sen-material: handouts/ho08.tex@bd5775cc8a45 (annotated)

318 f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1	\documentclass{article}
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	2	\usepackage{../style}
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	3	\usepackage{../graphics}
320 bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	4	\usepackage{../langs}
318 f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	5
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	6	\begin{document}
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	7
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	8	\section*{Handout 7 (Bitcoins)}
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	9
319 e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	10	In my opinion Bitcoins are an elaborate Ponzi
318 f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	11	scheme\footnote{\url{http://en.wikipedia.org/wiki/Ponzi_scheme}}---still
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	12	the ideas behind them are really beautiful and not too
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	13	difficult to understand. Since many colourful claims about
320 bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	14	Bitcoins float around in the mainstream and not-so-mainstream
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	15	media, it will be instructive to re-examine such claims from a
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	16	more technically informed vantage point. For example, it is
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	17	often claimed that Bitcoins are anonymous and free from any
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	18	potential government meddling. It turns out that the first
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	19	claim ignores a lot of research in de-anonymising social
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	20	networks, and the second underestimates the persuasive means a
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	21	government has at its disposal.
319 e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	22
320 bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	23	There are a lot of articles, blogposts, research papers
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	24	etc.~available about Bitcoins. Below I will follow closely the
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	25	very readable explanations from
318 f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	26
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	27	\begin{center}
319 e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	28	\url{http://www.michaelnielsen.org/ddi/how-the-bitcoin-protocol-actually-works/} \;\;and\smallskip\\
318 f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	29	\url{http://www.imponderablethings.com/2013/07/how-bitcoin-works-under-hood.html}
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	30	\end{center}
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	31
320 bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	32	\noindent The latter also contains a link to a nice youtube
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	33	video about the technical details behind Bitcoins.
318 f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	34
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	35	Let us start with the question who invented Bitcoins? You
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	36	could not make up the answer, but we actually do not know who
319 e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	37	the inventor is. All we know is that the first paper
318 f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	38
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	39	\begin{center}
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	40	\url{https://bitcoin.org/bitcoin.pdf}
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	41	\end{center}
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	42
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	43	\noindent is signed by Satoshi Nakamoto, which however is
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	44	likely only a pen name. There is a lot of speculation who
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	45	could be the inventor, or inventors, but we simply do not
320 bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	46	know. This part of Bitcoins is definitely anonymous. The paper
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	47	above is from the end of 2008; the first Bitcoin transaction
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	48	was made in January 2009. The rules in Bitcoin are set up so
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	49	that there will ever only be 21 Million Bitcoins with the
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	50	maximum reached around the year 2140. Currently there are
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	51	already 11 Million Bitcoins mined. Contrast this with
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	52	traditional fiat currencies where money can be printed almost
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	53	at will. The smallest unit of a Bitcoin is called a Satoshi
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	54	which is the $10^{-8}$th part of a Bitcoin. Remember a Penny
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	55	is the $10^{-2}$th part of a Pound.
318 f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	56
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	57	The two main cryptographic building blocks of Bitcoins are
319 e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	58	cryptographic hashing (SHA-256) and public-private keys using
e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	59	the elliptic-curve encryption scheme for digital signatures.
e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	60	Hashes are used to generate `fingerprints' of data that ensure
320 bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	61	integrity (absence of tampering). Public-private keys are used
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	62	for signatures. For example sending a message, say $msg$,
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	63	together with the encrypted version
318 f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	64
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	65	\[
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	66	msg, \{msg\}_{K^{priv}}
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	67	\]
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	68
320 bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	69	\noindent allows everybody with access to the corresponding
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	70	public key $K^{pub}$ to verify the message came from the
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	71	person who knew the private key. Signatures are used in
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	72	Bitcoins for verifying the addresses where the Bitcoins are
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	73	sent from. Addresses in Bitcoins are essentially the public
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	74	keys. There are $2^{160}$ possible addresses, which is such a
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	75	vast amount that there is not even a check for duplicates, or
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	76	already used addresses. If you start with a random number to
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	77	generate a public-private key pair it is very unlikely that
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	78	you step on somebody else's shoes. Compare this with the
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	79	email-addresses you always wanted to register with, say
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	80	Googlemail, but which are already taken.
318 f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	81
320 bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	82	One main difference between Bitcoins and traditional banking
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	83	is that you do not have a place that records the balance on
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	84	your account. Traditional banking involves a central ledger
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	85	which specifies the current balance in each account, for
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	86	example
318 f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	87
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	88	\begin{center}
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	89	\begin{tabular}{l\|r}
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	90	account & balance\\\hline
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	91	Alice & \pounds{10.01}\\
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	92	Bob & \pounds{4.99}\\
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	93	Charlie & -\pounds{1.23}\\
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	94	Eve & \pounds{0.00}
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	95	\end{tabular}
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	96	\end{center}
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	97
319 e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	98	\noindent Bitcoins work differently in that there is no such
e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	99	central ledger, but instead a public record of all
e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	100	transactions ever made. This means spending money corresponds
320 bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	101	to sending messages of the (oversimplified) form
318 f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	102
319 e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	103	\begin{equation}
e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	104	\{\text{I, Alice, am giving Bob one Bitcoin.}\}_{K^{priv}_{Alice}}
e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	105	\end{equation}
318 f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	106
320 bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	107	\noindent These messages, called transactions, are the only
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	108	data that is ever stored in the Bitcoin system (we will come
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	109	to the precise details later on). The transactions are
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	110	encrypted with Alice's private key such that everybody,
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	111	including Bob, can use Alice's public key $K^{pub}_{Alice}$
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	112	for verifying that this message came really from Alice, or
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	113	more precisely from the person who knows $K^{priv}_{Alice}$.
319 e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	114
e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	115	The problem with such messages in a distributed system is what
e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	116	happens if Bob receives 10, say, of these transactions. Did
e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	117	Alice intend to send him 10 Bitcoins, or did the message get
e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	118	duplicated by for example an attacker re-playing a sniffed
e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	119	message? What is needed is a kind of serial number for such
e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	120	transactions. This means transaction messages look more like
318 f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	121
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	122	\begin{center}
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	123	$\{\text{I, Alice, am giving Bob Bitcoin \#1234567.}\}_{K^{priv}_{Alice}}$
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	124	\end{center}
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	125
319 e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	126	\noindent There are two difficulties, however, that need to be
e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	127	solved. One is who is assigning serial numbers to Bitcoins and
e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	128	also how can Bob verify that Alice actually owns this Bitcoin
e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	129	to pay him? In a system with a bank as trusted third-party,
e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	130	Bob could do the following:
318 f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	131
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	132	\begin{itemize}
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	133	\item Bob asks the bank whether the Bitcoin with that serial
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	134	number belongs to Alice and Alice hasn’t already spent
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	135	this Bitcoin.
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	136	\item If yes, then Bob tells the bank he accepts this Bitcoin.
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	137	The bank updates the records to show that the Bitcoin
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	138	with that serial number is now in Bob’s possession and
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	139	no longer belongs to Alice.
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	140	\end{itemize}
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	141
319 e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	142	\noindent But for this banks would need to be trusted and
e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	143	would also be an easy target for any government interference,
e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	144	for example. Think of the early days of music sharing where
e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	145	the company Napster was the single point of ``failure'' which
320 bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	146	was taken offline by law enforcement. Bitcoins is more a
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	147	system like BitTorrent without a single central entity that
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	148	can be taken offline.
318 f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	149
320 bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	150	Bitcoin solves the problem of not being able to rely on a bank
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	151	by making everybody the ``bank''. Everybody who cares can have
319 e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	152	the entire transactions history starting with the first
e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	153	transaction made in January 2009. This history of transactions
e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	154	is called \emph{blockchain}. Bob, for example, can use his
e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	155	copy of the blockchain for determining whether Alice owned the
320 bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	156	Bitcoin he received, and if yes transmits the message to every
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	157	other participant on the Bitcoin network. The blockchain looks
319 e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	158	roughly like a very long chain of individual blocks
318 f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	159
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	160	\begin{center}
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	161	\includegraphics[scale=0.4]{../pics/bitcoinblockchain0.png}
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	162	\end{center}
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	163
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	164	\noindent Each block contains a list of individual
319 e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	165	transactions, called txn in the picture above, and also a
e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	166	reference to the previous block, called prev. The data in a
e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	167	block (txn's and prev) is hashed so that the reference and
e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	168	transactions in them cannot be tampered with. This hash is the
e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	169	unique serial number of each block. Since this
e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	170	previous-block-reference is also part of the hash, the whole
e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	171	chain is robust against tampering. I let you think why this is
320 bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	172	the case?\ldots{}But does it actually eliminate all
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	173	possibilities of fraud?
319 e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	174
320 bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	175	We can check the consistency of the blockchain by checking
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	176	whether all the references and hashes are correctly recorded.
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	177	I have not tried it myself, but it is said that with the
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	178	current amount of data (appr.~12GB) it takes roughly a day to
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	179	check the consistency of the blockchain on a ``normal''
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	180	computer. Fortunately this ``extended'' consistency check
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	181	usually only needs to be done once. After that it only needs
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	182	to be updated consistently.
318 f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	183
319 e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	184	Recall I wrote earlier that Bitcoins do not maintain a ledger
e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	185	listing all the current balances in each account. Instead they
320 bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	186	record only transactions. While a current balance of an
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	187	account is not immediately available, it is possible to
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	188	extract from the blockchain a transaction graph that looks
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	189	like the picture shown in Figure~\ref{txngraph}. Take for
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	190	example the rightmost lower transaction from Charles to Emily.
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	191	This transaction has as receiver the address of Emily and as
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	192	the sender the address of Charles. In this way no Bitcoins can
319 e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	193	appear out of thin air (we will discuss later how Bitcoins are
e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	194	actually generated). If Charles did not have a transaction of
e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	195	at least the amount he wants to give Emily to his name
e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	196	(i.e.~send to an address with his public-private key) then
e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	197	there is no way he can make a payment to Emily. Equally, if
e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	198	now Emily wants to pay for a coffee, say, with the Bitcoin she
320 bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	199	received from Charles she can essentially only forward the
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	200	message she received. The only slight complication with this
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	201	setup in Bitcoins is that ``incoming'' Bitcoins can be
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	202	combined in a transaction and ``outgoing'' Bitcoins can be
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	203	split. For example in the leftmost upper transactions in
319 e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	204	Figure~\ref{txngraph} Fred makes a payment to Alice. But this
e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	205	payment (or transaction) combines the Bitcoins that were send
e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	206	by Jane to Fred and also by Juan to Fred. This allows you to
e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	207	``consolidate'' your funds: if there was always only a way to
e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	208	split transactions, then the amounts would get smaller and
320 bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	209	smaller.
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	210
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	211	But in Bitcoins it is also important to have the ability to
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	212	split the money from one or more incoming transaction to
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	213	potentially more than one receiver. Consider again the
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	214	rightmost transactions in Figure~\ref{txngraph} and suppose
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	215	Alice is a coffeeshop owner selling coffees for 1 Bitcoin.
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	216	Charles received a transaction from Zack over 5 Bitcoins, say.
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	217	How does he pay for the coffee? There is no real notion of
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	218	change in the Bitcoin system. What Charles has to do instead
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	219	is to make one single transaction with 1 Bitcoin to Alice and
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	220	with 4 Bitcoins going back to himself, which then Charles can
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	221	use to give to Emily, for example.
318 f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	222
319 e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	223	\begin{figure}[t]
318 f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	224	\begin{center}
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	225	\includegraphics[scale=0.4]{../pics/blockchain.png}
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	226	\end{center}
319 e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	227	\caption{Transaction graph that is implicitly recorded in the
e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	228	public blockchain.\label{txngraph}}
e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	229	\end{figure}
e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	230
e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	231	Let us make another example. Let us assume Emily received 4
e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	232	Bitcoins from Charles and independently has another
e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	233	transaction (not shown in the picture) that sends 6 Bitcoins
e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	234	to her. If she now wants to buy a coffee from Alice for 1
320 bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	235	Bitcoin, she has two possibilities. She could just forward the
319 e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	236	transaction from Charles over 4 Bitcoins to Alice splitted in
e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	237	such a way that Alice receives 1 Bitcoin and Emily sends the
320 bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	238	remaining 3 Bitcoins ``back'' to herself. In this case she would
319 e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	239	now be in the ``posession'' of two unspend Bitcoin
e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	240	transactions, one over 3 Bitcoins and the independent one over
e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	241	6 Bitcoins. Or, Emily could combine both transactions (one
e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	242	over 4 Bitcoins from Charles and the independent one over 6
e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	243	Bitcoins) and then split this amount with 1 Bitcoin going to
e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	244	Alice and 9 Bitcoins going back to herself.
e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	245
320 bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	246	I think this is a good time for you to pause to let this
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	247	concept of transactions really sink in\ldots{}abusing the
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	248	words of a famous 60ies Band: With Bitcoins ``all you need is
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	249	transactions''. There is really no need for a central ledger
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	250	and no need for an account balance as familiar from
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	251	traditional banking. The closest what Bitcoin has to offer for
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	252	the notion of a balance in a bank account are the unspend
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	253	transaction that a person (more precisely a public-private key
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	254	address) received. That means transactions that can still be
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	255	forwarded.
319 e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	256
320 bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	257	After the pause also consider the fact that whatever
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	258	transaction is recorded in the blockchain will be in the
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	259	``historical record'' for the Bitcoin system. If a transaction
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	260	says 1 Bitcoin goes from address $A$ to address $B$, then this
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	261	is what will be---$B$ has then the possibility to spend the
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	262	corresponding Bitcoins, whether the transaction was done
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	263	fraudulently or not. There is no exception to this rule.
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	264	Interestingly this is also how Bitcoins can get lost: One
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	265	possibility is that you send Bitcoins to an address for which
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	266	nobody has generated a private key. For example by a typo in
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	267	the address field---bad luck for fat
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	268	fingers.\footnote{\url{http://en.wikipedia.org/wiki/Typographical_error}}
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	269	The reason is that nobody has a private key for this erroneous
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	270	address and consequently cannot forward the transaction
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	271	anymore. Another possibility is that you forget your private
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	272	key and you had messages forwarded to your address
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	273	corresponding to your the public key. In this case also bad
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	274	luck: you will never be able to forward this message again,
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	275	because you will not be able to form a valid message that
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	276	sends this to somebody else (we will see the details of this
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	277	later). But this is also a way how you can get robbed of your
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	278	Bitcoins. By old-fashioned hacking-into-a-computer crime, for
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	279	example, an attacker might get hold of your private key and
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	280	then quickly forward the Bitcoins that are in your name to an
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	281	address the attacker controls. You will never have again
319 e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	282	access to these Bitcoins, because for the Bitcoin system they
320 bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	283	are assumed to be spent. And remember with Bitcoins you cannot
319 e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	284	appeal to any higher authority. Once it is gone, it is gone.
e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	285	This is different with traditional banking where at least you
320 bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	286	can try to harass the bank to roll back the transaction.
319 e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	287
e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	288
e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	289	This brings us to back to problem of double spend. Say Bob is
320 bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	290	a merchant. How can he make sure that Alice does not cheat?
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	291	She could for example send a transaction to Bob. But also
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	292	forward the ``same'' transaction to Charlie, or even herself.
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	293	If Alice manages to get the second transaction into the
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	294	blockchain, Bob will be cheated out of his money. The problem
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	295	in such conflicting situations is how should the network
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	296	update their blockchain? You might end up with a picture like
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	297	this
319 e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	298
e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	299	\begin{center}
320 bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	300	\includegraphics[scale=0.4]{../pics/bitcoindisagreement.png}
319 e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	301	\end{center}
e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	302
320 bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	303	\noindent Alice convinced some part of the ``world'' that she
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	304	is still owner of the bitcoin and some other part of the
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	305	``world'' thinks its Bob's. How should such a disagreement be
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	306	resolved? This is actually the main hurdle where Bitcoin
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	307	really innovated. The answer is that Bob needs to convince
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	308	``enough'' people on the network that the transaction from
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	309	Alice to him is legit. However what does ``enough'' mean in a
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	310	distributed system? If Alice sets up network of a billion
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	311	puppy identities and whenever Bob tries to convince, or
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	312	validate, that he is the rightful owner of the Bitcoin, the
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	313	puppy identities agree. Bob would then have no reason to not
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	314	give Alice her coffee. But behind his back she has convinced
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	315	everybody else on the network that she is still the rightful
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	316	owner of the Bitcoin. After being outvoted, Bob would be a tad
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	317	peeved.
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	318
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	319	The reflex action of a security engineer would be to make the
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	320	process of validating as cheap as possible. The idea is that
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	321	Bob will get enough peers to agree with him that he is the
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	322	rightful owner. But such a solution has always the limitation
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	323	of that Alice could set up an even bigger network of puppy
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	324	identities. So the really cool idea of Bitcoin is to go into
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	325	the other direction of making the process of transaction
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	326	validation (artificially) as expensive as possible, but reward
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	327	people for helping with the validation. This is really a novel
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	328	and counterintuitive idea that makes the whole system work so
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	329	beautifully.
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	330
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	331	\subsubsection*{Proof-of-Work}
319 e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	332
320 bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	333	In order to make the process of transaction validation
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	334	difficult, Bitcoin uses a kind of puzzles. Solving the puzzles
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	335	is called mining where whoever solves a puzzle will be awarded
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	336	some bitcoins. At the beginning of Bitcoins this was 50
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	337	Bitcoins, but the rules of Bitcoin are set up such that this
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	338	amount halves every 210,000 transactions or so. Currently you
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	339	will be awarded 25 Bitcoins for solving a puzzle. Because the
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	340	amount will halve again and then later again and again, around
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	341	2140 it will go below the level of 1 Satoshi. In that event no
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	342	new Bitcoins will ever be created again and the amount stays
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	343	fixed. There will be still an incentive to help with
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	344	validating transactions, because there is the possibility in
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	345	Bitcoins to award a transaction fee to whoever solves a
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	346	puzzle. At the moment this fee is usually set to 0, since the
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	347	incentive for miners is the currently 25 Bitcoins that are
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	348	awarded for solving puzzles.
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	349
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	350	What are the puzzles that miners have to solve? Recall that
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	351	Bitcoins uses the hash-function SHA-256. The puzzle is roughly
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	352	as follows: Given a string, say \code{"Hello, world!"}, what
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	353	is the salt so the hash starts with a long run of zeros?
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	354	Suppose we call the hash function \code{h}, then we could try
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	355	the salt \code{0} as follows:
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	356
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	357	\begin{quote}
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	358	\code{h("Hello, world!0") =}\\
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	359	\mbox{}\quad\footnotesize\pcode{1312af178c253f84028d480a6adc1e25e81caa44c749ec81976192e2ec934c64}\\
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	360	\end{quote}
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	361
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	362	\noindent OK this does not have any zeros at all. We could
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	363	next try the salt \code{1}:
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	364
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	365	\begin{quote}
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	366	\code{h("Hello, world!1") =}\\
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	367	\mbox{}\quad\footnotesize\pcode{e9afc424b79e4f6ab42d99c81156d3a17228d6e1eef4139be78e948a9332a7d8}\\
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	368	\end{quote}
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	369
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	370	%\begin{center}
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	371	%\begin{tabular}{@{}l@{}}
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	372	%\footnotesize\code{h("Hllo, world!1")}\\
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	373	%\;\;\scriptsize\code{%\ldots\\
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	374	%\footnotesize\code{h("Hello, world!4250")}\\
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	375	%\;\;\scriptsize\code{0000c3af42fc31103f1fdc0151fa747ff87349a4714df7cc52ea464e12dcd4e9}
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	376	%\end{tabular}
bd5775cc8a45 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 319 diff changeset	377	%\end{center}
319 e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	378
e6afcdabd3ea updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 318 diff changeset	379
318 f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	380
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	381	\end{document}
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	382
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	383	bit coin
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	384	https://bitcoin.org/bitcoin.pdf
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	385	https://bitcoin.org/bitcoin.pdf
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	386
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	387	A fistful of bitcoins
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	388	http://cseweb.ucsd.edu/~smeiklejohn/files/imc13.pdf
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	389	http://cseweb.ucsd.edu/~smeiklejohn/files/imc13.pdf
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	390
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	391	Ross Anderson & Co (no dispute resolution; co-ercion)
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	392	http://www.cl.cam.ac.uk/~sjm217/papers/fc14evidence.pdf
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	393
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	394	http://www.michaelnielsen.org/ddi/how-the-bitcoin-protocol-actually-works/
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	395	http://www.imponderablethings.com/2013/07/how-bitcoin-works-under-hood.html
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	396
f376d16470e0 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	397	http://randomwalker.info/bitcoin/

author	Christian Urban <christian dot urban at kcl dot ac dot uk>
	Thu, 20 Nov 2014 18:11:36 +0000
changeset 320	bd5775cc8a45
parent 319	e6afcdabd3ea
child 321	250fd40211c7
permissions	-rw-r--r--