Bitcoin and Cryptographic Finance. Technology, Shortcomings and Alternative Cryptocurrencies

Table of Contents

Abstract

Acknowledgement

List of Abbreviations

List of Images

List of Tables

1 Executive Summary

2 Definition of Bitcoin
2.1 Technical Description of Bitcoin Transaction
2.2 Blocks
2.3 The Byzantine Generals Problem
2.4 Double Spending Solution
2.5 Decentralization

3 Technology of Bitcoin
3.1 Method of Operating
3.2 Network
3.3 The Block Chain
3.4 Wallets
3.5 Bitcoin Addresses
3.6 Public Key
3.7 Private Key
3.8 Mining
3.9 Difficulty
3.10 Anonymity

4 The Shortcomings of Bitcoin
4.1 Zero-Sum Game and Investor Problem
4.2 Price Volatility
4.3 51% Attack
4.4 Mining Incentive Scheme Flaws
4.5 Private Key Vulnerability
4.6 Irreversible Transactions
4.7 Information Asymmetry
4.8 Fraud and Hacking
4.9 Confirmation Times
4.10 Deflationary Bias
4.11 Bitcoin Wealth Distribution
4.12 Scalability
4.13 Energy Consumption
4.14 Illicit Transactions and Money Laundering
4.15 Conclusions

5 Analysis: Alternative Cryptocurrencies
5.1 Alternative Cryptocurrencies
5.2 Litecoin
5.3 Dogecoin
5.4 Darkcoin
5.5 Peercoin
5.6 Ethereum
5.7 Primecoin
5.8 Mastercoin
5.9 Network Effect of Bitcoin

6 Analysis: Ripple

7 Analysis: Bitcoin Side Chains

8 Conclusion

Bibliography

Appendix

A1: Bitcoin Vocabulary

A2: List of Altcoins

Abstract

Designed by an anonymous creator, Bitcoin is an intriguing to modern technology and payment transaction infrastructure that has the potential to become a game changer within the sector of virtual payments. But as with any new technology, there are many obstacles and threats on the path towards mainstream acceptance. In this thesis we analyze key shortcomings of the Bitcoin protocol and Bitcoin as a currency. Moreover, we explore competitors that may one day be able surpass Bitcoin and even make it obsolete. The key question we as is if a suitable competitor can replace Bitcoin or can the open source virtual currency be improved itself in other to make competition obsolete.

Acknowledgement

My gratefulness goes first and foremost to the people who supported me during the research and writing phases of this diploma thesis. Getting a closer look at the technological innovation that Bitcoin represents and the potential benefits that it could offer was a very valuable experience that guided me through the process of creating this thesis.

Furthermore, I want to thank Univ.-Prof. DDr. Jürgen Huber for his continuing support and his enthusiasm for the topic of my diploma thesis during the entire time of researching and writing it. Likewise, I want to thank Univ.-Prof. Dr. Matthias Bank, CFA for his support and input during the Diplomanden AG at the University of Innsbruck.

Next, I want to acknowledge the outstanding work that MMag. Matthias Korp has provided with his diploma thesis about Bitcoin in 2012, which represented the basis for my thesis.

Additional thanks and appreciation go to family and friends who kept me motivated and provided me with valuable input during this phase of my life.

List of Abbreviations

ZAR South African Rand

List of Images

Figure 1: Historical Bitcoin Price in USD

Figure 2: Differences between Electronic Money and Virtual Currency

Figure 3: Bitcoin Transaction

Figure 4: Schematic Bitcoin Block Chain

Figure 5: Illustrative Bitcoin Block

Figure 6: Merke Tree Root Hash

Figure 7: Byzantine Generals Problem

Figure 8: Double Spending Schematic

Figure 9: Centralization vs. Decentralization vs. Distributed Networks

Figure 10: Simple Bitcoin Transactions

Figure 11: Timestamp Server

Figure 12: Proof-of-Work

Figure 13: Merkle Tree Block Implementation

Figure 14: Longest Proof-of-Work Chain of Blocks

Figure 15: Bitcoin Transfer Inputs and Outputs

Figure 16: Network Message Propagation

Figure 17: Schematic Bitcoin Block

Figure 18: Schematic Bitcoin Block Chain

Figure 19: Public-Private Key Schematic

Figure 20: Elliptic-Curve Public Key to BTC Address Conversion

Figure 21: Bitcoin Address on Blockchain.com

Figure 22: Cost of Generating One Bitcoin vs. Resulting Reward

Figure 23: Constrained Input Small Output Illustration

Figure 24: Bitcoin Hash Rate vs. Difficulty

Figure 25: Bitcoin Hash Rate Fluctuation

Figure 26: Total Bitcoins in Circulation

Figure 27: Average Transaction Confirmation Time

Figure 28: Banking Privacy to Bitcoin Privacy Comparison

Figure 29: Gaussian Loss versus Return on Zero-Sum Investment

Figure 30: Bitcoin Price Volatility Comparison

Figure 31: Bitcoin Price Volatility Comparison

Figure 32: Trend of Bitcoin Volatility

Figure 33: Miner Network Distribution

Figure 34: Litecoin Hash Rate Distribution

Figure 35: GHash.io Mining Distribution Dominance

Figure 36: Pool Revenue of Selfish Miners

Figure 37: Threats to Mining and Decentralization

Figure 38: Taxonomy of Wallet Threats

Figure 39: Daily Volatility to Risk of Breach Relationship

Figure 40: Maturity of Business to Breach Relationship

Figure 41: Mt. Gox Hacker-Induced Flash Crash during 2011

Figure 42: Bitcoin Fork during Double-Spending Attack

Figure 43: Bitcoin Monetary Base and Growth

Figure 44: Inequality Distribution

Figure 45: Block Chain Size over Time

Figure 46: Average Block Size over Time

Figure 47: Network Propagation Delays and Block Sizes

Figure 48: Estimated Power Consumption of the Miner Network

Figure 49: Bitcoin Hash Rate vs. Difficulty

Figure 50: Historical Influence of Silk Road on Bitcoin

Figure 51: Silk Road Shutdown Impact on Bitcoin Price

Figure 52: Tagged Transactions: Stolen Mt.Gox Bitcoins

Figure 53: Bitcoin vs. Altcoin Market Capitalization

Figure 54: Litecoin Hash Rate vs. Difficulty

Figure 55: Online Tipping

Figure 56: Anonymizing of Darkcoin Transactions

Figure 57: Ethereum Disinflationary Issuance Model

Figure 58: Mastercoin Protocol Layers

Figure 59: Ripple Function Schematic

Figure 60: Multiple Currency Pairs vs. Vehicle Currency

Figure 61: Ripple Protocol to Email Protocol Comparison

Figure 62: Ripple Ledger

Figure 63: Fund Flow: Current vs. Ripple

List of Tables

Table 1: Bitcoin Specific Benefits

Table 2: Bitcoin Units

Table 3: Block Term Description

Table 4: Input – Output Differences of SHA-256 Hashes

Table 5: Client Description

Table 6: Types of Wallets

Table 7: Proof-Of-Work Example

Table 8: Double Spending Probabilities

Table 9: Projected Bitcoin Money Supply

Table 10: Bitcoin Distribution by Address at Block 300,000

Table 11: Altcoin Comparison

Table 12: Proposed Applications of the Ripple Payment System

Table 13: Cryptocurrency Quadrant

I’m sure that in 20 years there will either be very large (bitcoin) transaction volume or no volume.

Satoshi Nakamoto

1 Executive Summary

This thesis aims to look at the virtual currency Bitcoin in order to investigate some of the potential of cryptocurrencies. Traditional classifications for currencies do not adequately apply to Bitcoin. Regulators and banks currently share this view on cryptocurrencies. Existing currencies have certain common characteristics that Bitcoin does not share. It is a new type of financial technology that entered the global market in 2008 and has since been able to draw the attention of investors, business leaders, regulators and politicians.

Whereas a Dollar, Yen, Yuan or Euro can be hold like a currency, they cannot be secured and transacted simply by itself. Individuals have to rely on third party intermediaries in order to transfer funds for them and in order to store them securely. Contrary to that, one cannot focus on Bitcoin as a currency without acknowledging that it is also a transaction system in itself and would not be able to function is one part of this duality is gone. In fact it is even more precise to look at Bitcoin as a decentralized transaction and financial services system, with a currency function being only one aspect of the technology. In this thesis, we evaluate not only the technological characteristics of decentralized, cryptographic currencies, but also the current applications that are in development and which can result into a number of decentralized financial services that are not subject to financial institutions.

Third party intermediaries, such as banks and payment providers and other non-bank entities all essentially rely on trust. They provide security, confidentiality, fraud protection, transaction infrastructure, payment disputes and reversals, access to financial products and services, international money transfers and the like. In order to be able to provide these services, they have to charge fees and interest from customers. In many cases, these customers must meet a set of criteria in order to have access to banking services. Moreover, they have to provide institutions with a significant amount of personal information, private information and confidential data about them and their financial characteristics. Thus customers have to enter a costly, trust-based relationship with institutions in order to engage into financial activities and benefit from financial services.

So what are the prospects of a technology that was invented and designed in order to provide most of these services at a low-cost, trust-less basis? Do financial intermediaries have reasons to ignore this technology and expect that cryptocurrencies will remain only present within niche markets for nerdy or technologically savvy people, or should they make use of the open-source code and incorporate some of its features into their systems? Or could cryptocurrencies themselves evolve into new type of financial market – “decentralized finance” or “cryptographic finance”.

This thesis attempts to provide some answers to these questions and give an outlook for what can potentially be expected by cryptocurrencies.

In chapters two and three we will provide a detailed overview of Bitcoin’s technology and the necessary infrastructure that it is based on. We discuss how cryptography is employed by the system as well as how it facilitates secure transactions. We explain the significance of the solution to the Byzantine Generals problem that the cryptocurrency represents and that of decentralized networks.

Chapter four goes into detail about current and persistent shortcomings that can be identified. We discuss issues concerning network delay, incentive schemes of the decentralized network, transaction confirmation delays, energy consumption and the like. Furthermore, we discuss whether these imperfections are likely to be permanent issues or can be mitigated by improving Bitcoin’s current technology.

In chapter five we discuss a number of alternative cryptocurrencies that emerged after Bitcoin was developed and discuss some of their features that address certain weaknesses of Bitcoin that we discussed in chapter four. We list alternative options to Bitcoin’s current technology and discuss how they could mitigate the shortcomings that are present within Bitcoin. Moreover, the question whether there is a Bitcoin 2.0 version foreseeable within the current alternative cryptocurrency market.

Chapter six details a special type of cryptocurrency that is already in use within a few banks. Ripple is a network, a distributed exchange and a cryptocurrency that is very akin to Bitcoin, but differs in some key aspects. It provides a different solution to the Byzantine Generals problem and is specifically targeted towards being used as a transaction system for banks and financial institutions.

Chapter seven gives an outlook on a proposal made by key people within the cryptography scene that is currently in development. Bitcoin side chains are alternative block chains that give Bitcoin additional features. These could incorporate features of alternative cryptocurrencies without altering the Bitcoin protocol itself. We discuss the influence that side chains could have on the cryptographic currency market.

2 Definition of Bitcoin

Bitcoin is a peer-to-peer version of electronic currency that allows direct payments between two parties without a financial intermediary. It is based on a decentralized network that facilitates and verifies transactions. It allows users to verify valid transactions and generate bitcoins by solving complex mathematical puzzles, which are based on a proof-of-work (PoW) concept.^[1] It has become characteristic to refer to the network protocol as “Bitcoin” with a capital “B” and to the unit of currency as “bitcoin” in its lowercase form.

Bitcoin is both a special type of virtual currency and a peer-to-peer transaction system. It is based on a network of nodes that all share data and hardware resources in order to form a chain of transactions that are stored on the so-called block chain.

Goldman Sachs Global Investment Research (GS GIR) defined Bitcoin as “Bitcoin is a decentralized, peer-to-peer network that allows for the proof and transfer of ownership without the need for a trusted third party. The unit of the network is bitcoin (with a little “b”), or BTC, which many consider a currency or internet cash.“^[2]

The concept was initially proposed by an anonymous individual or group that operates under the alias ‘Satoshi Nakamoto’ and who published the concept in form of a white paper called “Bitcoin: A Peer-to-Peer Electronic Cash System” in October 2008. Nakamoto (2008) described Bitcoin as a purely peer-to-peer version of electronic cash which allows sending transactions from one person to another without relying on a third party payment transmitter. The first bitcoins were created on January 3rd 2009 by solving the so-called genesis block, which was accomplished by Satoshi Nakamoto.^[3] The genesis block is the first block in the block chain – a non-alterable, majority consensus based public ledger that records and publishes the entire transaction history of Bitcoin.

What makes Bitcoin a significant innovation are two main reasons. First, it is the first successful attempt to establishing a cryptocurrency which has managed to gather a significant following behind it. Secondly, Bitcoin offers important technological innovations to the field of financial transactions that were previously inexistent. It solves the so-called Byzantine Generals problem in a way that enables the creation of a payment transaction system that does not rely on trust and therefore does not require a number of services that traditional financial intermediaries provide, as the software itself is designed to provide these functions. It is a decentralized, global means of payment that does not require financial intermediaries in order to conduct them.

Bitcoin transactions are significantly less expensive than currently existing payment transaction services. Wingfield (2013) compared Bitcoin transactions with credit card, PayPal or other transaction methods, which charge about 2-3% transaction fees. These forms of transactions rely on financial intermediaries and provide services to customers, such as security, facilitation, verification. Many of these services are, however, necessary to provide the current electronic payment infrastructure. Financial intermediaries are also present within the Bitcoin ecosystem. Examples such as Coinbase or Bitpay provide wallets services to securely store bitcoins or facilitate instant fiat conversion of received bitcoin transactions in order to hedge against price volatility. With these intermediaries present, transaction fees are still considerably lower than those of almost all current transaction services providers, which would broadly require 0.5-2.5% or fixed transaction fees to cover expenses and generate profit.^[4]

Bitcoin must be seen as both a type of virtual currency and a decentralized transaction system. A clear differentiation from either use is not a simple task. GoldmanSachs (2014) argued that Bitcoin’s future lies within the payment transaction infrastructure, but it will not be used as a currency or store of value. Central banks of several countries have already stated that Bitcoin cannot be defined as a currency but rather resembles a commodity.^[5]

Contrary to what is often believed, bitcoins are not simply ordinary computer files that are stored on a hard drive and can thus be treated like any other data. Bitcoins exist in a shared, globally networked database, which is stored simultaneously on a great many of servers across the world. All of these network nodes maintain identical copies of the same database. Bitcoins therefore exist in many locations simultaneously and can by itself be moved between locations or exchanged between peers. Ownership of bitcoins is represented by possessing the knowledge about a cryptographic key that allows access to bitcoin funds and enables transactions of bitcoins between Bitcoin addresses. Cryptographic keys are strings of alphanumeric characters that allow users to edit the shared database, e.g. when sending BTC from one address to another. Nakamoto (2008) described how Bitcoin relies on a peer-to-peer decentralized network that enables verifying transactions with a proof-of-work (PoW) method. PoW is used as a verifier to ensure that a enough computational effort has been performed in order to enable secure payments.^[6] Traditional transaction processes require a trusted intermediary that verifies transactions and prevents funds from being counterfeited or subject to malicious attacks.

A simple peer-to-peer financial payment network would still be vulnerable to malicious attacks and theft. In fact, it would be very easy to do so within decentralized networks. The key innovation about Bitcoin that it provides security to the network and also provides similar benefits that financial intermediaries offer to financial networks. Transactions are verified based on a proof-ofwork (PoW) concept that distributes financial funds and prevents manipulation of the financial network. PoW imposes costs and resource requirements that prevent malicious attacks due to making them very resource-intensive and therefore unprofitable.

Bitcoins are not centrally issued but are created by a process referred to as “mining”, which is the process of solving complex mathematical computations (solving blocks) in order to receive bitcoins (block rewards) and at the same time verifying valid transactions. Bitcoin is based on a SHA-256 algorithm and designed to create new blocks every 10 minutes for which miners are competing against each other in order to solve a block and broadcast it to the remaining network first.

Citing the director of the Financial Crimes Enforcement Network Jennifer Calvery in a hearing in front of the United States Senate, as well as Gup (2014), Rogojanu & Badea (2014) and Barber et al. (2012) – among others – list the following advantages that Bitcoin offers:

Table 1: Bitcoin Specific Benefits

illustration not visible in this excerpt

Bitcoin and many other virtual currencies are, however, also subject to features that are less desirable and could cause them to fall under intense scrutiny by regulators, politics and law enforcement. Virtual currencies can also be misused to facilitate tax avoidance, money laundering, illegal goods purchases, fraud, and terrorism finance.^[7] As such, it is logical to assume that Bitcoin and other virtual currencies will face regulatory uncertainty and political risk, and specific cryptocurrency-specific regulation will be in place at some time in the future.

Gup (2014) also noted that Bitcoin could be used as a secure store of value. This, however, is currently very questionable, as virtual currencies are still unregulated, highly speculative assets that are subject to limited liquidity, intense volatility and considerable operational risk (theft, business failure, hacking, etc.). Levin (2014) found an average daily price volatility of around 5%, which he compares to one of the most volatile currency pairs – ZAR:JPY (South African Rand : Japanese Yen) – which has a daily volatility close to 1%. In Bitcoin’s relatively short history there have been a number of intense price fluctuations.^[8] Figure 1 provides an overview of the historical bitcoin price in USD, beginning at the time bitcoins were actively traded against the US Dollar on dedicated bitcoin exchanges.

Figure 1: Historical Bitcoin Price in USD

illustration not visible in this excerpt

Source: Blockchain (2014), blockchain.info, 12.10.2014

Nobel Prize laureate Milton Friedman is said to have predicted the development of ‘internet money’ in 1998, by stating: “So that I think that the Internet is going to be one of the major forces for reducing the role of government. The one thing that’s missing, but that will soon be developed, is a reliable e-cash, a method whereby on the Internet you can transfer funds from A to B, without A knowing B or B knowing A.”^[9] Friedman, however, went on to also note the negative implications of such an invention, noting that illegal activities, such as illegal transactions and tax evasion will also be easier to conduct.^[10]

Bergstra & de Leeuw (2013) proposed to classify Bitcoin as a hybrid form of money that falls under the definition of technically informational money (TIM). Money can be distinguished into informational and non-informational depending on e.g. its capacities to store, access and exchange informational value. They acknowledged that Bitcoin could also be a hybrid class of informational money that exhibits aspects of both technically informational money (TIM) and exclusively informational money (EXIM).

When attempting to analyze Bitcoin, it is fundamentally important to understand that the underlying technology. Digital currencies have been proposed and developed long before the invention of Bitcoin. Tanaka (1996) described the different aspects of digital cash just two years after the first online shops were opened and internet banking was still in its infancy.

Tanaka (1996) argued that the key benefits of digital cash would be

1. Cost Reduction: transferring funds through the internet is significantly less expensive when compared to the traditional banking system, as online payments do not, or only to a very limited extend, require physical presences, human resources and electronic transaction systems. Moreover, digital cash payments can be done through already existing internet infrastructure, such as personal computers and already active online presences.

2. Cross-country money transfers: In the absence of national borders in the Internet, money can be transferred across countries without international money transfer infrastructure. Digital cash eliminates transfer fees as well as currency exchange fees. Moreover, in certain aspects of cross-country money transfers, digital cash would eliminate currency exchange risks.

3. Accessibility: Digital cash systems could be accessed and used by anyone who is connected to the internet, whereas conventional banking and non-bank financial service providers limit accessibility of their services. Limits as to who can use credit card payments or from which region in the world the payment can originate are not present with digital currency payments.

Due to these reasons digital cash certainly offers the potential for more efficient and broader financial services that are not present within the walled-garden architecture of the global financial market.

Tanaka (1996), however, also points out obvious drawbacks for digital cash. Internet currencies, due to its anonymity and the potential for untraceable money transfers could facilitate tax evasion and money laundering. Moreover, due to the absence of a central bank or institution backing the value of digital cash the exchange rate of digital currencies would be inherently unstable and there is a potential for financial crises as operations on the internet are subject to the thread of power outages, theft and malicious software.

The European Central Bank (ECB) provided a clear distinction between electronic money systems and virtual currency systems. They emphasize that virtual currency schemes do fulfill some of the criteria but remain a distinct category. Electronic money schemes have a link to traditional money and as such are connected to regulated currencies with a legal foundation. The unit of account are fiat currencies, and as such fall within the frameworks of electronic mine institutions and prudential supervisory requirements. As of yet, virtual currencies are privately generated and can be distinguished by whether they can be exchanged for virtual as well as real goods and services.

Figure 2: Differences between Electronic Money and Virtual Currency

illustration not visible in this excerpt

Source: European Central Bank (2012), p. 16

They fundamental difference between both categories is that electronic money schemes refer to units of account that are regulated and issued by sovereign entities, such as the ECB or the Federal Reserve System (Fed). They are digital equivalents of Euro, Dollars, or Yuan. As such, they are legal tender within their jurisdictions that have to be redeemed at par value. Contrary to that, virtual currencies are private inventions that are unregulated and do not qualify as legal tender.

Early research in the field of digital cash payment systems repeatedly pointed out the potential for money laundering and tax evasion. This was due to the assumption that digital currencies would be untraceable and anonym. Despite being citizen for similar reasons, Bitcoin is in fact neither untraceable nor is its use as a payment system truly anonymous. The peer-to-peer based proof-ofwork concept of Bitcoin allows it to trace and publicly show every single payment that has been conducted in the network over the entire history of Bitcoin. All valid transactions are broadcasted publicly across the entire networked Bitcoin system and the data about these transactions will be stored and preserved inalterable within the public block chain ledger.

The monetary supply is defined by the protocol which imposes a fixed cap of about 21 million bitcoins. The precise reason why 21.000.000 was chosen to be the maximum amount of Bitcoin in existence is subject to discussion.^[11]

The term “Bitcoin” is somewhat misleading for most individuals. Bergstra & de Leeuw (2013) argued that “Bitcash” would be a more adequate term. The term “coin” is commonly associated with a non-divisible unit of value consisting of valuable metals. Contrary to that, Bitcoin is designed to be highly divisible, with its base units commonly referred to as “satoshi” (0.00000001 BTC, or 10−8), in reference to the alias of Bitcoin’s inventor. Over time many major Bitcoin proponents began popularizing the term “bits” instead of “satoshis” for its base value in order to facilitate ease of use.^[12]

Table 2: Bitcoin Units

illustration not visible in this excerpt

Source: Bitcoin Wiki. Units, 09.07.2014

Thus the total amount of Bitcoin base units is 2,100,000,000,000,000 (21 quadrillion) bits.

In this thesis, we focus on Bitcoin primarily as a transaction system and discuss the details of its underlying technology that enables high-speed, low-cost, secure payments across the globe. Aspects concerning the question whether Bitcoin can be defined as a currency or an alternative monetary system are not within the focus of this thesis, and as such are discussed only incidental, wherever such discussion is deemed necessary.

2.1 Technical Description of Bitcoin Transaction

While a Bitcoin transaction is very simple to conduct and the process of transacting bitcoins is rather straightforward, the technological process underlying to it is complex and full understanding requires some relevant knowledge in the field of cryptography. More details about public keys, private keys, processing, mining and the block chain is provided in subsequent chapters of this thesis.

In order to transfer bitcoins from sender 𝑃0to receiver 𝑃1, the sender must know the public key of the receiver. Transactions are sent to and received from Bitcoin addresses. Addresses are derived from public keys and vary in length but tend to be around 31 characters long. An address is a hash containing 160 bits and a checksum that provides error-detection. Transacting the cryptographic currency requires a hash value, which is the value that the SHA-256 algorithm produces in order to map larger data sets to smaller, fixed-length data sets. Notably, this process requires that that the code of the bitcoins includes and stores information about which public addresses where involved in the transaction. 𝑃0 digitally signs the hash with his secret private key in order to transmit the transaction. Thereby he broadcasts the transaction to the decentralized peer-to-peer Bitcoin network, where all other nodes receive and rebroadcast the transaction.^[13]

Figure 3: Bitcoin Transaction

illustration not visible in this excerpt

Source: European Central Bank (2012), p. 23

After a valid transaction is sent to the Bitcoin network it is included into the currently calculated block within the block chain. The block chain is a decentralized, consensus-driven public ledger that includes every valid transaction and archives them.^[14] It timestamps and records valid transactions and shares this data with all nodes within the network. Stored information includes public addresses of sender and receiver, transaction key, transaction size, fees, timestamp and network propagation (number and location of nodes that received the broadcast about the transaction). It does not include identities of the payee and receiver, the IP addresses of their devices, or purpose of the transaction.

A transaction remains unverified until a valid block is found, verified by the network and linked to the longest chain of blocks within the Bitcoin block chain. If the transaction is included in the data set of the most recent block, and not fraudulent activity was detected, it will be verified by the network and confirmed. As new blocks are generated every 10 minutes, the first confirmation of the transaction should be obtained within these 10 minutes or less, depending on the progression of the current block period. For each subsequent block that is added to the block chain another confirmation is obtained. The number of confirmations can be seen as a measure of confidence that the transaction is valid.

Figure 4: Schematic Bitcoin Block Chain

illustration not visible in this excerpt

Source: Green (2013) blog.cryptographyengineering.com, 05.05.2014

Confirmations act as a verification that bitcoins have actually been successfully transferred and e.g. no double-speding of bitcoins has occurred. This represents one of the key functions of the public block chain and the proof-of-work mining process.

Meiklejohn et al. (2013) explained that in each transaction the previous owner signs with his private key a hash of the received transaction and the public key of the new owner, thus forming a chain. This chain is used to verify the validity of a Bitcoin transaction and also allows to track the history of the received bitcoins.

Nakamoto (2008) argued that in order to achieve a decentralized payment network that does not require a trusted intermediary, transactions must be publicly announced and all participants in the network must agree on a single history of transactions. Without consensus of the network, it could be possible to send the same bitcoins from one address to more than one receiver, thus doublespending them. As only one of those can be validated by the block chain, the other one would be classified as double-spent and rejected by the network.

Transactions of bitcoins are not reversible. As all transactions with bitcoins require to be signed with a cryptographic private key, there is no technical method built-in the protocol to reverse transaction from the sender’s perspective once they are completed and added to the public block chain ledger.

Bitcoin transactions are verified and broadcasted by Bitcoin miners, who provide the necessary network that enables transactions between peers. In order for miners to identify valid transactions and propagate them, transactions are included into a ‘block’.

2.2 Blocks

A block is a set of data that contains all transaction data that was created since validation of the previous block.^[15] Blocks contain meta data, the block header and a reference to the previous block. Blocks are created by finding the correct nonce that results into a hash that meets certain criteria (see chapter 3.8). A valid block is then broadcasted to the network and verified by the network peers. Once a valid block is found by a process called ‘mining’ and validated by the network, it is added to the block chain that records all transactions, stores the date and prevents anyone from manipulating it in retrospect through hash-based proof-of-work technology. The first transaction of each block is designed to be a block reward. Miners who successfully validated a block first, propagated it to the network and added successfully it to the block chain receive a predefined number of newly created BTC for each block as well as transaction fees added to the transactions within the block.

Figure 5: Illustrative Bitcoin Block

illustration not visible in this excerpt

Source: Karame et al. (2012), p. 3

Figure 5 illustrates an exemplified Bitcoin block that contains data about which nonce was correct to result into a hash of data that met certain criteria in order to classify it as valid. One of the key criteria for a valid block is that the resulting hash begins with a certain number of zeros. Rosenfeld (2014) noted that blocks are groups of transactions that are about acknowledging a single history of transactions that when linked together in a form of a chain and requiring proof-of-work would result into prohibiting difficulty against conflicting transactions. Each block references an earlier block by including a uniquely identifying hash of the previous block in its header. Furthermore, a block contains a number of relevant and transparently displayed data about e.g. the number of transactions, transaction volume, block reward, data size, and a timestamp.

Table 3: Block Term Description

illustration not visible in this excerpt

Source: Karame et al. (2012), p.3

A SHA-256 hash algorithm is employed in order to turn arbitrary data into fixed-length hashes that are written in hexadecimal form. Bitcoin’s SHA-256 algorithm thereby produces hashes that if the input data is altered even slightly, the hash obtained would differ completely.^[16]

Example:^[17]

Table 4: Input – Output Differences of SHA-256 Hashes

illustration not visible in this excerpt

Source: Xorbin (2014). www.xorbin.com, 01.06.2014

As can be observed, even a minimal alteration of the input data results into a completely different hash value. This can be used to check for integrity of the input data, as each alteration will be recognized. Within the block each transaction is hashed pair wise until only a root hash remains, which is included in the block header as the Merkle root. As such, if any portion of any transaction is altered or manipulated the resulting root hash would differ significantly and indicate loss of data integrity.

Figure 6: Merke Tree Root Hash

illustration not visible in this excerpt

Source: Nakamoto (2008), p. 4

A Merkle tree is a type of binary tree in which a set of nodes are connected to each other on a multi-level basis. Transactions are hashed from leaf nodes to a single root node, which is formed by the underlying nodes. By doing so, an attempt to include a fraudulent transaction will influence the tree structure in an upward fashion, resulting in a different root node. This root node represents the hash of the block whose header is downloaded by other nodes, whilst the underlying tree is not. The Merkle tree guarantees that if a fraudulent transaction is included in the block, the resulting block hash is identified as an invalid proof-of-work.^[18]

It is possible for two nodes to create a block at the same time that both satisfy the conditions to be added to the longest chain in the block chain. These blocks may be consistent but mutually conflicting. Each one would be a possible addition to the same sub-chain. This implies that at certain points of time, a number correct blocks could propagate the network that are mutually conflicting. The network assures that only one block is eventually validated and added to the longest chain of blocks.^[19]

2.3 The Byzantine Generals Problem

One of the key characteristics of Bitcoin is that it provides a solution to the Byzantine Generals problem. This problem is an abstractly expressed form of an agreement problem in the context of geographical remoteness, communication by messengers and presence of traitors within the ranks of the Byzantine Empire’s army.^[20] A reliable system must cope with conflicting information of its parts in order to avoid malfunction. The question at hand is how to establish trust between unrelated parties within an untrusted network.

Figure 7: Byzantine Generals Problem

illustration not visible in this excerpt

Source: Fieneup (2001), www.cs.uni.edu, 07. 04.2014

The Byzantine Generals problem is exemplified by a thought experiment, in which the fortified city-state Byzantinum is surrounded by ten smaller city-states.^[21] Hypothetically, all surrounding city-states plan to invade Byzantinum in order to obtain its wealth but none of them is strong enough to do so on its own. Moreover, any uncoordinated attack would fail and result into the annihilation of the attacking city-state. In order to successfully invade Byzantinum the majority of city-states must invade simultaneously. The major problem that the attacking city-states face is that if one or more of the attackers betray the other city-states, they and the remaining non-attacking neighbors will be able to pillage the annihilated city-states. The problems faced by the city-states are based on trust and communication. Each individual city has an incentive to betray the next and all generals must decide unanimously whether to attack at certain times.

Moreover, their means of communication are limited, as none of the generals can leave the city to meet with other generals as they cannot trust that the other generals will not harm them. As such, their only way to communicate is sending messengers. They are not limited as to how many messengers they send or at which time they send messengers. When messengers of general 1 reach the other nine generals they hand them a sealed letter. The letter informs the other generals about the time general 1 plans to attack and requests to know which of the other generals will join him. As a response, each of the nine generals attaches his response to the original letter and hands the sealed response letter to the messenger. At the same time, the other generals each also send nine individual copies of both the sealed letter and the attached response letter to the other generals.

Each city-state sends messengers and all letters combined equal 90 messages sent to the city-states, where each general receives nine messages with different indications about the time of attack. As such, the generals agree to more than one possible attack time, thereby betraying those generals who attack during other times. Those that betray others will send messengers across the city states indicating different times for the attack. The system is now subject to many different possible attack times and messengers’ letters are untrustworthy.

Lamport et al. (1982) described the Byzantine Generals problem within the context of computer systems when a failed component is sending conflicting information to other parts of the system. Their version of the Byzantine Generals problem is conceptualized by the example of several Byzantine army division that are camping outside an enemy city. Generals of those army divisions can only communicate by messenger. Again, only a combined attack can be successful against the enemy city but generals cannot meet to discuss a common attack plan and some of the generals are not loyal and might betray the others. The problem is that communication is not instantaneous and if generals communicate different attack times, other generals may receive conflicting messages. Lamport et al. (1982) proposed a solution to the problem by designing algorithms that largely solves the problem, but only if certain assumptions are met and two-thirds of the generals are trustworthy. When messages are not corruptible or forgeable, there is a solution for any number of trustworthy generals.

Bitcoin solves this problem by using a proof-of-work chain that imposes a 10 minute time horizon in which all generals would be required to work on a difficult mathematical problem and only if one general finds a solution to the problem the information is broadcasted to the other generals, who in turn must use this information. They then go on to extend that solution by solving another, directly related puzzle and broadcasting it once a general finds a solution thereby forming a chain of solutions. After enough repetitions all generals can be certain that no other general could have been able to secretly create another chain of solutions that would be longer than the chain the he knows of. As a result, all generals have now ascertained that there is consensus about the longest chain of solutions without having to trust any of the other generals.^[22]

2.4 Double Spending Solution

The concept of Bitcoin transactions includes that senders of bitcoins are not able to simultaneously broadcast conflicting messages to the block chain or reversing the transaction. The receiver of bitcoins must able to verify that he is in fact the possessor of the coins received by the recently completed Bitcoin transaction so that the sender may not redirect the coins to a third party. Double-spending is a common issue among digital transaction methods, as electronic files can be duplicated without effort, and ownership of data is not easily verifiable. Dion (2013) noted that double-spending can be seen as an equivalent to counterfeiting money within the Bitcoin universe. A double spending attack is successful when a malicious peer convinces another peer that he has transferred ownership of bitcoins to the peer, but simultaneously conducts a mutually conflicting transaction, leaving the malicious peer with both the bitcoins and the exchanged goods or services.^[23] There is a number of different ways how a double-spending attack can be conducted with Bitcoin.^[24] Nakamoto (2008) stated that the most common method to solve this issue is a central authority or intermediary that prevents double-spending and proposed Bitcoin as a peerto-peer based alternative solution to the double-spending problem.

A double spending attack includes several steps, as explained by Rosenfeld (2014):

- Step 1: Broadcast a transaction between payer and receiver to the network.
- Step 2: Before the transaction is included in a block, the payer mines an undisclosed branch of the current block and includes a conflicting transaction that acknowledges the payer as the recipient.
- Step 3: Wait until the receiver has obtained enough confirmations in order to be convinced that the transaction is valid.
- Step 4: Continue mining the undisclosed branch until the contradicting transaction of the undisclosed branch exceeds the public branch which includes the transaction.
- Step 5: Broadcast the undisclosed branch to the network, which will accept the longer branch as valid and discards the former public branch which included the transaction. The conflicting transaction will be validated by the network and replace the original transaction. The confirmed transaction that the receiver was convinced of will vanish.

A system that would rely on an intermediary to provide the costly and time-intensive process of preventing double-spending would also represent a single point of failure (SPOF). Nakamoto’s solution is to make transactions public and create a decentralized network that finds consensus and agrees on a single history of transactions, which would also make double-spending extremely difficult and therefore very unlikely.

Figure 8: Double Spending Schematic

illustration not visible in this excerpt

Source: Skudnov (2012), p.7

Skudnov (2012) argued that propagation delays and connectivity issues make it impossible to inform all nodes about the same transaction at the same time and therefore double spending could still occur. The solution to this problem is that a majority of peers have to agree on a common transaction history. The network does so by providing confirmations after solving a block. Karame et al. (2012) emphasized that Bitcoin is increasingly used in payment scenarios that make in impracticable or impossible to allow waiting for a secure number of confirmations by the network. For transactions to be validated by the network, users have to wait up to ten minutes for the first confirmation. Furthermore, Karame et al. (2012) underlined that double-spending would require significant effort and hashing power. For an undetected double-spend the malicious peers would not only have to redo all the work required to create the block where the illicit transaction occurred, but also recomputed all the subsequent blocks in the block chain. In theory, such effort would be computationally infeasible as long as the honest nodes are stronger than colluding, dishonest peers. Nakamoto (2008) acknowledged that there is a certain time frame given, where an attacker could create a fork in the block chain and maintain it for a certain amount of time, in which the attacker could attempt double-spending. Attackers would have to be at least one block ahead of the honest nodes, which can however only be done for a very limited time, as the attacker’s chance to maintain a fork diminishes exponentially as long as the network majority is comprised of honest nodes.

2.5 Decentralization

Bitcoin is designed to function as a decentralized network underlying a virtual currency. As such it does not require a financial intermediary to conduct transactions or provide payment infrastructure. They can join and leave the network at will and provide their service at any point in time without compulsion to do so. Moreover, bitcoins are not centrally issued but are created by the network at a pre-specified rate. Sterner (2013) explained that with respect to centralized systems, decentralized systems are more flexible, more able to adapt do local conditions, more resilient and less vulnerable. Moreover, decentralized systems are significantly less expensive, as centralization results into the necessity to also concentrate expert organizational structures and capital within central hubs or institutions. Baran (1962) assessed centralized, decentralized and distributed communications systems with respect to their vulnerability against foreign attacks. His results also indicated that less centralized systems are preferable due to their resilient properties and architecture.

Figure 9: Centralization vs. Decentralization vs. Distributed Networks

illustration not visible in this excerpt

Source: Sterner (2013). www.carlsterner.com, 12.05.2014

Bitcoin is designed to be a decentralized system by necessity in order to perform its functions. It consists of connected nodes that form a single consensus system known as the block chain. Barber et al. (2012) argued that Bitcoin’s decentralized nodes can be divided broadly into two classes – verifiers and clients. Verifiers are Bitcoin miners that use specialized computer hardware in order to solve cryptographic problems and identify valid blocks, which are linked to the block chain every 10 minutes. By doing so, they earn newly mined bitcoins and transaction fees. Miners timestamp valid transactions and add them and the data contained in them to the public ledger. Clients are participants in the network that are not contributing hardware to the mining process, such as PCs or smartphones of users. Decker & Wattenhofer (2013) explained how one decentralized node sends a block with transactions it included into the block to the network, in which all other nodes will receive the block and agree on it if certain criteria are met. Essentially, one node proposes its solution and other nodes accept it if it is valid, thus forming a single truth that the network agrees upon.

Cawrey (2014c) pointed out the lack of incentives for client nodes to participate in the network and maintain it, as they do not receive any rewards for the provision of their resources. Moreover, decreasing numbers of fully complete nodes and geographical concentration threatens the security of the network. As Nakamoto (2008) showed, the Bitcoin system is only secure as long as honest nodes collectively control more computational power than dishonest notes. Overpowering the honest nodes could allow dishonest nodes to fabricate transactions and create a centrally controlled block chain fork owned by the majority that imposes its view on the network. Barber et al. (2012) noted that as Bitcoin nodes cryptographically verify the authentic of all blocks and transactions, its network bandwidth and computational overhead will become an issue at some point in the future. Decentralization is therefore the key requirement for the network in order to maintain security of the system and prevent powerful colluding nodes to overpower the rest of the nodes.

Within the context of Bitcoin decentralization also refers to the fact that no necessity for a financial intermediary or other third parties. Nakamoto (2008) proposed Bitcoin as a system for virtual, global transactions that do not require trusted third parties in order to process these payments. Likewise, if seen as from a monetary system point of view, Bitcoin has no central issuer and does not require a central bank in order to function. Citing from various sources, Lerner (2013) also made the case that centralized systems also centralize costs and benefits, as well as concentrating capital. He intriguingly relates centralized systems to a “too big to fail” scenario, in which costs accrue downstream and benefits accrue upstream, thereby centralizing power within the centralized system. A recent software glitch that interrupted the clearinghouse automated payment system of the Bank of England serves as an example for the shortcomings of centralized systems. The bank’s Real Time Gross Settlement Payment System (RTGS), which processes 140,000 transactions a day, worth on average £277bn, had shut down from 6am to 3.30pm.^[25]

Decentralization also implies that the Bitcoin network can perform financial services without a central institution providing them. These applications can be built on top of the Bitcoin protocol on an open-source basis. Sompolinsky & Zohar (2013) argued that the core idea of the Bitcoin protocol is to enable money transmissions in a non-centralized fashion. This implies that no central institution, such as a central bank, is responsible for the money supply. There are no banks, credit card companies, non-bank entities or other financial institutions necessary in order to form the Bitcoin network. Accordingly, there is no intervention into the system by any entity that the network comprises of. Funds cannot be frozen, misconducted, seized or transactions reversed. The network is voluntary and as such does not impose any barriers to entry other than the costs of obtaining the necessary hardware and software that is physically required for participating in the network. Bitcoin thus represents a decentralized financial network.

3 Technology of Bitcoin

Bitcoin is often referred to as a ‘cryptocurrency’ because cryptography is core to its technology. Cryptography in general refers to the practice and study of techniques that create secure transfers of information in the presence of adversaries.^[26] Mathematical cryptology refers to the encryption of messages in order to hide the information contained within the message from third parties. The sender of a message encrypts the message by using an encryption key, while the receiver must be able to decrypt the message with his decryption key. Encryption can be conducted through a continuous stream of symbols (stream encryption) or by dividing in into a number of blocks (block encryption). In what follows, we describe how cryptography can be utilized to form a secure means of transacting value between peers.

3.1 Method of Operating

Nakamoto (2008) defined Bitcoin as a chain of digital signatures. Bitcoins are transferred by signing a hash of the previous transaction and the public key of the following owner. Both will then be added to the end of the Bitcoin and the receiver verifies the signature in order to confirm ownership.

Figure 10: Simple Bitcoin Transactions

illustration not visible in this excerpt

Source: Nakamoto (2008), p. 2

Transferring ownership of bitcoins from user A to user B is realized by attaching a digital signature (using user A's private key) of the hash of the previous transaction and information about the public key of user B at the end of a new transaction. The signature can be verified with the help of user A's public key from the previous transaction.^[27] As a result, a chain of ownership is created. This basic building block of Bitcoin transactions is, however not protected against counterfeiting BTC by means of double-spending the same Bitcoin.

Therefore Nakamoto (2008) explained how a timestamp server uses the hash of a block in order to ‘proof’ that the data has existed at this time. In order to create a single history of the order in which transactions happened, a timestamp server is necessary. Each individual timestamp includes the previous timestamp in its hash and thereby links them together.

Figure 11: Timestamp Server

illustration not visible in this excerpt

Source: Nakamoto (2008), p. 2

This implies that each consecutive timestamp reinforces the timestamps that were created before them.

Bitcoin bases much of its underlying technology on Hashcash – a proof-of-work based system designed to prevent Denial-of-Service (DoS) attacks and certain techniques relating to Email spam.^[28] Proof-of-Work (PoW) is also employed in Bitcoin, in order to create a system that requires resources in order to mine bitcoins. PoW is used as a verifier to ensure that a required amount of computational effort in form of calculating hashes has been performed in order to create a block.^[29] Without such a system in place, secure transactions could not be conducted as the system would be vulnerable to a variety of attacks, e.g. pretending to represent a huge number of nodes in order to overpower the network. Moreover, requiring resources ensures that no one in the network can alter the already existing blocks without significant resource requirements that make such attempts not worthwhile. Nakamoto (2008) emphasized that PoW represents a one-CPU-one-vote system, in which the majority decision about the linked blocks is if found by the greatest resources and effort invested in it. As such, as long as the majority of the network is comprised of honest peers, a malicious attacker faces intense computational resource requirements in order to do damage to the system.

Figure 12: Proof-of-Work

illustration not visible in this excerpt

Source: Nakamoto (2008), p. 3

Proof-of-work is implemented by incrementing a nonce, that when hashed with the SHA-256 algorithm results into a hash with the required number of zeroes at the beginning of the hash. This guarantees that the majority of the network agrees on the block with the right nonce.

In an effort to enhance Bitcoin’s scalability and reduce data storage requirements, Nakamoto (2008) designed the protocol in a way that after the latest transaction of a Bitcoin is followed by enough blocks, realized transactions before it will be discarded. Therefore all transactions are hashed in a Merkle tree^[30] and only the Merkle Root hash is included into the block.

Figure 13: Merkle Tree Block Implementation

illustration not visible in this excerpt

Source: Nakamoto (2008), p. 4

Nodes that form the Bitcoin network verify these transactions. Approximately every ten minutes a new block is created, all the transactions it contains are validated and the block added to the chain of blocks. It is possible for more than one valid block circulating in the network. In such a case a fork in the chain of blocks may be created as nodes have not yet found consensus about which block to include in the longest chain of blocks. As there is only one possible transaction history that the network agrees upon, only one of these blocks can be included in the longest chain and forks will be discontinued. As it can be assumed that there are dishonest as well as honest nodes, this system works without threat of double-spending or other frauds as long as the majority consists of honest nodes.

Figure 14: Longest Proof-of-Work Chain of Blocks

illustration not visible in this excerpt

Source: Nakamoto (2008), p. 5

This process illustrates how bitcoins can be transferred from person A to B and how transactions are verified by a decentralized network that agrees on a single longest chain of blocks that include all agreed-upon transactions.

Figure 15: Bitcoin Transfer Inputs and Outputs

illustration not visible in this excerpt

Source: Nakamoto (2008), p. 5

Received transactions themselves are not divisible, and therefore if a user received 10 BTC to an address and wants to send 2 BTC to another address, the transactions that the user is generating must also be 10 BTC. The protocol will assure that of this transaction 2 BTC will be sent to the intended address and 8 BTC will be transacted back to the address holding the initial amount.

Nakamoto (2008) judged that handling bitcoins individually would be less desirable as it would result into separate transactions for every cent in a transfer.

3.2 Network

In order to achieve a decentralized payment transaction system, Nakamoto (2008) proposed creating a network that finds a consensus on transaction data. The network consists of nodes, in which each node contributes a fraction of its computational power to the network.^[31]

𝑝𝑣 ≥ 0.0 of ∑𝑣∈𝑉 𝑝𝑣 = 1

Skudnov (2012) distinguished between five different types of clients that form the bitcoin network. Clients are software platforms that offer different kinds of services to users, such as private key generation, syndication of peer clients, sending/receiving transactions, security services, communication within the network, client application programming interfaces (API), etc.

Table 5: Client Description

illustration not visible in this excerpt

Source: Skundov (2012), p.12-17

Decker & Wattenhofer (2013) explained that the Bitcoin network consists of a network of homogeneous nodes that store a complete copy of the block chain (full client). Its typology is random and based on DNS (Domain Name System) servers, in which new nodes can join and receive information about the addresses of other nodes. Notably, not all nodes are connected with each other and each node attempts to keep a minimum number of nodes connected to it. Karame et al. (2012) stated that the network resembles a memory pool, in which all peers receive information about transactions that are not yet confirmed. If a transaction in this pool is confirmed elsewhere by another peer, it will be removed from the pool.

Figure 16: Network Message Propagation

illustration not visible in this excerpt

Source: Decker & Wattenhofer (2013), p. 4

Information propagation consists of updating and synchronizing the block chain copies of all nodes by transmitting information about transactions and blocks. Information is not propagated directly to nodes as this would be an inefficient network propagation method. Instead, the availability of information is broadcasted to other nodes and data is only transmitted if a node requests it. Availability is broadcasted via inv message and requests are conducted by getdata messages in the network. This method prevents sending transactions to nodes that have already received it. Nodes will issue getdata messages when they receive inv messages that contain block or transaction hashes that it has not stored locally. This ensures that each block and each transaction are introduced to the network by a one origin node within the network. Local verification of blocks and transactions at other nodes as well as transmission time messages and hash data causes the decentralized network to always experience a certain network delay.

As mentioned before, it is possible for two or more nodes to create a block at the same time that both satisfy the conditions to be added to the longest chain in the block chain, but are mutually conflicting. In order to mitigate this problem, Bitcoin makes block creation difficult as it requires proof-of-work and significant computational resources. Conflicting blocks that are broadcasted to nodes simultaneously enter a “race” in which two forks are created and eventually only one of the blocks succeeds. The network is designed to prefer the block that has a higher degree of proof-ofwork included into it. Forks can be prolonged for several blocks and the network can build on both of them, while essentially disagreeing about which block should be linked to the block chain as long as the race persists. Eventually one fork will become longer than the conflicting branch and the conflict will be dissolved, as the network agrees on the longest chain of blocks and all block chain ledger replicas are synchronized again. The discontinued fork will persist as a branch of disregarded blocks, which are referred to as “orphaned blocks”. This can result into transactions becoming invalidated if they were only included in the discontinued fork.^[32] The network can however only function correctly if there is no majority of nodes that build a cartel. If any party could obtain the majority of the network power, they could decide about a

Based on Decker & Wattenhofer (2013), Sompolinsky & Zohar (2013) explored network propagation further. They showed that blocks are created through a Poisson process in the network with a rate of 𝑝𝑣 × , where 𝜆 denotes the rate of block creation. Each individual node 𝑣 that creates a block immediately broadcasts it to its neighbors within their network, which will further propagate it to their neighbors throughout the decentralized network. This process is repeated until all nodes are reached.

The time it takes for a block to reach 50% of the network nodes depends linearly on the size of the block.

Abbildung in dieser Leseprobe nicht enthalten

For each KB of data, the delay to reach a majority of the network is a result of both propagation delay (𝐷𝑝𝑟𝑜𝑝) and bandwidth delay (𝐷𝑏𝑤).

The typology and architecture of Bitcoin’s network is a fundamentally important issue to the technology. Network delay is a significant issue for the decentralized network of the cryptocurrency, as its main purpose is to agree on a single database for all nodes. Nodes verify each other’s work to ensure that no node is working against the network. By doing so, each node becomes an operational part of the money transmission system. The network replicates all data at all nodes and thus form a data base together in which no single node can manipulate data that the majority of other nodes have agreed on.

3.3 The Block Chain

Bitcoin’s block chain is a ‘journal ledger’ of all the transactions ever executed in the Bitcoin network. It acts as both a transaction database and a transaction processing system. The block chain stores all historical transactions indefinitely and provides public access to addresses, transaction size, timestamps, hash values and other relevant data.

As the name suggests, the block chain consists of a series of blocks that are linked together from the first block (‘genesis block’) to the most recent one. As each consecutive block must contain the hash of its predecessor it is designed to form a single history of all transactions since inception of the Bitcoin technology. The genesis block was the initial block that was solved by Satoshi Nakamoto himself on January 3rd 2008.^[33] Each block in this chain contains the SHA-256-based hash of the previous block, which allows verifying that no previous block has been modified. The decentralized Bitcoin network is chaining each newly created block together with the previous blocks by a process referred to as mining.^[34]

Figure 17: Schematic Bitcoin Block

illustration not visible in this excerpt

Source: Kroll et al.(2013), p. 4

Decker & Wattenhofer (2013) noted that blocks are created by one of the nodes in the network and contain a set of all the transactions that the node has committed since the validation of the previous block. Nodes agree on the validity of transactions in the network and discard those transactions that conflict with transactions that are committed as part of the block.

The Bitcoin protocol is designed to incentivize miners to work together and provide resources for the necessary network. Therefore, miners simultaneously provide two services for which they are rewarded: Relaying transactions and verifying transactions, and are thus working on continually expanding the chain of blocks. By doing so, Nakamoto (2008) argued that double-spending of bitcoins can be prevented by providing a peer-to-peer solution to the Byzantine Generals problem.

Figure 18: Schematic Bitcoin Block Chain

illustration not visible in this excerpt

Source: Kroll et al.(2013), p. 4

The combined block chain provides one unique link back to the genesis block which is theoretically not falsifiable. Proof-of-work (PoW) technology employed in Bitcoin requires anyone who wants to manipulate transactions in an already verified block to redo the entire work that was necessary to create this block. Figure 18 illustrates the block chain and shows that it forms a tree of blocks that can have several branches. The illustration also depicts orphaned blocks of discontinued Bitcoin forks. Barber et al. (2012) illustrated how all Bitcoin transactions are essentially valid indefinitely, but only as long as they are not included in a discarded branch of a fork. Proof-ofwork guarantees that only the conflicting blocks with the larger difficulty will be linked to the block chain. Transactions that have only been included in the orphaned blocks typically will be delayed until resolved, meaning that the block chain disregards alternative forks and eventually includes transactions of the discontinued blocks into the prevailing chain.^[35] Courtois (2014) evaluated the “Longest Chain Rule” of the block chain technology that is the assurance that only the longest chain is agreed upon and in case a fork is created by peers in the network, the longest chain rule would cause the network to switch to the longer chain. The broadcasting network, that relays transactions and new blocks within the block chain, is based on peers. When a peer broadcasts a transaction to the network, all peers will request data about the transaction, validate it and broadcast the valid transaction to all peers and save the information that this transaction was already validated. Trasnsactions can be included in

Miers et al. (2013) stated that the core of the Bitcoin protocol is essentially the block chain, as it enables the decentralized storage of information and processing of transactions. They define it as an “append-only bulletin board maintained in a distributed fashion by the Bitcoin peers.”^[36] The block chain is maintained by a peer-to-peer network of nodes that distribute and record all Bitcoin transactions. The block chain described as a significant technological achievement that could have numerous additional field of application. Cawrey (2014b) reported how Bitcoin’s technology is developed into decentralized digital verification services (‘Proof of Existence’). As the block chain is a public database, it can also serve as a secure verification service for authorship and intellectual property.

Aside from recording and archiving transaction data, it is also a sophisticated data base.^[37] All complete nodes in the Bitcoin network need to download and store the full block chain history in order to function as a consensus-driven network. The block chain acts as a shared database for all nodes participating and thereby forming the network. Spagnuolo et al. (2013) parsed the block chain in order to utilize its data to cluster addresses, as well as graph, visualize and export data about the Bitcoin network and its users.

The block chain is often described as a remarkable technological innovation. Not only does it solve the Byzantine Generals problem. The Economist (2014) argued that it represents a disruptive financial innovation that may change the way financial sectors are organized. Most financial organizations are concerned with maintaining systems that track assets from one ledger to another. The block chain is a transparent, distributed ledger that exists in millions of computers simultaneously and operates on very low cost. A decentralized system, it offered a myriad of applications that can be built on top of it while benefiting from the advantages of decentralized networks.^[38]

3.4 Wallets

Within the context of Bitcoin, wallets represent digital storage methods of bitcoins. Bitcoin wallets are based on public-key cryptography, which interlinks a pair of encryption keys to each other that allows creating addresses. The encryption pair consists of a private key and a public key that refer to each other through a cryptographic hash function. Private and public keys are (pseudo)randomly generated strings of letters and numbers that allow encrypted transactions. Each wallet holds a combination of a unique public key and its corresponding private key. Public keys are necessary to create ‘addresses’ at which Bitcoin can be stored and from which they can be transferred to other addresses. In order to transact bitcoins between different addresses, one must possess the corresponding private key that allows signing the transaction. Whereas public keys are freely accessible on Bitcoin’s public ledger – the block chain – private keys must be protected in order to prevent theft.

Wallets are an essential part of the Bitcoin technology and therefore several versions of wallet types and wallet software providers have been developed.

Table 6: Types of Wallets

illustration not visible in this excerpt

Source: Coindesk (2014), www.coindesk.com, 23.06.2014

Most wallet types contain cryptographic key pairs, transaction history, user preferences, default key, reserve keys, accounts, and the version number.^[39] As the possession of both the private and the public key is the core requirement to Bitcoin transactions, it is essential to protect private keys. Wallet files can be stolen by malicious peers, but will still require private keys in order to access the funds in it.

Litke & Stewart (2014) analyzed the different wallet options for bitcoin funds and created a best practice recommendations list. They find a number of weaknesses and wallet risks for each wallet type. Wallet risks can be broadly distinguished into physical loss or theft, hard drive failure or theft by malware. Their recommendations include backups, encryption of wallet files, cold storage and access controls. Cold storage wallets are never connected to a network and thus prevent access to them. They are a means of securely storing bitcoins that are not actively needed, thus they act in similarity to vaults of safes storing financial funds and other assets. Hot wallets store private keys within online devices and are necessary for e.g. businesses that repeatedly transact bitcoins.^[40]

Wallets are very sensible and need proper encryption and protection concerning their access controls. With the emergence of third party wallet systems there are also more points of failure introduced to Bitcoin users that do require trusted relationships.

3.5 Bitcoin Addresses

A full of understanding of the technical background to public/private key pairs and the creation of addresses requires relevant knowledge in the field of cryptography. Therefore the following subchapters will only focus on certain aspects of cryptography, as a full understanding is not relevant to this thesis.

Bitcoin is based on public-key cryptography, which is a class of cryptographic algorithms that are asymmetric in nature. This implies that two keys are utilized – one public verification key and one private signing key. Symmetric key algorithms use a single key that must be known to and kept secret by both the sender and the receiver of data. Naturally, this type of encryption cannot be securely utilized in a monetary transaction scenario. Asymmetric key algorithms allow for one publicly known key that encrypts data and can be distributed without risking access to the encrypted data by anyone. A private key is used to sign and decrypt data. Public key and private key are mathematically strictly related to each other, as the public key is derived from the private key. Elliptic Curve Cryptography (ECC) enables creation of a key pair in which calculating the public key from a known private key relatively easy but makes calculating the private key when a public key is known mathematically infeasible or exceedingly difficult.^[41]

Figure 19: Public-Private Key Schematic

Source: Bellare & Rogaway (2005), p.12-13

illustration not visible in this excerpt

Bellare & Rogaway (2005) distinguished between a public key (𝑝𝑘) and a secret key (𝑠𝑘). In a asymmetric setting, the sender encrypts a message with his private key (𝑃𝐾𝑅) and sends a ciphertext that to the receiver, who in turn uses his secret key (𝑆𝐾𝑅) to encrypt the message. The sender only has to know about the receiver’s private key in order to send an encrypted message that no third party can decrypt. In order to send a message, a sender adds a signature (𝜎), by signing it with his private key, to the message, which is verified or rejected by the receiver, based on a signing-verification algorithm. Addresses are derived from the public key.

Figure 20: Elliptic-Curve Public Key to BTC Address Conversion

illustration not visible in this excerpt

Source: Bitcoin Wiki. Technical Background of Version 1 Bitcoin Addresses, 29.05.2014

A Bitcoin address is a 160-bit hash that is derived from the 256-bit public part of the key pair. As such, an address is a hashed version of the public key.

𝑎 = 𝑓(𝑝𝑘)

It follows that the address is a one-way function of the public key which implies that an address can be derived from the public key but not vice versa. Addresses are 27-34 long alphanumeric characters that are used as identifiers between which BTC can be transferred. Addresses have to be input in a complete and case-sensitive manner in order to avoid being rejected.

[...]

---

^[1] c.p. Karame et al. (2012), p.1

^[2] GoldmanSachs (2014), p. 3

^[3] c.p. Barber et al. (2012), p.1

^[4] c.p. Henderson (2014), http://www.coindesk.com/bitcoin-solving-double-spending-problem/, 20.02.2014

^[5] c.p. Pohjanpalo (2014), http://www.bloomberg.com/news/2014-01-19/bitcoin-becomes-commodity-in-finlandafter-failing-currency-test.html, 19.03.2014

^[6] c.p. Tromp (2014), p.1-2

^[7] c.p. Bryans (2014), p.442-443

^[8] c.p. GoldmanSachs (2014), p.610

^[9] Gustafsson (2013)

^[10] c.p. Gustafsson (2013)

^[11] c.p. Bitcoin Wiki. Controlled supply, 10.10.2014

^[12] Coinbase (2014), http://blog.coinbase.com/post/89405189782/its-bits, 21.07.2014

^[13] c.p. European Central Bank (2012), p. 23

^[14] c.p. Harrigan (2014), http://www.coindesk.com/network-analysts-view-block-chain/, 20.05.2014

^[15] c.p. Decker & Wattenhofer (2013), p. 10

^[16] c.p. Bitcoin Wiki. Hash, 03.04.2014

^[17] c.p. N.N. http://www.xorbin.com/tools/sha256-hash-calculator (01.06.2014)

^[18] c.p. Buterin (2014a), http://bitcoinmagazine.com/14282/mining-2/, 07.07.2014

^[19] c.p. Sompolinsky & Zohar (2013), p.3

^[20] c.p. Pease et al. (1980)

^[21] c.p. Lamport et al. (1982)

^[22] c.p. Mayyasi (2013), http://blog.priceonomics.com/post/47135650437/are-bitcoins-the-future, 28.04.2014

^[23] c.p. Rosenfeld (2014), p.2

^[24] c.p. Bitcoin Wiki. Double-spending, 26.04.2014

^[25] c.p. Treanor et al. (2014), http://www.theguardian.com/business/2014/oct/20/bank-of-england-paymentsystem-crashes, 20.10.2014

^[26] c.p. Bellare & Rogaway (2005), p.7-15

^[27] c.p. Bos et al. (2013), p.5

^[28] c.p. Back (2002), p.3

^[29] c.p. Tromp (2014), p.1-2

^[30] c.p. Becker (2008), p.8-10

^[31] c.p. Sompolinsky & Zohar (2013), p.5

^[32] c.p. Decker & Wattenhofer (2013), p.3

^[33] c.p. Bitcoin Wiki. Genesis block, 08.04.2014

^[34] c.p. Bos et al. (2013), p.5

^[35] c.p. Decker & Wattenhofer (2013), p.2

^[36] c.p. Miers et al. (2013), p.3

^[37] c.p. Bitcoin Wiki. Block chain, 19.04.2014

^[38] c.p. N.N. (2014), http://www.economistinsights.com/technology-innovation/analysis/money-nomiddleman/tab/1, 14.10.2014

^[39] c.p. Bitcoin Wiki. Wallet, 27.04.2014

^[40] c.p. Goldfeder et al. (2014), p.1

^[41] c.p. Bellare & Rogaway (2005), p.211-214