Amruta Chitloor Anjaneyalu
Wayne State University
With the increasing hype
for bitcoin it is important to know how it works behind the curtain and what it’s
really worth of. It was introduced by an anonymous founder who uses the alias Sathoshi
Nakamoto in 2009. Essentially, Bitcoin is one of the leading crypto currencies
without any physical form. It is generated and used electronically. Other
examples of crypto currencies are Litecoin, Ethereum and so on. There ae plenty
in the market.
The whole idea behind the
bitcoin was presented in 2008, depicting the proof of concept and gaining the
trusts of many. The best part of Bitcoin is eradicating the necessity of bank
in the system or a central authority. There is no requirement of governance by
third party. It is irreversible and
committed once a transaction is approved.
Bitcoin, as told earlier
does not have a physical form. But the value can be saved in a digital wallet.
This is either stored in cloud or in some other public server but connected to
owner’s bank accounts. Value for the bitcoin is higher only because people are
willing to trade to the money against their account numbers. In short, the
value exists only because people believe it does. The concept behind bitcoin is
noting all the transactions in a ledger. Every participant has a copy of it. As
soon as a new transaction is made it is added to a block that contains all the
other transactions what happen during the specific time duration. This is referred
to as blockchain. Then, a miner takes a transaction and converts it into a hash
and adds it to the existing blockchain. After this is done, nodes pass a copy
of the blockchain so every node on the network is updated. Every node in the
network freely exchanges information not only about blocks but also about
transactions, alerts, and IP addresses of known nodes. So, if a user tries to
double spend the same bitcoins after already spending them, the nodes reject
the transactions after verifying the existing blockchain.
The user community of
bitcoin is so huge and there no need of any approval to add yourself to it. The
user encrypts the message using his private key and the decryption can be done
by the public key which makes it fail proof system. As the receiver is the only
person who would be able to decode it to a meaningful message. This feature
increases the privacy of the transaction. Every transaction has a different key
making it secure.
Every time a transaction
is made the amount from the sender’s account decreases and the receiver’s
account increases. Also, there is a new entry in the ledger which every
computer on the network has a copy of as record of transaction. It is important
to record that everyone knows every transaction and not just the sender and
receiver. Also, since there is no “bank” as such it makes it harder to
authenticate the incoming as we receive the amount from total strangers. Thus,
we should not trust anyone.
There is upper limit to
the total number of bitcoins that can be and that is 21 million. This limit is
expected to reach by miners by 2140. There is a mathematical explanation for this number too.
2. TRANSACTION MANAGEMENT
On high level, Bitcoin is just a file that contains all
the transactions with sender and receiver details with currencies like a
ledger. Bitcoin a currency which is made in a way it can not be copied. This
prevents people from spending the same money twice which is usually referred to
as double spending problem. There are 3 ways to earn it: earn it in return for
your goods and services, but it for money its worth or it can also be mined.
Miners are essentially the people who use high computational power and hashes
to solve complicated math problems and if they are successful then awarded with
a coin. With increase in number of miners, bitcoin is mostly not going to hit
any inflation till about the year 2140.
The transactions using
bitcoins is carefully designed to make it hackproof as it is implicit that we cannot
trust strangers. While sending money, following are the mathematical steps
incorporated to authenticate the transaction and only the rightful owner is
sending the message.
key and private key: For encryption and decryption for confidential data
For checking the confidential data’s integrity after transmission. And how
legitimate it is.
Signatures: There are several software those can be used to Digitally sign the
Transactions (Nakamoto, 2008)
Transactions are like
money transfer. A user who needs to start a new transaction to transfer a part
of bitcoins to another user first needs to:
Create an output to the new user using new
owner’s public key and digitally signing with their signature along with
This hash can be used to look up previous
ownerships of the bitcoins
Here each transaction can have multiple
inputs and at most 2 outputs
output from a user is either a Spent Transaction Output or an Unspent
transaction is spread all around the network where nodes verify it.
This makes every node in
the network aware of all the all the transactions. Every ledger in the network
is this updated. But the issue here is the receiver needs to know that the
bitcoin is received it is a legitimate one the sender has sent from his quota
of account and not spending when he doesn’t have. Thus, he would need a
confirmation from majority nodes that it was one of the first kind to be
Fig: Adding timestamp (Nakamoto, 2008)
A solution to this is as proposed by Sathoshi as
follows. The transaction also includes a timestamp server to the block. Here, a
timestamp is added to the hash along with the previous timestamp. Thus, every
timestamp hash contains the information of previous timestamps.
PROOF OF WORK
A proof of work protocol
is a vehicle really by which someone can effectively prove to you that they
have engaged in a significant amount of computational effort. Proof of work
protocols often amount to puzzles and these puzzles that can, one the one hand,
be challenging to solve by hand by that it means that it requires some serious computational
effort and really can’t be short circuited. In bitcoin we incorporate a
blockchain concept for transaction. The main job here is for the miners to find
Bitcoin uses SHA-256 for
its processing. We initially replace the block’s hash with nonce value until a
suitable value is computed. Nonce is a unique set of random characters. Nonce
once used could never be used if once used in previous answers in its succession
as the nonce’s would be thrown back as invalid. Which means that to fake or
change previous blocs, you would have no choice but to re-do all of the work of
the subsequent blocks.
There are two types of
voting i.e 1 CPU one vote and another is one IP one vote. Since CPUs are
measured in Gz then the right block chain will grow fast compared to the wrong
one as all the honest nodes vote. The chain with maximum approval is the one
chosen for reward. The difficulty increases with more bitcoins being generated.
There’s a way to control
even the inflation of bitcoins as mentioned by Shatoshi where if the price of
bitcoins gets way high then reward of mining it then the problems/puzzles level
of difficulty increases and this the number of bitcoin decreases.
Proof of work for bitcoin (Nakamoto, 2008)
In a bitcoin network, all the peers are connected to
each other by unencrypted TCP channels. In the bitcoin protocol, peers
propagate addresses to help peers discover each other. Each peer stores
information about the known IP addresses of peers on network. The exact steps
that take place after the peers discover are:
sender and receiver of transactions validate each other. After validation, the
sender sends the transaction to receiver. After the receiver accepts the
transaction, propagates the information to all know peers.
the nodes receive the transaction, the add it to the existing blockchain and
each node works on finding a proof-of-work.
a node finds a proof-of -work, it propagates the block along the network to
For a node to accept this a block all the
transactions in it must be valid. If it finds hash with the same value existing
already, then the block is discarded. Also, if a node receives two blocks
involving the same block, the first is accepted but the next is saved for
Fig: Bitcoin Network In (1), a user wishing to
deposit bitcoins into a bank receives a public key, or address, belonging to
the bank. In (2), the user incorporates both his own public key and the one
sent to him by the bank into a transaction, which he then broadcasts to his
peers. In (3), the transaction floods the network. In (4), the transaction is
eventually received by a miner, who works to incorporate the transaction into a
block. In (5), this block is then flooded through the network, and in this way,
is incorporated into the global block chain. The bitcoins now belong to the
public key of the bank, successfully deposited.(Meiklejohn et al., 2013)
If you say you have a
bitcoin it means you have private key. Having a digital signature proves your
ownership on bitcoins. Public key is referred in block chain. Block chain for
the proof of work is the set of transitions that happens every now and then
where each of them refers to earlier record in the chain. Miners run the most
recent block and the old blocks and using hash functions where they solve the
mathematical problem. Once solved it’s added to block chain and peers are
updated to use the new block chain. His concept of block chaining makes the
system more secure. All this requires huge computational power.
There would be cases
where two transactions are happening simultaneously and parallelly two nodes
might be working on them. In this situation the would-be conflict in block
chaining when the propagate together in the network. There would be a node
which will have to encounter both of these blocks together and would be
confused which one to digest first. Thus, the choose to go after the one that
is longest which means the most accepted one reported by the honest nodes. The
other blockchain is not considered.
This prevents the hacking
as if there would be a successful hacker he would have to own very high computational
power i.e. power greater than 50% of the network.
Fig: Fork in
a BlockChain (Zohar, 2015)
5. DOUBLE SPENDING PROBLEM
As the name suggests, this
is where a user tries to make a dishonest transaction. A user sends the same
amount twice which is practically impossible and dishonest. Dishonest
transaction is when the wrong transaction gets into the blockchain. This situation
can be handles in the following manner.
In the attacks, the
opponent tries to propagate typically the dishonest chain as in contrast to the
honest string. For an attacker to have success, not only must he propagate the
dishonest chain but additionally create an extended fork as described above for
all the nodes to accept the unethical link. So, the attacker must high an
extremely high computational capacity to produce a dishonest chain that may be
has enough blocks to be able to overtake the honest chain.
In the paper published by
Satoshi Nakamoto, typically the following are the final results posted the
probability of success or failure of honest chain to be discovered by next
block based their computation power.
Probability of success and
failure is calculated by Sathoshi (Nakamoto, 2008) in his paper and
it’s described as follows.
p = probability an
honest node finds the next block
q = probability the
attacker finds the next block
probability the attacker will ever catch up from z blocks behind
qz=1 if p<=q qz= if p>q
Here are the results published, we can see the
probability drop off exponentially with z using Poisson Distribution.
Solving for P less than
P < 0.001 q=0.10 z=5 q=0.15 z=8 q=0.20 z=11 q=0.25 z=15 q=0.30 z=24 q=0.35 z=41 q=0.40 z=89 q=0.45 z=340 This explains that the hopes of the attacker to catch up with the next blocks in the system drops exponentially with the number of number of nodes in the network. 6. TECHNICAL THINGS TO FOCUS ON Being a digital currency, there are several advantages that bitcoin bring to the table. On the time, many bitcoin systems have come under episodes and several features such since user anonymity have recently been compromised. Also, as bitcoin started off as a good experiment, it has different challenges yet to tackled. Below are a few of the research of attacks, improvisations plus suggestions described from diverse researches. 6.1 De-anonymization To understand how to deanonymize bitcoin users, in the "Deanonymisation of clients in Bitcoin P2P network" (Biryukov, Khovratovich, & Pustogarov, 2014), the network is analyzed in two ways: Transaction graph network and User Graph Network. In transaction graph, all the transactions along with the inputs and outputs are analyzed. The vertices represent the transactions and the edges represent the flow from source to target. Fig: An example sub-network from the transaction network. Each rectangular vertex represents a transaction and each directed edge represents a flow of Bitcoins from an output of one transaction to an input of another (Reid & Harrigan, 2013) And the user network graph represents the users (analyzed from the transaction flows network graph) on the network. This graph was generated by looking and analyzing the public transactions and guessing the number of users from the flow although a user may use multiple public keys for a transaction. In this graph, each vertex represents a user and the edge represents sender and receiver. Below is the graph grouped by public keys and flow between transactions. Fig: An example sub-network from the imperfect network. Each diamond vertex represents a public-key and each directed edge between diamond vertices represents a flow of Bitcoins from one public-key to another(Reid & Harrigan, 2013) So, by comparing the two graphs above, we can group the graph to represent the users in the network. The users U1 and U2 are derived from this analysis. Fig: An example sub-network from the user network. Each circular vertex represents a user and each directed edge between circular vertices represents a flow of Bitcoins from one user to another. The maximal connected component from the ancillary network that corresponds to the vertex u1 is shown within the dashed grey box (Reid & Harrigan, 2013) After creating the user graphs, if at least one of the public keys of a user is linked to their personal details, then all the public keys can be matched to the user. This linking is possible by one of these ways: a) Collecting the user's off network details such as their credit card details, email addresses, or home address. Bitcoin services usually store these details (because when a service is requested the user reveals these details for the service). If there is a security breach or these details are made public by these services, then it is easy to associate the users with their personal details. b) Context Discovery along with flow of transactions overtime: In this method, a service (MyBitcoin in this research 1) selected is studied over time to get the users associated to it and the relation among its users. This can help deduce the activities of all the users and, in case of theft guess the thief. In the depiction below is the study of a theft that took place in the MyBitcoin service of 25000 Bitcoins. Here a A,B and C are three different users in the service. The edges have a depiction of date and time of the transaction. This analysis helps understand the flow of theft even if it does not point to a single individual or agency involved in the theft. This shows that the level of anonymity in a Bitcoin network is low. It is advisable to change public key for every transaction. But, to also keep in mind that this does not certain complete anonymity. Fig: Visualization of Bitcoin flow from the alleged theft. The left inset shows the initial shuffling of Bitcoins among accounts close to that of the alleged thief, during which all transfers happen within a few hours of the incident. The right inset shows detail on the events of several subsequent days, where Bitcoin flows split, and then later merge back into each other, validating that the flows found by the tool are probably still controlled by a single party. (Reid & Harrigan, 2013) 6.2 No Third-party Interruptions Probably the most widely publicized benefits associated with Bitcoin is that governments, banking institutions and other financial intermediaries have got no solution to interrupt customer transactions or place interrupts on Bitcoin accounts. The system is purely peer-to-peer; users experience a better level of freedom than together with national currencies. 6.3 Transaction Malleability To date, the attacks were presumed to be from typically the sender's side. But purchase malleability is a type associated with attack in the reverse direction, that is, typically the receiver tries to strike the sender. In this sort of attack, a sender transmits a transaction and holds back for the confirmation. The receiver who receives typically the transaction tries to utilize the information it receives in addition to tries to propagate a new different transaction with typically the same details. In this instance, if the original purchase is accepted by the transaction network, then typically the sender is safe. If the network accepts the 2nd transaction, then, the sender assumes that their transfer failed and tries to resend the transaction hence, spending two times. Once inside the dishonest transaction by simply the receiver and second by the second transaction sent by the receiver. This is called transaction malleability. One such major incident took place in the Bitcoin wallet service MtGox on Feb 10,2014. Fig: Cumulative graph of the number and value of malleability attacks during the MtGox press release of attacks. (Decker & Wattenhofer, 2014) 6.4 Ease of pay As discussed in "Have a snack, and pay with Bitcoin" (Bamert, Decker, Elsen, Wattenhofer, & Welten, 2013), as simple as it sounds, bitcoins have been accepted widely these days. The author shares instances of vending machine working on bitcoins. Inspite of several discomforts, it is really practical and fast. Fig: The snack vending machine that accepts bitcoins. Note the display on the right that can show the according QR code or transaction information. (Bamert et al., 2013) 7. DRAWBACKS 1. Price fluctuation: Since there is no regulatory agency which sets value for a coin, it keeps fluctuating wildly. 2. Security: The format by itself is secure but it does not prevent hackers to attack banks in exchange and dealing bitcoins. It's again not directly a blame on bitcoin but indirectly it is going to effect. 3. Volatile: Bitcoin is getting popular, but it still needs to settle down for it to be acceptable widely as a form of currency like in stores, for groceries and so on. 4. Limitation on the total number of bitcoin: There is a restriction to total number of bitcoins thee can ever be and that is 21 million which is expected to hit by 2140. 5. IP address blocking: There are instances when a hacker can steal an IP and IP plays an important role in case of bitcoin. Hence securing it is an important step. As discussed in "On Bitcoin and red balloons" (Babaioff, Dobzinski, Oren, & Zohar, 2011) it is very easy to create clones in the network too. 8. REFERENCES Babaioff, M., Dobzinski, S., Oren, S., & Zohar, A. (2011). On Bitcoin and Red Balloons, X(X). https://doi.org/10.1145/2325702.2325704 Bamert, T., Decker, C., Elsen, L., Wattenhofer, R., & Welten, S. (2013). Have a snack, pay with Bitcoins. 13th IEEE International Conference on Peer-to-Peer Computing, IEEE P2P 2013 - Proceedings, (c). https://doi.org/10.1109/P2P.2013.6688717 Biryukov, A., Khovratovich, D., & Pustogarov, I. (2014). Deanonymisation of clients in Bitcoin P2P network. https://doi.org/10.1145/2660267.2660379 Decker, C., & Wattenhofer, R. (2014). Bitcoin transaction malleability and mtgox. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 8713 LNCS(PART 2), 313–326. https://doi.org/10.1007/978-3-319-11212-1_18 Meiklejohn, S., Pomarole, M., Jordan, G., Levchenko, K., McCoy, D., Voelker, G. M., & Savage, S. (2013). A fistful of Bitcoins: Characterizing payments among men with no names. Proceedings of the Internet Measurement Conference - IMC '13, (6), 127–140. https://doi.org/10.1145/2504730.2504747 Nakamoto, S. (2008). Bitcoin: A Peer-to-Peer Electronic Cash System. Www.Bitcoin.Org, 9. https://doi.org/10.1007/s10838-008-9062-0 Reid, F., & Harrigan, M. (2013). An analysis of anonymity in the bitcoin system. Security and Privacy in Social Networks, 197–223. https://doi.org/10.1007/978-1-4614-4139-7_10 Zohar, A. (2015). Bitcoin: Under the Hood. Commun. ACM, 58(9), 104–113. https://doi.org/10.1145/2701411