Blockchain 1.

1st Application
Cryptocurrency Bitcoin

Dr. Kunwar Singh

CSE Department
NIT Trichy
 Bitcoin Cryptocurrency

Bitcoin

• No trusted party.
• Decentralized ledgers on Internet.
• It is peer to peer network: Distribute and record
transactions.

• Very Low Transaction fees

• Not Reversible

• All transactions are known to everyone.

Users can only see the transactions.

Actual senders and receivers cannot
be identified.
 Cryptographic Hash Functions

It takes 10^27 years to calculate

2^128 hashes

Properties
• Pre-image Resistant: Given h, hard
to find m such that h = hash(m).
• Second Pre-image Resistant:
Given m1, hard to find m2 such
that hash(m1) = hash(m2)
• Collision Resistant: Hard to find
m1 and m2 such that
hash(m1) = hash(m2).
 Symmetric Cryptosystem
• Caeser Cryptosystem:
 Public-Key Cryptography
by Diffi & Helleman
• No need to share the secret key before communication
(Unlike symmetric cryptosystem),
• Every user has two keys:
Public key: is made public
Private key: is private to the user
• One can encrypt (lock) with both keys but decrypt
(open) can be done by the key which is different from
encryption key.
• Can be used in shared session key set up.

August 21, 2024 Dept. of CSE, NITT 5

 Public Key Encryption

From Staulling Dept. of CSE, NITT 4

 Public-key encryption
• A public-key encryption scheme consists of
three algorithms:
– Gen: randomized algorithm that on input 1n
outputs pk, sk
– Enc: randomized algorithm that on input pk and a
message m outputs a ciphertext c.
– Dec: determinstic algorithm that on input sk and a
ciphertext c outputs a message m or an error ⊥

Correctness: Decsk(Encpk(m)) = m
7
 ELLIPTIC CURVE CRYPTOSYSTEMS

Although RSA and ElGamal are secure asymmetric-key

cryptosystems, their security comes with a price, their
large keys.

ECC provide same level of security with smaller key

sizes.

• Elliptic Curves over GF( p)

10.8
From Behroun Forouzan and Debdeep Mukhopadhyay
ECC as Light – weight Encryption
 ECDSA in Bitcoin
secp256k1 curve (Bitcoin) parameters

G = (x, y) is the generator of cyclic subgroup of elliptic group

Where X = 79BE667E F9DCBBAC 55A06295 CE870B07
029BFCDB 2DCE28D9 59F2815B 16F81798
Y = 483ADA77 26A3C465 5DA4FBFC 0E1108A8
FD17B448 A6855419 9C47D08F FB10D4B8
secp256k1's elliptic curve

order(G) = q is a prime,
where q = FFFFFFFF FFFFFFFF FFFFFFFF
FFFFFFFF BAAEDCE6 AF48A03B
BFD25E8C D0364141
 Signature
Alice
Everyone else

Alice’s
Unique
Hand writing

Message Message Alice’s

M M previous
Signature
signature

Signature
Verify
function
Signature is independent of the
message
Indeed
signed by Alice
 Digital Signatures
Alice
Everyone else

Message Alice’s Message Alice’s

M Private Key M Public Key

Sign Signature
function for M
Verify
function

Signature Message M was indeed

for M signed by Alice
Genesis
Blockchain
Block

Hash pointer : Hash and address of previous block

Hypothetical Cryptocurrencies (Goofy Coin)

double-spending attack

signed by pkAlice signed by pkAlice

Pay to pkBob : H( ) Pay to pkChuck : H( )

signed by pkGoofy
signed by pkGoofy
Pay to pkAlice : H( )
Pay to pkAlice : H( )

signed by pkGoofy
signed by pkGoofy
CreateCoin [uniqueCoinID]
CreateCoin [uniqueCoinID]
 Centralised Goofy Coin

Genesis
Block prev: H( ) prev: H( ) prev: H( )
transID: 71 transID: 72 transID: 73

trans trans trans

Transaction Hash
OUTPUT
INPUT Bob’s
5BTC Address

Locktime

Signed with Alice

Source: Andreas Kamilaris Agusti Fontsa, Francesc X. Prenafeta-Boldύa The rise of blockchain technology in agriculture and food supply chains
 Block

Block header (80 byes) nVersion

Number of Transactions n hashPrevBlock
Coinbase Transaction hashMerkleRoot
Regular Transaction 1 nTime
Regular Transaction 2 nBits
... nNonce
Regular Transaction n Header
Block Format

Block size: 1 MB until August 2017 and 4 MB after that.

• The nVersion: contains the current block version number.

• Double SHA-256 of previous block header
• nTime: Time of candidate block creation
• nBits: 256-bit unsigned integer called the target threshold
• Coinbase transaction has no input. It contains miner’s reward for the mining effort.
 Merkle Hash Tree http://www.cs.cmu.edu › class3-advanced-security

• Verifier knows T0 T2
• How can verifier authenticate leaf D2 ?
T3
• Solution: recompute T0 using D2
• Example authenticate D2 , send D3 T3 T2
D3
• Verify T0 = H( H( T3 || H( D2 || D3 )) || T2 )
T0
T1 T2

T3 T4 T5 T6

D0 D1 D2 D3 D4 D5 D6 D7
 Hash puzzles:
To create block, find nonce s.t.
H(nonce ‖ prev_hash ‖ tx ‖ … ‖ tx) is very small
SHA 256
 Hash puzzles:
nonce
To create block, find nonce s.t. prev_h
H(nonce ‖ prev_hash ‖ tx ‖ … ‖ tx) is very small Tx
SHA 256 Tx

Output space of hash

Target
space

The target originally started out at:

00000000ffff0000000000000000000000000000000000000000000000000000

The current target is:

0000000000000000001f0d9b0000000000000000000000000000000000000000
 Decentralized Goofy Coin (Bitcoin)
Consensus Algorithm (Proof of Work):
1. New transactions are broadcast to all nodes.
2. Special nodes(miner) track transactions and add them to “candidate
block”. Due to transaction ordering issues, candidate blocks in each miner
may be different.
3. Special node which solves hash puzzle will be able to add new block
into Blockchain. This node (called miner) will be rewarded 6.25
BTC(1bitcoin = 53,751$).

Hash puzzles: nonce

prev_h
To create block, find nonce s.t. Output space of hash Tx
H(nonce ‖ prev_hash ‖ tx ‖ … ‖ tx) is very small Tx

4. Other nodes accept the block only if all transactions in it are valid
(unspent, valid signatures)
5. Nodes express their acceptance of the block by working on creating
the next block
 Blockchain approach to choose a node
Consensus Algorithm (Proof of Work):

• Random selection
• Incentive to add to longest chain
• Penalties to those adding to their chain
 Reward Money
• Block subsidy for solving the puzzle was 50 BTC. It becomes half after
210000 blocks (around 4 years).
• Total reward money = Block subsidy + transaction fee
• In April 2013 the Economist have explained that bitcoin is
certainly is one of the things which are going to shape the
future of finance and payment and famously compared
bitcoin to digital gold.

• Virtual currencies: Mining digital gold, From the print edition: Finance and economics, The Economist, 13
April 2013.
• Disadvantage: requires huge amounts of energy. 54 TWe per year. Which is
electricity requirement of New Zealand or Hungary.

Proof of Stake (PoS)

• Attributing mining power to the proportion of coins held by a miner.
• Suppose Alice has 20% of the total coins and Bob has 15% of the total
coins. Alice will be given 20% of total nodes and so Bob.
• One node is randomly chosen as minor.

• assumption that a majority of the wealth in the system is controlled by honest participants.
• The rationale behind PoS is that users who have significant stakes in the system have an
economic incentive in keeping the system running according to the protocol specification, as
they risk that their stakes will become worthless if trust in the cryptocurrency vanishes.
 Bitcoin Wallet
• Uses Public Key Cryptography

• To spend Bitcoin assigned to the address owner has to

produce Signature corresponding to the address.
• Pair of private key and addresses
 An account-based ledger

Disadvantage: to check the validity of transaction one has to

keep track of these account balances

Source: Book by Arvind Narayanan et al on Bitcoin and Cryptocurrency Technologies

 Bitcoin Transaction

Transaction-based ledger, which is very close to Bitcoin

In Bitcoin, the entirety of a transaction output must be consumed by another

transaction, or none of it.

Source: Book by Arvind Narayanan etc al on Bitcoin and Cryptocurrency Technologies

Coins are divisible and transactions are multi-input and multi-output.
 Bitcoin Script

An actual Bitcoin transaction

Bitcoin scripting language: stack-based, programming language and similar to Forth

• Challenge script
OP_DUP OP_HASH160 <PubKeyHash> OP_EQUALVERIFY OP_CHECKSIG

• Response script:
<Signature> <Public Key>
• Disadvantage of Bitcoin Transaction: For many inputs, transaction will be big.
Source: https://www.oreilly.com/library/view/mastering-bitcoin/9781491902639/ch05.html
 MultiSignature (m out of n)
Challenge script:
M <Public Key 1> <Public Key 2> ... <Public Key N> N OP_CHECKMULTISIG

For example 2-of-3 multi-signature

Challenge script:

2 <Public Key 1> <Public Key 2> <Public Key 3> 3 OP_CHECKMULTISIG

Response script:

OP_0 <Signature 2> <Signature 3>

• fork happens when
two or more miners
find a block at nearly
Forking Solution Block A Block
the same time. N+1 N+2

Block Block Block

···
N−2 N−1 N

Solution Block B
N+1

• Both miners will broadcast their solution on the network

• Nodes will accept the first solution they hear and reject others

B
B
A

MB
A B
A MA B

B
A A
A B B

• Nodes always switch to the longest chain they hear

• The network abandons the blocks that are not in the longest chain (they are called
orphaned blocks).
• Accidental bifurcation is therefore rare, and
occurs on average once about every 60 blocks

• Decker, C., Wattenhofer, R.: Information propagation in the bitcoin network. In: IEEE P2P. (2013)
 Total Bitcoin
• The rate at which the new Bitcoins are
generated is designed to slowly decrease
towards zero, and will reach zero when almost
21 million Bitcoins are created.
• Then, the miners’ revenue will be only from
transaction fees
Blockchain: When to use
 References
• Book by Arvind Narayanan, Joseph Bonneau, Edward Felten, Andrew Miller, Steven Goldfeder
Bitcoin and Cryptocurrency Technologies
• An Introduction to Bitcoin, S. Vijayakumaran,www.ee.iitb.ac.in/~sarva/bitcoin.html
THANK YOU