Kai Bu kaibu@zju.edu.cn http://list.zju.edu.cn/kaibu/netsec 04 Blockchain Kai Bu kaibu@zju.edu.cn http://list.zju.edu.cn/kaibu/netsec.

Slides:

Advertisements

Similar presentations

COMS 486 Iowa State University Introduction to Bitcoin A P2P Electronic Cash System.

Advertisements

Bitcoin. What is Bitcoin? A P2P network for electronic payments Benefits: – Low fees – No middlemen – No central authority – Can be anonymous – Each payment.

Bitcoin Double Spending Attack Karame, Androulaki & Capkun Presented by Subhro Kar CSCE 715, Fall 2013.

BITCOIN An introduction to a decentralised and anonymous currency. By Andy Brodie.

Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.

The world’s first decentralized digital currency Meni Rosenfeld Bitcoil 29/11/2012Written by Meni Rosenfeld1.

Bitcoin (what, why and how?)

Bitcoins and the Digital Economy Presented By: Matt Blackman.

1 Bitcoin A Digital Currency. Functions of Money.

Bitcoin today (October 2, 2015)

Bitcoin Jeff Chase Duke University.

Section #9: Bitcoins. Digital currency Unique string of bits Use cryptography for security and privacy Not tied to names: hard to trace Finite set of.

Bitcoin Based on “Bitcoin Tutorial” presentation by Joseph Bonneau, Princeton University Bonneau slides marked “JB”

Bitcoin Bitcoin is a cryptocurrency. The platform that hosts Bitcoin is a p2p system. Bitcoin can be abstracted as a digital file that records the account.

Motivation ✓ ✘ ? Bitcoin/Ideal Credit Card Works on Internet

Kermit Lowry, John Whatley, Wesley Cooper, and Matthew Eith

Hijacking Bitcoin: Routing attacks on cryptocurrencies

Bitcoin and the Blockchain

Blockchains in 12 Easy Steps and Observations to Ponder…

Bitcoin - a distributed virtual currency system

Distributed Systems for Information Systems Management

Introduction to Blockchain & Ethereum

Bitcoin Created By: CoinSecure.in.

Blockchain beyond cryptocurrencies

Bitcoin and the Blockchain

So what is Blockchain anyway?

Deanonymization of Clients in Bitcoin P2P Network

protocollo e casi studio

Technical Overview of Bitcoin

Advanced Cryptography Protocols

Data Structures and Analysis (COMP 410)

Let’s build a Blockchain!

Nakamoto Consensus Marco Canini

EECS 498 Introduction to Distributed Systems Fall 2017

CS 240: Computing Systems and Concurrency Lecture 20 Marco Canini

Bitcoin and the Blockchain

Bitcoin: A New Internet Currency

Blockchains (2) slides have been taken from:

Blockchain technology

Distributed Ledger Technology (DLT) and Blockchain

Blockchain Alexander Prenta 9/27/2018.

Nonce Making Sense of Nonces.

IS 651: Distributed Systems Blockchain

Blockchain Basics Daniel Hao Tien Lee

Introduction to Blockchain

Blockchain Concepts RISK FORUM 2017 Hash function (e.g. SHA-256)

Bitcoin & Blockchain Bina Ramamurthy 2/22/2019.

Data Structures and Analysis (COMP 410)

Consensus Algorithms.

09 Zero Knowledge Proof Hi All, One more topic to go!

Blockchains and Auditing

Blockchains and Smart Contracts for the Internet of Things

Modified from Bob Vachon

Production and usage of Cryptocurrencies

Introduction to blockchain

Wokshop SAIS 2018 Dr. Meg Murray Kennesaw state university

刘振上海交通大学计算机科学与工程系电信群楼3-509

Faculty Seminar Series Blockchain Technology

Κατανεμημένα Συστήματα

Blockchain Technology: A New Approach to Provenance

Blockchain and Distributed Ledger Technology: Innovation, Operation, and Legal and Regulatory Implications Consumer Protection on the Blockchain Emily.

Campbell R. Harvey Duke University and NBER

GAYATRI INSTITUTE OF COMPUTER AND MANAGEMENT HINJILICUT (GANJAM)

Bitcoin and Blockchain

Explore Txs, block, blockchain in Bitcoin

Author: Satoshi Nakamoto

Not about digital currencies

Cryptocurrency and Blockchain Technology

Presentation transcript:

Kai Bu kaibu@zju.edu.cn http://list.zju.edu.cn/kaibu/netsec 04 Blockchain Kai Bu kaibu@zju.edu.cn http://list.zju.edu.cn/kaibu/netsec

Blockchain? What’s blockchain, although it’s a super hot topic nowadays, it may still be unfamiliar to someone, This is very so years ago,

Bitcoin However, even if you have never heard of blockchain, you probably have heard of Bitcoin,

Bitcoin a cryptocurrency; a form of electronic cash; a decentralized digital currency w/o central bank or single admin https://en.wikipedia.org/wiki/Bitcoin is a cryptocurrency, a form of electronic cash. It is a decentralized digital currency without a central bank or single administrator

Bitcoin can be sent from user to user on peer-to-peer bitcoin network w/o the need for intermediaries can be sent from user to user on the peer-to-peer bitcoin network without the need for intermediaries

Bitcoin build it from scratch Michael Nielsen http://www.michaelnielsen.org/ddi/how-the-bitcoin-protocol-actually-works/

Bitcoin possession How to prove the possession of a bitcoin?

Bitcoin possession transaction = I, Alice, am giving Bob one bitcoin. is it really from Alice?

Bitcoin possession transaction = I, Alice, am giving Bob one bitcoin. digital signature transaction || signature

Bitcoin possession transaction = I, Alice, am giving Bob one bitcoin. digital signature using Alice’s private key transaction || Encpriv(hash(transaction))

Bitcoin possession transaction = I, Alice, am giving Bob one bitcoin. digital sig verification using Alice’s public key transaction || Encpriv(hash(transaction)) hash( ) == Decpub( ) ?

Bitcoin uniqueness Against replay attack: For digital signature, what if it’s replayed, and one more bitcoin transferred from Alice to Bob?

Bitcoin uniqueness transaction = I, Alice, am giving Bob one bitcoin. is Alice paying two bitcoins? or is it a replay attack? Against replay attack: For digital signature, what if it’s replayed, and one more bitcoin transferred from Alice to Bob?

Bitcoin uniqueness transaction = I, Alice, am giving Bob one bitcoin. serial number transaction = I, Alice, am giving Bob bitcoin sn1. transaction = I, Alice, am giving Bob bitcoin sn2. Assign a serial number to each bitcoin for uniqueness

Bitcoin transaction = I, Alice, am giving Bob bitcoin sn1. any caveats? Now, with bitcoin designed in this way? Any questions?

Bitcoin transaction = I, Alice, am giving Bob bitcoin sn1. transaction = I, Alice, am giving Charlie bitcoin sn1. any caveats: is sn1 really belonging to Alice? who issues serial numbers? what if Alice pays sn1 to Charlie as well?

Bitcoin transaction = I, Alice, am giving Bob bitcoin sn1. transaction = I, Alice, am giving Charlie bitcoin sn1. any caveats: is sn1 really belonging to Alice? who issues serial numbers? what if Alice pays sn1 to Charlie as well?

Bitcoin ledger = blockchain everyone keeps complete record of which bitcoin belong to which person, showing all bitcoin transactions; make everyone collectively the bank. A block contains one or more transactions

Bitcoin ledger = blockchain follow transaction order, a block points to its previous transaction’s block A block contains one or more transactions

Bitcoin ledger = blockchain check output in that block signature A block contains one or more transactions check output in that block signature input: sender’s pub key output: recipient’s pub key

Bitcoin transaction = I, Alice, am giving Bob bitcoin sn1. transaction = I, Alice, am giving Charlie bitcoin sn1. any caveats: is sn1 really belonging to Alice? who issues serial numbers? what if Alice pays sn1 to Charlie as well? Using the ledger/blockchain, After receiving this transaction request, Bob searches the blockchain and determines that sn1 belongs to Alice. However, who issues the serial numbers in the first place?

Bitcoin hash of a block maybe more transactions in a block; specify the exact transaction for use;

Bitcoin transaction = I, Alice, am giving Bob bitcoin sn1. transaction = I, Alice, am giving Charlie bitcoin sn1. any caveats: is sn1 really belonging to Alice? who issues serial numbers? what if Alice pays sn1 to Charlie as well?

Bitcoin double spending This issues is usually called double spending Several cases for possible double spending attack

Bitcoin double spending what if Alice first pays sn1 to Bob, and after a while, pays sn1 to Charlie? First case

Bitcoin double spending what if Alice first pays sn1 to Bob, and after a while, pays sn1 to Charlie? sn1 appears in two [in] fields in prev blocks! First case

Bitcoin double spending what if Alice simultaneously pays sn1 to Bob and Charlie? First case

Bitcoin double spending what if Alice simultaneously pays sn1 to Bob and Charlie? some users validate Alice-Bob; some Alice-Charlie First case

Bitcoin double spending what if Alice simultaneously pays sn1 to Bob and Charlie? some users validate Alice-Bob; some Alice-Charlie: fork! Forks emerge Which one to follow? How to handle?

Bitcoin double spending what if Alice simultaneously pays sn1 to Bob and Charlie? follow the longest fork Forks emerge Which one to follow? How to handle?

Bitcoin double spending what if Alice simultaneously pays sn1 to Bob and Charlie? follow the longest fork; accept the transaction until at least 5 more blocks follow it; Forks emerge Which one to follow? How to handle?

Bitcoin double spending what if Alice simultaneously puts sn1 related Alice-Bob and Alice-Charlie in Block B? Forks emerge Which one to follow? How to handle?

Bitcoin double spending what if Alice simultaneously puts sn1 related Alice-Bob and Alice-Charlie in Block B? hehe, easily spotted! Forks emerge Which one to follow? How to handle?

Bitcoin double spending now what?

Bitcoin double spending what if Alice pays sn1 to Bob, wait till accepted; then repays sn1 to Charlie, compute another longer fork? catch up hhh Bob

Bitcoin double spending what if Alice pays sn1 to Bob, wait till accepted; then repays sn1 to Charlie, compute another longer fork? How to make it hard to catch up make it hard to catch up !!! Bob

Bitcoin proof-of-work make validating a block computationally costly; require enormous computation power to forge; How to make it hard to catch up make it hard to catch up !!! Bob

Bitcoin proof-of-work example: find a nonce x, such that h(msg,x) leads with 10 zeros (hex). how hard to find x? Hexadecimal

Bitcoin proof-of-work example: find a nonce x, such that h(msg,x) leads with 10 zeros (hex). a digit with prob 1/16 being zero Hexadecimal

Bitcoin proof-of-work example: find a nonce x, such that h(msg,x) leads with 10 zeros (hex). prob 1/1610 for all 10 zeros Hexadecimal

Bitcoin proof-of-work example: find a nonce x, such that h(msg,x) leads with 10 zeros (hex). no. of tries for finding a 10-zero leading string: 1/(1/1610) = 1610 = 1012 Hexadecimal

Bitcoin proof-of-work find a nonce x, such that h(blockheader,x) <= target. Hexadecimal

Bitcoin proof-of-work find a nonce x, such that h(blockheader,x) <= target. how much comp power should Alice have to win? Hexadecimal make it hard to catch up !!! Bob

Bitcoin 51% attack (a group of) attacker controls more than 50% of the network’s computing power; how much comp power should Alice have to win? https://www.mycryptopedia.com/51-percent-attack-explained/ make it hard to catch up !!! Bob

Bitcoin wow, incredible! Hexadecimal

Bitcoin just too much power… Hexadecimal

Bitcoin just too much power… for pow computation Hexadecimal

Bitcoin another design direction Hexadecimal

Bitcoin proof of stake Proof of stake (PoS) is a type of algorithm by which a cryptocurrency blockchain network aims to achieve distributed consensus. In PoS-based cryptocurrencies the creator of the next block is chosen via various combinations of random selection and wealth or age (i.e., the stake).

Bitcoin every participant joins blockchain by paying stake

Bitcoin when choosing creator of a block, more stake with high probability

Bitcoin creator gets stake reward if created block passes verification

Bitcoin creator gets stake reward if created block passes verification; otherwise, penalty

Bitcoin proof of stake: only one creator per block; no huge computation waste.

?

Readings How the Bitcoin Protocol Actually Works by Michael Nielsen Bitcoin: A Peer-to-Peer Electronic Cash System by Satoshi Nakamoto 51% Attack Explained by Bisade Asolo Bitcoin and Cryptocurrency Technologies Online Course

Thank You be on the road Run your own race.