Limitations with Bitcoin due to hardcoded limits and scalability issues? Hard-forking? Soft forking?

Limitations with Bitcoin due to hard-coded limits and scalability issues? Hard-forking? Soft forking?

This lecture, admittedly seemed dry. After the excitement of talking about the block chain and all the potential it has, this lecture brought us back to reality. It explained where some of the shortcomings are and what would be required to make these changes, ie hard-fork. Also, we discussed how pay-to-script-hash was a successful soft fork change.

Questions answered in this Post:

What are these hard-coded limits?
What is a hard-fork?
What are some of the challenges faced with hard-forking?
What is a soft-fork?

What are these hard-coded limits in Bitcoin?

Most of these limits I’ve already talked about. First, there is a 10 minute time interval between block creation. The below table indicates that other cryptocurrencies now have much shorter time intervals. Ethereum has on average 14 – 17 sec. Even, Litecoin which was launched in 2011 uses only 2.5 minutes. Another drawback is that there can only be 1 million bytes in a block. There can only be 20,000 signature operations per block. There are 100 million satoshis per bitcoin. The bitcoin mining reward is completely fixed. Lastly, only 21 million bitcoin will be created.

There are some throughout limits that are worth looking at as well. First that there is 1 million bytes per block and a block is created every 10 minutes. Also, each transaction have at least 250 bytes meaning that the network can only handle 7 transactions per second. That’s not very fast. Credit card companies handle significantly more such as Visa (10,000/sec) or Paypal (100/sec).

Other limits refer to the choice of cryptographic algorithm. There is only ECDSA/P256 signature algorithm used and at least the lecturer mentioned that cryptoprimitive might break by 2040. I discussed earlier this year that SHA-1 has been broken. Thus that future may already be upon us.

Cryptocurrency Name	Symbol	Creation Year	Time Between Blocks	CryptoMechan
Bitcoin	BTC	2009	10 min	SHA-256
Ethereum	ETH	2015	10 – 20 sec	Ethash
Dash	DASH	2014	2 – 3 min	X11
Monero	XMR	2014	1 – 2 min	Cryptonote
Ripple	XRP	2011	–	ECDSA?
Litecoin	LTC	2011	2 – 3 min	scrypt

How do changes occur to Bitcoin? Hard-fork? Soft-fork?

A hard-fork change means that there would be a change to the Bitcoin protocol and all the software would need to be upgraded. What makes it “hard” is that the new version of the software may validate previously rejected blocks. At this point, if some nodes on the network upgrade and others do not, then potentially there may be two longest branches where one would be with the upgraded software and one with the older software. Thus the block chain will split. Every node would be segmented into one or the other version and the branches would not be joined. This is unacceptable according to the lecturer.

On the other hand, a soft fork makes validation rules stricter. So the hard fork was widening the requirements where soft fork is restricting it. This means that previously valid transactions are now going to be considered no longer valid. Will there be a risk of the block chain splitting as before?

The new version gets introduced with the soft forking change. The nodes with the new software enforce tighter rules and if the majority of the nodes switch to the new software, then the network will actively be enforcing these new rules. Once that occurs, there will be a single block chain. Let’s say that there are old miners who are mining invalid blocks because they are putting in some transactions that previous were valid but are now invalid. Their blocks will keep getting rejected and they will realize they need to upgrade their software.

Soft fork example: Pay-to-script-hash

Pay-to-script-hash was not present in the original version of the Bitcoin protocol. The change made it such that original pay-to-script-hashes which were previously correct were now going to be invalid. The pay-to-script-hashes in the old system would just hash one data value and check if the hash matches the specified value in the output script. The new change would do a verification to make sure the previous value of the hash also was a valid script.

Proposed hard fork changes

Hard fork changes as mentioned are difficult. To add new opcodes to Bitcoin, changing the hard-coded limits on block and transaction size would require a hard fork. Even some bug fixes aren’t fixed because of this issue. If you look at some new cryptocurrencies, you can see that they fixed some of the perceived issues with bitcoin.

Bitcoin P2P Network

This lecture focused on the bitcoin peer-to-peer (p2p) network. While this lecture just talked about the current network and its implementation which I will discuss,

Questions answered in this Post:

What are characteristics of the blockchain network?
How do you as an individual connect to the blockchain network?
What is a full node and what is a SPV?
What is the size of the network?

What is the blockchain network and how can people join this network?

The Bitcoin P2P network is quite similar to other peer-to-peer networks. I only know a few p2p networks outside of Bitorrent which is Gnutella and e2dk. I remember that there were many issues with Gnutella regarding scalability and message propagation. Similar to other peer-to-peer networks, it has the properties that all the nodes are equal and there is no hierarchy. It uses TCP (Transmissiong Control Protocol) with a random topology. Anyone can join the network and leave the network as well. Leaving the network is easy since if the network doesn’t hear from the node for three hours, it is just assumed that it is no longer online and stops sending messages to it.

Again, I’m talking about the Bitcoin P2P network and as I’ll talk about later this notion of equality does not stand true for other side bitcoin networks.

Key Characteristics

ad-hoc protocol (runs on TCP port 8333)
ad-hoc network with random topology (random nodes peering)
all nodes are equal (no central/master)
new nodes can join at any time (anyone can download and get started)
forget non-responding nodes after 3 hours

What does it mean that anyone can join at anytime?

Well anyone can download something like Bitcoin Core or use npm to install Bitcore and become a full node. As with any peer-to-peer network, pay attention to security, bandwidth, and actual space concerns.

How does a new node connect to the network?

Simple answer would be just connect to one node and then more will follow. Though, there are a few more steps then just that.

Connect to a seed node with a message like, “Hello World! I’m ready to Bitcoin”. Seed nodes are hard coded IP addresses that one an use to connect to another active node. Instead of using the IP addresses, some program with use DNS seeds, which let you look up the IP addresses instead of just providing one. A few DNS seed names are bitseed.xf2.org or seed.bitcoin.sipa.be
To first connect, send a version message and receive a version message back. Then send a verack to confirm the connection.
Send the messages getaddr and addr to the seedNode
Next you connect to the nodes that seedNode sends you
Repeat with the new nodes to be better connected.

What happens in the network?

Transactions that one node hears are shared across the entire network. This is Transaction propagation (flooding) or a gossip protocol. It is a simple gossip Protocol where the network is just sending the message to every node it knows. At certain short time periods, a message gets sent to random targets in a pairwise fashion and each time, the node is responsible to update its view of the blockchain and determine whether to send the transaction outwards. Each node has its own list of pending transactions and must decide to forward or not based on a certain set of criteria. Also, like a breadth first search, it has a check to see whether it has seen a certain transaction before to prevent message from being sent forever. According to bitcoin.stackexchange, it takes about 15 seconds for a message to be propagated.

There are a set of checks to determine whether the transaction should be propagated. Note that these checks are not enforced. They can be ignored if certain nodes have different incentives or are malicious. One check is to just make sure that the transaction is valid within the blockchain. A few of those checks are for syntactic correctness, size in bytes is less than the MAX_BLOCK_SIZE as well as the size of the output must be legal monetary range. Then, it checks whether the transaction has been seen before which it can look up into the pending transactions list. Also, it needs to check that this transaction has not been incorporated in another block or has already been spent. This site has the documented protocol rules.

What are some checks done to see if the node should propagate the message?

Transaction valid with current block chain
default script matches a whitelist (avoid unusual scripts)
won’t relay by default (Why not)
haven’t seen before (avoid infinite loops)
doesn’t conflict with others transactions previously relayed (avoid double-spends)
Documented protocol rules

It is possible that the nodes will end up with different set of pending transactions or a different ordering of the transaction events. This is called a race condition in bitcoin. Because, only one person is defining the next block, that person who is mining will break up the race condition by publishing. This usually creates a clear set of actions on how to deal with the race condition meaning that one chain may get dropped because it would be a double spend after this block has been published. Nodes will usually accept the transaction that they have received first. A similar algorithm is used for block propagation as well where more information is found here. One thought you may have is what happens to these transactions or blocks that don’t get put on the main block chain. They are called orphan transaction and orphan blocks respectfully. An orphan block does not have a parent on the longest block chain. From blockchain info, one can see there are about 2-3 orphans blocks created per week.

Race conditions: Transaction or blocks may conflict

default behavior: accept what you hear first
network positions matters then
miners have freedom to implement their own logic which could exacerbate these race conditions

Now, that we know what the network is doing, what is the size of the network?

While, not clear how to measure it, there are between 1,000 – 10,000 fully validating nodes. A fully validating node is one that it permanently connected, stores the entire block chain, and is actively hearing and forwarding every node/transaction. They also need to track the unspent transaction output (UTXO). These are all transaction that have not been put into the blockchain. However, there are some nodes that connect in and out of the network maybe just to complete a transaction or check some status of a transactions. In July 2014, the size of the block chain was 20 GB. Now in March 2017, it’s almost 100 GB. Also, while in Jul 2014, the UTXO was only 20 MB. In July 2015, it is 650 MB.

The lecturer, Joseph, mentioned that that the number of full nodes are decreasing. It makes sense since as time passes, to store the chain involves more space and RAM. Unless one is miner, or part of some large organization where you are actively getting some benefit for maintaining the full node, it doesn’t seem reasonable to continue doing. I admit there are people who will continue holding the nodes because they believe in bitcoin and for those people, that’s awesome. When people have clients running on their phones, or PCs, likely it is just a lightweight node. People also refer to these nodes as Simple Payment Verification (SPV) client. Bitcoin wallet programs tend to incorporate SPV nodes. A lightweight node just stores a subset of the transactions sent that may be needed to verify certain transactions. These lightweight nodes only work because they are trusting the fully-validating nodes to do their job. There has been much discuss on the internet regarding how many full nodes are enough and who should run a full node.

Bitcoin Blocks

This lecture talks about what bitcoin blocks are actually composed of in respect to the innards and what the code version may look like. If you’re wondering, it is transactions but it’s not that simple. The transaction are stored in an efficient fashion. They can be visualized pretty easily from a variety of sources.

Questions answered in this Post:

Why does bitcoin bundle transactions?
What are the two major data structures that the bitcoin block chain is composed with? Describe them.
Where can you observe block contents?
What is a coin base transaction

Why bundle transactions together?

single unit of work for miners
limit length of hash-chain of blocks which equals faster verification of history
too much overhead would be created if you did it per transaction
allow the hashed chain for blocks to be shorter because you only need one block for multiple transactions

Bitcoin blockchain has two data structures: hash chain of blocks and a merkle tree.

First, the bitcoin block structure contains a hash chain of blocks. A hash chain is that list of blocks where each block also contains a reference to the block previous to it.

A block contains three items:

block header
hash pointer to transaction data
hash pointer to the previous block in the sequence

At this point, even though you don’t know what the hash of the transaction data completely refers to, this structure should sound just like a linked list. When I say hash of some transaction data, I’m referring to that second data structure called a merkle tree. The merkle tree contains all the transactions included within the block. Merkle tree as you might guess looks like a tree specifically a binary tree. The tree contains all the transactions hashed in the leaves. Each node above that contains the hash of the two children that gets concatenated together. The root of the tree, the final node that combines the left and right children is the root hash. This is called the “merkle root”. The merkle root gets stamped on the block header.

I think of the Merkle tree as an efficient transaction storage tree that utilizes hash functions and allows one to verify if a transaction is within the block (tree) in just log(n) where n is the number of transactions in the block. Also, once the tree is computed, it’s easy to tell whether the data has been tampered with.

Right so now that we know what the structure looks like, what do you see if you looked at the written blocks. As I mentioned earlier, a block contains three components: block header, hash pointer to transaction data, and a hash pointer to the previous block in the sequence.

Sample block header
"hash": "000001aad2", "ver"": 2. "prev_block": 00001a3", "time": 139. "bits": 411900, "nonce": 459841, "mrkl_root": "89776..."

all the transaction data
"mrkl_root": "89776...", "n_tx":354, "size" 181520, "tx": [ ] "mrkl_tree":[] }

If you go to blockchain.info, you can easily see records of these blocks. There are quite a few places to view bitcoin blocks. I’ve listed a few more below.

This CryptoCoinNews article site teaches you to code a quick Python script to write your own block parser. It’s sparse without any UI but it’ll get the job done. Definitely give kudos to tenthirtyone.

Here’s the link to block that I’m going to explain further

You can see that this is block numbered 456842. As mentioned previous the header contains the hash. Also, it contains the previous block hash linked as well as the Merkle Root hash.

Block Header

That’s just the beginning looking at this block since block chain pulls out all the components. The number of transactions is 202 transactions where the nonce was 3378386187. Remember the nonce was that small target value that the miner found which enabled them to write the next block.

When I looked at these there were a few values that were interesting specifically block reward and the first transaction listed.

What is a block reward?

A block reward is how much a miner gets getting the privilege to publish the next block. This value is $14,737.28. How was that value calculated? Currently the number of bitcoin a miner earns for publishing a block is 12 BTC. I looked at Bitcoin block half which shows the current block reward and the next time the change is going to occur.

New Coin

Why does this transaction have the message “No Inputs(Newly Generated Coins”?

Ok, that sounds like a dumb question. It clearly indicates that this is a newly generated coin, which not surprising is called a coinbase transaction.

Unique characteristics of the coinbase transaction

has a single input and single output
input doesn’t redeem a previous output and thus contains a null hash pointer
value is fixed and halves every 210,000 blocks
special arbitrary parameter where one can put anything

Applications of Bitcoin Scripts: Micropayments

Applications: Micropayments

This is a continuation of the Bitcoin Transaction Basics lecture. As mentioned before, I watched the entire third week in one sitting so some of my notes may reference previous posts. This part focuses on applications of Bitcoin scripts. There was quite a bit of material so I have broken down this part into 3 parts. This is the third part focusing on Micropayments. Here’s a link to the first part and second part. Honestly, I thought this use case help the most promise or concreteness initially. Then I realized I watched the lecture and came out with more questions and skepticism about why use bitcoin for this. Face palm….

Questions answered in this Post:

What is a micropayment?
What do micropayments look like without Bitcoin?
What are some companies who are doing this
What does it look like with bitcoin?

What is a micropayment?

It’s what you would think micropayment means, a transaction with a low amount. Specifically though it usually relates to an online transaction involving less than some currency standard like a dollar or a penny. Sometimes though it can be greater than that. As of March 2017, Paypal considers any payments less than $4.00 USD a micropayment. They also charge 5% + $.05 to merchants who process these transactions. Apparently Amazon also has a similar system but I was not able to find the exact documentation. Even so, how do you pay someone less than a penny when that’s not a physical quantity?

There are many technologies just handling micropayments. In most cases, there is some transaction fee associated with each payment which makes sense. These companies are providing a service to handle micropayments. Some may have a third-party micropayment provider who collects these small payments. Then the payment is made from a digital wallet when they have reached a potential threshold. A digital wallet is A site may choose not to make payments until the total amount is greater than 5 dollars. Some platforms have created “prepaid systems” where users add money to create a initial balance. Then the user can purchase these small purchases which may be less than a dollar but can be easily handled since the platform can just subtract from the platform.

Look at this list of companies who are making their business online payments incorporating micropayments.

Where does bitcoin scripts fit into this?

Bitcoin scripts give users a way to do efficient micropayments. Suppose there is an online music streaming system where Jim has to pay for every minute he listens to Bitotify until he hits some max threshold and then just gets that bill. Maybe, this is likely silly but Spotify should try this. Billing Jim every minute is expensive since if Jim listened for 129 minutes, there would be 129 transactions and the transaction fees would add up. So, why not just combine the payments at the end so that there is only one transaction.

This is what gets done. A MULTISIG transaction gets created which has the maximum amount that Jim could be billed and it requires that both Jim and Bitotify sign the transaction to release the coins. In addition there is a transaction which will refund all of Jim’s money but is locked until a certain time. Just remember that bit for now and I’ll go back to it in a little bit. After each minute, Jim signs a transaction indicating how many coins he owes. Thus by the time minute 20 occurs, Jim will have signed 20 different transactions which were only signed by Jim and thus are not on the blockchain. Jim tells Bitotify when he’s done and Bitotify signs the most recent transaction that was signed and publish that to the blockchain.

This generates the potential double-spends, then Bitotify should only sign the last double spend. Also, if Bitotify never signs the last transasction there is a feature call Lock Time.

Lock Time A time embedded into a transaction that will not publish a certain transaction until a specified lock time. The transaction will be invalidated if a specific block time or a specific point in time are put into blocks. Thus, this transaction of refund only gets kicked off if they haven’t been spent before.

So if you’re now thinking, SO WHAT!, I’ve got what the benefits are. This means that double spends are protected. Transaction fees are reduced since there is only one transaction being put onto the blockchain. There is no third party, it’s just between the two people.

So, escrow payments, green addresses, and micropayments are all examples of smart contracts. Smart Contract refer to contracts that are upheld be technical implementation of Bitcoin as opposed to laws and courts. In many of the examples, the true win for the blockchain was removing that single entity of validation. I know it doesn’t seem like that specifically when you think of the judge from the escrow payments and Mt. Gox from the green addresses.

A few companies that I’m interested in are Brave Browser, SatoshiPay, and FaucetHubIO. I think the biggest improvement with the Bitcoin micropayments is enabling anonymity payments. So if I like a website, I can donate funds from my browser with micropayments instead of having to face the previous minimum donate amount.

Applications of Bitcoin Scripts: Green Addresses

Applications: Green Addresses

Questions answered in this Post:

What is a green address?
What problem does green addresses try to solve?
Why should this work?
Why is there some negative stigma with this?

What is the problem?

Let’s start with what problem the green address is trying to solve. The goal was to try to do fast transactions for time-critical applications. Generally, bitcoin requires you to wait about 6 confirmations before knowing that your transaction has been incorporated into the blockchain. Thus, using green addresses is supposed to solve this as well as make sure that there are no double spending attacks.

My way of understanding green addresses was to think that the “green address” was more of a marker or reputation address which a third party holds for you. Also, I’ll walk through my example.

Say there is an ice cream seller (Ms. Icee) who accepts bitcoin. When the seller is online, most transactions work out well. However, she drives a truck around a neighborhood and at this point she isn’t connected to the blockchain. How can she still accept bitcoin? He will have made a deal with a respected organization (Mt Gox).

Suzie (prospective buyer) wants a chocolate eclair treat. She will tell Mt Gox who will withdraw from Suzie’s account using the “use green address” check point. Thus, the payment will be sent to the “green address” before forwarding it to Ms. Icee. An extra transaction to the special ECDSA keypair is made before forwarding it to the Ms. Icee. Ms. Icee can check with Mt. Gox and trust the payment because Mt. Gox is trustworthy.

This green address contains special trusted ECDSA keypairs that to indicate the origin of funds to a recipient. It is the Mt Gox controlled address that references Suzie. Everyone needs to trust Mt. Gox and Mt. Gox has to deliver on this.

Negative Stigma

However, Instawallet and Mount Gox fell apart because the transactions were compromised. While, I’m sure someone may try to implement this again, it at least is frowned upon here.

Applications of Bitcoin Scripts: Escrow Transactions using MULTISIG

Applications: Escrow Transactions

Questions answered in this Post:

What is an escrow transaction?
Why does escrow transactions appeal to people?
How does using bitcoin help achieve it?
Is this use case practical?
Name some companies that do MULTISIG transactions.

What is an escrow transaction?

Escrow just means that when there is a trade between two people, there is a middle man who ensures both parties uphold their parts of the deal.

For example, say you want to buy a stuffed teddy bear from far far away. You pay the store owner and the store owner sends you the bear. How do you make sure that the store owners will actually give you the bear when they receive your money? How can the store owner make sure that they will actually receive money from you? Yes, you both could trust each other but that is unrealistic since you don’t know anything about each other. This is where the middle man comes in. Since they are in the business of trust and escrow then you have a better shot at trusting them to make sure the transaction takes place. Better yet, you don’t pay them until you’ve received your end of the deal.

Without the middle man, you give the money to the store owner. The store owner tells you he shipped the product.

Scenario 1:

You get the bear and all is well. Simple!

Scenario 2:

You wait 1 month. No teddy bear. You complain to the store owner who insists he sent the teddy bear. You wait 1 more month. Still no teddy bear. You’re angry and frustrated and still no teddy bear. You wait 1 more month. You find out that the store is no longer in business. You lost money and you have no teddy bear.

With the middle man involved, you give the money to the middle guy. The middle guy tells the store owner, I have the money. The store owner ships the stuffed teddy bear to me. I tell the middle man when I received the teddy bear. The middle man releases the money to the store owner. In this case, if you never receive the bear after 1 month, you can just cancel the transaction and get your money back.

With escrow is better for certain transactions!

Where does bitcoin fit into this escrow situation?

Same scenario. You want to buy a teddy bear from far far away. There is a special transaction called a MULTISIG.

MULTISIG (think Multisignatures)

You create a MULTISIG transaction that requires two of three people to sign in order to redeem the coins. Two of the people in the transactions are you and the store owner. The last in this middle man (Judge). The transaction sends the payment that you deposited only if two of the three sign it. The transaction gets put onto the block chain and then can be said to be “held in escrow”. The store owner can look to the blockchain and be convinced that you paid and decides to send the teddy bear.

Scenario 1

After, you say, “I got the goods”, and now the store owner and you can sign the transactions to redeem the escrowed funds. All is well and really the middle man did nothing since there was no need for them to sign anything.

Scenario 2

You claim “I never get the teddy bear”. Thus, you would never release the money to the store owner. The middle man has to step in and decide if the money should go back to you or to the store owner based on who they can deduce is right. If the middle person decides that you are lying and the store owner did send the bear, then the middle person and the store owner can sign the multisig to move the funds to the store owner. If the middle person decides that the store owner never sent the teddy bear, then the middle person and you can sign the multisig and move the funds back to you.

Is it hard to implement?

There is a CHECKMULTISIG instruction within the script language. This instruction to execute correctly says that it needs at least t out of the n public keys to be provided to be valid. In the case with the store owner, you need 2 of the three public keys.

Last time, I talked a bit about the Pay-to-script-hash script. The multisig is just a special type of the P2SH.

The tutorial from 2015 doesn’t work since the link to the actual tool to the site is expired.

Is there anyone actually doing this?

Yes!

1.EscrowMyBits
This site description is doing exactly what is described. There is even a judge program where people can sign up to be the judge.

2. Many Bitcoin Wallets use it, here’s just a few

Bitcoin Scripts

This is a continuation of the Bitcoin Transaction Basics lecture. I watched the entire third week in one sitting so some of my notes may reference previous posts. This part focuses on “Script” the aptly names bitcoin blockchain scripting language. It’s based on Forth which meant little to me but hopefully means more to others.

Questions answered in this Post:

Why are scripts used instead of just having a public key in transaction outputs?
How do you validate a transaction output?
What is the Pay-to-script hash?
Name at least four characteristics of “Script”.

From the last post, “Each transaction output doesn’t specific a public key, instead it’s a script.” Know that the most import transaction type in Bitcoin is redeeming a previous transaction output by signing it with the correct key. Also, the inputs also contain scripts instead of signature as well.

Output: “Addresses” are really scripts
Simple Script shown has 4 instructions and is called a Pay-to-PubkeyHash.
OP_DUP OP_HASH160 69e02... OP_EQUALVERFIY OP_CHECKSIG
So the input address is also a script that gets combined with the output address
Concat(in.scriptSign | out.scriptPubKey)

scriptPubKey – output script that public key by specifying address to which the public key hashes
scriptSig – signature with that public key.
Together, this lets you claim a public key.

To Verify: Concat script must execute completely with not errors

Bitcoin scripting language(“Script”) History lesson

h5>Build for Bitcoin (inspired by Forth)

simple and compact
support for cryptography (hash function)
stack-based
limits on time/memory
no looping
256 opcodes total(15 disabled, 75 reserved)
logic/datahandling
crypto CHECKMULTISIG
OP_CHECKMULTISIGN
verification requires t signatures

Bitcoin script execution example
This script basically has the sender of the coins specifying the recipient via their public key.

OP_DUP OP_HASH160 <pubKeyHash?> OP_EQUALVERIFY OP_CHECKSIG

1,2 does data instructions ie just push it on the stack
OP_DUP take the value on the top of the stack and duplicate
OP_HASH160 taken the crpytographic hash of the top of the stack
push the pubKeyHash? onto the stack
Now we know what comes next, need to verfiy if they are equal and if equal they get consumed
OP_CHECKSIG verify that the signature is valid, makes sure that the full transaction is valid

Steps in how the stack gets read:
1. Just a data instruction to be pushed onto stack

2.Just a data instruction to be pushed onto stack

3. Next call OP_DUP means creates a copy of the top which was pubKey and place on stack

4. OP_HASH160 means hash that key to create hashed_pubKey
5. Next you’re going to push on another intruction which is pubKeyHash
<pubKeyHash?>

6.OP_EQUALVERIFY as you can infer means check if the top two instructions are equal
<pubKeyHash?> == ?

7. Get the result and then does the signature verify by the instuction OP_CHECKSIG

8. Everything else gets taken off

It’s interesting that 99.9% scripts are just a simple signature script

Proof of Burn script

OP_RETURN
script that can never be redeemed
It’s provable that those costs have been destroyed
OP_RETURN throws an error if ever reached
The data comes after it will never be reached

What’s the point of proof of burn

Write arbitrary data into the block chain
like putting your name or timestamp
destroy a very small amount of currency into the block chain

AltCoins way to bootstrap other coins is by destroying bitcoin

Should senders specific scripts?
If a consumer is ready to pay, what do they need to with bitcoin

Me -> I’m ready to pay
Company -> Cool so we have this multisig which means you have to include a script requiring 2 of out 3 account managers to approve. Make sure it’s perfect or it won’t go through

Me -> Yeah, no.

Instead sender can just send a has of the script that needs

Pay to Script Hash instead

Idea: use the hash of redemption script
OP_CHECKSIG

OP_HASH160

OP_EQUAL

Can create a 2 step process
traditional script had right has

redemption hash deserialized and a second check occurs

so you’re removing complexity from the sender and there is an efficiency gain (only need to put a hash) all the rest of the complexity in the script is pushed to the input script.

Since this was added after the fact, it looks kinda a screwy

FYI: This site has more information regarding he scripting language. Also this is the Github.

Bitcoin Transactions Basics

Bitcoin Transactions

Honestly, initially, this lecture sounded intimidating. He’s like “we’re going to talk low level, real scripts, details and structure of bitcoin scripts in a precise way”. I had flashbacks of x86 machine code taunting me. Don’t be afraid though, it was well presented and well paced.

Also if you watch this lecture, count how many times the word “real” gets used?

Questions answered in this Post:

What arguments makes transaction based ledger more suitable than account based for bitcoin?
What are the components of a transaction?
Explain the reason for a change address.

Bitcoin Consensus gives us:

Append only ledger
Decentralized consensus
Miners to validate transactions (making sure transactions are well-formed)

Assuming a currency exists to motivate miners!

He started out with this chart of what an account-based ledger (not Bitcoin) looked like before showing the bitcoin based ledger. The issues with this account-based ledger is that everyone needs to keep track of the account balances.

Transaction Based Ledger (Bitcoin)

Transaction	Input	Output	Signed
1	0	25 ->Alice	no one
2	1[0]	17 ->Bob,8 -> Alice	signed(Alice)
3	2[0]	8 -> Carol,9-> Bob	signed by Bob
4	2[1]	6 -> David,2 -> Alice	signed by Alice

2[1] mean transaction 2 output 1

This is all implemented with hash pointers which have been covered in week 1 as well as building upon it constantly. Thus by the time transaction 4 occurs, there is now a long chain. Transaction specific the number of inputs and number of accounts and thus keep track of the state.

For these transactions it’s important to note that when Alice gives 17 coin to Bob, she also needs to give 8 coin back to herself.

Change Address – because coins are immutable, the entirety of a transaction output must be consumed by another transactions. The left over amount that has the potential for being given back to the original input still has a transaction to receive the coin.

Efficient Verification This new ledger means that you do not have to go up the entire change. You only need to scan the block chain between a reference transaction (input) and the latest block.

Join Payments instead of doing 2 transactions

Transaction	Input	Output	Signed
2	1[0]	17 ->Bob, 8 -> Alice	signed(Alice)
3	2[1]	6 -> Alice, 2-> Bob	signed(Alice)
4	3[0], 3[1]	8 -> David	signed by Alice, Bob

There seems to be quite a few issues on the video which are mentioned below. I have changed the examples to reflect these inconsistencies.
https://www.coursera.org/learn/cryptocurrency/discussions/weeks/3/threads/ngwguLVDEeatew7zqUaXxg

Bitcoin transaction representation

{ "hash": "5a42...", "ver":1, "vin_sz":2, "vout_sz":1, "lock_time":0, "size":404, "in": [{ "prev_out":{"hash":"3be4", "n":0}, "scriptSign":"3044" }], "out":[{ "value":"10.122", "scriptPubKey":"OP_DUP OP_HASH160 69e... OP_EQUALVERIFY OP_CHECKSIG"}]}]}
3 parts

Meta Data – Housekeeping that has size of trxn, # of input, # of output, and has of entire trxn
"hash": "5a42...", "ver":1, "vin_sz":2, "vout_sz":1, "lock_time":0, "size":404
Inputs – array of previous trxn (hash form)
prevTrans
Signatures
Outputs – contain the value and the sum of all output
value
Recipient Address? but its really a script

Mining, Bootstrapping, and recap

These are my notes of the tenth lecture from Coursera’s Bitcoin and Cryptocurrency Technologies during Dec 2016 – Feb 2017.

Questions answered in this Post:

What do you have to think about if you’re a miner?
What is hash rate?
What is bootstrapping?
What are some attacks on bitcoin?
Define and discuss the different types of consensus?

Economics question, is it profitable for a miner to mine?
The generic internet article seems to say “It depends”. I don’t think it is from reading various online posts. But before I rush into it without real proof, what exactly would be considered a profit in bitcoin.

The positive gains in bitcoin come from the block reward (~12 BTC) and transaction fees. This is only worthwhile if it it greater than the negative losses (costs). The losses come form all hardware (fixed costs) and operations (variable costs).

If mining reward (block reward + Tx fees) > hardware + electricity cost -> You profit!
It’s not so simple because reward depends on the rate at which the miners find block whih is linked toward their hash rate to the total global hash rate.

Hash Rate – is the speed at which a computer is completing an operation in the Bitcoin code. A higher hash rate is better when mining as it increases your opportunity of finding the next block and receiving the reward.
~bitcoinsimplified.org/definitions/

Also, the costs will be variable depending on the Bitcoin exchange rate as well as differences other fiat currencies. Also miners technically don’t have to add the block to the larger chain, they could have a another strategy that is not being captured.

Recap Section of Key Topics

Satoshi – smallest denomination 1e-8 BTC

Prior to this recap I’m jotted down my thoughts with how I understand/what I remembered.

Identities: they’re hard and not fixed in bitcoin. We did talk about public keys being identities in week 1 but that seems not to hold since bitcoin has pseudoanonymous nodes

Transactions: combined together to form a block
Single transaction is signed by the one person. Then the transaction does something like transfer the coin to another. The transaction also contains a hash of the history of the previous transactions of that coin.

P2p: Bitcoin is a peer to peer network. When you try to determine consensus regarding the ledger, there is not specialized nodes, everyone is able to participate.

Block chain and consensus: The history of transactions of data structure of a hash pointer is a block chain. Consensus is what allows a block to be added on the distributed ledger

Hash Puzzle Mining: This is how bitcoins are created
The H(nonce | prev_hash | tx | tx … )) The hash of the concatenation must be less than some target value to be considered a valid coin that gets created.

Recap

Identity: no real world identity required, can just create a psudoanonymous
Transactions: messages that broadcast to the Bitcoin P2P network that are instructions to transfer a coin from one address to another

Coin – chain of transactions

P2P – goal to propagate all new transactions to all the new Bitcoin peer nodes, it tries its best effort
The security comes from the blockchain and the consensus protocol

Blockchain – transaction achieves a lot of confirmations and while it will never be 100% you have a high confidence
Orphan blocks –
Alice 100x computing power to Bob
Bob will find 1% of blocks Alice finds

Miners – equal benefit to the cost if they want to maintain their job

How deeply does distributed consensus play into bitcoin? exchange rate of the currency. ownership of coin. creation of blockchain.

Bitcoin has three types of consensus

value
state
rules

Bootstrapping

Bitcoin is a bootstrapped. Bootstrapping is how to get the cryptocurrency started and working/ creating a healthy mining ecosystem.

health of mining ecosystem ->
prerequisite for create largely honest bitcoin network
people will only mine if the value of bitcoin is high while expenditure in dollars
security of blockchain – we want to blockchain to be secure to be viable, then an adversary can’t overwhelm the process and that requires healthy ecosystem
->
value of the currency: if users want to buy Bitcoin trust in the security of the Bitcoin

Thus, there is a circular interplay meaning how does this system get started? Right, so Arvind is really really excited about this which you can tell by the fluctuations of his voice.

Anyway, what was time like before the dinosaurs… before bitcoin became bitcoin. This process has to be done by every altcoin. I didn’t feel like I understood the response. I got that he felt it was amazing but exactly how bootstrapping happens, I’m at a loss.

Potential Attacks

What would happen if consensus failed and there was a malicious node that contained 51%

steal coins from existing address?
Let’s say the 51% creates an invalid block

Suppress these transactions
from the blockchain
from the P2P network

Change the block reward
Destroy confidence in Bitcoin

Can someone steal coins from existing address?

Creates an invalid block with an invalid trxn. While teh attacker can pretend, other honest nodes probably won’t accept it.

Thus there will be a fork in the chain. With the POV from the attacker trying to sell the node. He can tell that even if its the longest branch its not correct.

Subverting consensus is not enough and thus not possible

Can the attacker suppress some transactions?

Let’s say the the 51% suppresses everything Carol does. However, the p2p network does not depend on the block chain, thus the peer to peer network will receive the broadcast and notice that Carol’s blocks are just not getting published

A 51% attacker can potentially:

Make it unprofitable for other miners to mine
Change the block reward
Suppress transactions from the blockchain

Can the 51% attacker change the block reward

No, because the attacker does not contain the Bitcoin software that the honest nodes are using

What about them destroying confidence in bitcoin?

behavior of not extending the longest chain
then the value of the currency will fall

This is possible and likely if this were happen. Apparently this is the main possible threat.
It’s interesting because in my opinion it reminds me of trust in the dollar versus being backed by gold or not.

Incentives and Proof of Work

These are my notes of the ninth lecture from Coursera’s Bitcoin and Cryptocurrency Technologies during Dec 2016 – Feb 2017. The lecture answered quite a bit of my questions regarding mining. Prior to this lecture, I knew that people mined by doing some heavy computational. Now, after learning about the background regarding incentives, it actually seems more reasonable. I was most shocked to realize that there will be only 21 million bitcoin create ever unless people change the rules.

Questions answered in this Post:

High level, how does incentives help?
What are block rewards and how does the reward gained change?
What are transaction fees and how do they change?
What is PoW and PoS and not Prisoner of War and Point of Service?
How frequently are block created?
What is a nonce? How is it used?

In the previous section looked at the consensus algorithm.

This lecture discussed a second part of Bitcoin’s decentralization called incentive engineering. What does this incentive engineering mean besides sounding like fancy name for treats?

Previously, it was discussed that there was a assumption that at least 50% of the nodes were honest and that one is able to pick a random node. Also, we would know if there was a Sybil attack as each of the nodes created by the Sybil would still be tracked to only a single user.

Assumption of honesty is problematic especially if there is financial incentive to subvert the system. Since nodes don’t have identities, one is unable to penalize the group that creates the malicious blocks.

Can we reward the blocks on the long standing chain? Yes. Use BitCoins to incentive the nodes that created these blocks

Two Incentive Mechanisms in Bitcoin

Incentive 1: Block Reward

Simply, you get bitcoin for creating a block. The amount of bitcoin you get changes over time. Actually according to < href="http://www.bitcoinblockhalf.com/">BitcoinBlockHalf. The coin reward is currently 12 and it will drop to 6 in 2020.

The block creator only gets to collect the reward only if the block ends up on the long-term consensus branch! Thus one is incentivized to behave honestly and to agree.

There is finite supply of bitcoin: 21 million
Block reward is how new bitcoins are created
Runs out in 2140. No new bitcoins unless the rules will change

Incentive 2: Transaction Fees

The second way is via transaction fees. This mechanism made more sense to me given that when you trade at least on financial markets you have to pay some amount for the processing. Thus the nodes who are doing this service can choose to take some amount for doing the transaction. From looking at things like Ethereum with gas, this is used as well and there exists a market value to see what the transaction price should be set as. If you give more than your transaction will be picked up faster.

Remaining problems

How to pick a random node?

How to avoid a free-for-all due to reward

How do you avoid Sybil attacks? We made an assumption earlier

Then he started talking about something called Proof of Work. That peaked my interested since almost every bitcoin blog/youtube channel talks about this versus Proof of Stake.

Proof of Work

This is supposed to answer how to select a random node. The node will be selected in proportion to a resource that nobody should be able to monopolize on it.

Proof of Work – resource for giving nodes power is computing power
Proof of Stake – resource for giving nodes power is currency ownership

My thought was, wouldn’t someone be able to monopolize on ownership? Like is the actual answer, more is power. Well first let’s talk about what proof of work means.

select nodes based on computing power?

Select nodes in proportion to computing power
Let nodes compete for right to create block
Make it moderately hard to create new identities
(Attacks on identity creation and on the Sybil attack)

Let’s look at a more concrete example. I agree it sounds vague and I’m lost. Though looking at the next slide that just says hash puzzle and has the words nonce… this does not look that illuminating.

Nonce – specific number (Again, according to Merriam-Webster: the one, particular or present occasion)

So bitcoin achieves Proof-of-Work using hash puzzles. I’ll talk more about the hash puzzle further down.

To create a block to add to the block chain, you need to find “nonce” such that H(nonce | prev_hash | tx| tx…|tx) is very small.

(nonce | prev_hash | list of trxn that comprise the block)

Then take the hash of this whole, long string.

Then the hash if correct, should be a very small number . By very small, I mean that it falls within a certain target space in relationship to the output space of the hash.

If the hash function is secure, the only way to succeed to try enough nonces until you get lucky. The reason for the nonce is that you want to make it moderately difficult.

This is the computational puzzle that the node is required to create a new block.

Proof of Work Properties:

Difficult to compute
Aug 2014: about 10^20 hashes/block
only some nodes other to compete – miners
Parameterizable Cost
Nodes automatically re-calculate the target every two weeks
average time between blocks = 10 minutes
Easy to verify – once you find the nonce, everyone else can check. Thus no need to have centralization since other miners will verify another miner.

What this means is that if you’re a miner, and you’ve put in some capital, over a two week period, there should be more blocks found. Thus you constantly need to put in more hardware investment to find more blocks.

Prob(Alice wins next block) = fraction of global hash power she controls.

If blocks came close together, there would be less efficient. We like putting hundreds of transactions into the block.

Key Security Assumption

attacks infeasible if majority of miners weighted by hash power follow the protocol (honest)
if the majority are honest, because of the competition of competing for block then you know they will come from an honest node

Solving hash puzzles is probabilistic

Need to try them one by one to hope one succeeds

Bernouilli Trials
Poisson Process should shows this exponential distribution

for a individual miner:
mean time to find block = 10 min/fraction of hash power

Proof of work is a way to

Select nodes in proportion to computing power
Let nodes compete for the “right” to create blocks

A block in the block chain was found at time t. What is the probability that the next block was found at or before t+10 min? Assume that the total hash power of the network stays constant.

More than 50%