Ensimag
-
4MMSR
–
Network Security Student Seminar
Bitcoin: A peer
-
to
-
peer Electronic Cash System
Satoshi Nakamoto
wafa.mbarek@ensimag.fr
halima.myesser@ensimag.fr
M‘
barek
Wafa
-
Myesser
Halima
Bitcoin
: A
peer
-
to
-
peer
Electronic
Cash System
18
-
04
-
2012
1
2
I
-
Introduction:
Classic
electronic
payement
systems
II
-
Bitcoin
, an alternative for the
traditional
electronic
payment
III
-
Optimizations
of the system
IV
-
Vulnerabilities
&
Counter
-
measures
V
-
Limitations &
Critics
VI
-
Conclusion
Table of contents:
M‘
barek
Wafa
-
Myesser
Halima
Bitcoin
: A
peer
-
to
-
peer
Electronic
Cash System
18
-
04
-
2012
Classic electronic payment systems
3
M‘
barek
Wafa
-
Myesser
Halima
Bitcoin
: A
peer
-
to
-
peer
Electronic
Cash System
18
-
04
-
2012
Introduction
http://www.electronicpaymentscoalition.org/what
-
is
-
interchange/
Disadvantages
of
going
through
the
banking
system
•
Additional cost : About 1% for each transaction
limits the possibility of small transactions.
•
Slow system : Checking services take days to complete.
•
No anonymity.
•
Accounts can be frozen (ex:
Wikileaks
)
•
If fraudulent use of credit card, the seller has to pay
a fee charged by the banking company.
4
M‘
barek
Wafa
-
Myesser
Halima
Bitcoin
: A
peer
-
to
-
peer
Electronic
Cash System
18
-
04
-
2012
Introduction
Bitcoin:
•
Digital currency created by
Satoshi Nakamoto
in
2009.
•
Peer
-
to
-
peer system :
no central authority
Creation of money and transactions are
managed collectively by the network.
Advantages
:
•
No third party
can
prevent or control
your transactions
•
Transactions fees are much lower
•
Bitcoin
is free software
•
No inflation risk, coin’s creation is limited
5
M‘
barek
Wafa
-
Myesser
Halima
Bitcoin
: A
peer
-
to
-
peer
Electronic
Cash System
18
-
04
-
2012
Bitcoin
, an alternative for the
traditional
electronic
payment
Transferring a coin
Alice wants to send coins to Bob.
6
Bitcoin
, an alternative for the
traditional
electronic
payment
M‘
barek
Wafa
-
Myesser
Halima
Bitcoin
: A
peer
-
to
-
peer
Electronic
Cash System
18
-
04
-
2012
•
public key = Bitcoin address.
Bob’s public key
Hash
Alice’s signature
Alice’s
private key
Transaction that provides
these coins to Alice
Transaction
Alice’s public key
Hash
Charlie’s signature
Charlie’s
private key
Hash of
previous
transaction
7
-
keypairs for each address
-
transactions from/to your addresses
-
user preferences
…
Wallet
Transferring a coin
Bitcoin
, an alternative for the
traditional
electronic
payment
M‘
barek
Wafa
-
Myesser
Halima
Bitcoin
: A
peer
-
to
-
peer
Electronic
Cash System
18
-
04
-
2012
1 Coin = A chain of digital signatures
Owner 0’s
signature
Owner 1’s
signature
…
Owner n’s
signature
To maintain the privacy of users involved in a payment, the public keys
are anonymous.
8
New transactions are broadcast to all nodes.
Alice
Bob
Bitcoin : A peer
-
to
-
peer Electronic Cash System
M'BAREK Wafa
-
MYESSER Halima 18
-
04
-
2012
Bitcoin
, an alternative for the
traditional
electronic
payment
Double
-
Spending
Protection
New transactions is broadcasted to all nodes
1
Each node collect new transactions into a block
•
Transactions are accepted if their block is validated.
•
The chain contains all the transactions done by the network.
•
Each node has a full copy of the growing chain of blocks.
It is called a timestamp server.
9
M‘
barek
Wafa
-
Myesser
Halima
Bitcoin
: A
peer
-
to
-
peer
Electronic
Cash System
18
-
04
-
2012
2
Bitcoin
, an alternative for the
traditional
electronic
payment
Double
-
Spending
Protection
Block 1
Block 2
Tx
Tx
Tx
…
Tx
Tx
Tx
…
To validate a block, each node works on resolving a difficult
proof
-
of
-
work
Block
Previous Hash
Nonce
Tx
Tx
Tx
…
10
Bitcoin
, an alternative for the
traditional
electronic
payment
Double
-
Spending
Protection
3
M‘
barek
Wafa
-
Myesser
Halima
Bitcoin
: A
peer
-
to
-
peer
Electronic
Cash System
18
-
04
-
2012
Use
the CPU power to calculate the “right” nonce
.
•
Proof
-
of
-
work = Finding the
nonce that enables to
calculate a
block’s hash beginning with the
required number of zero bits.
Hash(Transactions hash &Nonce)=
0.....0xxxxxxxxxxxxxxxx
Target
The first node that finds the proof
-
of
-
work sends the block to the rest of
the network.
11
I have solved
the proof
-
of
-
work !!!
+ 50 coins !
Bitcoin
, an alternative for the
traditional
electronic
payment
Double
-
Spending
Protection
4
M‘
barek
Wafa
-
Myesser
Halima
Bitcoin
: A
peer
-
to
-
peer
Electronic
Cash System
18
-
04
-
2012
Acceptance of a block
-
Is
the transaction’s signature valid?
-
Does the nonce verify the proof
-
of
-
work?
If
the block is accepted, the node starts building the next
block
of the chain.
If
not, the node continues working with the longest chain
.
If
multiple blocks arrive simultaneously
Two versions of chain
of blocks
only the
longest one is selected.
12
Bitcoin, an alternative for the traditional electronic payment
Double
-
Spending
Protection
5
M‘
barek
Wafa
-
Myesser
Halima
Bitcoin
: A
peer
-
to
-
peer
Electronic
Cash System
18
-
04
-
2012
13
Bitcoin
, an alternative for the
traditional
electronic
payment
Double
-
Spending
Protection
M‘
barek
Wafa
-
Myesser
Halima
Bitcoin
: A
peer
-
to
-
peer
Electronic
Cash System
18
-
04
-
2012
1
-
Modify a previous transaction
2
-
Redo the proof
-
of
-
work of the block
3
-
Redo the proof
-
of
-
work of all the next blocks
The double
-
spending attack:
An attacker can’t create money or take the money that never belonged to him
He can only try to change his own previous transactions.
Block 1
Block 2
Block 3
Block 4
Block 3
Block 4
Tx
Block 5
z blocks to catch up
Tx
’
Block 5
CPU power’s attacker
>
CPU of all the honest nodes combined
Probability of success :
p
= probability an honest node finds the next block
q
= probability the attacker finds the next block
qz
= probability the attacker will ever catch up from z blocks behind
If p>q :
qz
follows a Poisson distribution with :
λ
=
z * q/p
The probability of success decreases exponentially with the number of blocks
that have to be re
-
worked.
Example:
q=0,3
z= 2 =>
qz
=5%
z= 5 =>
qz
=0,09%
14
Bitcoin
, an alternative for the
traditional
electronic
payment
Double
-
Spending
Protection
M‘
barek
Wafa
-
Myesser
Halima
Bitcoin
: A
peer
-
to
-
peer
Electronic
Cash System
18
-
04
-
2012
Bitcoin Mining
2 ways to encourage people to spend their CPU time and electricity :
1
-
Be the first to resolve the proof
-
of
-
work
•
It is the only way to create bitcoins.
•
One block can be generated every 10 minutes => Limit inflation.
•
The amount of bitcoins in circulation is fixed at 21millions
.
2
-
The block producer benefits from the fees of the transactions
included in this block.
15
Bitcoin
, an alternative for the
traditional
electronic
payment
M‘
barek
Wafa
-
Myesser
Halima
Bitcoin
: A
peer
-
to
-
peer
Electronic
Cash System
18
-
04
-
2012
System’s optimization
Merkle trees : Binary trees of transactions hashes.
Use Double
SHA
-
256.
-
1 block header = 80 bytes
-
1 block generated every 10min
Chain of blocks = 4,2 MB per year
16
M‘
barek
Wafa
-
Myesser
Halima
Bitcoin
: A
peer
-
to
-
peer
Electronic
Cash System
18
-
04
-
2012
Disk space optimization
System’s optimization
Check a transaction without being a mining node
17
M‘
barek
Wafa
-
Myesser
Halima
Bitcoin
: A
peer
-
to
-
peer
Electronic
Cash System
18
-
04
-
2012
-
Is the transaction in a block header?
=> By verifying the header hash
-
Has another block been added after this block?
If yes, payment verified
Simplified payment verification
18
Vulnerabilities & Counter
-
measures
M‘
barek
Wafa
-
Myesser
Halima
Bitcoin
: A
peer
-
to
-
peer
Electronic
Cash System
18
-
04
-
2012
Vulnerability
The
wallet
stored
unencrypted
Connect identities to
addresses
Fill the network
by
cancer
node
s
Example
A virus recovers
the file
wallet.data
and sends it
to the attacker
Google a
Bitcoin
address to see if
anyone used it to sign
(ex: in
Bitcoin
forum)
C
onnect
100,000 IP
addresses to the IRC
bootstrap channel
Impact
The
attacker c
ollects
the
keypairs
卩杮S⁴桥
瑲慮a慣ai潮o礠瑨攠
user’s name
Tr慣a湧 愠a潩渧n
桩Ut潲礠
䱯獥
慮潮祭楴y
䉥潮湥ct敤 潮汹oto
att慣a敲潤敳⸠䡥.c慮a
re晵獥 t漠r敬e礠y潵爠扬潣k猠
潲oy潵爠瑲慮a慣ai潮o
䉥灥渠n漠摯畢le
獰敮摩湧datt慣as
Counter
-
measures
Wallet
e
ncryption in
new
Bitcoin
versions
-
Use
eWallet
services
-
Don’t leave personal
inf潲浡瑩潮
䱩浩m 瑨攠湵浢m爠潦⁉P
addresses that is
possible
to
connect to one
IRC
channel
19
•
Bitcoins
are not widely accepted.
•
No
physical form.
•
Transactions are
irreversible
.
•
Bitcoin
valuation fluctuates.
•
Built in
Deflation
: Maximal number of
bitcoins
is fixed at 21
million.
•
Difficulty to associate
Bitcoin
addresses with real
-
life identities
=>
E
ncourage illegal traffic.
Limitations & Critics
M‘
barek
Wafa
-
Myesser
Halima
Bitcoin
: A
peer
-
to
-
peer
Electronic
Cash System
18
-
04
-
2012
20
•
Bitcoin
is an emerging technical and economic phenomenon.
•
Bitcoin's
future is uncertain:
High level of volatility
Various security incidents :
-
Theft of half million dollars in
Bitcoin
in
june
2011
¹
-
An attacker
has gained access
to
the
Bitcoin’s
database and
modified
the
number of
Bitcoin
available
on the
market(2
million
false
bitcoins
added)
²
.
1
:
http
://
www.h
-
online.com/security/news/item/Bitcoin
-
theft
-
half
-
a
-
million
-
dollars
-
gone
-
1261306.html
2
:
http
://bit
-
coin.fr/crash
-
de
-
la
-
valeur
-
du
-
bitcoin
-
piratage
-
de
-
mtgox/
Conclusion
M‘
barek
Wafa
-
Myesser
Halima
Bitcoin
: A
peer
-
to
-
peer
Electronic
Cash System
18
-
04
-
2012
21
References:
M‘
barek
Wafa
-
Myesser
Halima
Bitcoin
: A
peer
-
to
-
peer
Electronic
Cash System
18
-
04
-
2012
•
http://bitcoin.org/bitcoin.pdf
•
http://www
-
cs
-
faculty.stanford.edu/~eroberts/cs181/projects/2010
-
11/DigitalCurrencies/index.html
•
http://www.weusecoins.com
/
•
https://
en.bitcoin.it/wiki/Main_Page
Thank you for your attention
Enter the password to open this PDF file:
File name:
-
File size:
-
Title:
-
Author:
-
Subject:
-
Keywords:
-
Creation Date:
-
Modification Date:
-
Creator:
-
PDF Producer:
-
PDF Version:
-
Page Count:
-
Preparing document for printing…
0%
Σχόλια 0
Συνδεθείτε για να κοινοποιήσετε σχόλιο