Intro to Crypto and

Cryptocurrencies

Slides by Arvind Narayanan et al.

Hash Pointers and Data Structures
hash pointer is:
* pointer to where some info is stored,
and
* (cryptographic) hash of the info

if we have a hash pointer, we can

* ask to get the info back, and
* verify that it hasn’t changed
 H( )
(data) will draw hash pointers like this
 key idea:

build data structures with hash pointers

linked list with hash pointers = “block chain”

H( )
prev: H( ) prev: H( ) prev: H( )

data data data

use case: tamper-evident log

 detecting tampering
H( )

prev: H( ) prev: H( ) prev: H( )

data data data

use case: tamper-evident log

binary tree with hash pointers = “Merkle tree”

H( ) H( )

H( ) H( ) H( ) H( )

H( ) H( ) H( ) H( ) H( ) H( ) H( ) H( )

(data) (data) (data) (data) (data) (data) (data) (data)

proving membership in a Merkle tree
show O(log n) items
H( ) H( )

H( ) H( )

H( ) H( )

(data)
More generally ...

can use hash pointers in any pointer-based

data structure that has no cycles
GoofyCoin
Simple Cryptocurrencies
Goofy can create new coins

New coins belong to me.

signed by skGoofy
CreateCoin [uniqueCoinID]
A coin’s owner can spend it.

Alice owns it now.

signed by skGoofy
Pay to pkAlice : H( )

signed by skGoofy
CreateCoin [uniqueCoinID]
The recipient can pass on the coin again.

signed by skAlice Bob owns it now.

Pay to pkBob : H( )

signed by skGoofy
Pay to pkAlice : H( )

signed by skGoofy
CreateCoin [uniqueCoinID]
 double-spending attack

signed by skAlice signed by skAlice

Pay to pkBob : H( ) Pay to pkChuck : H( )

signed by skGoofy
Pay to pkAlice : H( )

signed by skGoofy
CreateCoin [uniqueCoinID]
 double-spending attack

the main design challenge in digital currency

ScroogeCoin
CreateCoins transaction creates new coins

Valid, because I said so.

transID: 73 type:CreateCoins

coins created
num value recipient

0 3.2 0x... coinID 73(0)

1 1.4 0x... coinID 73(1)

2 7.1 0x... coinID 73(2)

PayCoins transaction consumes (and destroys) some coins,
and creates new coins of the same total value

transID: 74 type:PayCoins

consumed coinIDs:
73(1), 42(0), 67(3)
Valid if:
coins created -- consumed coins valid,
-- not already consumed,
num value recipient
-- total value out = total value in, and
0 3.2 0x... -- signed by owners of all consumed coins

1 1.4 0x...

2 7.1 0x...

signatures
Immutable coins

Coins can’t be transferred, subdivided, or combined.

But: you can get the same effect by using transactions

to subdivide: create new trans
consume your coin
pay out two new coins to yourself
Scrooge publishes a history of all transactions
(a block chain, signed by Scrooge)
H( )

prev: H( ) prev: H( ) prev: H( )

transID: 71 transID: 72 transID: 73

trans trans trans

optimization: put multiple transactions in the same block

Don’t worry, I’m honest.
Don’t worry, I’m honest.

Crucial question:

Can we descroogify the

currency, and operate without
any central, trusted party?
How to achieve consistency?
Courtesy: Lectures by Dr. Sandip Chakraborty
Courtesy: Lectures by Dr. Sandip Chakraborty
Courtesy: Lectures by Dr. Sandip Chakraborty
Courtesy: Lectures by Dr. Sandip Chakraborty
 All
Participants

Consensus

All
Participants

Bitcoin
Script

Reward
for Mining
Bitcoin P2P network

● Ad-hoc protocol (runs on TCP port 8333)

● Ad-hoc network with random topology
● All nodes are equal
● New nodes can join at any time
● Network Changes over time - dynamic
● No explict way to leave network
● Forget non-responding nodes after 3 hr
Joining the Bitcoin P2P network

5
1 Hello World! I’m
ready to Bitcoin!

7
getaddr() getaddr()
1, 7 getaddr()
8

3
6
2

4
Transactions

Process starts
over
Transaction propagation (flooding)
Already
heard that!
5
1

7
A→B
8

A→B A→B

A→B
New tx! 3
6 A→B A→B
A→B 2
A→B
A→B A→B
4
A→B
Nodes may differ on transaction pool
New tx!
A→C

A→C
5
1 A→C
A→B
A→C

A→C 7
A→B
A→C
8
A→B

A→B

3
6 A→B
A→B 2
A→B

4
A→B
Transactions Miners Block

Process starts
over
Block Structure
Transactions Miners Block

Process starts
over Block
Puzzle

Proof of
work
 Transactions Miners Block

Process starts
over Block
Puzzle

The new block is

added to existing
blockchain

Proof of work Miner

Verification s Proof of
Broadcasting Proof of work in network work
Mining Bitcoins in 6 easy steps

1.Join the network, listen for transactions

a. Validate all proposed transactions
2.Miners will assemble them into new blocks
and solve puzzle
3.On success, broadcast the new blocks
4.Listen for new blocks, maintain block
chain
a. When a new block is proposed, validate it
5.Find the nonce to make your block valid
6.Hope everybodyRewards
acceptsand
your new block
Transaction Fees!
7.Profit!