Cryptocurrencies: Opportunities and Threats

Transcription

1 Cryptocurrencies: Opportunities and Threats Pasquale Forte 1 Giovanni Schmid 2 1 Università degli studi di Salerno 2 Istituto di Calcolo e Reti ad Alte Prestazioni Consiglio Nazionale delle Ricerche

2

3 Cryptocurrency: Foundations An open source project A distribuited peer-to-peer system A distribuited transaction database: the blockchain Anonymous transactions Coins defined as a chain of digital signatures Coins "stored" via a client program (wallet) Fixed amount of total coins to be produced

4 Cryptocurrency: Foundations An open source project A distribuited peer-to-peer system A distribuited transaction database: the blockchain Anonymous transactions Coins defined as a chain of digital signatures Coins "stored" via a client program (wallet) Fixed amount of total coins to be produced

5 Cryptocurrency: Foundations An open source project A distribuited peer-to-peer system A distribuited transaction database: the blockchain Anonymous transactions Coins defined as a chain of digital signatures Coins "stored" via a client program (wallet) Fixed amount of total coins to be produced

6 Cryptocurrency: Foundations An open source project A distribuited peer-to-peer system A distribuited transaction database: the blockchain Anonymous transactions Coins defined as a chain of digital signatures Coins "stored" via a client program (wallet) Fixed amount of total coins to be produced

7 Cryptocurrency: Foundations An open source project A distribuited peer-to-peer system A distribuited transaction database: the blockchain Anonymous transactions Coins defined as a chain of digital signatures Coins "stored" via a client program (wallet) Fixed amount of total coins to be produced

8 Cryptocurrency: Foundations An open source project A distribuited peer-to-peer system A distribuited transaction database: the blockchain Anonymous transactions Coins defined as a chain of digital signatures Coins "stored" via a client program (wallet) Fixed amount of total coins to be produced

9 Cryptocurrency: Foundations An open source project A distribuited peer-to-peer system A distribuited transaction database: the blockchain Anonymous transactions Coins defined as a chain of digital signatures Coins "stored" via a client program (wallet) Fixed amount of total coins to be produced

10 Cryptocurrency: Foundations An open source project A distribuited peer-to-peer system A distribuited transaction database: the blockchain Anonymous transactions Coins defined as a chain of digital signatures Coins "stored" via a client program (wallet) Fixed amount of total coins to be produced

11 History and current diffusion 2008 = Satoshi Nakamoto publishes Bitcoin paper 2009 = Network genesis: first client and first block 2010 = Real Bitcoin transactions Hanyecz pays BTC for two pizzas Market cap = 1 million USD 2011 = Bitcoin buzzes Dollar parity Wikileaks begins accepting Bitcoin for donations Silk Road is launched = Consolidation: Cyprus chooses Bitcoin as safe haven asset Market cap= 1 Billion USD China Central Bank prohibits financial institutions from handling bitcoin transactions FBI closes Silk Road, but one month later it is on-line again 2014 = Global diffusion: About 400 Bitcoin ATMs open (USA, Canada, Germany, Italy...) Microsoft accepts Bitcoin for games and apps FBI operates to definitively shut down Silk Road, but two hours later Silk Road is reloaded

12 History and current diffusion 2008 = Satoshi Nakamoto publishes Bitcoin paper 2009 = Network genesis: first client and first block 2010 = Real Bitcoin transactions Hanyecz pays BTC for two pizzas Market cap = 1 million USD 2011 = Bitcoin buzzes Dollar parity Wikileaks begins accepting Bitcoin for donations Silk Road is launched = Consolidation: Cyprus chooses Bitcoin as safe haven asset Market cap= 1 Billion USD China Central Bank prohibits financial institutions from handling bitcoin transactions FBI closes Silk Road, but one month later it is on-line again 2014 = Global diffusion: About 400 Bitcoin ATMs open (USA, Canada, Germany, Italy...) Microsoft accepts Bitcoin for games and apps FBI operates to definitively shut down Silk Road, but two hours later Silk Road is reloaded

13 History and current diffusion 2008 = Satoshi Nakamoto publishes Bitcoin paper 2009 = Network genesis: first client and first block 2010 = Real Bitcoin transactions Hanyecz pays BTC for two pizzas Market cap = 1 million USD 2011 = Bitcoin buzzes Dollar parity Wikileaks begins accepting Bitcoin for donations Silk Road is launched = Consolidation: Cyprus chooses Bitcoin as safe haven asset Market cap= 1 Billion USD China Central Bank prohibits financial institutions from handling bitcoin transactions FBI closes Silk Road, but one month later it is on-line again 2014 = Global diffusion: About 400 Bitcoin ATMs open (USA, Canada, Germany, Italy...) Microsoft accepts Bitcoin for games and apps FBI operates to definitively shut down Silk Road, but two hours later Silk Road is reloaded

14 History and current diffusion 2008 = Satoshi Nakamoto publishes Bitcoin paper 2009 = Network genesis: first client and first block 2010 = Real Bitcoin transactions Hanyecz pays BTC for two pizzas Market cap = 1 million USD 2011 = Bitcoin buzzes Dollar parity Wikileaks begins accepting Bitcoin for donations Silk Road is launched = Consolidation: Cyprus chooses Bitcoin as safe haven asset Market cap= 1 Billion USD China Central Bank prohibits financial institutions from handling bitcoin transactions FBI closes Silk Road, but one month later it is on-line again 2014 = Global diffusion: About 400 Bitcoin ATMs open (USA, Canada, Germany, Italy...) Microsoft accepts Bitcoin for games and apps FBI operates to definitively shut down Silk Road, but two hours later Silk Road is reloaded

15 History and current diffusion 2008 = Satoshi Nakamoto publishes Bitcoin paper 2009 = Network genesis: first client and first block 2010 = Real Bitcoin transactions Hanyecz pays BTC for two pizzas Market cap = 1 million USD 2011 = Bitcoin buzzes Dollar parity Wikileaks begins accepting Bitcoin for donations Silk Road is launched = Consolidation: Cyprus chooses Bitcoin as safe haven asset Market cap= 1 Billion USD China Central Bank prohibits financial institutions from handling bitcoin transactions FBI closes Silk Road, but one month later it is on-line again 2014 = Global diffusion: About 400 Bitcoin ATMs open (USA, Canada, Germany, Italy...) Microsoft accepts Bitcoin for games and apps FBI operates to definitively shut down Silk Road, but two hours later Silk Road is reloaded

16 History and current diffusion 2008 = Satoshi Nakamoto publishes Bitcoin paper 2009 = Network genesis: first client and first block 2010 = Real Bitcoin transactions Hanyecz pays BTC for two pizzas Market cap = 1 million USD 2011 = Bitcoin buzzes Dollar parity Wikileaks begins accepting Bitcoin for donations Silk Road is launched = Consolidation: Cyprus chooses Bitcoin as safe haven asset Market cap= 1 Billion USD China Central Bank prohibits financial institutions from handling bitcoin transactions FBI closes Silk Road, but one month later it is on-line again 2014 = Global diffusion: About 400 Bitcoin ATMs open (USA, Canada, Germany, Italy...) Microsoft accepts Bitcoin for games and apps FBI operates to definitively shut down Silk Road, but two hours later Silk Road is reloaded

17 History and current diffusion 2008 = Satoshi Nakamoto publishes Bitcoin paper 2009 = Network genesis: first client and first block 2010 = Real Bitcoin transactions Hanyecz pays BTC for two pizzas Market cap = 1 million USD 2011 = Bitcoin buzzes Dollar parity Wikileaks begins accepting Bitcoin for donations Silk Road is launched = Consolidation: Cyprus chooses Bitcoin as safe haven asset Market cap= 1 Billion USD China Central Bank prohibits financial institutions from handling bitcoin transactions FBI closes Silk Road, but one month later it is on-line again 2014 = Global diffusion: About 400 Bitcoin ATMs open (USA, Canada, Germany, Italy...) Microsoft accepts Bitcoin for games and apps FBI operates to definitively shut down Silk Road, but two hours later Silk Road is reloaded

18 History and current diffusion

19 History and current diffusion

20

21 Why is cryptography necessary? Multiparty Timed Challenges Goal: Checking the validity of transactions, making competing users on a problem to be solved within a preset time The problem is computationally difficult and involves a reward What is the problem? Given a computationally hard invertible function, find an input producing an output of assigned type

22 Why is cryptography necessary? Multiparty Timed Challenges Goal: Checking the validity of transactions, making competing users on a problem to be solved within a preset time The problem is computationally difficult and involves a reward What is the problem? Given a computationally hard invertible function, find an input producing an output of assigned type

23 Why is cryptography necessary? Multiparty Timed Challenges Goal: Checking the validity of transactions, making competing users on a problem to be solved within a preset time The problem is computationally difficult and involves a reward What is the problem? Given a computationally hard invertible function, find an input producing an output of assigned type

24 Why is cryptography necessary? Multiparty Timed Challenges Goal: Checking the validity of transactions, making competing users on a problem to be solved within a preset time The problem is computationally difficult and involves a reward What is the problem? Given a computationally hard invertible function, find an input producing an output of assigned type

25 Cryptographic primitives Hash function A pseudo-random way of shrinking data: Input of arbitrary length and output of fixed length One way function (computationally hard to invert) Collision resistance (hard to find more inputs having the same output)

26 Cryptographic primitives Hash function A pseudo-random way of shrinking data: Input of arbitrary length and output of fixed length One way function (computationally hard to invert) Collision resistance (hard to find more inputs having the same output)

27 Cryptographic primitives Hash function A pseudo-random way of shrinking data: Input of arbitrary length and output of fixed length One way function (computationally hard to invert) Collision resistance (hard to find more inputs having the same output)

28 Cryptographic primitives Hash function A pseudo-random way of shrinking data: Input of arbitrary length and output of fixed length One way function (computationally hard to invert) Collision resistance (hard to find more inputs having the same output)

29 Cryptographic primitives Hash function A pseudo-random way of shrinking data: Input of arbitrary length and output of fixed length One way function (computationally hard to invert) Collision resistance (hard to find more inputs having the same output)

30 Cryptographic primitives Digital Signature A way to bind messages to their originators: A key generation algorithm (public-private key pair) A signature generation algorithm (private key, message) A signature verification algorithm (public key, signature, message)

31 Cryptographic primitives Digital Signature A way to bind messages to their originators: A key generation algorithm (public-private key pair) A signature generation algorithm (private key, message) A signature verification algorithm (public key, signature, message)

32 Cryptographic primitives Digital Signature A way to bind messages to their originators: A key generation algorithm (public-private key pair) A signature generation algorithm (private key, message) A signature verification algorithm (public key, signature, message)

33 Cryptographic primitives Digital Signature A way to bind messages to their originators: A key generation algorithm (public-private key pair) A signature generation algorithm (private key, message) A signature verification algorithm (public key, signature, message)

34 Cryptographic primitives Digital Signature A way to bind messages to their originators: A key generation algorithm (public-private key pair) A signature generation algorithm (private key, message) A signature verification algorithm (public key, signature, message)

35

36 Transactions No central autority

37 Double Spending

38 Addresses Privacy preserving approach User transactions are between two pseudo-random addresses An example of cryptocurrency address 1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa Note For more privacy you can use many addresses Address generation:

39 Addresses Privacy preserving approach User transactions are between two pseudo-random addresses An example of cryptocurrency address 1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa Note For more privacy you can use many addresses Address generation:

40 Addresses Privacy preserving approach User transactions are between two pseudo-random addresses An example of cryptocurrency address 1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa Note For more privacy you can use many addresses Address generation:

41 Addresses Privacy preserving approach User transactions are between two pseudo-random addresses An example of cryptocurrency address 1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa Note For more privacy you can use many addresses Address generation:

42 Addresses Privacy preserving approach User transactions are between two pseudo-random addresses An example of cryptocurrency address 1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa Note For more privacy you can use many addresses Address generation:

43 The Blockchain Making double-spending an hard problem It contains every transaction ever executed in the currency It opens the possibility of finding out how much value belonged to each address at any point in history Every block contains a hash of the previous block. This has the effect of creating a chain of blocks from the genesis block to the current block Each block is computationally impractical to modify

44 The Blockchain Making double-spending an hard problem It contains every transaction ever executed in the currency It opens the possibility of finding out how much value belonged to each address at any point in history Every block contains a hash of the previous block. This has the effect of creating a chain of blocks from the genesis block to the current block Each block is computationally impractical to modify

45 The Blockchain Making double-spending an hard problem It contains every transaction ever executed in the currency It opens the possibility of finding out how much value belonged to each address at any point in history Every block contains a hash of the previous block. This has the effect of creating a chain of blocks from the genesis block to the current block Each block is computationally impractical to modify

46 The Blockchain Making double-spending an hard problem It contains every transaction ever executed in the currency It opens the possibility of finding out how much value belonged to each address at any point in history Every block contains a hash of the previous block. This has the effect of creating a chain of blocks from the genesis block to the current block Each block is computationally impractical to modify

47 The Blockchain Making double-spending an hard problem It contains every transaction ever executed in the currency It opens the possibility of finding out how much value belonged to each address at any point in history Every block contains a hash of the previous block. This has the effect of creating a chain of blocks from the genesis block to the current block Each block is computationally impractical to modify

48 Mining Creating new coins Transactions validation In a decentralized system miners have to check the validity of transactions New coins introduction In order to verify transactions miners have to solve a computational hard problem. The miner who solves the problem is rewarded Nowdays the most adopted Multiparty Timed Challenge systems are: Proof of Work Proof of Stake

49 Mining Creating new coins Transactions validation In a decentralized system miners have to check the validity of transactions New coins introduction In order to verify transactions miners have to solve a computational hard problem. The miner who solves the problem is rewarded Nowdays the most adopted Multiparty Timed Challenge systems are: Proof of Work Proof of Stake

50 Mining Creating new coins Transactions validation In a decentralized system miners have to check the validity of transactions New coins introduction In order to verify transactions miners have to solve a computational hard problem. The miner who solves the problem is rewarded Nowdays the most adopted Multiparty Timed Challenge systems are: Proof of Work Proof of Stake

51 Mining Creating new coins Transactions validation In a decentralized system miners have to check the validity of transactions New coins introduction In order to verify transactions miners have to solve a computational hard problem. The miner who solves the problem is rewarded Nowdays the most adopted Multiparty Timed Challenge systems are: Proof of Work Proof of Stake

52 Mining Creating new coins Transactions validation In a decentralized system miners have to check the validity of transactions New coins introduction In order to verify transactions miners have to solve a computational hard problem. The miner who solves the problem is rewarded Nowdays the most adopted Multiparty Timed Challenge systems are: Proof of Work Proof of Stake

53 Mining Creating new coins Transactions validation In a decentralized system miners have to check the validity of transactions New coins introduction In order to verify transactions miners have to solve a computational hard problem. The miner who solves the problem is rewarded Nowdays the most adopted Multiparty Timed Challenge systems are: Proof of Work Proof of Stake

54 Proof of Work / Stake Getting computational difficulty through hash functions

55 Proof of Work Threshold Hash value Target value i.e. the hash has to be composed by a certain number of leading zeros It requires an increasing amount of computational resources over time Very high energy consumption in order to get the system working Executing an attack could be easy for users who have big computational power

56 Proof of Work Threshold Hash value Target value i.e. the hash has to be composed by a certain number of leading zeros It requires an increasing amount of computational resources over time Very high energy consumption in order to get the system working Executing an attack could be easy for users who have big computational power

57 Proof of Work Threshold Hash value Target value i.e. the hash has to be composed by a certain number of leading zeros It requires an increasing amount of computational resources over time Very high energy consumption in order to get the system working Executing an attack could be easy for users who have big computational power

58 Proof of Work Threshold Hash value Target value i.e. the hash has to be composed by a certain number of leading zeros It requires an increasing amount of computational resources over time Very high energy consumption in order to get the system working Executing an attack could be easy for users who have big computational power

59 Proof of Work Threshold Hash value Target value i.e. the hash has to be composed by a certain number of leading zeros It requires an increasing amount of computational resources over time Very high energy consumption in order to get the system working Executing an attack could be easy for users who have big computational power

60 Proof of Stake Threshold Hash value Stake Time i.e. the probability of mining a block depends on the stake that the user has got over time It does not employ the large computational resources that proof-of-work does Executing an attack would be much more expensive "The rich get richer and the poor get poorer" problem Less incentives for miners

61 Proof of Stake Threshold Hash value Stake Time i.e. the probability of mining a block depends on the stake that the user has got over time It does not employ the large computational resources that proof-of-work does Executing an attack would be much more expensive "The rich get richer and the poor get poorer" problem Less incentives for miners

62 Proof of Stake Threshold Hash value Stake Time i.e. the probability of mining a block depends on the stake that the user has got over time It does not employ the large computational resources that proof-of-work does Executing an attack would be much more expensive "The rich get richer and the poor get poorer" problem Less incentives for miners

63 Proof of Stake Threshold Hash value Stake Time i.e. the probability of mining a block depends on the stake that the user has got over time It does not employ the large computational resources that proof-of-work does Executing an attack would be much more expensive "The rich get richer and the poor get poorer" problem Less incentives for miners

64 Proof of Stake Threshold Hash value Stake Time i.e. the probability of mining a block depends on the stake that the user has got over time It does not employ the large computational resources that proof-of-work does Executing an attack would be much more expensive "The rich get richer and the poor get poorer" problem Less incentives for miners

65 Inside the Blockchain A typical block header

66

67 Mining reward In Proof of Work based cryptocurrencies: The reward consists in a given amount of coins, plus transaction fees The amount of coins is halved at each fixed period of time Bitcoin: 50 initial coins halved every 48 months In Proof of Stake based cryptocurrencies: In the most cases the reward consists of transaction fees only

68 Mining reward In Proof of Work based cryptocurrencies: The reward consists in a given amount of coins, plus transaction fees The amount of coins is halved at each fixed period of time Bitcoin: 50 initial coins halved every 48 months In Proof of Stake based cryptocurrencies: In the most cases the reward consists of transaction fees only

69 Mining reward In Proof of Work based cryptocurrencies: The reward consists in a given amount of coins, plus transaction fees The amount of coins is halved at each fixed period of time Bitcoin: 50 initial coins halved every 48 months In Proof of Stake based cryptocurrencies: In the most cases the reward consists of transaction fees only

70 Mining reward In Proof of Work based cryptocurrencies: The reward consists in a given amount of coins, plus transaction fees The amount of coins is halved at each fixed period of time Bitcoin: 50 initial coins halved every 48 months In Proof of Stake based cryptocurrencies: In the most cases the reward consists of transaction fees only

71 Mining reward In Proof of Work based cryptocurrencies: The reward consists in a given amount of coins, plus transaction fees The amount of coins is halved at each fixed period of time Bitcoin: 50 initial coins halved every 48 months In Proof of Stake based cryptocurrencies: In the most cases the reward consists of transaction fees only

72 Mining reward In Proof of Work based cryptocurrencies: The reward consists in a given amount of coins, plus transaction fees The amount of coins is halved at each fixed period of time Bitcoin: 50 initial coins halved every 48 months In Proof of Stake based cryptocurrencies: In the most cases the reward consists of transaction fees only

73 Mining reward In Proof of Work based cryptocurrencies: The reward consists in a given amount of coins, plus transaction fees The amount of coins is halved at each fixed period of time Bitcoin: 50 initial coins halved every 48 months In Proof of Stake based cryptocurrencies: In the most cases the reward consists of transaction fees only

74 Wallet A software that allows us to handle funds The tasks performed by the wallet software usually include: Querying of the user s blockchain pages Generation of user addresses Tracking of the transaction confirmation status Data backup and restore Note The wallet does not contain coins, but just private keys

75 Wallet A software that allows us to handle funds The tasks performed by the wallet software usually include: Querying of the user s blockchain pages Generation of user addresses Tracking of the transaction confirmation status Data backup and restore Note The wallet does not contain coins, but just private keys

76 Wallet A software that allows us to handle funds The tasks performed by the wallet software usually include: Querying of the user s blockchain pages Generation of user addresses Tracking of the transaction confirmation status Data backup and restore Note The wallet does not contain coins, but just private keys

77 Wallet A software that allows us to handle funds The tasks performed by the wallet software usually include: Querying of the user s blockchain pages Generation of user addresses Tracking of the transaction confirmation status Data backup and restore Note The wallet does not contain coins, but just private keys

78 Wallet A software that allows us to handle funds The tasks performed by the wallet software usually include: Querying of the user s blockchain pages Generation of user addresses Tracking of the transaction confirmation status Data backup and restore Note The wallet does not contain coins, but just private keys

79 Wallet A software that allows us to handle funds The tasks performed by the wallet software usually include: Querying of the user s blockchain pages Generation of user addresses Tracking of the transaction confirmation status Data backup and restore Note The wallet does not contain coins, but just private keys

80 Wallet A software that allows us to handle funds The tasks performed by the wallet software usually include: Querying of the user s blockchain pages Generation of user addresses Tracking of the transaction confirmation status Data backup and restore Note The wallet does not contain coins, but just private keys

81 Caution! The problem of lost coins Any unspent balance in an account for which the private key has been lost results in a loss of coins Another way to lose coins follows from sending them to an incorrect address The absence of a trusted third party makes it difficult the design of mechanisms for coin recovery Lost coins would cause deflation, meaning the other coins have higher value

82 Caution! The problem of lost coins Any unspent balance in an account for which the private key has been lost results in a loss of coins Another way to lose coins follows from sending them to an incorrect address The absence of a trusted third party makes it difficult the design of mechanisms for coin recovery Lost coins would cause deflation, meaning the other coins have higher value

83 Caution! The problem of lost coins Any unspent balance in an account for which the private key has been lost results in a loss of coins Another way to lose coins follows from sending them to an incorrect address The absence of a trusted third party makes it difficult the design of mechanisms for coin recovery Lost coins would cause deflation, meaning the other coins have higher value

84 Caution! The problem of lost coins Any unspent balance in an account for which the private key has been lost results in a loss of coins Another way to lose coins follows from sending them to an incorrect address The absence of a trusted third party makes it difficult the design of mechanisms for coin recovery Lost coins would cause deflation, meaning the other coins have higher value

85 Caution! The problem of lost coins Any unspent balance in an account for which the private key has been lost results in a loss of coins Another way to lose coins follows from sending them to an incorrect address The absence of a trusted third party makes it difficult the design of mechanisms for coin recovery Lost coins would cause deflation, meaning the other coins have higher value

86 Types of wallet Desktop wallet Mobile wallet Recommendation It is highly recommended to back up a wallet regularly and keep several copies of the backup in different safe locations. Web wallet Paper wallet Hardware wallet

87 Types of wallet Desktop wallet Mobile wallet Recommendation It is highly recommended to back up a wallet regularly and keep several copies of the backup in different safe locations. Web wallet Paper wallet Hardware wallet

88 Types of wallet Desktop wallet Mobile wallet Recommendation It is highly recommended to back up a wallet regularly and keep several copies of the backup in different safe locations. Web wallet Paper wallet Hardware wallet

89 Types of wallet Desktop wallet Mobile wallet Recommendation It is highly recommended to back up a wallet regularly and keep several copies of the backup in different safe locations. Web wallet Paper wallet Hardware wallet

90 Types of wallet Desktop wallet Mobile wallet Recommendation It is highly recommended to back up a wallet regularly and keep several copies of the backup in different safe locations. Web wallet Paper wallet Hardware wallet

91 Types of wallet Desktop wallet Mobile wallet Recommendation It is highly recommended to back up a wallet regularly and keep several copies of the backup in different safe locations. Web wallet Paper wallet Hardware wallet

92 Types of wallet Desktop wallet Mobile wallet Recommendation It is highly recommended to back up a wallet regularly and keep several copies of the backup in different safe locations. Web wallet Paper wallet Hardware wallet

93 Mining Hardware From CPUs to ASICs First generation: CPU Second generation: GPU Third generation: FPGA (Field-Programmable Gate Array) Fourth generation: ASIC (Application-Specific Integrated Circuit)

94 Mining Hardware From CPUs to ASICs First generation: CPU Second generation: GPU Third generation: FPGA (Field-Programmable Gate Array) Fourth generation: ASIC (Application-Specific Integrated Circuit)

95 Mining Hardware From CPUs to ASICs First generation: CPU Second generation: GPU Third generation: FPGA (Field-Programmable Gate Array) Fourth generation: ASIC (Application-Specific Integrated Circuit)

96 Mining Hardware From CPUs to ASICs First generation: CPU Second generation: GPU Third generation: FPGA (Field-Programmable Gate Array) Fourth generation: ASIC (Application-Specific Integrated Circuit)

97 Mining Hardware From CPUs to ASICs First generation: CPU Second generation: GPU Third generation: FPGA (Field-Programmable Gate Array) Fourth generation: ASIC (Application-Specific Integrated Circuit)

98 Mining Hardware Hash rate

99

100 Computationally hard invertible functions Recall These functions are used for mining In cryptocurrency world the two most used functions are: SHA-256 Scrypt

101 Computationally hard invertible functions Recall These functions are used for mining In cryptocurrency world the two most used functions are: SHA-256 Scrypt

102 Computationally hard invertible functions Recall These functions are used for mining In cryptocurrency world the two most used functions are: SHA-256 Scrypt

103 Computationally hard invertible functions Recall These functions are used for mining In cryptocurrency world the two most used functions are: SHA-256 Scrypt

104 Computationally hard invertible functions Recall These functions are used for mining In cryptocurrency world the two most used functions are: SHA-256 Scrypt

105 SHA-256 An hash function published as NIST standard It outputs digest of 256 bit from an input of variable length No collision found A dangerous property This algorithm is embarassingly parallel = Parallel hardware has allow for a hash rate gain of in the last five years

106 SHA-256 An hash function published as NIST standard It outputs digest of 256 bit from an input of variable length No collision found A dangerous property This algorithm is embarassingly parallel = Parallel hardware has allow for a hash rate gain of in the last five years

107 SHA-256 An hash function published as NIST standard It outputs digest of 256 bit from an input of variable length No collision found A dangerous property This algorithm is embarassingly parallel = Parallel hardware has allow for a hash rate gain of in the last five years

108 SHA-256 An hash function published as NIST standard It outputs digest of 256 bit from an input of variable length No collision found A dangerous property This algorithm is embarassingly parallel = Parallel hardware has allow for a hash rate gain of in the last five years

109 Scrypt A key derivation function published in 2009 by C. Percival Bytes are much more expensive than Mips Sequential Memory Hard algorithm= Asymptotically requires an amount of memory proportional to the number of operations to perform Innovation Space complexity is tied to computational complexity= based on highly parallelized hardware are much less effective Effect The cost of hardware for mining with Scrypt is out of reach

110 Scrypt A key derivation function published in 2009 by C. Percival Bytes are much more expensive than Mips Sequential Memory Hard algorithm= Asymptotically requires an amount of memory proportional to the number of operations to perform Innovation Space complexity is tied to computational complexity= based on highly parallelized hardware are much less effective Effect The cost of hardware for mining with Scrypt is out of reach

111 Scrypt A key derivation function published in 2009 by C. Percival Bytes are much more expensive than Mips Sequential Memory Hard algorithm= Asymptotically requires an amount of memory proportional to the number of operations to perform Innovation Space complexity is tied to computational complexity= based on highly parallelized hardware are much less effective Effect The cost of hardware for mining with Scrypt is out of reach

112 Scrypt A key derivation function published in 2009 by C. Percival Bytes are much more expensive than Mips Sequential Memory Hard algorithm= Asymptotically requires an amount of memory proportional to the number of operations to perform Innovation Space complexity is tied to computational complexity= based on highly parallelized hardware are much less effective Effect The cost of hardware for mining with Scrypt is out of reach

113 Scrypt A key derivation function published in 2009 by C. Percival Bytes are much more expensive than Mips Sequential Memory Hard algorithm= Asymptotically requires an amount of memory proportional to the number of operations to perform Innovation Space complexity is tied to computational complexity= based on highly parallelized hardware are much less effective Effect The cost of hardware for mining with Scrypt is out of reach

114

115 Wallet theft Wallet is not encrypted by default Many malwares have been created for stealing information from wallets Notice For securing your funds encrypt your wallet!

116 Wallet theft Wallet is not encrypted by default Many malwares have been created for stealing information from wallets Notice For securing your funds encrypt your wallet!

117 Wallet theft Wallet is not encrypted by default Many malwares have been created for stealing information from wallets Notice For securing your funds encrypt your wallet!

118 Wallet theft Wallet is not encrypted by default Many malwares have been created for stealing information from wallets Notice For securing your funds encrypt your wallet!

119 Transaction Spamming Denial of Service An attacker could create many transactions where he sends funds to himself This attack is unlikely because: The amount of each transaction must be above a given threshold ( in Bitcoin) The number of free transactions is limited i.e. mined blocks have a maximum block size of 50kB reserved for priority (free) transactions. Transactions above this limit have to pay fees

120 Transaction Spamming Denial of Service An attacker could create many transactions where he sends funds to himself This attack is unlikely because: The amount of each transaction must be above a given threshold ( in Bitcoin) The number of free transactions is limited i.e. mined blocks have a maximum block size of 50kB reserved for priority (free) transactions. Transactions above this limit have to pay fees

121 Transaction Spamming Denial of Service An attacker could create many transactions where he sends funds to himself This attack is unlikely because: The amount of each transaction must be above a given threshold ( in Bitcoin) The number of free transactions is limited i.e. mined blocks have a maximum block size of 50kB reserved for priority (free) transactions. Transactions above this limit have to pay fees

122 Transaction Spamming Denial of Service An attacker could create many transactions where he sends funds to himself This attack is unlikely because: The amount of each transaction must be above a given threshold ( in Bitcoin) The number of free transactions is limited i.e. mined blocks have a maximum block size of 50kB reserved for priority (free) transactions. Transactions above this limit have to pay fees

123 Transaction Spamming Denial of Service An attacker could create many transactions where he sends funds to himself This attack is unlikely because: The amount of each transaction must be above a given threshold ( in Bitcoin) The number of free transactions is limited i.e. mined blocks have a maximum block size of 50kB reserved for priority (free) transactions. Transactions above this limit have to pay fees

124 51% attack A 51% attacker could: Perform double-spending Remove transactions from the blockchain Prevent other miners from mining new blocks A 51% attacker could not: Alter the transactions Create coins from nothing Modify the amount of transactions in the blockchain

125 51% attack A 51% attacker could: Perform double-spending Remove transactions from the blockchain Prevent other miners from mining new blocks A 51% attacker could not: Alter the transactions Create coins from nothing Modify the amount of transactions in the blockchain

126 51% attack A 51% attacker could: Perform double-spending Remove transactions from the blockchain Prevent other miners from mining new blocks A 51% attacker could not: Alter the transactions Create coins from nothing Modify the amount of transactions in the blockchain

127 51% attack A 51% attacker could: Perform double-spending Remove transactions from the blockchain Prevent other miners from mining new blocks A 51% attacker could not: Alter the transactions Create coins from nothing Modify the amount of transactions in the blockchain

128 51% attack A 51% attacker could: Perform double-spending Remove transactions from the blockchain Prevent other miners from mining new blocks A 51% attacker could not: Alter the transactions Create coins from nothing Modify the amount of transactions in the blockchain

129 51% attack A 51% attacker could: Perform double-spending Remove transactions from the blockchain Prevent other miners from mining new blocks A 51% attacker could not: Alter the transactions Create coins from nothing Modify the amount of transactions in the blockchain

130 51% attack A 51% attacker could: Perform double-spending Remove transactions from the blockchain Prevent other miners from mining new blocks A 51% attacker could not: Alter the transactions Create coins from nothing Modify the amount of transactions in the blockchain

131 51% attack A 51% attacker could: Perform double-spending Remove transactions from the blockchain Prevent other miners from mining new blocks A 51% attacker could not: Alter the transactions Create coins from nothing Modify the amount of transactions in the blockchain

132 51% attack A 51% attacker could: Perform double-spending Remove transactions from the blockchain Prevent other miners from mining new blocks A 51% attacker could not: Alter the transactions Create coins from nothing Modify the amount of transactions in the blockchain

133 Attack to coin exchange Mt.Gox shutdown Mt.Gox suspended withdrawals after coming under attacks that flooded it with malformed transaction records The phantom transactions didn t allow attackers to steal money The malformed records created discrepancies in the effected exchange s accounting systems that caused them to fall out of sync with the network MtGox lost bitcoins belonging to customers and over bitcoins of its own money These DDOS attacks were possible due to the transaction malleability problems

134 Attack to coin exchange Mt.Gox shutdown Mt.Gox suspended withdrawals after coming under attacks that flooded it with malformed transaction records The phantom transactions didn t allow attackers to steal money The malformed records created discrepancies in the effected exchange s accounting systems that caused them to fall out of sync with the network MtGox lost bitcoins belonging to customers and over bitcoins of its own money These DDOS attacks were possible due to the transaction malleability problems

135 Attack to coin exchange Mt.Gox shutdown Mt.Gox suspended withdrawals after coming under attacks that flooded it with malformed transaction records The phantom transactions didn t allow attackers to steal money The malformed records created discrepancies in the effected exchange s accounting systems that caused them to fall out of sync with the network MtGox lost bitcoins belonging to customers and over bitcoins of its own money These DDOS attacks were possible due to the transaction malleability problems

136 Attack to coin exchange Mt.Gox shutdown Mt.Gox suspended withdrawals after coming under attacks that flooded it with malformed transaction records The phantom transactions didn t allow attackers to steal money The malformed records created discrepancies in the effected exchange s accounting systems that caused them to fall out of sync with the network MtGox lost bitcoins belonging to customers and over bitcoins of its own money These DDOS attacks were possible due to the transaction malleability problems

137 Attack to coin exchange Mt.Gox shutdown Mt.Gox suspended withdrawals after coming under attacks that flooded it with malformed transaction records The phantom transactions didn t allow attackers to steal money The malformed records created discrepancies in the effected exchange s accounting systems that caused them to fall out of sync with the network MtGox lost bitcoins belonging to customers and over bitcoins of its own money These DDOS attacks were possible due to the transaction malleability problems

138 Attack to coin exchange Mt.Gox shutdown Mt.Gox suspended withdrawals after coming under attacks that flooded it with malformed transaction records The phantom transactions didn t allow attackers to steal money The malformed records created discrepancies in the effected exchange s accounting systems that caused them to fall out of sync with the network MtGox lost bitcoins belonging to customers and over bitcoins of its own money These DDOS attacks were possible due to the transaction malleability problems

139 Transaction Malleability A transaction could be changed in such a way that its hash changes, but the digital signature is still valid Some openssl implementations misspell the DER encoding of ASN.1 octet strings For every ECDSA signature (r, s), the signature (r, s(modn)) is a valid signature of the same message This transaction could be confirmed and written in the blockchain If that happens, the network will assume that transaction is valid, and won t original record

140 Transaction Malleability A transaction could be changed in such a way that its hash changes, but the digital signature is still valid Some openssl implementations misspell the DER encoding of ASN.1 octet strings For every ECDSA signature (r, s), the signature (r, s(modn)) is a valid signature of the same message This transaction could be confirmed and written in the blockchain If that happens, the network will assume that transaction is valid, and won t original record

141 Transaction Malleability A transaction could be changed in such a way that its hash changes, but the digital signature is still valid Some openssl implementations misspell the DER encoding of ASN.1 octet strings For every ECDSA signature (r, s), the signature (r, s(modn)) is a valid signature of the same message This transaction could be confirmed and written in the blockchain If that happens, the network will assume that transaction is valid, and won t original record

142 Transaction Malleability A transaction could be changed in such a way that its hash changes, but the digital signature is still valid Some openssl implementations misspell the DER encoding of ASN.1 octet strings For every ECDSA signature (r, s), the signature (r, s(modn)) is a valid signature of the same message This transaction could be confirmed and written in the blockchain If that happens, the network will assume that transaction is valid, and won t original record

143

144 Bitcoin evangelism If a bad actor infiltrates a traditional financial network, the network itself and all of its participants are at risk. In contrast, if a bad actor has access to the bitcoin network, they have no power in the network itself and they do not compromise trust in the network. Bitcoin is not unregulated. Rather, several of the bitcoin network and financial system are regulated by mathematical algorithms. The algorithmic regulation in bitcoin offers predictable, objective, measurable outcomes. -Andreas M. Antonopoulos-

145 Bitcoin evangelism If a bad actor infiltrates a traditional financial network, the network itself and all of its participants are at risk. In contrast, if a bad actor has access to the bitcoin network, they have no power in the network itself and they do not compromise trust in the network. Bitcoin is not unregulated. Rather, several of the bitcoin network and financial system are regulated by mathematical algorithms. The algorithmic regulation in bitcoin offers predictable, objective, measurable outcomes. -Andreas M. Antonopoulos-

146 Bitcoin evangelism If a bad actor infiltrates a traditional financial network, the network itself and all of its participants are at risk. In contrast, if a bad actor has access to the bitcoin network, they have no power in the network itself and they do not compromise trust in the network. Bitcoin is not unregulated. Rather, several of the bitcoin network and financial system are regulated by mathematical algorithms. The algorithmic regulation in bitcoin offers predictable, objective, measurable outcomes. -Andreas M. Antonopoulos-

147 Legality of cryptocurrencies The legal status of cryptocurrencies varies from country to country

148 Cryptocurrencies & Cybercrime Bitcoin is used in illegal markets, crime trading, ramsonware...

149 Is mining in Bitcoin feasible? Solo mining is impracticable There are many mining pools The reward is divided according to the work performed

150 Is mining in Bitcoin feasible? Solo mining is impracticable There are many mining pools The reward is divided according to the work performed

151 Is mining in Bitcoin feasible? Solo mining is impracticable There are many mining pools The reward is divided according to the work performed

152 Is mining in Bitcoin feasible? Solo mining is impracticable There are many mining pools The reward is divided according to the work performed

153 Mining is the heart of cryptocurrencies Proof of Work s limits: The difficulty increases exponentially as the reward decreases Computing resources and energy are spent just to make and transfer money In order to have some chance of making money, a user must belong to a big mining pool Memory-hard algorihms can overcome some limitations of PoW-based systems Proof of Stake does not require application specific hardware, but the rich gets richer

154 Mining is the heart of cryptocurrencies Proof of Work s limits: The difficulty increases exponentially as the reward decreases Computing resources and energy are spent just to make and transfer money In order to have some chance of making money, a user must belong to a big mining pool Memory-hard algorihms can overcome some limitations of PoW-based systems Proof of Stake does not require application specific hardware, but the rich gets richer

155 Mining is the heart of cryptocurrencies Proof of Work s limits: The difficulty increases exponentially as the reward decreases Computing resources and energy are spent just to make and transfer money In order to have some chance of making money, a user must belong to a big mining pool Memory-hard algorihms can overcome some limitations of PoW-based systems Proof of Stake does not require application specific hardware, but the rich gets richer

156 Mining is the heart of cryptocurrencies Proof of Work s limits: The difficulty increases exponentially as the reward decreases Computing resources and energy are spent just to make and transfer money In order to have some chance of making money, a user must belong to a big mining pool Memory-hard algorihms can overcome some limitations of PoW-based systems Proof of Stake does not require application specific hardware, but the rich gets richer

157 Thanks for your attention!