
|
810 |
that Bitcoins are free from interference by governments \& Co when |
346
5a6e8b7d20f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
339
diff
changeset
|
811 |
it will stand in their way, despite what everybody else is |
323
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
812 |
saying. To sum up, the technical details behind Bitcoins are |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
813 |
simply cool. But still the entire Bitcoin ecosystem is in my |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
814 |
humble opinion rather fragile. |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
815 |
|
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
816 |
\subsubsection*{Further Reading} |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
817 |
|
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
818 |
Finally, finally, the article |
319
e6afcdabd3ea
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
318
diff
changeset
|
819 |
|
323
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
820 |
\begin{center}\small |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
821 |
\url{http://www.extremetech.com/extreme/155636-the-bitcoin-network-outperforms-the-top-500-supercomputers-combined} |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
822 |
\end{center} |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
823 |
|
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
824 |
\noindent makes an interesting point: If people are willing to |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
825 |
solve meaningless puzzles for hard, cold cash and with this |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
826 |
achieve rather impressive results, what could we achieve if |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
827 |
the UN, say, would find the money and incentivise people to, |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
828 |
for example, solve protein folding |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
829 |
puzzles?\footnote{\url{http://en.wikipedia.org/wiki/Protein_folding}} |
336
3cb200fa6d6a
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
323
diff
changeset
|
830 |
For this there are projects like |
346
5a6e8b7d20f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
339
diff
changeset
|
831 |
Folding@home.\footnote{\url{http://folding.stanford.edu}} |
323
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
832 |
This might help with curing diseases such as Alzheimer or |
336
3cb200fa6d6a
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
323
diff
changeset
|
833 |
diabetes. The same point is made in the article |
323
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
834 |
|
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
835 |
\begin{center}\small |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
836 |
\url{http://gizmodo.com/the-worlds-most-powerful-computer-network-is-being-was-504503726} |
0629590fd299
update
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
322
diff
changeset
|
837 |
\end{center} |
318
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
838 |
|
359
c90f803dc7ea
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
347
diff
changeset
|
839 |
A definitely interesting and worthy use of Bitcoins has been explored |
c90f803dc7ea
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
347
diff
changeset
|
840 |
in the thesis |
c90f803dc7ea
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
347
diff
changeset
|
841 |
|
c90f803dc7ea
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
347
diff
changeset
|
842 |
\begin{center} |
c90f803dc7ea
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
347
diff
changeset
|
843 |
\url{http://enetium.com/resources/Thesis.pdf} |
c90f803dc7ea
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
347
diff
changeset
|
844 |
\end{center} |
c90f803dc7ea
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
347
diff
changeset
|
845 |
|
c90f803dc7ea
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
347
diff
changeset
|
846 |
\noindent where the author proposes ways of publishing information |
c90f803dc7ea
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
347
diff
changeset
|
847 |
that is censor resistant as part of the blockchain. The idea is that |
c90f803dc7ea
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
347
diff
changeset
|
848 |
if a government wants to use Bitcoins, it would also have to put up |
c90f803dc7ea
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
347
diff
changeset
|
849 |
with plain-text data that can be included in a transaction. |
c90f803dc7ea
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
347
diff
changeset
|
850 |
|
318
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
851 |
\end{document} |
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
852 |
|
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
853 |
bit coin |
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
854 |
|
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
855 |
A fistful of bitcoins |
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
856 |
http://cseweb.ucsd.edu/~smeiklejohn/files/imc13.pdf |
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
857 |
http://cseweb.ucsd.edu/~smeiklejohn/files/imc13.pdf |
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
858 |
|
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
859 |
Ross Anderson & Co (no dispute resolution; co-ercion) |
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
860 |
http://www.cl.cam.ac.uk/~sjm217/papers/fc14evidence.pdf |
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
861 |
|
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
862 |
http://www.michaelnielsen.org/ddi/how-the-bitcoin-protocol-actually-works/ |
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
863 |
http://www.imponderablethings.com/2013/07/how-bitcoin-works-under-hood.html |
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
864 |
|
f376d16470e0
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
865 |
http://randomwalker.info/bitcoin/ |
360
eb2004430215
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
359
diff
changeset
|
866 |
|
eb2004430215
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
359
diff
changeset
|
867 |
Jeffrey Robinson |
eb2004430215
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
359
diff
changeset
|
868 |
Bitcon: The Naked Truth about Bitcoin |
371
690d778b9127
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
367
diff
changeset
|
869 |
|
690d778b9127
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
367
diff
changeset
|
870 |
The Bitcoin Backbone Protocol: Analysis and Applications |
690d778b9127
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
367
diff
changeset
|
871 |
https://eprint.iacr.org/2014/765.pdf |