TECHNOLOGY BEHIND BITCOIN

Bitcoin system is a peer-to-peer network. A node in a P2P network is any computer sys- tem with software installed in it. A node on receiving data from another node verifies,

stores, and propagates the information to every other node connected to it. Information is transferred this way from one node to every other node in the network. A transaction can have any number of inputs and outputs. An input contains the reference to the output from the previous transaction, while the output of a transaction holds the receiving address and the corresponding amount.

Bitcoin is a proof-of-work (PoW) system that requires computation of a piece of data, which is counterintuitive and satisfies certain criteria. It is computationally costly and time-consuming for users to generate this data, but they are rewarded for attempting to do so. PoW computation is a random process and is estimated on trial and error basis. Therefore, a user with higher computational power can influence the network and is not solely based on the number of network identities a user holds. There are many PoW functions, of which Bitcoin uses Hashcash as the mining core (Black, 2002). SHA256 is the most widely used PoW scheme, introduced for Bitcoin system. Few other PoW hashing algorithms include Scrypt, CryptoNight, HEFTY1, Quark, and Blake-256. In addition to PoW system, there are other similar schemes that are used to secure the cryptocurrency network.

Proof of stake is used as an alternative to PoW in cryptocurrencies like Peercoin (Reed, 2014). While the probability of mining a block in PoW scheme depends on the work done by the user, proof of stake requests the user to disclose the amount of his or her stake ownership of that currency. A user holding 5% of the currency has the probability of mining 5% of that currency’s proof-of-stake blocks. Proof-of-stake scheme also increases the network security by reducing malicious attacks on the system. This is due to the fact that as an attacker has to own near majority of the network to be successful in his or her attempt, he or she would be affected to a greater extent by his or her very own attack.

Proof of burn is used to destroy (burn) coins. To burn bitcoins means to send those bitcoins to a verifiable yet nonspendable address. This is possible only if the address is not generated from a private key. Chancecoin is a cryptocurrency that uses this scheme.

Proof of solvency is a scheme that allows the users to verify the solvency of the online exchanges that accept Bitcoin deposits. It is based on the proof of assets and liabilities, which can be determined by implementing a code. This scheme can only indicate the insolvency of an exchange and cannot do anything more to prevent it. Bitcoin exchanges like Kraken, Bitfinex, and Bitstamp have proved their proof of solvency. Proof of sol- vency has been limited to Bitcoin reserves and can be verified from anywhere in the world.

Proof of reserve is similar to proof of solvency and has been designed to prevent bank- ruptcy of an exchange. Since the demise of Mt. Gox, clients have realized the importance of verifying the reserves held by exchanges. Every exchange selectively discloses infor- mation about the funds held while maintaining the privacy of the other clients. Most of

47 Bitcoin Mining Technology

the exchanges use Merkle trees for this purpose, where a company can prove the process involved in calculating the total funds held. Bifubao is one good example of exchanges that follows proof-of-reserve scheme to provide extra security to the users (Bifubao, 2014).

3.2.1 Block

The complete history of transactions is stored by everyone, so anyone can verify who the current owner of any particular group of coins is. Transactions are grouped into blocks. The number of transactions in a block is determined by the size. The size limit for a block is 1,000,000 bytes to support quick propagation and reduced anomalies. The size of each transaction is determined by the number of inputs and outputs of that transaction. Figure 3.1represents a block, which consists of two segments, the header and the body. The transactions are included in the body of a block, while the header consists of seven fields as shown below. A block version number depends on the version of the software used to generate that block. Hash PrevBlock is a 256-bit hash value that serves as the reference to the previous block of the blockchain. The Merkle root is the hash of all the transaction hashes in the block. Transactions of a block are hashed only indirectly through the Merkle root. Therefore, hashing a block with one transaction takes exactly the same amount of effort as hashing a block with 1000 transactions. Time stamp field represents the current time stamp as seconds since 1970-01-01T00:00 UTC (coordinated universal time from January 1, 1970).

The bit field represents the current target value. The SHA256 hash of a block’s header must be lower than or equal to the current target for the block to be accepted by the

Version 02000000

Previous block hash (reversed) 17975b97c18ed1f7e255adf297599b553 30edab87803c81701000000000000000 Merkle root (reversed) 8a97295a2747b4f1a0b3948df3990344

C0e19fa6b2b92b3a19c8e6badc141787 Timestamp 358b0553 Bits 535f0119 Nonce 48750833 Transaction count 63 Transactions

network. This is the mathematical puzzle that has to be solved, in order to validate the block. The target value decreases with increase in the difficulty measure. Difficulty, as its name suggests, is a metric that determines how hard it is to solve transaction blocks, and it varies according to the network hashrate. The target value is inversely proportional to the difficulty of generating a block. A nonce is an 8-byte field in the block header.

The value of nonce is altered so that the hash is below the target. It starts with “0” and is incremented for every hash. The value is guessed until the hash containing the required number of leading zeros is found. The number of transactions included in the block is displayed in the last field of the header.

3.2.2 Blockchain

Blockchain is a sequence of blocks, which holds the complete record of transactions like a public ledger. This indicates the order in which the transactions occurred. Figure 3.2 represents a blockchain where the most recently validated block points to the immedi- ately prior block generated.

Each block in the chain confirms the integrity of the previous one, all the way back to the first block called the genesis block. No party can overwrite previous records by forking the chain.

3.2.3 Block-hashing mechanism

Bitcoin uses Hashcash functions like SHA256 (double-SHA256 function to avoid partial attacks). SHA256 transforms the input message into a 256-bit message digest. Hashrate is the measure of the number of calculations (hashes) per second that the hardware can per- form, as it tries to crack the mathematical problem. The higher the hashrate when com- pared with the current average hashrate of the network, the more likely it is to solve a transaction block.

A node after verifying the entire blockchain collects the newly generated (uncon- firmed) transactions and suggests to the network what the next block should be. There

… Block 2 Genesis block Block n−1 Recent block Figure 3.2 Blockchain. 49 Bitcoin Mining Technology

is a possibility for multiple nodes to create such blocks at the same time; therefore, in order to validate a block, the node must contain a solution to a very special math problem. Computers use a cryptographic hash to estimate an output until it is below the target value (given by the “bits” header field), and the only way to predict the output is by ran- dom guesses. The first node to solve the block broadcasts it to the network and gets accepted as the next block in the chain.

LetHbe a fixed hash function of the network that is built into the protocol. Ifxrep- resents the pending transactions andnrepresents the nonce, thennis appended toxand the combination is hashed. The output hash begins with zeroes and has to be lesser than the target (bits header field) to validate the block. The puzzle here is to determine the value of the nonce for which the hash output is lesser than the target. The number of zeroes at the start of the output value indicates the difficulty of solving a block. A complex PoW puzzle will have a longer run of zeroes and this increases with more mining activity. The difficulty in solving a puzzle is because of the fact that the cryptographic hash func- tion produces a random number. A change in the input by one bit would generate an entirely different output, thereby making it hard to predict. The block header repre- sented by the hash output is therefore lesser than the target on the validation of the block. Once solved, the hash output is like a fingerprint that uniquely identifies that block. This hash output is also used as the previous block reference. The target value is automatically adjusted by the network to ensure that a validation process takes about 10 min on average. On determining the appropriate nonce value, the node transmits the block of transactions along with the nonce value to the other nodes in the network. The other nodes verify the validity of the solution and update their blockchain with the new block received. For instance, consider a nonce value of 0 that is appended to a string value. The hash output generated may not be lesser than the target. Nonce (x¼9270) is incremented for every trial until the output determined is less than the target.

H(“Hello!0”)¼

1312af181c275f94028d480a6adc1e125b1caa44c749ec81976192e2ec934c64 H(“Hello!9270”)¼

0000000002fc32107f1fdc0241fa747ff97342a4714df7cc52ea464e12dcd4e9

The validation process of a block is called mining. A bitcoin miner receives an incen- tive for expending their computation power for validation, which strongly supports the PoW system. A miner receives bitcoins for every block of transactions validated. Initially, 50 bitcoins were awarded for every successful validation. However, approximately, for every 210,000 validations (4 years), the number of bitcoins rewarded halves. Currently, the reward is 25 bitcoins. In addition to this, a miner also earns transaction fee that has increased slightly from 0 with the recent popularity of Bitcoin system. The reward system has made Bitcoin mining extremely competitive. The most important factor that deter- mines a miner’s probability of being successful is the amount of computing power held, as it is more likely to earn more bitcoins with larger computing resources.

It is also possible for multiple nodes to validate a block at the same instant. This creates a fork in the blockchain.Figure 3.3represents such a case, where the other subsequent nodes keep track of both the forks. Miners work to extend the fork that is the longest in the blockchain. Consider two forks created by simultaneously validated blocks A and B. Miners work on both the forks and add the newly generated block to one of them. When a new block is added to block A, the miners working on fork B will switch to A and block B is abandoned. Block B now becomes an orphan block.

3.2.4 Bitcoin address

To make a bitcoin transaction, a user generates the public and the private key pair using the “wallet” program installed in the computer. A new key pair can be created for every transaction made and each one is entirely independent of the prior. The wallet data file holds the Bitcoin addresses and the corresponding private keys. A Bitcoin address is a 160-bit hash value of the public key. The key pair created is based on ECDSA.Figure 3.4 shows the flow of the process of generating a Bitcoin address.

The public key is hashed using SHA256. The result is again hashed using RIPEMD- 160, which is a cryptographic hash function that generates a 160-bit value. The version (1 byte, 000) is appended to the start of the 160-bit hash. Double-SHA256 iteration is performed on this value.

Checksum is the leftmost 4 byte of the double hash. This checksum is added at the end of the RIPEMD-160 result, after which it is converted to a base58 string using Base58Check encoding. This format of Bitcoin address is referred to as Base58Checked address. Bitcoin wallets check the validity of the address before every transaction. The addresses contain built-in check code, thereby making it resistant to typological errors.

Block A

Block B

Recent block

Block n−3 Block n−2

Figure 3.3 Fork in blockchain.

51 Bitcoin Mining Technology

The PubKeyHash is Base58Check encoded to get the Bitcoin address with a version number and checksum. The probability of the checksum resulting in an incorrect but a valid PubKeyHash on decoding is approximately 1 in 4.3 billion. To lose bitcoins in such a case, in addition to an invalid address, there has to be a valid one that decodes to a different PubKeyHash that generates the exact same checksum. For a transaction of the sort, it will be spendable only by the person who knows the private key for the incor- rect address (public key).

These addresses are randomly generated numbers and it is unlikely for two or more users to have the same address at a given time. If there is a collision, then both the owners can spend the money sent to that address. However, neither of them can spend the entire amount in that particular colliding address. It is more likely for a user to earn profits from mining bitcoins and transaction fees rather than creating a collision intentionally, because it would approximately take 2107times longer to collide with an address than to solve a block. Bitcoins can also be sent to IP addresses, but the current implementation does not provide authentication for the same. So a middleman can intercept the transaction, pretend to be the destination address, and receive the bitcoins. Nowadays, advanced

1 byte (0×04) 64 bytes Public key: 1 64 bytes 1 20 bytes 1 20 bytes 4 bytes 1 20 bytes 4 RIPEMD160 (SHA256 ( )) Network ID byte Main network: 0_×00 SHA256 (SHA256 ( )) Checksum:

25 byte binary address:

Base256 to Base58 conversion Bitcoin address

Private key: Key conversion (one-way)

computers are being used in the competitive Bitcoin mining environment and efforts are being taken to also develop a quantum computer for the same. The implications of quantum computing in Bitcoin world are further discussed in the article (http:// www.bitcoinnotbombs.com/bitcoin-vs-the-nsas-quantum-computer/;Chris, 2014).