Lecture 10

What is Bitcoin?
• A P2P network for electronic payments
• Benefits:
Low fees
No middlemen
No central authority
Can be anonymous
Each payment goes through, no censorship
How Does it Work?
• Does not rely on real currency but one can buy
bitcoins for money
– Valuable because they are useful and limited in supply
• New coins are ”mined” by performing cryptographic
operations that take lots of CPU
• A user can package the new coin together with a
block containing new transactions of others
– “Verifying a block” brings the user 25 BTC reward
– Reward is halved every 4 years
How Does it Work?
• Each transaction is signed by the sender’s private key
– So no one can spend others’ money
• Transaction = bitcoins, public key of recipient
• Each transaction is broadcast in the P2P network
• Recipients collect and verify transactions in a block
– On the average 6 blocks per hour are generated
How Does it Work?
• Blocks are chained together so that latter blocks
depend on previous ones
• If multiple chains appear only the longest and
fastest-growing chain is accepted as true
– This prevents double-spending
• Anonymity can be achieved by using a new
public/private key pair for each receiving transaction
Transaction Format
List of inputs
List of outputs
When is the transaction final, only
valid if sequence_no < 0xFFFFFFFF
Txin Format
Previous Transaction hash
Previous Txout-index
Txin-script length
Which output of prev Tx is used
Int >= 0
normally 0xFFFFFFFF
Txout Format
number of BTC*108 to be transferred
Txout-script length
Int >= 0
Sample Transaction
• Input 50 bitcoins from transaction with hash f5d… then send
them to a Bitcoin address 4043 ..
• If the input was greater than the amount you want to spend
create another output to yourself with the rest
• Any part of input not redeemed is the transaction fee and
belongs to whoever generates a block
Transaction Verification
• Use a scripting system – describes how the
transaction amount can be redeemed
• Input’s scriptSig is evaluated first – this leaves
some state on the stack
• Output’s scriptPubKey is evaluated second
• Through scripting system one can create
different sorts of payments with different
Types of Transactions
• Transfer to IP address
• Transfer to Bitcoin address
• Generation
• A block is a record of some or all transactions that
have not been recorded so far
• Each block contains:
– A reference to the block immediately before it – chaining
(roughly one block is added each 10 min)
– A solution to a cryptographic puzzle
– A generation transaction so fee can be claimed for
generating the block
• Transactions are broadcast and peers compete in
trying to generate new blocks
• More about block rules
• A puzzle is finding an input to a hash algorithm
that, when combined with the block’s hash
results in output with many zeros
• The difficulty of the puzzle is automatically
adjusted so that roughly 6 puzzles per hour can
be solved
• Every two weeks all clients compare how much
off target they were and adjust puzzle difficulty
• Clients accept the chain with the highest
combined difficulty of puzzles as valid
• Could one spend the same coin twice?
– Bitcoin peers verify all transactions they add to
the block to ensure that the same coin wasn’t
spent elsewhere
– There are some race conditions that may lead to
double-spending before transactions are verified
– As the confirmations increase no double-spending
is possible
Some Statistics
Some Statistics
Some Statistics
Some Statistics
Some Statistics
Some Statistics
Some Statistics
Drive-By Downloads
What are Drive-By Downloads
Are These Just Exploits?
• If my computer is well-protected should I worry?
• Drive-by downloads occur in two ways:
– There’s a pop-up that a user clicks on or sometimes
even closes. This is interpreted as permission to
download and install malware onto your machine
– There’s a script on the page a user visited that
initiates file download. Some browsers may run such
files automatically, infecting the machine
• Some browsers will force downloads and warn
on downloads of executable software
What If I Visit Well-Known Sites?
• Even such sites can have vulnerable servers
that get infected by attackers
• Or they may serve ads that distribute malware
• Exploit kits for Web servers proliferate on
black markets
– They are also very versatile and customizable
Are There Any Defenses?
• Lots of research in the area from top security experts
• BLADEhttp://www.youtube.com/watch?v=9emHejh8
“all executable files delivered through browser
downloads must result from explicit user consent”

similar documents