BITCOIN

Seminar Report
Submitted in partial fulfillment of the
requirements for the award of Degree of Bachelor of
Technology in Computer Science and Engineering
of the University of Kerala

Submitted by
HANZEL JESHEEN
(University Roll No: 12400028)
Seventh Semester
B.Tech Computer Science and Engineering

DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

COLLEGE OF ENGINEERING TRIVANDRUM,KERALA
OCTOBER 2015

DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

COLLEGE OF ENGINEERING TRIVANDRUM

CERTIFICATE
This is to certify that this seminar report entitled BITCOIN is a bonafide
record of the work done by HANZEL JESHEEN (University Roll No. 12400028) under our
supervision and guidance, towards partial fulfillment for the award of Degree of Bachelor of
Technology in Computer Science and Engineering from the University of Kerala during the period
2012-2016.

Mrs. Reena Nair

Dr.Abdul Nizar M

Assistant Professor

Professor and Head of Dept.

Dept. of Computer Science & Engineering

Dept. of Computer Science& Engineering

ACKNOWLEDGEMENT

First and foremost I would like to express my sincere gratitude to the Seminar Coordinator,
Mrs. Reena Nair, Assistant Professor, Dept. Of Computer Science and Engineering for her
tremendous support and guidance. I would also like to thank Mr. Sreelal S, Associate
Professor and Mr. Salim A, Associate Professor who also formed the panel of faculty
assessing the seminar session.
I would also like to extend my deepest gratitude to Dr. Abdul Nizar, Professor And Head of
the Computer Science Department. I thank my friends for the continuous support throughout
the preparation.

Hanzel Jesheen

ABSTRACT

A purely peer-to-peer version of electronic cash would allow online payments to be sent
directly from one party to another without going through a financial institution. Digital
signatures provide part of the solution, but the main benefits are lost if a trusted third party is
still required to prevent double-spending. We propose a solution to the double-spending
problem using a peer-to-peer network. The network timestamps transactions by hashing them
into an ongoing chain of hash-based proof-of-work, forming a record that cannot be changed
without redoing the proof-of-work.
The longest chain not only serves as proof of the sequence of events witnessed, but proof that
it came from the largest pool of CPU power. As long as a majority of CPU power is
controlled by nodes that are not cooperating to attack the network, they'll generate the longest
chain and outpace attackers. The network itself requires minimal structure. Messages are
broadcast on a best effort basis, and nodes can leave and rejoin the network at will, accepting
the longest proof-of-work chain as proof of what happened while they were gone. The design
and technical aspects of bitcoin is the point of focus of this report rather than the socioeconomic aspects of it.

CONTENTS

Chapter No.

1.

2.

3.

4.

Title

Page No.

LIST OF FIGURES

INTRODUCTION

1.1. What is Bitcoin

1.2. Inception and History

1.3. Satoshi Nakomoto

BITCOIN DESIGN

10

2.1. Transactions

10

2.2. Timestamp Server

11

2.3. Proof of Work

11

2.4. Network

12

2.5. Incentive

13

CRYPTOGRAPHIC TECHNIQUES

14

3.1. Cryptographic Hash

14

3.2. Digital Signature

14

3.3. Proof of Work

15

CONCEPTS

17

4.1. Block Chain

17

4.2 Units

17

4.3 Ownership

17

4.4. Supply

18

4.5. Privacy

18

5.

BITCOIN NETWORK

19

5.1. Transactions

19

5.2. Bitcoin Addresses

20

5.3. Bitcoin Wallets

21

5.4. Bitcoin Mining

21

5.4.1. Mining Process

23

5.4.2. Mines Bitcoins

24

5.5. Payment Verification

6.

7.

SECURITY ISSUES

25
26

6.1. Unauthorized Spending

26

6.2. Double Spending

26

6.3. Race Attack

26

6.4. History Modification

27

6.5. Selfish Mining

27

6.6. Deanonymisation of Clients

28

Conclusion

29

7.1. Disadvantages

29

7.2. Closing Notes

30

References

31

LIST OF FIGURES

Figure No.

Title

Page No.

2.1

Bitcoin transactions

10

2.2

Timestamp server

11

2.3

Design of Proof of Work

12

3.1

Creating Digital Signature

15

3.2

Verification of Digital Signature

15

3.3

Working of Proof of Work

16

5.1

Bitcoin Address

20

5.2

Bitcoin Blockchain

22

5.3

Payment Verification

25

CHAPTER 1
INTRODUCTION

1.1 What is Bitcoin?

Bitcoin is a payment system invented by Satoshi Nakamoto, who published the invention in
2008 and released it as open-source software in 2009. The system is peer-to-peer; users can
transact directly without needing an intermediary. Transactions are verified by network nodes
and recorded in a public distributed ledger called the block chain. The ledger uses its own
unit of account, also called bitcoin. The system works without a central repository or single
administrator, which has led the US Treasury to categorize it as a decentralized virtual
currency. Bitcoin is often called the first cryptocurrency, although prior systems existed.
Bitcoin is more correctly described as the first decentralized digital currency. It is the largest
of its kind in terms of total market value.
Bitcoins are created as a reward for payment processing work in which users offer their
computing power to verify and record payments into a public ledger. This activity is called
mining and the miners are rewarded with transaction fees and newly created bitcoins. Besides
mining, bitcoins can be obtained in exchange for different currencies, products, and services.
Users can send and receive bitcoins for an optional transaction fee.

1.2 Inception and History

Bitcoin was invented by Satoshi Nakamoto, who published the invention on 31 October 2008
in a research paper called "Bitcoin: A Peer-to-Peer Electronic Cash system". It was
implemented as open source code and released in January 2009. Bitcoin is often called the
first cryptocurrency although prior systems existed. Bitcoin is more correctly described as the
first decentralized digital currency.
One of the first supporters, adopters, contributor to bitcoin and receiver of the first bitcoin
transaction was programmer Hal Finney. Finney downloaded the bitcoin software the day it
was released, and received 10 bitcoins from Nakamoto in the world's first bitcoin transaction.
Other early supporters were Wei Dai, creator of bitcoin predecessor b-money, and Nick
Szabo, creator of bitcoin predecessor bit gold.
In 2010, an exploit in an early bitcoin client was found that allowed large numbers of bitcoins
to be created. The artificially created bitcoins were removed when another chain overtook the
bad chain.
8

In 2013 some mainstream websites began accepting bitcoins. WordPress had started in
November 2012, followed by OKCupid in April 2013, Atomic Mall in November 2013,
TigerDirect and Overstock.com in January 2014, Expedia in June 2014, Newegg and Dell in
July 2014, and Microsoft in December 2014. Certain non-profit or advocacy groups such as
the Electronic Frontier Foundation accept bitcoin donations.
In May 2013, the Department of Homeland Security seized assets belonging to the Mt. Gox
exchange. The U.S. Federal Bureau of Investigation (FBI) shut down the Silk Road website
in October 2013.

1.3 Satoshi Nakomoto

Satoshi Nakamoto is the pseudonym of a person or group of people who created the bitcoin
protocol and reference software, Bitcoin Core (formerly known as Bitcoin-Qt). In 2008,
Nakamoto published a paper on The Cryptography Mailing list at metzdowd.com describing
the bitcoin digital currency. In 2009, they released the first bitcoin software that launched the
network and the first units of the bitcoin cryptocurrency, called bitcoins.
Nakamoto continued to collaborate with other developers on the bitcoin software until mid2010. Around this time, they handed over control of the source code repository and network
alert key to Gavin Andresen, transferred several related domains to various prominent
members of the bitcoin community, and stopped their involvement in the project.
The public bitcoin transaction log shows that Nakamoto's known wallets contain roughly one
million bitcoins. As of June 2015, this was the equivalent of US$250 million. Nakamoto's
true identity remains unknown, and has been the subject of much speculation. It is not known
whether the name "Satoshi Nakamoto" is real or a pseudonym, or whether the name
represents one person or a group of people.

CHAPTER 2
BITCOIN DESIGN

2.1 Transactions
We define an electronic coin as a chain of digital signatures. Each owner transfers the coin to
the next by digitally signing a hash of the previous transaction and the public key of the next
owner and adding these to the end of the coin. A payee can verify the signatures to verify the
chain of ownership.

Figure 2.1. Bitcoin transactions

The problem of course is the payee can't verify that one of the owners did not double-spend
the coin. A common solution is to introduce a trusted central authority, or mint, that checks
every transaction for double spending. After each transaction, the coin must be returned to
the mint to issue a new coin, and only coins issued directly from the mint are trusted not to be
double-spent. The problem with this solution is that the fate of the entire
money system depends on the company running the mint, with every transaction having
to go through them, just like a bank.
We need a way for the payee to know that the previous owners did not sign
any earlier transactions. For our purposes, the earliest transaction is the one that counts, so
we don't care about later attempts to double-spend. The only way to confirm the absence of a
10

transaction is to be aware of all transactions. In the mint based model, the mint was aware of
all transactions and decided which arrived first. To accomplish this without a
trusted party, transactions must be publicly announced, and we need a system for
participants to agree on a single history of the order in which they were received. The payee
needs proof that at the time of each transaction, the majority of nodes agreed it was the first
received.

2.2 Timestamp Server

The solution proposed begins with a timestamp server. A timestamp server works by taking a
hash of a block of items to be timestamped and widely publishing the hash,
such as in a newspaper or Usenet post. The timestamp proves that the data must have
existed at the time, obviously, in order to get into the hash. Each timestamp includes the
previous timestamp in its hash, forming a chain, with each additional timestamp reinforcing
the ones before it.

Figure 2.2. Timestamp server

2.3 Proof of Work

To implement a distributed timestamp server on a peer-to-peer basis, A proof-of-work system
similar to Adam Back's Hashcash is used, rather than newspaper or Usenet posts. The proofof-work involves scanning for a value that when hashed, such as with SHA-256, the hash
begins with a number of zero bits. The average work required is exponential in the number of
zero bits required and can be verified by executing a single hash.
For our timestamp network, we implement the proof-of-work by incrementing a nonce in the
block until a value is found that gives the block's hash the required zero bits. Once the CPU
effort has been expended to make it satisfy the proof-of-work, the block cannot be changed
without redoing the work. As later blocks are chained after it, the work to change the block
would include redoing all the blocks after it.
11

Figure 2.3. Design of Proof of Work

The proof-of-work also solves the problem of determining representation in majority decision
making. If the majority were based on one-IP-address-one-vote, it could be subverted by
anyone able to allocate many IPs. Proof-of-work is essentially one-CPU-one-vote. The
majority decision is represented by the longest chain, which has the greatest proof-of-work
effort invested in it. If a majority of CPU power is controlled by honest nodes, the honest
chain will grow the fastest and outpace any competing chains. To modify a past block, an
attacker would have to redo the proof-of-work of the block and all blocks after it and then
catch up with and surpass the work of the honest nodes. The probability of a slower attacker
catching up diminishes exponentially as subsequent blocks are added and with the passage of
time.
To compensate for increasing hardware speed and varying interest in running nodes over
time, the proof-of-work difficulty is determined by a moving average targeting an average
number of blocks per hour. If they're generated too fast, the difficulty increases.

2.4 Network
The steps to run the network are as follows:
1. New transactions are broadcast to all nodes.
2. Each node collects new transactions into a block.
3. Each node works on finding a difficult proof-of-work for its block.
4. When a node finds a proof-of-work, it broadcasts the block to all nodes.
5. Nodes accept the block only if all transactions in it are valid and not already spent.

12

6. Nodes express their acceptance of the block by working on creating the next block in
the chain, using the hash of the accepted block as the previous hash.
Nodes always consider the longest chain to be the correct one and will keep working on
extending it. If two nodes broadcast different versions of the next block simultaneously, some
nodes may receive one or the other first. In that case, they work on the first one they received,
but save the other branch in case it becomes longer. The tie will be broken when the next
proof-of-work is found and one branch becomes longer; the nodes that were working on the
other branch will then switch to the longer one.
New transaction broadcasts do not necessarily need to reach all nodes. As long as they reach
many nodes, they will get into a block before long. Block broadcasts are also tolerant of
dropped messages. If a node does not receive a block, it will request it when it receives the
next block and realizes it missed one.

2.5 Incentive
By convention, the first transaction in a block is a special transaction that starts a new coin
owned by the creator of the block. This adds an incentive for nodes to support the network,
and provides a way to initially distribute coins into circulation, since there is no central
authority to issue them. The steady addition of a constant of amount of new coins is
analogous to gold miners expending resources to add gold to circulation. In our case, it is
CPU time and electricity that is expended.
The incentive can also be funded with transaction fees. If the output value of a transaction is
less than its input value, the difference is a transaction fee that is added to the incentive value
of the block containing the transaction. Once a predetermined number of coins have entered
circulation, the incentive can transition entirely to transaction fees and be completely
inflation free.
The incentive may help encourage nodes to stay honest. If a greedy attacker is able to
assemble more CPU power than all the honest nodes, he would have to choose between using
it to defraud people by stealing back his payments, or using it to generate new coins. He
ought to find it more profitable to play by the rules, such rules that favour him with more new
coins than everyone else combined, than to undermine the system and the validity of his own
wealth.

13

CHAPTER 3
CRYPTOGRAPHIC TECHNIQUES

3.1 Cryptographic Hash

Cryptographic Hash is the basic idea on which the entire idea of bitcoin is designed. A hash
function is any function that can be used to map data of arbitrary size to data of fixed size.
The values returned by a hash function are called hash values, hash codes, hash sums, or
simply hashes. Hash functions accelerate table or database lookup by detecting duplicated
records in a large file. An example is finding similar stretches in DNA sequences. They are
also useful in cryptography. A cryptographic hash function allows one to easily verify that
some input data maps to a given hash value, but if the input data is unknown, it is deliberately
difficult to reconstruct it (or equivalent alternatives) by knowing the stored hash value. This is
used for assuring integrity of transmitted data, and is the building block for HMACs, which
provide message authentication.
Features of a hash are:

Fixed length

Deterministic

Computationally Efficent

Collision Resistant

Hide basic information about message

Distributed in domain of digest

3.2 Digital Signature

A digital signature is a mathematical scheme for demonstrating the authenticity of a digital
message or documents. A valid digital signature gives a recipient reason to believe that the
message was created by a known sender, that the sender cannot deny having sent the message
(authentication and non-repudiation), and that the message was not altered in transit
(integrity). Digital signatures are commonly used for software distribution, financial
transactions, and in other cases where it is important to detect forgery or tampering.

14

Figure 3.1. Creating Digital Signature

Figure 3.2. Verification of Digital Signature

3.3 Proof of Work

A proof-of-work (POW) system (or protocol, or function) is an economic measure to deter
denial of service attacks and other service abuses such as spam on a network by requiring
some work from the service requester, usually meaning processing time by a computer. The
concept may have been first presented by Cynthia Dwork and Moni Naor in a 1993 journal.
The term "Proof of Work" or POW was first coined and formalized in a 1999 paper by
Markus Jakobsson and Ari Juels.
A key feature of these schemes is their asymmetry: the work must be moderately hard (but
feasible) on the requester side but easy to check for the service provider. This idea is also
15

known as a CPU cost function, client puzzle, computational puzzle or CPU pricing function.
It is distinct from a CAPTCHA, which is intended for a human to solve quickly, rather than a
computer.

Figure 3.3. Working of Proof of Work

16

CHAPTER 4
BITCOIN CONCEPTS

4.1 Block Chain

The block chain is a public ledger that records bitcoin transactions. A novel solution
accomplishes this without any trusted central authority: maintenance of the block chain is
performed by a network of communicating nodes running bitcoin software. Transactions of
the form payer X sends Y bitcoins to payee Z are broadcast to this network using readily
available software applications. Network nodes can validate transactions, add them to their
copy of the ledger, and then broadcast these ledger additions to other nodes. The block chain
is a distributed database; in order to independently verify the chain of ownership of any and
every bitcoin (amount), each network node stores its own copy of the block chain.
Approximately six times per hour, a new group of accepted transactions, a block, is created,
added to the block chain, and quickly published to all nodes. This allows bitcoin software to
determine when a particular bitcoin amount has been spent, which is necessary in order to
prevent double-spending in an environment without central oversight. Whereas a
conventional ledger records the transfers of actual bills or promissory notes that exist apart
from it, the block chain is the only place that bitcoins can be said to exist in the form of
unspent outputs of transactions.

4.2 Units
The unit of account of the bitcoin system is bitcoin. As of 2014, symbols used to represent
bitcoin are BTC, XBT:1 Small amounts of bitcoin used as alternative units are millibitcoin
(mBTC), microbitcoin (BTC), and satoshi. Named in homage to bitcoin's creator, a satoshi
is the smallest amount within bitcoin representing 0.00000001 bitcoin, one hundred millionth
of a bitcoin. A millibitcoin equals to 0.001 bitcoin, which is one thousandth of bitcoin. One
microbitcoin equals to 0.000001 bitcoin, which is one millionth of bitcoin. A microbitcoin is
sometimes referred to as a bit.

4.3 Ownership
Ownership of bitcoins implies that a user can spend bitcoins associated with a specific
address. To do so, a payer must digitally sign the transaction using the corresponding private
17

key. Without knowledge of the private key, the transaction cannot be signed and bitcoins
cannot be spent. The network verifies the signature using the public key. If the private key is
lost, the bitcoin network will not recognize any other evidence of ownership; the coins are
then unusable, and thus effectively lost. For example, in 2013 one user said he lost 7,500
bitcoins, worth $7.5 million at the time, when he discarded a hard drive containing his private
key.

4.4 Supply
The successful miner finding the new block is rewarded with newly created bitcoins and
transaction fees. As of 28 November 2012, the reward amounted to 25 newly created bitcoins
per block added to the block chain. To claim the reward, a special transaction called a
coinbase is included with the processed payments. All bitcoins in circulation can be traced
back to such coinbase transactions. The bitcoin protocol specifies that the reward for adding a
block will be halved approximately every four years. Eventually, the reward will be removed
entirely when an arbitrary limit of 21 million bitcoins is reached 2140, and record keeping
will then be rewarded by transaction fees solely.

4.5 Privacy
Privacy is achieved by not identifying owners of bitcoin addresses while making other
transaction data public. Bitcoin users are not identified by name, but transactions can be
linked to individuals and companies. Additionally, bitcoin exchanges, where people buy and
sell bitcoins for fiat money, may be required by law to collect personal information. To
maintain financial privacy, a different bitcoin address for each transaction is recommended.
Transactions that spend coins from multiple inputs can reveal that the inputs may have a
common owner. Users concerned about privacy can use so-called mixing services that swap
coins they own for coins with different transaction histories. It has been suggested that
bitcoin payments should not be considered more private than credit card payments.

18

CHAPTER 5
BITCOIN NETWORK

5.1 Transactions
A transaction is a section of data confirmed by a signature. It is sent to the bitcoin network
and forms blocks. It typically contains references to preceding transactions and associates a
certain number of bitcoins with one or several public keys (bitcoin addresses). It is not
encrypted because there is nothing to encrypt in the bitcoin system. A block chain browser is
where all transactions are combined in the form of a block chain. They can be found and
verified. This is necessary to determine technical transaction parameters as well as verify the
details of payments.
A bitcoin is defined by a sequence of digitally signed transactions that began with its creation
as a block reward. The owner of a bitcoin transfers it to the next owner by digitally signing it
over to the next owner in a bitcoin transaction, much like endorsing a traditional bank check.
A payee can verify each previous transaction to verify the chain of ownership. Unlike
traditional check endorsement, bitcoin transactions are irreversible, which eliminates risk of
chargeback fraud.
A bitcoin is a currency object an entity which is traded, though nothing prevents trades in
fractions of, or multiple bitcoins. Bitcoins are intended to be fungible, though each has its
own distinct history.
Although it would be possible to handle bitcoins individually, it would be unwieldy to make a
separate transaction for every satoshi in a transfer. Transactions are therefore allowed to
contain multiple inputs and outputs, and in that way bitcoins can be split and combined.
Common transactions will have either a single input from a larger previous transaction or
multiple inputs combining smaller amounts, and one or two outputs: one for the payment, and
one returning the change, if any, back to the sender. Any difference between the total input
and output amounts of a transaction is offered to miners as a transaction fee.
Transaction confirmation is needed to prevent double spending of the same money. After a
transaction is broadcast to the Bitcoin network, it may be included in a block that is published
to the network. When that happens it is said that the transaction has been mined at a depth of
1 block. With each subsequent block that is found, the number of blocks deep is increased by
one. To be secure against double spending, a transaction should not be considered as
confirmed until it is a certain number of blocks deep. This feature was introduced to protect

19

the system from repeated spending of the same bitcoins (double-spending). Inclusion of
transaction in the block happens along with the process of mining.
The classic bitcoin client will show a transaction as "unconfirmed" until the transaction is 6
blocks deep. Sites or services that accept bitcoin as payment for their products or services can
set their own limits on how many blocks are needed to be found to confirm a transaction. The
number six was chosen deliberately: it is based on a theory that there's low probability of
wrongdoers being able to amass more than 10% of the entire network's hash rate for purposes
of transaction falsification and an insignificant risk (lower than 0.1%) is acceptable. For
offenders who don't possess significant computing power, 6 confirmations are an
insurmountable obstacle. In turn any party having more than 10% of the network's computing
power will not find it difficult to achieve 6 confirmations in a row. However to obtain such a
power would require millions of dollars' worth of investment, so the risk of an attack is
deemed minimal. Bitcoins that are distributed by the network for finding a block can only be
used after 100 confirmations e.g. 100 discovered blocks. The classic bitcoin client won't
display the coins earned for solving a block until there are 120 confirmations.

5.2 Bitcoin Addresses

A bitcoin address is an identifier (account number), starting with 1 or 3 and containing 27-34
alphanumeric Latin characters (except 0, O, I, l). An address can be also represented as a QRcode, is anonymous, and does not contain information about the owner. It can be obtained for
free, using, for example, bitcoin software.

Figure 5.1. Bitcoin Address

The ability to transact bitcoins without the assistance of a central registry is facilitated in part
by the availability of a virtually unlimited supply of unique addresses which can be generated
20

and disposed of at will. The balance of funds at a particular bitcoin address can be ascertained
by looking up the transactions to and from that address in the block chain. All valid transfers
of bitcoins from an address are digitally signed using the private keys associated with it.
The bitcoin specification starts with the concept of a distributed timestamp server. A
timestamp server works by taking a SHA256 hash function of some data and widely
publishing the hash, for instance, in a newspaper or Usenet post. The timestamp proves that
the data must have existed at the time, in order to produce the hash. For bitcoin, each
timestamp includes the previous timestamp hash as input for its own hash. This dependency
of one hash on another is what forms a chain, with each additional timestamp providing
evidence that each of the previous timestamp hashes existed.

5.3 Bitcoin Wallets

Bitcoin users manage their bitcoin addresses by using a digital wallet. Wallets let users send
bitcoins, request payment, calculate the total balance of addresses in use, generate new
addresses as needed. Many wallets include precautions to keep the private keys secret, for
example by encrypting the wallet data with a password or by requiring two-factor
authenticated logins.
Bitcoin wallets provide the following functionality:
Storage of bitcoin addresses and corresponding public/private keys on user's computer
in a wallet.dat file
Conducting transactions of obtaining and transferring bitcoins (BTC), also without
connection to the Internet
Provide information about the balance in BTC at all available addresses, prior
transactions, spare keys
Bitcoin wallets have been implemented as stand-alone software applications, web
applications, and even printed documents or memorized passphrases.

5.4 Bitcoin Mining

To form a distributed timestamp server as a peer-to-peer network, bitcoin uses a proof-ofwork system similar to Adam Back's Hashcash and the internet rather than newspaper or
Usenet posts. The work in this system is what is often referred to as bitcoin mining.
The mining process involves scanning for a value that when hashed twice with SHA-256,
begins with a number of zero bits. While the average work required increases exponentially
21

with the number of leading zero bits required, a hash can always be verified by executing a
single round of double SHA-256.
For the bitcoin timestamp network, a valid "proof-of-work" is found by incrementing a nonce
until a value is found that gives the block's hash the required number of leading zero bits.
Once the hashing has produced a valid result, the block cannot be changed without redoing
the work. As later records or "blocks" are chained after it, the work to change the block
would include redoing the work for each subsequent block.

Figure 5.2. Bitcoin Blockchain

Majority consensus in bitcoin is represented by the longest chain, which required the greatest
amount of effort to produce it. If a majority of computing power is controlled by honest
nodes, the honest chain will grow fastest and outpace any competing chains. To modify a past
block, an attacker would have to redo the proof-of-work of that block and all blocks after it
and then surpass the work of the honest nodes. The probability of a slower attacker catching
up diminishes exponentially as subsequent blocks are added.
To compensate for increasing hardware speed and varying interest in running nodes over
time, the difficulty of finding a valid hash is adjusted roughly every two weeks. If blocks

22

were generated too quickly, the difficulty increases and more hashes are required to find a
block and to generate new bitcoins.
Bitcoin mining is a competitive endeavor. An "arms race" has been observed through the
various hashing technologies that have been used to mine bitcoins: basic CPUs, high-end
GPUs (graphics processing units) common in many gaming computers, FPGAs (fieldprogrammable gate arrays) and ASICs (application-specific integrated circuits) all have been
used with the latter reducing profitability of each former technology. The newest addition,
ASICs, are built into devices that are specialized for bitcoin mining. As bitcoins become more
difficult to mine, computer hardware manufacturing companies have seen an increase in sales
of high-end products.
Computing power is often bundled together or "pooled" into a central server to reduce
variance in miner income. Individual mining rigs often have to wait relatively long periods of
time to confirm a block of transactions and receive payment. When miners cooperate in a
pool, all participating miners receive a number of the bitcoins every time a participating
server solves a block. This payment is proportional to the amount of work an individual
miner contributed to help find that block.
Cloud mining is where the mining equipment is hosted in a remote data center. The mining
power is sold to the user for a certain period of time in a contract or traded on an exchange.
Cloud Mining providers generally use "pooled" mining to have more frequent payouts for
customers.
5.4.1 Mining Process
A rough overview of the process to mine bitcoins is:
1. New transactions are broadcast to all nodes.
2. Each miner node collects new transactions into a block.
3. Each miner node works on finding a difficult proof-of-work for its block.
4. When a node finds a proof-of-work, it broadcasts the block to all nodes.
5. Nodes accept the block only if all transactions in it are valid and not already spent.
6. Nodes express their acceptance of the block by working on creating the next block in
the chain, using the hash of the accepted block as the previous hash.
Nodes are incentivized to work on extending the longest chain or risk their work being
wasted. If two nodes broadcast different versions of the next block simultaneously, some
nodes may receive one or the other first. In that case, they work on the first one they received,
but save the other branch in case it becomes longer. The tie will be broken when the next
proof-of-work is found and one branch becomes longer; the nodes that were working on the
other branch will then switch to the longer one.
23

New transaction broadcasts do not necessarily need to reach all nodes. As long as they reach
many nodes, however, transactions will get into a block before long. Block broadcasts are
also tolerant of dropped messages. If a node does not receive a block, it will request it when it
receives the next block and realizes it missed one.
5.4.2 Mined Bitcoins
By convention, the first transaction in a block is a special transaction that produces new
bitcoins owned by the creator of the block. This adds an incentive for nodes to support the
network, and provides a way to initially distribute coins into circulation, since there is no
central authority to issue them.
The continual and steady addition of new coins is analogous to gold miners expending
resources to add gold to circulation. In this case, it is computing power (CPU time) and
electricity that is expended.
The incentive can also be funded with transaction fees. If the output value of a transaction is
less than its input value, the difference is a transaction fee that is added to the incentive value
of the block containing the transaction. Once a predetermined number of coins have entered
circulation, the incentive can transition entirely to transaction fees and be completely
inflation free.

5.5 Payment Verification

Upon receiving a new transaction a node must validate it: in particular, verify that none of the
transaction's inputs have been previously spent. To carry out that check the node needs to
access the blockchain. Any user, who doesn't want to trust his network neighbors, should
keep a full local copy of the blockchain, because he can't know in advance, which inputs
ought to be verified.
But, as noted in Nakamoto's whitepaper, it is possible to verify bitcoin payments without
running a full network node (simplified payment verification, SPV). A user only needs to
keep a copy of the block headers of the longest proof-of-work chain, which are available by
querying network nodes until it's apparent that the longest chain has been obtained. Then, get
the Merkle branch linking the transaction to the block it is timestamped in. One can not check
the transaction for oneself, but by linking it to a place in the chain, one can see that a network
node has accepted it, and blocks added after it further confirm the network has accepted it.
As such, the verification is reliable as long as honest nodes control the network, but is
vulnerable if the network is overpowered by an attacker. While network nodes can verify
transactions for themselves, the simplified method can be fooled by an attacker's fabricated
transactions for as long as the attacker can continue to overpower the network. To protect
against this, alerts from network nodes detecting an invalid block prompt the user's software
to download the full block and verify alerted transactions to confirm their inconsistency.
24

Businesses that receive frequent payments will probably still want to run their own nodes for
more independent security and quicker verification.

Figure 5.3. Payment Verification

25

CHAPTER 6
SECURITY ISSUES

6.1 Unauthorized Spending

Unauthorized spending is mitigated by bitcoin's implementation of public-private key
cryptography. For example; when Alice sends a bitcoin to Bob, Bob becomes the new owner
of the bitcoin. Eve observing the transaction might want to spend the bitcoin Bob just
received, but she cannot sign the transaction without the knowledge of Bob's private key.

6.2 Double Spending

A specific problem that an internet payment system must solve is double-spending, whereby a
user pays the same coin to two or more different recipients. An example of such a problem
would be if Eve sent a bitcoin to Alice and later sent the same bitcoin to Bob. The bitcoin
network guards against double-spending by recording all bitcoin transfers in a ledger (the
block chain) that is visible to all users, and ensuring for all transferred bitcoins that they
haven't been previously spent.

6.3 Race Attack

If Eve offers to pay Alice a bitcoin in exchange for goods and signs a corresponding
transaction, it is still possible that she also creates a different transaction at the same time
sending the same bitcoin to Bob. By the rules, the network accepts only one of the
transactions. This is called a race attack, since there is a race which transaction will be
accepted first. Alice can reduce the risk of race attack stipulating that she will not deliver the
goods until Eve's payment to Alice appears in the block chain.
A variant race attack (which has been called a Finney attack by reference to Hal Finney)
requires the participation of a miner. Instead of sending both payment requests (to pay Bob
and Alice with the same coins) to the network, Eve issues only Alice's payment request to the
network, while the accomplice tries to mine a block that includes the payment to Bob instead
of Alice. There is a positive probability that the rogue miner will succeed before the network,
in which case the payment to Alice will be rejected. As with the plain race attack, Alice can
reduce the risk of a Finney attack by waiting for the payment to be included in the block
chain.
26

6.4 History Modification

The other principal way to steal bitcoins would be to modify block chain ledger entries. For
example, Eve could buy something from Alice, like a sofa, by adding a signed entry to the
block chain ledger equivalent to Eve pays Alice 100 bitcoins. Later, after receiving the sofa,
Eve could modify that block chain ledger entry to read instead: Eve pays Alice 1 bitcoin, or
replace Alice's address by another of Eve's addresses. Digital signatures cannot prevent this
attack: Eve can simply sign her entry again after modifying it.
To prevent modification attacks, each block of transactions that is added to the block chain
includes a cryptographic hash code that is computed from the hash of the previous block as
well as all the information in the block itself. When the bitcoin software notices two
competing block chains, it will automatically assume that the chain with the greatest amount
of work to produce it is the valid one. Therefore, in order to modify an already recorded
transaction (as in the above example), the attacker would have to recalculate not just the
modified block, but all the blocks after the modified one, until the modified chain contains
more work than the legitimate chain that the rest of the network has been building in the
meantime. Consequently, for this attack to succeed, the attacker must outperform the honest
part of the network.
Each block that is added to the block chain, starting with the block containing a given
transaction, is called a confirmation of that transaction. Ideally, merchants and services that
receive payment in bitcoin should wait for at least one confirmation to be distributed over the
network, before assuming that the payment was done. The more confirmations that the
merchant waits for, the more difficult it is for an attacker to successfully reverse the
transaction in a block chainunless the attacker controls more than half the total network
power, in which case it is called a 51% attack. For example, if the attacker possesses 10% of
the calculation power of the bitcoin network and the shop requires 6 confirmations for a
successful transaction, the probability of success of such an attack will be 0.02428%.

6.5 Selfish Mining

This attack was first introduced by Ittay Eyal and Emin Gun Sirer at the beginning of
November 2013. In this attack, the attacker finds blocks but does not broadcast them. Instead,
the attacker mines their own private chain and eventually (when another miner or network of
miners finds their own block) publishes several private blocks in a row. This forces the
"honest" network to abandon their previous work and switch to the attacker's branch. As a
result, honest miners lose a significant part of their revenue, while the attacker increases their
profits due to changes in relative hashpowers.
According to the authors, a rational miner observing a selfish mining attacker would have an
incentive to join the attacker's pool, thereby increasing the attacker's hashpower. This makes
27

the attack and incentives even stronger, thus potentially leading to a 51% attack and the
collapse of the currency.
Gavin Andresen and Ed Felten disagreed with this conclusion, Felten defending his assertion
that the bitcoin protocol is incentive compatible. The original authors responded that the
disagreement stemmed from Felten's misunderstanding of how miners are compensated in
mining pools, that the assertion was in error, given the presence of a strategy that dominates
honest mining, and that the error stemmed from Felten et al. not modeling block withholding
attacks in their analysis.

6.6 Deanonymisation of Clients

Along with transaction graph analysis, which may reveal connections between bitcoin
addresses (pseudonyms), there is a possible attack which links a user's pseudonym to its IP
address, even if the peer is using Tor. The attack makes use of bitcoin mechanisms of relaying
peer addresses and anti-DoS protection. The cost of the attack on the full bitcoin network is
under 1500 per month.

28

CHAPTER 7
CONCLUSION

7.1 Disadvantages
The wrongful use of bitcoin by criminals has attracted the attention of financial regulators,
legislative bodies, law enforcement, and the media. The FBI prepared an intelligence
assessment, the SEC has issued a pointed warning about investment schemes using virtual
currencies, and the U.S. Senate held a hearing on virtual currencies in November 2013. CNN
has referred to bitcoin as a "shady online currency [that is] starting to gain legitimacy in
certain parts of the world", and The Washington Post called it "the currency of choice for
seedy online activities".
Several news outlets have asserted that the popularity of bitcoins hinges on the ability to use
them to purchase illegal goods. In 2014, researchers at the University of Kentucky found
"robust evidence that computer programming enthusiasts and illegal activity drive interest in
bitcoin, and find limited or no support for political and investment motives."
A CMU researcher estimated that in 2012, 4.5% to 9% of all transactions on all exchanges in
the world were for drug trades on a single deep web drugs market, Silk Road. Child
pornography, murder-for-hire services, and weapons are also available on black market sites
that sell in bitcoin.
Several deep web black markets have been shut by authorities. In October 2013 Silk Road
was shut down by U.S. law enforcement leading to a short-term decrease in the value of
bitcoin. In 2015, the founder of the site was sentenced to life in prison. Alternative sites were
soon available, and in early 2014 the Australian Broadcasting Corporation reported that the
closure of Silk Road had little impact on the number of Australians selling drugs online,
which had actually increased. In early 2014, Dutch authorities closed Utopia, an online illegal
goods market, and seized 900 bitcoins. In late 2014, a joint police operation saw European
and American authorities seize bitcoins and close 400 deep web sites including the illicit
goods market Silk Road 2.0. Law enforcement activity has resulted in several convictions. In
December, 2014, Charlie Shrem was sentenced to two years in prison for indirectly helping to
send $1 million to the Silk Road drugs site, and in February, 2015, its founder, Ross Ulbricht,
was convicted on drugs charges and faces a life sentence.
Some black market sites may seek to steal bitcoins from customers. The bitcoin community
branded one site, Sheep Marketplace, as a scam when it prevented withdrawals and shut

29

down after an alleged bitcoins theft. In a separate case, escrow accounts with bitcoins
belonging to patrons of a different black market were hacked in early 2014.

7.2 Closing Notes

Since anything digital can be copied over and over again, the hard part about implementing a
digital payment system is making sure that nobody spends the same money more than once.
Traditionally, this is done by having a trusted central authority (like PayPal) that verifies all
of the transactions. The core innovation that makes Bitcoin special is that it uses consensus in
a massive peer-to-peer network to verify transactions. This results in a system where
payments are non-reversible, accounts cannot be frozen, and transaction fees are much lower.
Some users put their computers to work verifying transactions in the peer-to-peer network
mentioned above. These users are rewarded with new bitcoins proportional to the amount of
computing power they donate to the network.
As we mentioned above, there is no central person or central authority in charge of Bitcoin.
Various programmers donate their time developing the open source Bitcoin software and can
make changes subject to the approval of lead developer Gavin Andresen. The individual
miners then choose whether to install the new version of the software or stick to the old one,
essentially voting with their processing power. It is in the miners best interest to only
accept changes that are good for the Bitcoin currency in the long run. These checks and
balances make it difficult for anyone to manipulate Bitcoin.
The best way to learn about Bitcoin is to get some and experiment

30

REFERENCES

[1]

S. Nakamoto, "Bitcoin: A Peer-to-Peer Electronic Cash System, " 2008. [Online].

Available: http://bitcoin.org/bitcoin.pdf.

[2]

Zulfikar Ramzan, "Bitcoin Tutorial Videos," in Khan Academy, 2014.

http://bit.ly/1Eo1y8w.

[3]

F. Reid and M. Harrigan, "An Analysis of Anonymity in the Bitcoin System, " 2011.
[Online]. Available: http://arxiv.org/abs/1107. 4524.

[4]

The Economist, "Digital Curriencies - Bits and Bob, " June 2011. [Online]. Available:
http://www.economist.com/node/18836780.

[5]

Wikipedia, "Bitcoin, 2015. Available: https://en.wikipedia.org/wiki/Bitcoin

31