Applications of Bitcoin Scripts: Escrow Transactions using MULTISIG

Applications: Escrow Transactions

This is a continuation of the Bitcoin Transaction Basics lecture. As mentioned before, I watched the entire third week in one sitting so some of my notes may reference previous posts. This part focuses on applications of Bitcoin scripts. There was quite a bit of material so I have broken down this part into 3 parts. The first section will focus just on escrow transactions. The next two posts will cover Green Addresses and Micropayments.

Questions answered in this Post:

  • What is an escrow transaction?
  • Why does escrow transactions appeal to people?
  • How does using bitcoin help achieve it?
  • Is this use case practical?
  • Name some companies that do MULTISIG transactions.

What is an escrow transaction?

Escrow just means that when there is a trade between two people, there is a middle man who ensures both parties uphold their parts of the deal.

For example, say you want to buy a stuffed teddy bear from far far away. You pay the store owner and the store owner sends you the bear. How do you make sure that the store owners will actually give you the bear when they receive your money? How can the store owner make sure that they will actually receive money from you? Yes, you both could trust each other but that is unrealistic since you don’t know anything about each other. This is where the middle man comes in. Since they are in the business of trust and escrow then you have a better shot at trusting them to make sure the transaction takes place. Better yet, you don’t pay them until you’ve received your end of the deal.

Without the middle man, you give the money to the store owner. The store owner tells you he shipped the product.

Scenario 1:

You get the bear and all is well. Simple!

Scenario 2:

You wait 1 month. No teddy bear. You complain to the store owner who insists he sent the teddy bear. You wait 1 more month. Still no teddy bear. You’re angry and frustrated and still no teddy bear. You wait 1 more month. You find out that the store is no longer in business. You lost money and you have no teddy bear.

With the middle man involved, you give the money to the middle guy. The middle guy tells the store owner, I have the money. The store owner ships the stuffed teddy bear to me. I tell the middle man when I received the teddy bear. The middle man releases the money to the store owner. In this case, if you never receive the bear after 1 month, you can just cancel the transaction and get your money back.

With escrow is better for certain transactions!

Where does bitcoin fit into this escrow situation?

Same scenario. You want to buy a teddy bear from far far away. There is a special transaction called a MULTISIG.

MULTISIG (think Multisignatures)

You create a MULTISIG transaction that requires two of three people to sign in order to redeem the coins. Two of the people in the transactions are you and the store owner. The last in this middle man (Judge). The transaction sends the payment that you deposited only if two of the three sign it. The transaction gets put onto the block chain and then can be said to be “held in escrow”. The store owner can look to the blockchain and be convinced that you paid and decides to send the teddy bear.

Scenario 1

After, you say, “I got the goods”, and now the store owner and you can sign the transactions to redeem the escrowed funds. All is well and really the middle man did nothing since there was no need for them to sign anything.

Scenario 2

You claim “I never get the teddy bear”. Thus, you would never release the money to the store owner. The middle man has to step in and decide if the money should go back to you or to the store owner based on who they can deduce is right. If the middle person decides that you are lying and the store owner did send the bear, then the middle person and the store owner can sign the multisig to move the funds to the store owner. If the middle person decides that the store owner never sent the teddy bear, then the middle person and you can sign the multisig and move the funds back to you.

Is it hard to implement?

There is a CHECKMULTISIG instruction within the script language. This instruction to execute correctly says that it needs at least t out of the n public keys to be provided to be valid. In the case with the store owner, you need 2 of the three public keys.

Last time, I talked a bit about the Pay-to-script-hash script. The multisig is just a special type of the P2SH.

The tutorial from 2015 doesn’t work since the link to the actual tool to the site is expired.

Is there anyone actually doing this?

Yes!

1.EscrowMyBits
This site description is doing exactly what is described. There is even a judge program where people can sign up to be the judge.

2. Many Bitcoin Wallets use it, here’s just a few

Bitcoin Transactions Basics

Bitcoin Transactions

Honestly, initially, this lecture sounded intimidating. He’s like “we’re going to talk low level, real scripts, details and structure of bitcoin scripts in a precise way”. I had flashbacks of x86 machine code taunting me. Don’t be afraid though, it was well presented and well paced.

Also if you watch this lecture, count how many times the word “real” gets used?

Questions answered in this Post:

  • What arguments makes transaction based ledger more suitable than account based for bitcoin?
  • What are the components of a transaction?
  • Explain the reason for a change address.

Bitcoin Consensus gives us:

  1. Append only ledger
  2. Decentralized consensus
  3. Miners to validate transactions (making sure transactions are well-formed)

Assuming a currency exists to motivate miners!

He started out with this chart of what an account-based ledger (not Bitcoin) looked like before showing the bitcoin based ledger. The issues with this account-based ledger is that everyone needs to keep track of the account balances.

Transaction Based Ledger (Bitcoin)

Transaction Input Output Signed
1 0 25 ->Alice no one
2 1[0] 17 ->Bob,8 -> Alice signed(Alice)
3 2[0] 8 -> Carol,9-> Bob signed by Bob
4 2[1] 6 -> David,2 -> Alice signed by Alice

2[1] mean transaction 2 output 1

This is all implemented with hash pointers which have been covered in week 1 as well as building upon it constantly. Thus by the time transaction 4 occurs, there is now a long chain. Transaction specific the number of inputs and number of accounts and thus keep track of the state.

For these transactions it’s important to note that when Alice gives 17 coin to Bob, she also needs to give 8 coin back to herself.

Change Address – because coins are immutable, the entirety of a transaction output must be consumed by another transactions. The left over amount that has the potential for being given back to the original input still has a transaction to receive the coin.

Efficient Verification This new ledger means that you do not have to go up the entire change. You only need to scan the block chain between a reference transaction (input) and the latest block.

Join Payments instead of doing 2 transactions

 

Transaction Input Output Signed
2 1[0] 17 ->Bob, 8 -> Alice signed(Alice)
3 2[1] 6 -> Alice, 2-> Bob signed(Alice)
4 3[0], 3[1] 8 -> David signed by Alice, Bob

There seems to be quite a few issues on the video which are mentioned below. I have changed the examples to reflect these inconsistencies.
https://www.coursera.org/learn/cryptocurrency/discussions/weeks/3/threads/ngwguLVDEeatew7zqUaXxg

Bitcoin transaction representation


{
"hash": "5a42...",
"ver":1,
"vin_sz":2,
"vout_sz":1,
"lock_time":0,
"size":404,
"in": [{
"prev_out":{"hash":"3be4",
"n":0},
"scriptSign":"3044"
}],
"out":[{
"value":"10.122",
"scriptPubKey":"OP_DUP OP_HASH160 69e... OP_EQUALVERIFY OP_CHECKSIG"}]}]}

3 parts

  • Meta Data – Housekeeping that has size of trxn, # of input, # of output, and has of entire trxn

    "hash": "5a42...",
    "ver":1,
    "vin_sz":2,
    "vout_sz":1,
    "lock_time":0,
    "size":404
  • Inputs – array of previous trxn (hash form)
    prevTrans
    Signatures
  • Outputs – contain the value and the sum of all output
    value
    Recipient Address? but its really a script

Mining, Bootstrapping, and recap

These are my notes of the tenth lecture from Coursera’s Bitcoin and Cryptocurrency Technologies during Dec 2016 – Feb 2017.

Questions answered in this Post:

  • What do you have to think about if you’re a miner?
  • What is hash rate?
  • What is bootstrapping?
  • What are some attacks on bitcoin?
  • Define and discuss the different types of consensus?

Economics question, is it profitable for a miner to mine?
The generic internet article seems to say “It depends”. I don’t think it is from reading various online posts. But before I rush into it without real proof, what exactly would be considered a profit in bitcoin.

The positive gains in bitcoin come from the block reward (~12 BTC) and transaction fees. This is only worthwhile if it it greater than the negative losses (costs). The losses come form all hardware (fixed costs) and operations (variable costs).

If mining reward (block reward + Tx fees) > hardware + electricity cost -> You profit!
It’s not so simple because reward depends on the rate at which the miners find block whih is linked toward their hash rate to the total global hash rate.

Hash Rate – is the speed at which a computer is completing an operation in the Bitcoin code. A higher hash rate is better when mining as it increases your opportunity of finding the next block and receiving the reward.
~bitcoinsimplified.org/definitions/

Also, the costs will be variable depending on the Bitcoin exchange rate as well as differences other fiat currencies. Also miners technically don’t have to add the block to the larger chain, they could have a another strategy that is not being captured.

Recap Section of Key Topics

Satoshi – smallest denomination 1e-8 BTC

Prior to this recap I’m jotted down my thoughts with how I understand/what I remembered.

Identities: they’re hard and not fixed in bitcoin. We did talk about public keys being identities in week 1 but that seems not to hold since bitcoin has pseudoanonymous nodes

Transactions: combined together to form a block
Single transaction is signed by the one person. Then the transaction does something like transfer the coin to another. The transaction also contains a hash of the history of the previous transactions of that coin.

P2p: Bitcoin is a peer to peer network. When you try to determine consensus regarding the ledger, there is not specialized nodes, everyone is able to participate.

Block chain and consensus: The history of transactions of data structure of a hash pointer is a block chain. Consensus is what allows a block to be added on the distributed ledger

Hash Puzzle Mining: This is how bitcoins are created
The H(nonce | prev_hash | tx | tx … )) The hash of the concatenation must be less than some target value to be considered a valid coin that gets created.

Recap

Identity: no real world identity required, can just create a psudoanonymous
Transactions: messages that broadcast to the Bitcoin P2P network that are instructions to transfer a coin from one address to another

Coin – chain of transactions

P2P – goal to propagate all new transactions to all the new Bitcoin peer nodes, it tries its best effort
The security comes from the blockchain and the consensus protocol

Blockchain – transaction achieves a lot of confirmations and while it will never be 100% you have a high confidence
Orphan blocks –
Alice 100x computing power to Bob
Bob will find 1% of blocks Alice finds

Miners – equal benefit to the cost if they want to maintain their job

How deeply does distributed consensus play into bitcoin? exchange rate of the currency. ownership of coin. creation of blockchain.

Bitcoin has three types of consensus

    • value
    • state
    • rules

Bootstrapping

Bitcoin is a bootstrapped. Bootstrapping is how to get the cryptocurrency started and working/ creating a healthy mining ecosystem.

health of mining ecosystem ->
prerequisite for create largely honest bitcoin network
people will only mine if the value of bitcoin is high while expenditure in dollars
security of blockchain – we want to blockchain to be secure to be viable, then an adversary can’t overwhelm the process and that requires healthy ecosystem
->
value of the currency: if users want to buy Bitcoin trust in the security of the Bitcoin

Thus, there is a circular interplay meaning how does this system get started? Right, so Arvind is really really excited about this which you can tell by the fluctuations of his voice.

Anyway, what was time like before the dinosaurs… before bitcoin became bitcoin. This process has to be done by every altcoin. I didn’t feel like I understood the response. I got that he felt it was amazing but exactly how bootstrapping happens, I’m at a loss.

Potential Attacks

What would happen if consensus failed and there was a malicious node that contained 51%

steal coins from existing address?
Let’s say the 51% creates an invalid block

Suppress these transactions
from the blockchain
from the P2P network

Change the block reward
Destroy confidence in Bitcoin

Can someone steal coins from existing address?

Creates an invalid block with an invalid trxn. While teh attacker can pretend, other honest nodes probably won’t accept it.

Thus there will be a fork in the chain. With the POV from the attacker trying to sell the node. He can tell that even if its the longest branch its not correct.

Subverting consensus is not enough and thus not possible

Can the attacker suppress some transactions?

Let’s say the the 51% suppresses everything Carol does. However, the p2p network does not depend on the block chain, thus the peer to peer network will receive the broadcast and notice that Carol’s blocks are just not getting published

A 51% attacker can potentially:

Make it unprofitable for other miners to mine
Change the block reward
Suppress transactions from the blockchain

Can the 51% attacker change the block reward

No, because the attacker does not contain the Bitcoin software that the honest nodes are using

What about them destroying confidence in bitcoin?

behavior of not extending the longest chain
then the value of the currency will fall

This is possible and likely if this were happen. Apparently this is the main possible threat.
It’s interesting because in my opinion it reminds me of trust in the dollar versus being backed by gold or not.

Incentives and Proof of Work

These are my notes of the ninth lecture from Coursera’s Bitcoin and Cryptocurrency Technologies during Dec 2016 – Feb 2017. The lecture answered quite a bit of my questions regarding mining. Prior to this lecture, I knew that people mined by doing some heavy computational. Now, after learning about the background regarding incentives, it actually seems more reasonable. I was most shocked to realize that there will be only 21 million bitcoin create ever unless people change the rules.

Questions answered in this Post:

  • High level, how does incentives help?
  • What are block rewards and how does the reward gained change?
  • What are transaction fees and how do they change?
  • What is PoW and PoS and not Prisoner of War and Point of Service?
  • How frequently are block created?
  • What is a nonce? How is it used?

In the previous section looked at the consensus algorithm.

This lecture discussed a second part of Bitcoin’s decentralization called incentive engineering. What does this incentive engineering mean besides sounding like fancy name for treats?

Previously, it was discussed that there was a assumption that at least 50% of the nodes were honest and that one is able to pick a random node. Also, we would know if there was a Sybil attack as each of the nodes created by the Sybil would still be tracked to only a single user.

Assumption of honesty is problematic especially if there is financial incentive to subvert the system. Since nodes don’t have identities, one is unable to penalize the group that creates the malicious blocks.

Can we reward the blocks on the long standing chain? Yes. Use BitCoins to incentive the nodes that created these blocks

Two Incentive Mechanisms in Bitcoin

Incentive 1: Block Reward

Simply, you get bitcoin for creating a block. The amount of bitcoin you get changes over time. Actually according to < href="http://www.bitcoinblockhalf.com/">BitcoinBlockHalf. The coin reward is currently 12 and it will drop to 6 in 2020.

The block creator only gets to collect the reward only if the block ends up on the long-term consensus branch! Thus one is incentivized to behave honestly and to agree.

There is finite supply of bitcoin: 21 million
Block reward is how new bitcoins are created
Runs out in 2140. No new bitcoins unless the rules will change

Incentive 2: Transaction Fees

The second way is via transaction fees. This mechanism made more sense to me given that when you trade at least on financial markets you have to pay some amount for the processing. Thus the nodes who are doing this service can choose to take some amount for doing the transaction. From looking at things like Ethereum with gas, this is used as well and there exists a market value to see what the transaction price should be set as. If you give more than your transaction will be picked up faster.

Remaining problems

  • How to pick a random node?
  • How to avoid a free-for-all due to reward
  • How do you avoid Sybil attacks? We made an assumption earlier
  • Then he started talking about something called Proof of Work. That peaked my interested since almost every bitcoin blog/youtube channel talks about this versus Proof of Stake.

    Proof of Work

    This is supposed to answer how to select a random node. The node will be selected in proportion to a resource that nobody should be able to monopolize on it.

    Proof of Work – resource for giving nodes power is computing power
    Proof of Stake – resource for giving nodes power is currency ownership

    My thought was, wouldn’t someone be able to monopolize on ownership? Like is the actual answer, more is power. Well first let’s talk about what proof of work means.

    select nodes based on computing power?

    1. Select nodes in proportion to computing power
    2. Let nodes compete for right to create block
    3. Make it moderately hard to create new identities
      (Attacks on identity creation and on the Sybil attack)

    Let’s look at a more concrete example. I agree it sounds vague and I’m lost. Though looking at the next slide that just says hash puzzle and has the words nonce… this does not look that illuminating.

    Nonce – specific number (Again, according to Merriam-Webster: the one, particular or present occasion)

    So bitcoin achieves Proof-of-Work using hash puzzles. I’ll talk more about the hash puzzle further down.

    To create a block to add to the block chain, you need to find “nonce” such that H(nonce | prev_hash | tx| tx…|tx) is very small.

    (nonce | prev_hash | list of trxn that comprise the block)

    Then take the hash of this whole, long string.

    Then the hash if correct, should be a very small number . By very small, I mean that it falls within a certain target space in relationship to the output space of the hash.

    If the hash function is secure, the only way to succeed to try enough nonces until you get lucky. The reason for the nonce is that you want to make it moderately difficult.

    This is the computational puzzle that the node is required to create a new block.

    Proof of Work Properties:

    1. Difficult to compute
      Aug 2014: about 10^20 hashes/block
      only some nodes other to compete – miners
    2. Parameterizable Cost
      Nodes automatically re-calculate the target every two weeks
      average time between blocks = 10 minutes
    3. Easy to verify – once you find the nonce, everyone else can check. Thus no need to have centralization since other miners will verify another miner.

    What this means is that if you’re a miner, and you’ve put in some capital, over a two week period, there should be more blocks found. Thus you constantly need to put in more hardware investment to find more blocks.

    Prob(Alice wins next block) = fraction of global hash power she controls.

    If blocks came close together, there would be less efficient. We like putting hundreds of transactions into the block.

    Key Security Assumption
    • attacks infeasible if majority of miners weighted by hash power follow the protocol (honest)
    • if the majority are honest, because of the competition of competing for block then you know they will come from an honest node
    Solving hash puzzles is probabilistic

    Need to try them one by one to hope one succeeds

    Bernouilli Trials
    Poisson Process should shows this exponential distribution

    for a individual miner:
    mean time to find block = 10 min/fraction of hash power

    Proof of work is a way to

    • Select nodes in proportion to computing power
    • Let nodes compete for the “right” to create blocks

    A block in the block chain was found at time t. What is the probability that the next block was found at or before t+10 min? Assume that the total hash power of the network stays constant.

    More than 50%

    SHA-1 collision by Google and CWI!

    On Feb 23, 2017, Google and news agencies like WSJ published a startling find! Researchers from the CWI Institute in Amsterdam and Google were successful in generating a hash collision with SHA-1.

    Collision means that two different messages when hashed separately had the same hash. Hashing is converting a document that may be like 5MB to a 40 digit number. If you’re thinking, why hasn’t a collision been found earlier? Compressing a document to only 40 digits means that eventually there would a collision. Eventually yes but, 40 digits is a huge number and thus impractical randomly. Thus being able to engineer a collision in astonishing, a huge technical feat!

    What these researchers were able to do is find a collision in almost 100,000 times faster than a strict brute force attack. Yes, they leveraged Google’s tremendous cloud infrastructure to do so but the point remains is they did it. That means others will say Watch me too!. The attack required over a lot of computations (9,223,372,036,854,775,808) i.e. 9 quintillion i.e. 6,500 years of single-CPU computations or 110 years of single-GPU computations. If someone wanted to replicate it, they likely could and Google says this is likely within a month. Appropriately, Google has provided this free detection link here that one can use to better understand the attack and ways to mitigate it.

    The impact of this find is that an attacker could submit a malicious document that has the same hash as a benign one. SHA-1 is not some simple hash function. Because SHA-1 has been used for certificate verification or validation of documents, having someone break this system is disturbing. SHA-1 has been used for browser security and code management. GIT and SVN do use SHA-1. From ZDNet , at least the creators of Git do not think it is a huge concern. However, they mention that Git will be sunsetting SHA-1.

    For most browsers though, they key word would be “has been” as Google Chrome has been sunsetting uses of SHA-1 for several years and same with Firefox. There was a wake-up call in 2005 when researchers in China found a theoretical method to find a collision which prompted people in the industry starting to shift hash functions. Now in Feb 2017, Google and CWI Institute have proven it in the practical sense. Bitcoin uses a SHA-256 hash function. More of the concern for bitcoin would be that the source code is all in Git but again, at least the creators of Git say “Don’t Worry”.

    Consensus without Identities

    These are my notes of the eighth lecture from Coursera’s Bitcoin and Cryptocurrency Technologies during Dec 2016 – Feb 2017. While the lecture is lengthy and I had to watch it a few time to grasp the concepts, I thought it was interesting.

    Questions answered in this Post:

    • What is bitcoin’s stance on node identity? Why?
    • What is a Sybil attack?
    • What is implicit consensus?
    • What are some attacks discussed that this consensus protocol protects against?
    • What is an orphan block?
    • What is a zero-confirmation transaction and how to prevent it?

    One major point was that bitcoin nodes do not have persistent long-term identities. Because of this, the consensus protocol attributes deviate from what is in the distributed systems consensus protocols. So, while we know that bitcoin is different, why exactly do we care? One thought is that because of this deviation, does this mean the existing algorithms are not compatible and thus something new have to be invented? Why are identities useful for distributed consensus protocols?

    Below are the specific examples provided in the lecture:
    Pragmatic: some protocols need node identification (id) such as a protocol could say use the lowest ranked ID to do .
    Security: assume less than 50% malicious nodes for this protocol to work.
    Prevent from a Sybil Attack An adversary makes multiple nodes and uses them to break the system.

    Why don’t Bitcoin nodes have identities?

    1. Since Bitcoin is a P2P system, no central body to assign identities to nodes
    2. Pseudo-anonymity is actually an inherent gol of bitcoin

    So instead of that, Arvind suggested something weaker in that the system is able to pick a random node in the system as well as determine who is the owner thus making the all Sybils get a single token. With this procedure then something called implicit consensus can occur.

    Implicit Consensus (AKA Simplified Bitcoin Consensus algorithm)

    It’s a procedure of adding new blocks to the blockchain in consensus.

    1. Random node is selected and make it
    2. proposed the next block in the chain
    3. Other nodes accept or reject the block by determining whether or not to build on top of it
    4. If accept, then this block gets added. If reject, they ignore the block and build over the current chain they have.
    5. Nodes acceptance means adding the block’s hash in the next block they create
    Why does this work? or how can a malicious adversary subvert the process?
    • Stealing Bitcoin – not if the underlying crypto is good
    • Denial of Service Attack – not unless all other nodes are malicious
    • Double-spend attack – add the heuristic that only add to the longest block

    Can Alice simple steal Bitcoins belonging to another user at a different address that she doesn’t control?
    Example:
    It is not Alice’s turn to propose the next block in this chain.
    She can’t steal other bitcoins because she can’t forge their signatures and thus if the underlying crypto is solid, one cannot simple steal Bitcoins

    If she hates a node Bob, she can choose not to accept any blocks proposed by Bob. So she’s denying service to Bob.

    Thus if Bob’s block doesn’t make it into the next block Alice proposes, he will just wait another block until an honest node gets the chance to propose.

    Arvind claims this is nothing more than a little annoyance. I guess in my mind it was larger. First with this little annoyance, I see it as a delay since you’re waiting for the next honest node. The next honest node could take a very long time.

    The last one Arvind talks about is the double spending attack.

    Alice is a customer of a merchant and Bob is the seller.
    Alice goes to Bob’s website and buys for it in Bitcoins.
    She creates a Bitcoin transaction from her address to Bob’s address.
    Thus it gets broadcasted to the network

    C_A -> B

    transaction
    signed by A
    pay to pk_B: H()

    This transaction should have existed from a previous transaction. Thus there’s a pointer to that previous block.

    Let’s say Alice is now proposing a transaction, decides to ignore the bock with Bob’s stuff and create a new transaction

    transaction
    signed by A
    pay to pk_A: H()

    Will they both end up in the long term consensus chain

    There is an idea that the honest node will extend the longest valid branch. From the facts of the transaction, both leafs have the same number of transactions. They have the same length.

    There is a heuristic where you choose the node that you received first. Thus there is a chance that the other block would get chosen, so what happens with Bob.

    The chain with Bob meant that Alice got free software and Bob did not get any payment. The remainder block is called an orphan block.

    Thus this would be a successful double spend.
    Zero-confirmation transaction Bob would send over the software without waiting to see if Alice’s transaction actually made it into the blockchain. It’s like giving someone a product with only seeing that they have the money in their hand and that they hadn’t actually given it to you.

    However, instead Bob should be more careful. He should wait for more confirmations before sending the software. Because he knows that the longer chain gets chosen, then he’s in the clear if he sees that his transaction has more blocks

    Double spend probability decreases exponentially with # of confirmation
    Most common heuristic: 6 confirmations

    Recap

    • protection against invalid transactions is cryptographic but enforced by consensus
    • Protection against double-spending is purely by consensus
    • You’re never 100% sure a transaction is in the consensus branch. Guarantee is probabilistic. 1- (1/2)^6 = .9844

    What can a malicious node do?
    Ignore the longest valid branch rule when proposing a new block.

    Distributed Consensus

    These are my notes of the seventh lecture from Coursera’s Bitcoin and Cryptocurrency Technologies during Dec 2016 – Feb 2017. This was a great lecture in that it started more from fundamentals to explain how decentralization has been done in bitcoin.

    Questions answered in this Post:

    • Define consensus and distributed consensus.
    • What is a distributed consensys protocol?
    • What does consensus mean in Bitcoin
    • How does consensus work in bitcoin?
    • With all the pessimism with distributed consensus, what enables bitcoin/makes it less at risk for these shortfalls?

    Before we can started talking about distributed consensus and consensus for bitcoin, what on earth is consensus? According to the Merriam-Webster dictionary…

    Consensus:

    general agreement about something; an idea or opinion that is shared by all people in a group

    Great, now what is distributed consensus?
    Well, when related to computer science, how can multiple main computer nodes agree on a single idea/piece of data if they are receiving different inputs. Then a consensus protocol is the answer to the question on “How” these nodes can come into agreement. If one is interested then please google “distributed systems protocols” to learn about these. Or just look at things like distributed hash tables or Paxos.

    Distributed Consensus Protocol

    Def
    fixed number of nodes, n
    each nodes have some input value

    1. each nodes have some input value
    2. protocol terminates and all correct nodes decide on the same value
    3. this value must have been proposed by some correct node
    4. in this scenario there are bad, faulty, and malicious nodes as well as the correct nodes.

    Consensus in Bitcoin

    Bitcoin is a peer to peer system. When Alice wants to pay Bob, she broadcasts the transaction to all Bitcoin nodes that comprise the peer-to-peer network. Also, Alice and Bob are not the only individuals broadcasting out transactions.

    signed by Alice
    pay to pk_Bob: H()
    contains Hash of the coins history

    Bob is not on the system he needs to be a bitcoin node to hear it

    Consensus in bitcoin means if all these people are broadcasting their transactions and all these nodes are hearing them, how do you determine which transactions were broadcast, which were valid, and in what order. By the end, there should be a single, global ledger that is maintained by all. However, it also means that nodes will also have transactions they have that may not be on the block yet. These are called outstanding transactions.

    How consensus could work in Bitcoin?
    at any given time:

    • All nodes have a sequence of blocks of transactions they’ve reached consensus on
    • Each node has a set of outstanding transaction they’ve heard about (these have not reached consensus

    Scrooge Coin: transactions were put into blocks

    Why is bitcoin blockchain consensus hard?

    • Nodes may crash
    • Nodes may by malicious (put invalid transactions in blocks)
    • Network is imperfect
    • Not all pairs of nodes connected
    • Faults in network (poor network connectivity)
    • Latency since these nodes are all over the internet

    With high latency, this also means that there is no notion of global time. The ordering agreed upon does not indicate time. All we know is that one node was put one the block chain prior not which transactions actually was broadcasted and heard first. Because of this constraint, many consensus protocols in literature tend to be pessimistic. You get these impossibility results.

    Impossibility Result Examples

    Byzantine Generals Problem which resulted in if a third or more of the generals (nodes) were traitors when it was impossible to achieve consensus.

    Fischer-Lynch-Paterson (deterministic nodes)
    which proved that consensus impossible with a single faulty node

    Paxos – never produces inconsistent result
    protocol can get stuck and never make any progress

    These pessimistic models tend to shed light on the idea that bitcoin is the same problem as resolving a distributed database and thus can make concessions that the others were unable to.

    Consensus in bitcoin: theory versus practice

    While theory may sound pessimistic, practice seems to work better. This may be due to special features of bitcoin. Also, bitcoin contains the idea of incentives because it’s a currency. Second, bitcoin embraces randomness where as proper distributed systems hate it. Actually the consensus algorithm relies on randomness. So while you can never by 100% confident, you can be extremely confident when a block has entered the ledger. Also, the latency is fine since at this point, it’s one every ten minutes.

    Bitcoin decentralization?

    These are my notes of the sixth lecture from Coursera’s Bitcoin and Cryptocurrency Technologies during Dec 2016 – Feb 2017. This lecture seemed more like a teaser to the follow up lectures in that much of what was discussed was evaluating the phrase ” Bitcoin coin is decentralized”. What parts of bitcoin are actually decentralized and where are the limitations?

    Questions answered in this Post:

    • Where does decentralization currently?
    • Why is centralization vs. decentralization more a spectrum as opposed to an “all of nothing”?
    • When you think “bitcoin decentralized?”, what components support this thought and what go against this notion?

    At this point, the last lecture made clear why centralization did not work for bitcoin. Do we really trust Scrooge? NO! His name is Scrooge…

    Arvind goes into how bitcoin works with this decentralization. Decentralization is not all-or-nothing. Email is a decentralized protocol (SMTP) but has been dominated by centralized webmail services. Some examples would be like google/hotmail/yahoo.

    Questions regarding the decentralization in Bitcoin?

    1. Who maintains the ledger?
    2. Who has authority over which transactions are valid?
    3. Who creates new bitcoins?
    4. Who determines how the rules of the system change?
    5. How do bitcoins acquire exchange value?

    I’ll put in what my answers were prior to the lectures.

    1. Some majority of people on the network. When I say network, I guess there is a group of people (IP addresses/public keys) online who have copies of the ledger that they are constantly pinging out.
    2. This majority. Perhaps several people have to say yes this transaction is valid. Since these people are perhaps trusted in other networks then they can check the transactions.
    3. Miners create bitcoins. I’m not sure who they are or what they are doing besides running massive computations solving math puzzles.
    4. Same answer as number 1.
    5. Similar to any other traded security product.

    Aspects of decentralization in Bitcoin

    • Peer-to-peer network: open to anyone, low barrier to entry
    • Bitcoin Mining: open to anyone, but inevitable concentration of power in the Bitcoin mining community
    • Updates to the software: core developer trusted by the community have great power.

    Bitcoin has a peer to peer network meaning that anyone can log on to start up a full node. Thus there is a low barrier to entry and is it open to anyone. While it is open to everyone, there is quite a bit of disc consumption required. This Bitcoin.com link from Feb 2017, indicated that one user calculated their cost to be approximately $20.00/month to run a node using AWS. Since I have never run a full Bitcoin node, I can neither confirm or deny this statement. Another reason it is decentralized in that anyone can mine bitcoin theoretically. However, if you don’t have special hardware and are not part of a mining pool, there is a low probability of success. Lastly was the point regarding updates to the software. This task falls on the core developers who are trusted and supported by the bitcoin community.

    Example of a simple cryptocurrency

    1.5 A Simple Cryptocurrency

    These are my notes of the fifth lecture from Coursera’s Bitcoin and Cryptocurrency Technologies during Dec 2016 – Feb 2017. This lecture covers simpler cryptocurrencies to allow one to think about the consequences of certain properties. Thus the takeaways for this post focus on these properties that are relevant to current currencies.

    Questions answered in this Post:

    • What happens when only one party create coins?
    • What is a double spend?
    • What does append only ledger mean and why does it help stop double spends
    • What is an issue with Scrooge coin?
    GoofyCoin

    The first coin talked about was called GoofyCoin. Here are the main rules

    1. Only Goofy can create new coins. He owns the new coins created.
    2. Whoever owns the coin can spend it
    3. A coin is a string “CreateCoin [uniqueCoinID]” and Goofy’s signature
    4. One can verify the coin by looking at Goofy’s valid signature as they walk up the chain of previous signatures of a coin.

    Goofy can create new coins. When he creates new coins, he generates a uniqueCoinID that is signed by pk_Goofy (public key Goofy). All new coins are owned by Goofy. Whoever owns the coin can spend it. Spending a coin means transferring the coin from one person to another which is done by cryptographic operations.

    So if Goofy wants to transfer a coin to Donald, he has to go through a several steps. First steps wold create a new statement “Pay this to Donald” where this is a has pointer that references the coin in. The word “Donald” in the previous sentence refers to Donald’s public key. Goofy also signs the string since he owns the coin, he must sign that he is spending it. This statement now indicates that Donald now owns to the coin and he can spend it if he wants in a similar fashion. Each time an action is done to the coin, it gets chained together. The chain could be thought of as a linked list of hash pointers where hash pointer contains the hash of the previous coin. The initial creating pointer only contains a Create Coin uniqueCoinID statement and signature of Goofy.

    Spending a coin means

    Take the coins history

    Donald payment
    signed by pk_Goofy
    pay to pk_Donald: H(head)

    head
    signed by pk_Goofy
    CreateCoin [uniqueCoinID]

    Now Donald owns the coin and she has to present the full blockchain if required.
    Now let’s say Donald pays the coin to Daffy then the chain now gets another entry.

    Daffy payment
    signed by pk_Donald
    pay to pk_Daffy: H(Donald’s payment)

    Donald’s payment
    signed by pk_Goofy
    pay to pk_Donald: H(head)

    head
    signed by pk_Goofy
    CreateCoin [uniqueCoinID]

    This is not a decentralized coin since only Goofy can create the coins. Also, the only people who know about the passing of coins are those present in the chain. Thus if Donald tries to give coins to Porky then there would almost be a two parallel paths that would not known about each other. Porky and Daffy could both look up the block chain they were given by Donald and verify that they had a valid coin created by Goofy. However, Donald was able to “double spend” his coin which is a severe issue.

    double-spending attack – someone one tries to spend a coin more than once.

    Brainstorm ways to stop it:

    Have a single ledger that everyone looks at. That would be similar to a bank today in that the bank holds one’s balance.

    Scrooge Coin

    This coin tries to prevent what happened with Goofy Coin. However it still has the property that only Scrooge creates coins. Scrooge publishes a history of all transactions (block chain, signed by Scrooge) instead of having others pass it along.

    Scrooge is publishing then an append-only ledger. An append-only ledger means that any data written to the ledger will remain forever and thus only a single history will occur even if transferring of coins occurs between different people.

    1 transaction per block for simplicity

    Now Daffy and Porky cannot both get paid because Scrooge would have published both transactions and thus dependent on which one came first the other would be invalid. So while one person would lose, and it is not clear since it depends on which Scrooge publishes first. Having this published history helps people detect double spending and thus Porky can reject the coin if he notices that Donald is trying to send invalid coin.

    Scrooge may also have the job to look for double spends as well and thus would only accept one and reject the other.

    Here’s what it will look at breaking down the transactions.

    Create Coins Block
    transID: ## type: CreateCoins
    num | value | recipient (pk)

    Pay Coins Block
    transID: ** type: Paycoins
    consumed coinIDs:

    coins created to new recipients

    Validity Rules for Scrooge
    • consumed coins valid
    • not already consumed (Within the same block?)
    • total value out == total value input
    • signed by owners of all consumed coins

    This transaction is signed by all owners who are payers

    Coins are immutable so they’re constantly created and destroyed when you pay people.

    Coins need to have at least these properties:
    Some transID(num) as its identifier
    Some value
    Some recipient that it belongs to

    When a coin is paid, the old coin is consumed and a new coin is created

    What are the issues with Scrooge Coin?

    Still not decentralized and you have to trust Scrooge.
    If Scrooge stops creating, validating coins, and telling the truth, then the coin should no longer be trusted. He can allow for double spends as well as not meet people’s expectations in terms of how much coin they transferred.

    Quick Overview of some Ethereum Mining Choices

    Quick Overview of some Ethereum Mining Choices

    I researched what was ethereum mining and would like to share what I’ve learned so far.

    In January 2016, there were many documents and videos showing 6 easy steps for ethereum mining.
    One such video I watched was by Digital Decrypt called How to Mine Ethereum on a Windows PC — 6 Steps . Here are two other websites guides which are likely more detailed than mine:
    CryptoCompares and 99bitcoins .

    Mining using Geth and Ethminer
    1. Get Geth
    2. Run Geth (from cmd window type geth account new) Need an account to mine.
    3. Activating Geth (cmd window type geth –rpc ) Start communicating with others
    4. Get ethminer (CUDA or Genoil )
    5. Configuring ethminer
    6. Beginning to Mine (in command window type for GPU ethminer -G or for CPU etherminer)
    Here is a short glossary of what you just downloaded.

    Geth: Geth (implemented in the programming language Go) lets one create fully connected node to Ethereum. With Geth, you can connect to the Ethereum network which is necessary for mining.

    ethMiner :(written in C++) This is the mining program. It will utilize your machines CPU/GPU to run the hashing program (EtHash)

    EtHash: This is Ethereum’s proof of work algorithm.

    Mist: the Go client GUI and web3 browser

    From Oct 2016, I found a platform where one can mine called MinerGate. MinerGate is a mining pool which has fourteen currencies listed to mine including ethereum. Go here for the exact ones in case they change.

    Mining with MinerGate:
    1. Create an account with minergate.com
    2. Download the MinerGate software and install it to your computer
    3. Just go to the top tab Miner and click Eth. If you want MinerGate to do its job, stay at the top tab Smart Miner to proceed that way.
    4. Start mining and don’t be worried when MinerGate create a DAG file onto your machine. That’s normal.
    Miner with ethMiner and Genoil miner
    1. Create an account with minergate.com
    2. Download your miner software ie (ethMiner or Genoil miner)
    3. Within the command window, you’ll type the below commands to mine the individual types.

    For EthMiner, the pattern is below

    CPU mining:


    Ethminer.exe -C -F http://eth.pool.minergate.com:55751/YOUR_EMAIL --disable-submit-hashrate

    For Genoil, the pattern is below. Note the difference between OpenCL and CUDA is the first parameter after ethminer.

    OpenCL

     

    setx GPU_FORCE_64BIT_PTR 0
    setx GPU_MAX_HEAP_SIZE 100
    setx GPU_USE_SYNC_OBJECTS 1
    setx GPU_MAX_ALLOC_PERCENT 100
    setx GPU_SINGLE_ALLOC_PERCENT 100

    ethminer -G -S eth.pool.minergate.com:45791 -O YOUR_EMAIL

    CUDA


    setx GPU_FORCE_64BIT_PTR 0
    setx GPU_MAX_HEAP_SIZE 100
    setx GPU_USE_SYNC_OBJECTS 1
    setx GPU_MAX_ALLOC_PERCENT 100
    setx GPU_SINGLE_ALLOC_PERCENT 100

    ethminer -U -S eth.pool.minergate.com:45791 -O YOUR_EMAIL

    Few difference between Ethereum versus Bitcoin mining

    One major difference that I can see is that Ethereum blocks occur every 10-15 seconds on average while Bitcoin occurs every 10 minutes. The reward for Eth is 5 ETH while the current reward for Bitcoin is 25 BTC.

    Another is that there is a different hashing algorithm to bitcoin so the ASICs developed for Bitcoin are not usable for Ethereum. Ethereum is ASIC resistant since Ethash has a memory hard algorithm. This means while GPU would help against CPU, ASICs should not work.

    There seemed to have been a weird ETH ASIC scam going around some of the forums Steemit Ethereum and Ethereum.org Forum like 8 months ago (Aug 2016). Key takeaway was to watch out because it was a SCAM.

    PHP Code Snippets Powered By : XYZScripts.com