Basics of Blockchain & Bitcoin | CS 6262 Network Security

01 //

Hash Functions

Hash table quiz: h(w) = length(w) mod 5. Joe (length 3) → slot 3, but Sue is there. Collision - weakness of this hash function.

Cryptographic Hash Quiz

No key - true; hash functions do not have a key
False: "major drawback is easy to find collisions" - good hashes make this infeasible
Message integrity - true; primary use

Properties

Easy to compute H(m); fixed-length output (128–512 bits)
One-way: given H(m), no easy way to find m
Weak collision resistant: given m₁, infeasible to find m₂≠m₁ s.t. H(m₂)=H(m₁)
Strong collision resistant: infeasible to find m₁≠m₂ s.t. H(m₁)=H(m₂)

02 //

Hash Pointers & Blockchain

A hash pointer contains a pointer to data and the cryptographic hash of that data. With it we can get the data and verify it hasn't changed.

Key Idea

Build data structures with hash pointers. A linked list with hash pointers = blockchain.

Blockchain Structure

Each block: data + prev: H(block). Last block's hash = root. Append by adding block, computing its hash, storing as new root.

Tamper-Evident Log

If attacker changes data in a block → hash mismatch in next block's pointer. Changing that hash cascades; root changes. Remembering one root suffices to detect any tampering.

03 //

Digital Signatures & Identity

Only you can sign; anyone can verify. Signature is tied to a document - can't cut-and-paste.

API

(sk, pk) := generateKeys(keysize)
sig := sign(sk, message)
isValid := verify(pk, message, sig)

Requirements: valid signatures verify; adversary with pk and chosen-message access cannot forge signatures.

Public Keys as Identities

If verify(pk, msg, sig)==true, think: pk says "[msg]". To speak for pk you must know sk.

Create identity: new random (sk, pk); pk (or Hash(pk)) = public name
Decentralized: anybody can create identities; no central coordinator; make as many as you want
In Bitcoin these are called addresses

04 //

GoofyCoin

Simplest cryptocurrency: Goofy can create new coins; new coins belong to creator. Owner can spend using crypto.

CreateCoin

Goofy creates CreateCoin[uniqueCoinID], signs with pk_Goofy. String + signature = coin. Anyone can verify.

Pay to pk

To transfer: create Pay to pk_Alice: H(coin), sign as owner. Recipient can pass on again by creating new Pay statement signed by them.

Double-Spending Attack

Alice pays same coin to Bob and Chuck with two signed statements. Both have valid-looking claims. Main design challenge in digital currency. GoofyCoin does not solve it.

Cryptocurrency Quiz

True: Security of ledgers depends on honesty of miners
False: Most cryptocurrencies maintain production for inflation - they reduce production (precious metals model)
False: Pseudo-anonymous → more susceptible to seizure - they are less susceptible

Wallet Quiz

Type	Characteristic
Hot	Connected to internet
Cold	Offline
Desktop	Laptops, PCs
Mobile	QR code, instant payments
Online	Cloud-provided
Hardware	Top-grade cryptography

05 //

Scrooge Coin

Designated entity (Scrooge) publishes an append-only ledger. All transactions written before acceptance. Prevents double-spending by visibility.

Implementation

Blockchain signed by Scrooge. Each block: transactions + hash pointer to prev. Scrooge signs final hash. Optimization: multiple transactions per block. Blockchain + signature = append-only - changes cascade and are detectable.

Transaction Types

CreateCoins

Creates new coins. Each has (num, value, recipient). Valid if signed by Scrooge.

PayCoins

Consumes (destroys) coins; creates new coins of same total value. Valid if: consumed valid, not already consumed, value in = value out, signed by all owners of consumed coins.

Immutable Coins

Coins never changed, subdivided, or combined directly. Use transactions to do so.

Centralization Problem

Scrooge prevents double-spending but has too much power: can refuse to endorse, demand fees, create coins for himself. Cryptocurrencies with central authority have failed to take off.

06 //

Bitcoin: Decentralization

To decentralize: (1) single published blockchain, (2) agreement on valid transactions, (3) agreement on which occurred, (4) decentralized ID assignment, (5) decentralized mining.

Distributed Consensus

Requirements: all correct nodes decide same value; value proposed by some correct node. Bitcoin: peer-to-peer; Alice broadcasts tx to all nodes; Bob's computer may be offline.

Why Hard

Nodes crash, malicious; network imperfect (faults, latency); no global time. Bitcoin: uses incentives; embraces randomness; consensus over long timescale (~1 hour).

Consensus Algorithm (Simplified)

1

New transactions broadcast to all nodes
2

Each node collects tx into block
3

Random node broadcasts block each round
4

Others accept only if all tx valid (unspent, valid sigs)
5

Acceptance = including block's hash in next block

Safeguards

Stealing: requires forging signature - infeasible if crypto solid
Double-spend: only one of two conflicting tx can be in chain; honest nodes extend longest valid branch
Merchant: wait for confirmations (blocks on top); 6 confirmations common heuristic
Protection vs invalid tx: crypto + consensus; vs double-spend: purely consensus; guarantee is probabilistic

Top Cryptocurrency Failures Quiz

Name	Description
Spacebit	Globally accessible blockchain via nanosatellites
GetGems	Social platform, crypto for viewing ads; popular in Uzbekistan
Dogecoin	P2P; charitable (Jamaican bobsled 2014)
Paycoin	White paper: new blockchain variations
DAO	Largest crowdfund; smart contract exploit, ~$50M loss

Incentives

Block Reward

Creator includes special coin-creation tx (e.g., 25 BTC); halves every 4 years. Collectible only if block in long-term consensus. Finite supply; ~2040.

Transaction Fees

Output < input; remainder = fee to block creator. Voluntary tip now; may become primary when block reward ends.

Sybil Attack Quiz

True: Attacker creates many fake identities to change voting/control network
True: Targets reputation systems in P2P
True: Can be stopped if users give up anonymity

07 //

Proof of Work

Pick node in proportion to resource no one can monopolize. Proof-of-work: proportional to computing power. Alternative: proof-of-stake (ownership).

Hash Puzzle

Find nonce s.t. H(nonce ‖ prev_hash ‖ tx ‖ … ‖ tx) is very small (below target). Only way: try nonces until lucky.

Proof of Work Quiz

True: PoW costly/time-consuming to produce
False: Costly to verify - trivial (nonce published; check H < target)
False: Miners complete "some" work - must complete all
True: Changing block requires redoing all successors

Properties

Difficult to compute - ~10²⁰ hashes/block (2014); only miners compete
Parameterizable - target recalculated every 2 weeks; avg 10 min/block
Trivial to verify - nonce in block; check H < target
Mining economics - profit if (reward + fees) > (hardware + electricity)

Security Assumption

Attacks infeasible if majority of miners (by hash power) follow the protocol.

51% Attacker

Action	Possible?
Steal coins from existing address	No - signatures
Suppress tx from blockchain	Yes - refuse to extend
Suppress tx from P2P network	No - broadcast
Change block reward	No - system rules
Destroy confidence	Yes

08 //

Summary

Blockchain & Bitcoin - Takeaways

Hash pointers - data + hash; tamper-evident; blockchain = linked list with hash pointers
Public keys as identities - decentralized addresses
GoofyCoin - CreateCoin, Pay; double-spend unsolved
Scrooge Coin - append-only ledger; CreateCoins, PayCoins; centralization problem
Bitcoin - distributed consensus; incentives; Proof of Work; 51% attacker limits