Please enable JavaScript.
Coggle requires JavaScript to display documents.
Week 3: bitcoin mechanics and optimization (cryptographic hash functions…
Week 3: bitcoin mechanics and optimization
cryptographic hash functions
trust the consensus among the members
how to prevent from modifying and replacing the transaction in a block?
to make block updates through the proof of work
a tamper evident system
mathematical fingerprint is a kind of standardized randomness
look at the man but you can't predict the fingerprint
look at the fingerprint you can't predict the man
utilize cryptographic hash function
analogy - human finger print system
unique, difficult to forge, and predict
for identification at immigration
generate "fingerprint" for the meaningful data
meta data in the block header plus cryptographic hash function
Basics
Block structure / content
block #
Jason format
each block contains
block size
block header
contains meta data about the components in the block
simply a hash of the fields concatenated
Merkle root
1 more item...
previous block hash
3 more items...
Nonce
1 more item...
making use of hash function
transaction counter
how many transactions within the block
transactions
about the actual transaction data
note: it can be publicly accessed
mining
like throwing a dart while being blindfolded
meaning equal opportunity of hitting everywhere of dart board
meaning more throws more results higher chance of hitting the target area
mining is to find out the value of x such that H(x) < target
puzzle difficulty
inverse to the time for working out previous 2016 blocks
can be adjusted by requiring the number of zero in the block hash
adjust the ratio on the areas of valid block to invalid block
more numbers of zero required
more difficulty
adjust with global hashrate
On average it expects 10 mins to solve the puzzle. so, two week times equal 2016 x 10 mins = 2016 mins = 14 days = 2 weeks. Which becomes the standard level of difficulty
note the hashpower of network vary
every two weeks to check how many valid hashblock found
reward from the first coinbased transaction in the block
the coinbased transaction has a nonce which is used in the hash puzzle
mining pseduocode
it infinitely loops tills it finds a valid block
In each loop, we try a Coinbase nonce first, and then in an inner loop, exhaust all possible
values for header nonces. then we increment the Coinbase nonce, and repeat this cycle.
changing the Coinbase nonce changes the merkle root
due to expensive, so, we optimize by trying nonces in such a way as to only have to calculate the merkle
root in each iteration of the outermost loop.
pseudo random output
every time same output image if the same input (pre image)
three key properties
pre-image resistance
meaning the difficulty in finding an input for given some output
means how difficult in terms of computations, it finds an input to fit into the given hash function f() and the given output f(x)
analogy: by looking at the fingerprint, could you tell whose fingerprint?
second preimage resistance
analogy: Could you find another person with the same fingerprint as the given one?
given x, how difficult in computation, you could find x' which has the same hash function output as f(x) = f(x')
collision resistance
analogy: how difficult to find two random persons having the same finger print?
technically, what computational difficulty to find two arbitrary x and y with the same hash function output such that h(x) = h(y)
outcome is Avalanche effect
with the given hash function, it is not able to guess the output by by changing the input a bit each time.
SHA256
hash function by NSA
input allows 2^64 bit
output is constant of 256 bits
SHA256^2 or SHA256d
means SHA256(SHA256(x))
Secure Hash Algorithm
digital signature
anonymously
using private key & proving by public key
encrypted by sender's private key
decrypted by sender's public key
in Bitcoin, they are generated by Elliptic Curve Digital Signature Algorithm ECDSA
trustlessly
send messages and transactions
support tamper evident
validating the authenticity of the sender
and integrity of the content
mathematical algorithm
Digital Signature Scheme DSS
Message original
senders' private key authorize the message or transaction
Non reprodiation
no backtrack to senders' private key
message integrity
message cannot be modified since sending
Key and addresses
one way function
ECDSA
general form: y^2=x^3+ax+b
e.g. secp256k1
y^2=x^3+7
private key: n
public key: np = p+ ... + p
address: RIPEMD 160 (SHA256(nP))
shorten to 160 bits
modified to be user friendly
1 more item...
symmetry over x axis
chord tangent process
R= P + Q
infinite field
for all possible values in a constant amount of space
Elliptic curve discrete logarithm problem
Hash
trap door
Private key --> ECDSA --> Public key
Public key --> Hash(RIPEMD) --> Bitcoin Address
digital signatures
elliptic curve digital signature algorithm
Bitcoin script
functionality
processing the transactions between two people
processing multi-signature transactions
Transactions
UTXO model
map input to output
signature of owner's fund
spending = redeeming the previous transaction output
using proof
public key + signature in Pay-to-Pub-Key-Hash
script + signature in Pay-to-Script-Hash
content has three main sections
meta data
housekeeping data
unique transaction ID
hash of the transaction as the unique ID
locktime
size
vin_sz means vector input size
size (number) of inputs
number of input UTXOs referenced in this transaction
vout_sz
size (number) of outputs
number of new UTXOs being created
version
version of Bitcoin software in use
inputs
a list of previously created UTXOs
hash of unique IDs of previous transaction (outputs) containing relevant UTXOs being redeemed
"n": 0 / 1 / 2
index of input in previous transaction
0 = first; 1=second
a proof
i am the redeemer
allowing to produce new output(s)
scriptSig
signature used to redeem previous transaction outpout
Proof of identity:
(1) legitimate fund owner hash its public key to generate the same address as the output in the previous UTXO.
(2) using private key to hash it as a signature. (prove the ownership of the private key which can generate that public key provided and used in the output of the previous UTXO.)
unlocking --> spending the fund by giving proof of the ownership of the private key
verification: your public key will be hashed to see if the result is the posted "address" in the output of the previous UTXO.
output
a list of new UTXOs
sent to new addresses
accompanying output address
script function 1: lock the transaction and make it redeemable only by the specific proof
scriptPubKey
output "addresses" are specific and created by hash
(the recipient's public key)
the amount can be only redeemed by the public key that hashes to address X, plus a signature from the owner of the public key
Pay-to-PublicKeyHash (P2PKH)
value comes with script to lock up from others, except the redeemer provides a proof
the smallest unit of Bitcoin is Satoshi
One Bitcoin can be converted to 1 million Satoshi
divisible in 8th decimal places
output amount
scripting language
extensible:
flexible and easy to manage different types of transaction
stack based and native support for cryptography
instruction execution in a stack based order:
new data at the top
old data
old data
old data at the bottom
FUNCTION
ScriptSig: Sigature
ScriptSig: Public Key
ScriptSig: Signature
OP_DUP: Public Key --> pubKeyHash
ScriptSig: Public Key
ScriptSig: Signature
1 more item...
meaning: considering each transaction as output(s) from previous transaction(s) feeding into new inputs
so, spending Bitcoin involves the act of redeeming previous output(s) with a proof that you are the legitimate redeemer, and specifying whose address can redeem the output
(2) encoding your personal info in your transaction (redeeming action - using public key? & signature to generate a proof in order to unlock the outputs given on the chain)
public key + signature in Pay-to-PublicKeyHash
Script + signature in Pay-to-ScriptHash
(1) transaction (UTXO) map input to output; also must contain the signature of fund owner
Proof of Burn
writing arbitrary data in the blockchain
for destroying Bitcoin to introduce altcoin
for permanently marking something, like a new word you created
output script:
OP_RETURN
when program reach this command, it would throw an error.
the owner destroy the value redeemed from the input script
Pay to Script Hash (P2SH)
2012
arbitrary script
vs Pay to Public Key Hash
client vendor model for illustratration
more friendly, if the vendor can provide the script and let the client pay to script hash, rather than public key hash
the vendor has to use private key to generate and provide client the redeem script hash and use its signature and that script for redeeming the fund from the output of client's UTXO
the client does not need to care the script actually is and save workload to generate the script: publicKeyHash
no need to review the account of vendor and know its public key
possibly, the vendor has multiple private keys
the vendor may be more flexible because it may use multisignature to redeem the fund
efficient pay
for the sake of multi signature and timelocks
multiSignature
for example, an joint account by three persons, only two of more signed for the redeeming & spending the fund
a specific number (M) out of all pre-specified signature number (N) is required to unlock the UTXO for validation
multisig scheme m-of-n
Advantages
More secure: enhancing the difficulty of stealing a fund vs single private key
prevent the losses, if a private key lost
the full redeem script hashed and check it against the script hash to see if they match? if match, then valid.
Timelock
restriction of spending the fund until a specific time or reaching a
specific block height
Absolute timelock: UNIX timestamp
Relative Timelock: number of blocks built on top of the block containing the transaction
transaction level timelock
impose a timelock in a transaction
the transaction cannot be included in a valid block until reaching a specific time
issues
caveat
build another transaction to cancel the transaction on the other hand
script-level timelock
specify UTXOs in Bitcoin scripts
issues
no global time clock to govern and it may vary from a node to another