Embed Size (px)
DESCRIPTION
This presentation explains Bitcoin in a simple way.
Citation preview
How to explain Bitcoin
to your mother? @philippecamacho
Distributed System,
Open Source, Digital
Signatures, Collision-
Resistant Hash
Functions, Broadcast
transactions, Merkle
trees,…
Very interesting…
I can send bitcoin via
email right?
Me My mother
Maybe my
explanation
was not very
clear…
(Let’s do it again)
What is
Bitcoin?
Bitcoin
It’s like gold expect that it’s digital
No central authority controls the coins
Limited number of bitcoins (btc)
You can keep it or transfer it
You don’t have to reveal your identity
Hum… Looks nice,
but how does it work?
Solution 0
Example: Linden Dollars
I control everything.
Fix #1
Bitcoin is a distributed protocol and is open source.
Solution 1
1 BTC
2 BTC 1 BTC
Great!
I can spend my bitcoins as many times as I want !
(double spending)
Fix #2
The network shares a transaction book
Solution 2
Origin Destination Amount
Homer Lisa 1 BTC
Homer Bart 2 BTC
Lisa Bart 1 BTC
… … …
The network checks
that an account is
funded before
allowing a new
transfer.
As every transaction is public,
the identity of user is revealed.
Nobody will want to use such a system!
Fix #3
Replace user id by some random number.
Solution 3
Origin Destination Amount
HHY67J81 JH89HF8M 1 BTC
HHY67J81 LAU4V6UU 2 BTC
JH89HF8M LAU4V6UU 1 BTC
… … …
Note that any user
can create multiple
accounts.
Every account id is public, thus I can transfer money
from an account that is not mine.
Fix #4: Digital Signatures
Private Key Public Key
= Bart’s address
Sign Message
Signature
Signature
Fix #4: Digital Signatures
Accept /
Reject Verify
Fix #4: Digital Signatures
Non-repudiation Unforgeability
(You can’t sign in Bart’s name)
Solution 4
Origin Destination Amount Signature
HHY67J81 JH89HF8M 1 BTC Djsh767
HHY67J81 LAU4V6UU 2 BTC 8988dd
JH89HF8M LAU4V6UU 1 BTC djDhd7n
… … …
Every bitcoin address
corresponds to the
public key.
Message
I can still do very bad things…
What about publishing a wrong history of transactions…
Things get a bit more complicated…
Name: Shafi Goldwasser
Profession: Computer scientist at MIT
Speciality: Cryptography
Other: Turing Award (march 2013)
Your mother
FIX #5: Cryptographic Hash Functions
H
01110001110001110
10001010100010010
00110101010010110
01100111100011100
10000101000101110
11011010110100111
Huge input
Fixed sized output
(e.g. 256 bits)
FIX #5: Cryptographic Hash Functions
Security properties
One-way
Given the output y it’s hard to compute some input x such that H(x) = y
Collision-Resistant
It’s hard to find two different values x,x’ such that
H(x)=H(x’)
Solution 5
H H H
Tx1;
Tx2;
Tx3…
Initial value of
the chain:
coinbase
Tx34;
Tx35;
Tx36…
Tx54;
Tx55;
Tx56…
Block of
transactions
Block chain
…
Who computes the next block?
Proof of work
00000 00001
00010 00011
00100 00101 00110 00111
01000 01001 01010 01011 01100 01101
01110 01111
10000
10001 10010 10011 10100 10101 10110
10111 11000 11001 11010 11011
11100 11101 11110 11111
H 1001101|| x 000||10
Find the nonce x such
that the output starts
with 3 zeros.
The only way (*) to
compute the nonce such
that the ouput starts with 𝒏 zeros is to try with roughly
𝟐𝒏 hash values
(*) If you find a better way you may (1) get rich, (2) be famous (Turing award), or (3) both.
Solution 5
The first node that manages to solve the computational puzzle (nonce) wins the block.
The network extends the chain from the newly computed block
The network always choose the largest chain
Damned!
I need to control 51% of the network….
Nice in theory but why would
people waste their CPU cycles?
The winner of a block is rewarded 25 BTC
by the network
(BTW, this is how bitcoins are created)
This process is called mining.
1 0 -
