Cryptocurrencies: Opportunities and Threats

Cryptocurrencies: Opportunities and Threats Pasquale Forte 1 Giovanni Schmid 2 1 Università degli studi di Salerno 2 Istituto di Calcolo e Reti ad Alte Prestazioni Consiglio Nazionale delle Ricerche

Cryptocurrency: Foundations An open source project A distribuited peer-to-peer system A distribuited transaction database: the blockchain Anonymous transactions Coins defined as a chain of digital signatures Coins "stored" via a client program (wallet) Fixed amount of total coins to be produced

History and current diffusion 2008 = Satoshi Nakamoto publishes Bitcoin paper 2009 = Network genesis: first client and first block 2010 = Real Bitcoin transactions Hanyecz pays 10000 BTC for two pizzas Market cap = 1 million USD 2011 = Bitcoin buzzes Dollar parity Wikileaks begins accepting Bitcoin for donations Silk Road is launched 2012-2013 = Consolidation: Cyprus chooses Bitcoin as safe haven asset Market cap= 1 Billion USD China Central Bank prohibits financial institutions from handling bitcoin transactions FBI closes Silk Road, but one month later it is on-line again 2014 = Global diffusion: About 400 Bitcoin ATMs open (USA, Canada, Germany, Italy...) Microsoft accepts Bitcoin for games and apps FBI operates to definitively shut down Silk Road, but two hours later Silk Road is reloaded

History and current diffusion

Why is cryptography necessary? Multiparty Timed Challenges Goal: Checking the validity of transactions, making competing users on a problem to be solved within a preset time The problem is computationally difficult and involves a reward What is the problem? Given a computationally hard invertible function, find an input producing an output of assigned type

Cryptographic primitives Hash function A pseudo-random way of shrinking data: Input of arbitrary length and output of fixed length One way function (computationally hard to invert) Collision resistance (hard to find more inputs having the same output)

Cryptographic primitives Digital Signature A way to bind messages to their originators: A key generation algorithm (public-private key pair) A signature generation algorithm (private key, message) A signature verification algorithm (public key, signature, message)

Transactions No central autority

Double Spending

Addresses Privacy preserving approach User transactions are between two pseudo-random addresses An example of cryptocurrency address 1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa Note For more privacy you can use many addresses Address generation:

The Blockchain Making double-spending an hard problem It contains every transaction ever executed in the currency It opens the possibility of finding out how much value belonged to each address at any point in history Every block contains a hash of the previous block. This has the effect of creating a chain of blocks from the genesis block to the current block Each block is computationally impractical to modify

Mining Creating new coins Transactions validation In a decentralized system miners have to check the validity of transactions New coins introduction In order to verify transactions miners have to solve a computational hard problem. The miner who solves the problem is rewarded Nowdays the most adopted Multiparty Timed Challenge systems are: Proof of Work Proof of Stake

Proof of Work / Stake Getting computational difficulty through hash functions

Proof of Work Threshold Hash value Target value i.e. the hash has to be composed by a certain number of leading zeros It requires an increasing amount of computational resources over time Very high energy consumption in order to get the system working Executing an attack could be easy for users who have big computational power

Proof of Stake Threshold Hash value Stake Time i.e. the probability of mining a block depends on the stake that the user has got over time It does not employ the large computational resources that proof-of-work does Executing an attack would be much more expensive "The rich get richer and the poor get poorer" problem Less incentives for miners

Inside the Blockchain A typical block header

Mining reward In Proof of Work based cryptocurrencies: The reward consists in a given amount of coins, plus transaction fees The amount of coins is halved at each fixed period of time Bitcoin: 50 initial coins halved every 48 months In Proof of Stake based cryptocurrencies: In the most cases the reward consists of transaction fees only

Wallet A software that allows us to handle funds The tasks performed by the wallet software usually include: Querying of the user s blockchain pages Generation of user addresses Tracking of the transaction confirmation status Data backup and restore Note The wallet does not contain coins, but just private keys

Caution! The problem of lost coins Any unspent balance in an account for which the private key has been lost results in a loss of coins Another way to lose coins follows from sending them to an incorrect address The absence of a trusted third party makes it difficult the design of mechanisms for coin recovery Lost coins would cause deflation, meaning the other coins have higher value

Types of wallet Desktop wallet Mobile wallet Recommendation It is highly recommended to back up a wallet regularly and keep several copies of the backup in different safe locations. Web wallet Paper wallet Hardware wallet

Mining Hardware From CPUs to ASICs First generation: CPU Second generation: GPU Third generation: FPGA (Field-Programmable Gate Array) Fourth generation: ASIC (Application-Specific Integrated Circuit)

Mining Hardware Hash rate

Computationally hard invertible functions Recall These functions are used for mining In cryptocurrency world the two most used functions are: SHA-256 Scrypt

SHA-256 An hash function published as NIST standard It outputs digest of 256 bit from an input of variable length No collision found A dangerous property This algorithm is embarassingly parallel = Parallel hardware has allow for a hash rate gain of 10 10 in the last five years

Scrypt A key derivation function published in 2009 by C. Percival Bytes are much more expensive than Mips Sequential Memory Hard algorithm= Asymptotically requires an amount of memory proportional to the number of operations to perform Innovation Space complexity is tied to computational complexity= based on highly parallelized hardware are much less effective Effect The cost of hardware for mining with Scrypt is out of reach

Wallet theft Wallet is not encrypted by default Many malwares have been created for stealing information from wallets Notice For securing your funds encrypt your wallet!

Transaction Spamming Denial of Service An attacker could create many transactions where he sends funds to himself This attack is unlikely because: The amount of each transaction must be above a given threshold (0.0000054 in Bitcoin) The number of free transactions is limited i.e. mined blocks have a maximum block size of 50kB reserved for priority (free) transactions. Transactions above this limit have to pay fees

51% attack A 51% attacker could: Perform double-spending Remove transactions from the blockchain Prevent other miners from mining new blocks A 51% attacker could not: Alter the transactions Create coins from nothing Modify the amount of transactions in the blockchain

Attack to coin exchange Mt.Gox shutdown Mt.Gox suspended withdrawals after coming under attacks that flooded it with malformed transaction records The phantom transactions didn t allow attackers to steal money The malformed records created discrepancies in the effected exchange s accounting systems that caused them to fall out of sync with the network MtGox lost 750.000 bitcoins belonging to customers and over 100.000 bitcoins of its own money These DDOS attacks were possible due to the transaction malleability problems

Transaction Malleability A transaction could be changed in such a way that its hash changes, but the digital signature is still valid Some openssl implementations misspell the DER encoding of ASN.1 octet strings For every ECDSA signature (r, s), the signature (r, s(modn)) is a valid signature of the same message This transaction could be confirmed and written in the blockchain If that happens, the network will assume that transaction is valid, and won t original record

Bitcoin evangelism If a bad actor infiltrates a traditional financial network, the network itself and all of its participants are at risk. In contrast, if a bad actor has access to the bitcoin network, they have no power in the network itself and they do not compromise trust in the network. Bitcoin is not unregulated. Rather, several of the bitcoin network and financial system are regulated by mathematical algorithms. The algorithmic regulation in bitcoin offers predictable, objective, measurable outcomes. -Andreas M. Antonopoulos-

Legality of cryptocurrencies The legal status of cryptocurrencies varies from country to country

Cryptocurrencies & Cybercrime Bitcoin is used in illegal markets, crime trading, ramsonware...

Is mining in Bitcoin feasible? Solo mining is impracticable There are many mining pools The reward is divided according to the work performed

Mining is the heart of cryptocurrencies Proof of Work s limits: The difficulty increases exponentially as the reward decreases Computing resources and energy are spent just to make and transfer money In order to have some chance of making money, a user must belong to a big mining pool Memory-hard algorihms can overcome some limitations of PoW-based systems Proof of Stake does not require application specific hardware, but the rich gets richer

Thanks for your attention!