S

Bitcoin explainedBenjamin Fuentes – March 2016

The opinions and views expressed at or through this slide are the opinions of the designated authors and do not reflect the opinions or views of any of their clients or law firms or the opinions or views of any other individual.

Challenges

50% honesty threshold attack

Keep anonymity Negative balances End of block

ambiguity

Remove the trusted 3rd party

Avoid double spending problem

Owner authenticity proof attack

Cannot rewrite the past

Remove the trusted 3rd party

There are owners Owners do transactions Owners have private key

(like a password) to sign Owners have public key for

others to verify their signature

A block can contain multiple transactions

Network flow

Node1

Node2

Node4

Node3

1.Broadcast new new transactions

2.Build a block and try to find proof-of-work

3.First to find proof-of-work broadcast the block to the others

4.Test acceptance and double spending.If ok => keep the block using its hashIf ko => reject block

Avoid double spending problem

Transaction 1Bob -> Alice

Transaction 2Bob -> Oscar

Solution

Be aware of ALL transactions Consensus agreement of voters to validate

transaction order

UNIQUE HISTORY OF ORDERING CAN DETECT DOUBLE SPENDING NOW

Transaction 1

Owner authenticity proof attack

HashN-1

+

Private key

Signature

Public key = I AM BOB

Verify+

Yes ! It is a certificate from “I AM BOB”

Cannot rewrite the past

Block 1Hash1

Block 2Hash2 = f(Hash1)

Block 3Hash3 = f(Hash2)

Block 1Hash1

Block 2Hash2

Block 3 Hash3=f(Hash2)

Hack this block !!!

Honest blockchain

Hacker blockchain

50% honesty threshold attack

Do not trust IP as voters ! Anyone can duplicate IPs

Voters are CPU based If > 50% voters agree on a chain, is it the official

one To modify a past block, an attacker would have to

redo the proof-of-work of the block and all blocks after it and then catch up with and surpass the work of the honest nodes

Keep anonymity

Negative balances

History of ownership

Balance

0

-1

1

… ?

Negative balances

We have to check all the chain from the origin to calculate the last balances

We cannot have negative balances Balance = sum(inputs) – sum(outputs)

End of block ambiguity

Everyone has its own version of the blockchain A block could be resolved at the same time by 2 different peers A blockchain could have several branches at the same time

before it gets stabilized / ordered Mathematical race ensures that the oldest block are more

trustable than newest. So wait a little bit before considering last blocks trustable

Last best performance done by BTC guild is about resolving 6 blocks in a row. So wait at least 6 blocks ?