Blockchain 2
CoinJoin
"Single transaction mixing" 1. Find others who want to mix 2. Exchange input/output address 3. Construct transaction 4. Send TX around, with each user signing after they verify their output is there 5. Broadcast TX
Proof-of-stake
"Virtual mining" - Replace electricity and mining hardware with the currency itself
Bitcoin Core
"model implementation" consensus
Counterparty Risk
"Exit scam", bank not really planning on giving people their bitcoin
Owning bitcoin
1. Control UTXOs sent to some set of addresses and generate new transactions from them 2. Prove said transactions with corresponding secret keys
Memory-bound puzzle
A puzzle in which time to access memory is a limiting factor of computing
Memory-hard puzzle
A puzzle that requires a lot of memory (instead of/in addition to CPU power)
Taint Analysis
A relation between two bitcoin identities (coins from S end up in R many times) assigned a taint score. (avoid by never re-using addresses)
FPGA Mining
Field-Programmable Gate Arrays, offered another order of magnitude over GPUs but prone to failure and costly
Block-withholding attack
Find block, wait to broadcast until you find another block to build on top of that one
Primecoin
Finds Cunningham chains of primes Cunningham chain is taking a prime number, doubling it and adding one to get a new prime
Sybil Attack
Flood network with "bad" peers, new connections only see bad peers
Security Breach
Hacker breaks into exchange and moves bitcoin, no arbiter to determine who owns what
Currency Fork
Hard Fork resulting in a new currency forming. Up until the instance of forking, blockchain of both currencies is identical
Randomness in BTC
Hashes are pretty close to being random but technically pseudorandom
Wallet Software
Hot Storage. Software that keeps track of bitcoin, like a wallet in your pocket. availability=high convenience=high security=low
Hardware Wallet
Hot/Cold Storage. Simple device generates keys but never leave device. Fed in transactions, signed, and output. availability=medium convenience=medium security=high
Address re-use problems
Leaks info on your identity. Might as well use a new address (they are infinite)
Bank/Exchange Runs
People ask for money back at bank, bank doesn't have enough money. Bank is dubbed as insolvent. Everyone tries to cash out.
Secure Timestamping with BTC
Prove you know a block hash shows that a given event occurred after that block
Anonymity
Pseudonymous system which also provides unlinkability
non-outsourceable puzzles
Puzzle which disincentivize pools and collusion. E.g. find block whose hash of signature is below target, with signature computed using PK of recipient address
CPU Mining
Regular desktop can get several tens of millions of hashes per second, this was the original idea
Anonymity set
Set of transactions an adversary cannot distinguish from your own transactions. Adversary WILL know you made a transaction. They will NOT know which one. More transactions = better ability to hide
Deanonymization via side channels
Side channel = indirect leaking of information (off-chain) E.g. Paying for bitcoin in person exposes your body, analyzing usage time can determine time-zone, re-using addresses, etc
Online Wallet
Software running online where you make an account. Enter in key or store it encrypted. They can know your keys, big security worry.
Pseudonymity
System in which you do not have a name, rather you have a psuedo-identity that can be generated
Network-level deanonymization
The first node to inform you of a transactions is probably the source.
Smart Property
UTXO is associated with ownership of something. Transfer a car, prove it with UTXO.
UASF
User-Activated Soft Fork - nodes create soft fork without support of miners (playing chicken, which miners will support it?) SegWit introduced as UASF
Proportional share
every share you submit gives you a higher proportion of bitcoin in next block (no block found, no reward)
Mining Difficulty
next_difficulty = (prev_difficulty * 2016 * 10min)/time_to_mine_2016 difficulty = max_target/target target = max_target/difficulty
Mining Process
1. Listen for transactions 2. Maintain/update blockchain 3. Assemble candidate block 4. Find nonce where H(block) < target 5. Broadcast block 6. Coinbase sent to your address
Benefits of proof-of-stake
1. More efficient 2. Simpler, closed system 3. Decentralized (no hardware so anyone can do it) 4. Everyone has same incentive to mine
Secret Sharing for arbitrary k-of-n splitting
1. Random key 2. determine k and random k-order polynomial intersecting at 0 (the key) 3. determine n random points on function 4. expand indefinitely via Lagrange interpolation
Bitcoin Consensus
1. Rules - How do nodes communicate? What is a valid transaction? 2. History - What is the correct blockchain? 3. Value - What is value of bitcoin that I use?
Drawbacks of proof-of-work
1. Security (people might be able to game the system) 2. 51% attack if they own the currency 3. Not entirely understood 4.Might not work on large scale
Colored Coins
Added metadata to UTXOs which allows for the same security with added functionality for property tracking
Regulatory Risk
Adding illegal content to blockchain
Selfish Mining
After block-withholding attack, all other miners have been wasting time trying to find hash for old blockchain
GPU Mining
Allows for massive parallelization, hashpower increased by order of magnitude and allowed multiple GPUs on single computer
Avoid network-level deanonymization
Always hide your IP with Tor Tor can be blocked and is very slow
ASIC Mining
Application-Specific Integrated Circuits, computers that only mine bitcoin.
Linking
Associating different addresses with a user, different transactions with a user, or sender of a payment with its recipient. All lead to linking an address with the identity of a user
Nothing-at-stake Problem
Attacker tries to create a fork (double spend attack) and there is no opportunity cost. If it fails the money goes back to them
Feather Forking
Attempt to fork that gives up if probability of success is low (percentage of hashpower of entire network)^2.
Bitcoin vs Bitcoin Cash
BCH - No SegWit, increase to 8mb blocks BTC - SegWit, block weight limit
"Big-Blockers"
BTC as Means of exchange big blocks have more room for transactions big blocks are faster for transactions Secondary scaling will lead to centralization More people will want to use Bitcoin so more people run nodes, despite larger size
"Small-Blockers"
BTC as Store of Value bigger blocks is temporary solution large blockchain makes it harder to participate so nodes will centralize Secondary scaling solutions are available Hard fork is an attack on bitcoin
BIP
Bitcoin Improvement Proposal - Major changes must file a BIP
Hot Storage
Bitcoin can directly be spent on the Bitcoin network (node is online)
Cold Storage
Bitcoin cannot be directly spent on Bitcoin network (node is offline)
Punitive Forking
Blacklisting particular addresses, not including or mining on any chain that has them
Overlay Currencies
Certain bitcoin are reused for non-Bitcoin related purposes (you get extra credit if you have a dollar bill ending with a G)
Idioms of Use
Change addresses tend to be fresh addresses Shared spending implies single entity Verification via re-identification attacks
Pay-per-share
Every share entitles you to a flat amount of bitcoin
Brain Wallet
Cold Storage. Remember passphrase and use hash of it as a seed to psuedorandomly generate a keypair. availability=low convenience=low security=high
Paper Wallet
Cold Storage. Generated address/key that is printed out on piece of paper. availability=low convenience=medium security=medium/high
Mining Pools
Collective of miners run by pool manager who takes a small cut, reducing variance
Threshold Signatures
Create partial signatures with actors that can sign a transaction with a key without ever revealing the key
ASIC Resistance
Disinccentivizing the use of custom-built hardware for mining (at least narrowing the gap...)
Drawbacks of Mining
Energy is wasted, vulnerable to attacks
Forking attack
Miner builds upon previous blocks to create alternative chain. Easy to detect with a ton of hashpower
Mining Shares
Miners turn in near misses and hits. Can't generate a miss unless using hashpower. Each entry is a share in the next block reward.
Multi-signature
Multisignature is a digital signature scheme which allows a group of users to sign a single document. Usually, a multisignature algorithm produces a joint signature that is more compact than a collection of distinct signatures from all users.
Is Bitcoin anonymous?
No, it is pseudonymous. Your name is your address/PK
Is ASIC-proof mining possible?
No, some hardware will always be better at mining
Online Exchange
Online wallet PLUS place to buy/sell coins. Promise to give you coins when you ask for it.