Stefan Dziembowski Why do the cryptographic currencies need a
solid theory? Forum Informatyki Teoretycznej, Warsaw 30.1.2015
Slide 2
Digital vs. paper currencies Paper: Digital: 16fab13fc6890 Very
useful if is also digital.
Slide 3
Traditional ways of paying digitally Alices credit card number
Alice Bob Alices credit card number Alice Bob transfer money to
Bobs account transfer confirmation PROBLEMS 1. trusted server for
each transaction is needed (money doesnt circulate), 2. high
transaction fees, 3. no anonymity.
Slide 4
Bitcoin a digital analogue of the paper money
Slide 5
Probably one of the most discussed cryptographic technologies
ever!
Slide 6
PROBLEMS WITH PREVIOUS APPROACHES 1. trusted server is needed
(money doesnt circulate), 2. high transaction fees, 3. no
anonymity. Bitcoin in Bitcoin: low fees pseudonymity no trusted
server, money circulates
Slide 7
No trusted server nobody controls the money, and therefore: The
amount of money that will ever be printer is fixed (to around 21
mln BTC) no inflation The exchange rate fluctuates:
Slide 8
Bitcoin value comes from the fact that: people expect that
other people will accept it in the future. Its like all the other
currencies enthusiasts: sceptics: Its a Ponzi scheme P. KrugmanA.
Greenspan
Slide 9
Main problem with the digital money Double spending
16fab13fc6890 Bits are easier to copy than paper!
Slide 10
Bitcoin idea (simplified): The users emulate a public trusted
bulletin-board containing a list of transactions. A transaction is
of a form: This prevents double spending. User P 1 transfers a coin
#16fab13fc6890 to user P 2 16fab13fc6890 youve already spent this
coin!
Slide 11
How is this bulletin-board maintained? A technology called
block-chain. Secure under the assumption that the majority of the
computing power is controlled by honest users.
Slide 12
How is this verified? Basic principles: use Proofs of Work
incentivize honest users to constantly participate in the process
The honest users can use their idle CPU cycles. Nowadays: often
done on dedicated hardware.
Slide 13
Main idea The users participating in the scheme are called the
miners. They maintain a chain of blocks: block 0 block 1 block 2
block 3 transactions from period 1 transactions from period 2
transactions from period 3 the genesis block created by Satoshi on
03/Jan/2009
Slide 14
But is this secure?
Slide 15
Possible attack goals double spending, get more money from
mining than you should, short selling bet that the price of BTC
will drop and then destroy the system (to make the price of BTC go
to zero), someone (government?) interested in shutting Bitcoin
down
Slide 16
Selfish mining Ittay Eyal, Emin Gun Sirer Majority is not
Enough: Bitcoin Mining is Vulnerable basic idea: when you mine a
new block keep it to yourself.
Slide 17
Another clever attack Lear Bahack Theoretical Bitcoin Attacks
with less than Half of the Computational Power The Difficulty
Raising Attack exploits the way the difficulty is adjusted in
Bitcoin.
Slide 18
Our view These attacks were unnoticed for a long time, because
Bitcoin was never formally analyzed. There is no: security proof,
or even a formal security definition of Bitcoin Observation: more
unexpected attacks are possible.
Slide 19
Research program for the cryptocurrencies Define security (may
involve game theory) Analyze Bitcoin security in this model Propose
improved cryptocurrencies.
Slide 20
Thank you!
Slide 21
TCC 2015 in Warsaw March 22-25, 2015 Early registration
deadline: February 19 Web-page:
www.iacr.org/workshops/tcc2015/