Bitcoin

Blockchain
Under the Hood

by Galin Dinkov
https://www.linkedin.com/in/galindinkov/
Introduction
Motivation for Bitcoin Creation
● The initial idea was to create decentralized secure, open,
self-regulated digital money

● What was invented became something much bigger

What is
Blockchain?
The Blockchain is…
Data Structure
The Blockchain is…
Ledger

Date Description Credit Debit Balance

2/20/2011 Alice to Bob -$10 $90

2/20/2011 Bob from Alice +$10 $10

3/20/2011 Bob to Eve -$5 $5

The Blockchain is…
Distributed
The Blockchain is…
Immutable
The Blockchain is…
Secure
The Blockchain is…
Anonymous (Pseudo)
The Blockchain is…
Autonomous
The Blockchain is…
Public
Digital Money
I want to create digital money...
● Balances?

● Accounts?

● Transactions?

● Security?

● Immutability?

● Consensus?
How They Made It?
Where are the balances?
● No balances
● Only transactions
● No user accounts
● Transactions are made
of Inputs and Outputs
● Transactions are
chained
● Coinbase transaction
generates initial coins
● Balance = Sum(UTXOs)
How to verify the owner?
How to ensure the transactions order?

● Put transactions in Blocks

● Chain the blocks

● Order chronologically

● Immutability?

● Consensus?
How to reach consensus in the network?

● Mining
○ Only one version is accepted
○ Although forks exists
● Proof of Work
○ Hard computation
○ Такеs certain amount of time
○ Guarantees the immutability
How to deal with forks?
Going Deep...
Cryptography
Hash Function
● Maps any data to fixed bits data or number
● Deterministic
● One-Way
● Uniformly distributed
● Collisions
● Cryptographic hash functions
○ MD 2/4/5/6 - Message-Digest Algorithm
○ SHA 1/2/3 - Secure Hash Algorithms
○ RIPEMD - RACE Integrity Primitives
Evaluation Message Digest
○ BLAKE 1/2
Hash Usage
‘hello’
SHA-256: 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824
SHA-256d: 9595c9df90075148eb06860365df33584b75bff782a510c6cd4883a419833d50
RIPEMD-160: b6a9c8c230722b7c748331a8b450f05566dc7d0f

Used:
● For Addresses
● Block IDs
● Transaction IDs
● Verifications / Checksums
● In Merkle Trees
Public-Key Cryptography
● Symmetrical (one key)
● Asymmetrical (public and private key)
● Key exchange
● Usage:
○ Encryption
○ Digital signature
○ Authentication
● Math behind:
○ Integer factorization problem
○ Discrete logarithm problem
○ Elliptic curve discrete logarithm
problem
Diffie-Hellman Key Exchange

Example: https://git.io/v7S3A
RSA

Example: https://git.io/v5exi
 Elliptic curve cryptography (ECC)
ECC Domain Parameters:
p - prime field (modulo)
a,b - curve parameters
G - generator point
n - ord(G) (n x G = 0)
h - cofactor of n

Private Key (k) = Random Number < n - 1

Public Key (K) = k ∗ G

K = 1E99423A4ED27608A15A2616A2B0E9E52CED330AC530EDCC32C8FFC6A526AEDD * G

K = (x, y)
x = F028892BAD7ED57D2FB57BF33081D5CFCF6F9ED3D3D7F159C2E2FFF579DC341A
y = 07CF33DA18BD734C600B96A72BBC4749D5141C90EC8AC328AE52DDFE2E505BDB

Explanation:
https://youtu.be/dCvB-mhkT0w
https://youtu.be/F3zzNa42-tQ
Key Size Recommendations
Security Risks
● Pool cracking - https://lbc.cryptoguru.org
● Quantum computers
● NSA backdoors in ECC?
● Solution: post quantum cryptography
○ NTRUEncrypt - based on the shortest vector problem in a lattice

○ More: https://en.wikipedia.org/wiki/Post-quantum_cryptography
Merkel Tree
Merkle Tree
Keys &
Addresses
Bitcoin Address
Private Key (k) = Random Number < n - 1
Public Key (K) = k ∗ G

Version = 1 byte of 0 (zero); on the test network, this is 1 byte of 111

Key hash = Version concatenated with RIPEMD-160(SHA-256(Public Key))
Checksum = 1st 4 bytes of SHA-256(SHA-256(Key hash))
Bitcoin Address = Base58Encode(Key hash concatenated with Checksum)

14fxjE3qepjaYxiqs5WPtDx5y7vMQP81mW
Wallets
● Keep private keys

● Types

○ Nondeterministic (Random) Wallets - collection of random private keys

○ Deterministic (Seeded) Wallets - private keys are derived from a common seed

○ Brain Wallet - derived from a word or phrase which one can remember

○ Mnemonic Words - word sequence to represent seed of a deterministic wallet

○ Hierarchical Deterministic Wallets (HD Wallet) - tree structure where new keys can be

generated from any child branch (public key) without revealing the private key
P2P Network
P2P Network
Node Types

● Reference Client (Bitcoin Core) - Wallet, Miner, Full Blockchain, Network Routing

● Full Blockchain Node - Full Blockchain, Network Routing

● Solo Miner - Miner, Full Blockchain, Network Routing

● Lightweight (SPV) wallet - Wallet, Network Routing

● Pool Protocol Servers - Connect the Bitcoin Network to other protocol

● Pool Mining Nodes - Miner, other protocol

Network Discovery
● DNS Seed

○ Servers returning known nodes

○ Hard-coded in the Bitcoin Core client

● Specify IP of known node

 Protocol

● Connection

● Exchange addresses of peers

● Synchronize blocks and headers

● Relay transactions

● Heartbeat

https://en.bitcoin.it/wiki/Network
Messages
● version - Information about program version and block count. Exchanged when first connecting.
● verack - Sent in response to a version message to acknowledge that we are willing to connect.
● addr - List of one or more IP addresses and ports.
● inv - "I have these blocks/transactions: ..." Normally sent only when a new block or transaction is being relayed. This
is only a list, not the actual data.
● getdata - Request a single block or transaction by hash.
● getblocks - Request an inv of all blocks in a range.
● getheaders - Request a headers message containing all block headers in a range.
● tx - Send a transaction. This is sent only in response to a getdata request.
● block - Send a block. This is sent only in response to a getdata request.
● headers - Send up to 2,000 block headers. Non-generators can download the headers of blocks instead of entire
blocks.
● getaddr - Request an addr message containing a bunch of known-active peers (for bootstrapping).
● submitorder, checkorder, and reply - Used when performing an IP transaction.
● alert - Send a network alert.
● ping - Does nothing. Used to check that the connection is still online. A TCP error will occur if the connection has
died.
Blockchain
Block Structure

● Header is separated from the transactions

● Block size is limited (1 MB before SegWit)
● In SegWit < 4 MB = ~2 MB on average
Block Header

● Hash of the header is used as a block identifier

● hashPrevBlock links to the blockchain
● hashMerkleRoot guarantees transactions immutability
● Nonce is the solution of the hashcash puzzle
New Block Validation
● The block data structure is syntactically valid
● The block header hash is less than the target difficulty
(enforces the proof of work)
● The block timestamp is less than two hours in the future
(allowing for time errors)
● The block size is within acceptable limits
● The first transaction (and only the first) is a coinbase
generation transaction
● All transactions within the block are valid using the
transaction checklist
Block Types
● Blocks in the main branch - confirmed

● Blocks on side branches off the main branch - might

be confirmed but form shorter than the main chain

● Orphan blocks - blocks not linked to the main branch, due to

missing predecessor
Forks
Transactions
Transaction Lifecycle
Transaction Structure
Transaction Structure
Signature and Verification
Standard Transaction Scripts:

● Pay-to-Public-Key-Hash (P2PKH)

● Pay-to-Public-Key

● Multi-Signature

● Data Output

● Pay-to-Script-Hash (P2SH)

● P2WPKH

scriptPubKey: OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG

scriptSig: <sig> <pubKey>
 Unlock Script
Pay-to-PubkeyHash

scriptPubKey: OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG

scriptSig: <sig> <pubKey>

Bitcoin Script: https://en.bitcoin.it/wiki/Script

Mining
Miners...
● Collect transactions

● Validate transactions

● Create new blocks

● Invest power and electricity

● Get rewards in a form of bitcoins

● Guarantee the blockchain

consensus
Generation (Coinbase) Transaction
● Creates coins from nothing

● Used to award the miner

● Has no input (coinbase)

● Outputs the fee to the miner’s address

● #0 Block is the Genesis Block

The Times 03/Jan/2009 Chancellor on brink of second bailout for banks

Transaction Fees

Transaction Fees = Sum(Inputs) - Sum(Outputs)

● Initial reward 50 BTC

● Halving every 210,000 blocks
● Total halvings allowed is 64
● Will be reached in
● Total supply is 21 million
● Current award 12.5 BTC
● Next halving ~June 2020
● Mining ends in ~2140
Transaction Priority

Priority = Sum(ValueOfInput * InputAge) / TransactionSize

● Older coins have priority

● High Priority > 57,600,000

● First 50KiB in the block are reserved for high priority transactions

● High priority transaction can be included in a block even without any fees
References
● Bitcoin Wiki, https://en.bitcoin.it/wiki/

● Mastering Bitcoin, Andreas M. Antonopoulos, O’Reilly Media

● Bitcoin.ORG, https://bitcoin.org
Final

by Galin Dinkov
https://www.linkedin.com/in/galindinkov/