APerspectiveonBitcoin andBlockchainBARTPRENEEL

6 JUNE 2017

1

IMEC-COSIC KU LEUVENBART.PRENEEL(AT)ESAT.KULEUVEN.BE

Currencies=maintainingmemory“EnvelopeandcontentsfromSusa,Iran,circa3300BCE.”“Eachlenticulardiscstandsfor“aflock”(perhaps10animals).Thelargeconerepresentsaverylargemeasureofgrain;thesmallconesdesignatesmallmeasuresofgrain.”

2

Tensionsbetweencentralizedandde-centralizedwaystoremembervalueexchanges,debts,andwhatisdue

•Centralization(claytablet):economiesofscale,high-integrity,vulnerable

•Decentralized(coins):high-availability,difficulttodestroyasasystem,forgery

ImageprovidedcourtesyofDeniseSchmandt-Besseratand Musée duLouvre,Département desAntiquités Orientales Slidecredit:GeorgeDanezis

Hash functions (1975):one-wayeasyto compute buthardto invert

3

This is an input to a crypto-graphic hash function. The input is a very long string, that is reduced by the hash function to a string of fixed length. There are additional security conditions: it should be very hard to find an input hashing to a given value (a preimage) or to find two colliding inputs (a collision).

1A3FD4128A198FB3CA345932f

RIPEMD-160SHA-256SHA-512SHA-3

Digitalsignatures (1975):“equivalent”to manualsignature

4

Donald agrees to pay to Hillary 100 Bitcoins on Feb. 22 2017

Public key

Private key

Timestamping(1990)CollectdocumentsandhashthemwithaMerkle treeChainthesetreestogetherwithahashchainPublishintermediatevaluesonaregularbasis

5

f f f0

t1 t2 t3

hashchain

Timestamping:SuretyTechnologies(°1994)

6

http://www.surety.com/

Distributedlogging+Privacy

7

http://www.project-opacity.com/

Bitcoin?(2008)E-currency with distributed generation and verification ofmoney

Transactions◦ irreversible◦ inexpensive◦ overanonymouspeer-to-peernetwork◦ broadcastwithinsecondsandverifiedwithin10to60minutesbyinclusioninhashchain◦ payusingprivatekey (digitalsignature);verifywithpublickey◦ doublespendingpreventionusingapublicdecentralizedledger(chainingmechanism)

Pseudonymous◦ Moneyislinkedtopublickey– cangeneratearbitrarykeypairsandmovemoneyaround◦ Butinmanycasesidentificationispossible

8

MarketpriceinUSD(marketcap» 42.5B$)

9

2011bubble

1Bitcoin=2593$

BlockChain:apublicdecentralizedledgerBitcointransactions

10

f f f0

t1 t2 t3

blockchain

nonce1 nonce2 nonce3

“small” “small” “small”

Block1 Block2 Block3

Alsoincludeineveryblocktimestampanddifficultylevelofpuzzle

MininghashrateofBitcoin network

11

5.5 EH/s=5.5ExaHash persecond=5.51018 hash/second=262.3 hash/second

Exa

Peta

Tera

Giga

Mega

Mininghasbecomeindustrial

12Slidecredit:JosephBonneau

MiningequipmentonAmazon

13

CostofLeaderlessConsensusDistributedconsensusprotocol:◦ whichevercoalitiondeploysmosthashpower,hascontroloftheblockchain◦ 5.51018 hash/secondisasignificantcost.◦ notperforminganyusefultask!

Electricity+Networkingcosts:◦ 0.10W/GH/sor550MWatt (1/2ofanuclearplant)◦ @10centperKWh:1blockcosts9200$electricity(12.5BTC=+/-32,400$)

14

Profitcalculator:http://www.vnbitcoin.org/bitcoincalculator.php

NumberofTransactionsPerDay

Bankcardpayments:around10.000persecond? 15

3.5transactions/scostpertransaction24$(18%fromfees)transactionfees:0.88%ofvolumelargesharegoestoafewaddresses

AltCoinsToday:700+currenciesderivedfromBitcoin(seehttp://mapofcoins.com/bitcoin)

16Slidecredit:F.Vercauteren

SomeobservationsonBitcoinBitcoincommunityaspirestobemainstreambutbehavesasrebels◦ thisisnotsustainable

Volatile

Payingandsecurestoragesomewhatcomplex

Nopeaceofmindforusers:ifyouarehacked,toughluck

17

MostminersareinChina(70%)

Incentivessystemcomplex

Notclearthatthesystemwillsurvive,butsomeideaswillforsure

2017

Openissues:BitcoinIsBitcoinincentivecompatible?◦ Convergence◦ Fairness◦ Liveliness

◦ Sybilattack:attackercontrolsmanynodesinnetwork,canrefuserelayingorfavouringhisownblocks

◦ Selfishminingattack◦ Bribery

Someproofexistinsimplifiedmodels

18

Openissues:cryptocurrenciesDesignofcontracts(e.g.tradingdigitalart)

Blockchaintechnologyfornon-currencyapplications:◦ typicalapplications:decentralizedconsensusrequired◦ Namecoin:key-valueregistrationandtransferplatform,usedfordomainnamesetc…◦ Ethereum:contractprocessingandexecutionplatformusingTuring-completelanguage

Canweavoidtheenormouscomputationalcost?(proofofstake)

Isazero-governancecurrencypossible?Bitcoinneedsgovernancefor“hard”upgrades

19

BusinessFinancialworlddislikes◦ distributedcontrol◦ fulltransparency◦ uncleargovernance(oranarchy)◦ uncontrolledmoneysupply

Restrict:write,verifyorread(fullyprivateblockchain)

20

DistributedLedger:arangeofsolutions

21

Public Blockchain

• No central point of control by individuals, corporations or governments

• Permissionless to participate

• Concensus based on “proof ow work”

• Examples:• Bitcoin• Ethereum

Consortium/Hybrid Blockchain

• Controlled by > 2 individuals, corporations or governments

• Permission on participation from consortium necessary

• Arbitrary consensus mechanism

• Readability of the blockchain can be public or restricted to the consortium

• Example: RSCOIN (UC London)

Full private Blockchain

• Controlled by one individual, corporation or government (no consensus needed)

• Permission on participation from owner necessary

• Readability of the blockchain can be public or restricted to one

DistributedLedgerdistributeddatabase- onlyneededif◦ multiplemutuallydistrustfulwriters◦ nointermediatepartythatistrustedbyallplayers◦ interactionsordependenciesbetweenthetransactions

Financialsector:disintermediation?◦ 20%seriouslyinvesting◦ 20%planningtoinvest◦ 20%watchingthespaceveryclosely

Aite Group:blockchainmarketcouldbeworthasmuchas$400minannualbusinessby2019

22

DistributedLedger:openquestionsExplorethecontinuumbetweenfullyopenandfullyrestrictedledgers?DevelopamethodologytodesignrestricteddistributedledgersasafunctionofthebusinessrequirementsWhichadvancedcryptographicandscriptingtechniquescanbeusedinprivateorpermissioned ledgerstoimproveprivacyandtoallowforcomplextransactionssuchassmartcontracts?

23

DistributedLedger

24https://media.licdn.com

http://www.ecrypt.eu.org/csa/documents/D3.2-Cryptocurrencies.pdf

25

Pointershttp:www/ecrypt.eu.org

http://www.bitcoin.org

http://www.blockchain.com

http://www.vnbitcoin.org/bitcoincalculator.php

http://randomwalker.info/bitcoin/

http://www.coindesk.com/

NathanielPopper,DigitalGold,Harper,2015

ArvindNarayanan,JosephBonneau,EdwardFelten,AndrewMiller,StevenGoldfeder.Bitcon andcryptocurrencytechnologies,PrincetonUniversityPress,2016

A.Biryukov,D.Khovratovich,I.Pustogarov:Deanonymisation ofClientsinBitcoinP2PNetwork.ACMConferenceonComputerandCommunicationsSecurity2014:15-29

S.Meiklejohn,M.Pomarole,G.Jordan,K.Levchenko,D.McCoy,G.M.Voelker,S.Savage:Afistfulofbitcoins:characterizingpaymentsamongmenwithnonames.InternetMeasurementConference2013:127-140

FinancialCryptographyconferenceseries

26

BartPreneel,imec-COSICKULeuven

Kasteelpark Arenberg 10,3000Leuven

homes.esat.kuleuven.be/~preneel/

Bart.Preneel@esat.kuleuven.be

@CosicBe

ADDRESS:

WEBSITE:

EMAIL:

TWITTER:

+3216321148TELEPHONE:

ECRYPT CSAECRYPT CSAECRYPT CSAECRYPT CSA

http://www.ecrypt.eu.org

27