Key points about securing private keys and transactions in Bitcoin:
1. Private keys can be split and shared using secret sharing techniques to distribute trust and prevent single points of failure. This includes techniques like Shamir's secret sharing where keys are divided into shares requiring a threshold of shares to reconstruct.
2. Multi-signature addresses allow transactions to require signatures from multiple private keys, distributing control.
3. Threshold cryptography allows signatures to be produced in a distributed fashion without reconstructing private keys.
Bitcoin exchanges and businesses should implement proof of reserve and proof of liabilities techniques like signing challenge strings and Merkle trees to demonstrate backing of funds and customer accounts. Regulation aims to ensure transparency and prevent risks like
Key points about securing private keys and transactions in Bitcoin:
1. Private keys can be split and shared using secret sharing techniques to distribute trust and prevent single points of failure. This includes techniques like Shamir's secret sharing where keys are divided into shares requiring a threshold of shares to reconstruct.
2. Multi-signature addresses allow transactions to require signatures from multiple private keys, distributing control.
3. Threshold cryptography allows signatures to be produced in a distributed fashion without reconstructing private keys.
Bitcoin exchanges and businesses should implement proof of reserve and proof of liabilities techniques like signing challenge strings and Merkle trees to demonstrate backing of funds and customer accounts. Regulation aims to ensure transparency and prevent risks like
Key points about securing private keys and transactions in Bitcoin:
1. Private keys can be split and shared using secret sharing techniques to distribute trust and prevent single points of failure. This includes techniques like Shamir's secret sharing where keys are divided into shares requiring a threshold of shares to reconstruct.
2. Multi-signature addresses allow transactions to require signatures from multiple private keys, distributing control.
3. Threshold cryptography allows signatures to be produced in a distributed fashion without reconstructing private keys.
Bitcoin exchanges and businesses should implement proof of reserve and proof of liabilities techniques like signing challenge strings and Merkle trees to demonstrate backing of funds and customer accounts. Regulation aims to ensure transparency and prevent risks like
• Different ways of storing the private keys in a single place were discussed – Problem: Single point of failure – Solution: split and share keys to have more security. • Secret Sharing – Split and Share the keys – split the key in N pieces such that, • given any K of those pieces, possible to reconstruct the key. • given fewer than K pieces, impossible to know anything about the original key. – Example: N=2, K=2 • Step:1 – Choose the following – large prime number P – S is the secret and has to be in the range [0,P-1] – R a random value, which is also in the range [0,P-1] • Step:2 – Split the secret S as shown below – X1 = (S+R) mod P – X2= (S+2R) mod P • Step:3 – Reconstruct S If both X1 and X2 are known: – (2X1 - X2) mod P = (2S+2R-S-2R) mod P = S mod P = S • How to increase N, with K=2 – Take a 2D plane with X and Y axis – choose a random value R – draw a line with slope R and passing through the point (0,S) – Shares will be the points on the line (1, S+R), (2, S+2R), (3, S+3R), ... – Clearly it is possible to choose as many shares as wanted, since there's an infinite number of points on the line – Given any two points on a line, it is possible to retrieve its equations using the interpolation, so K=2. – Given just one point, it's impossible to retrieve any information about the line – If we do this operation using the Representing a secret via a series of points on a arithmetic modulo a large prime P, random polynomial curve of degree K-1 allows all we have said is still applicable. the secret to be reconstructed if, and only if, at least K of the points (“shares”) are available • How to increase K? – To increase K, use functions that require more than two points to be defined • Ex: For K=3, use a Quadratic function Y = R2 X2 + R1 X + S which requires two random parameters R1 and R2 • Ex: K=4, use a Cubic function (increase a polynomial degree) • Advantages of secret sharing – Adversary • needs to retrieve K shares in order to get back the secret key • needs to break the security of different places K times • Disadvantages of secret sharing – To sign a transaction, we need to reconstruct the key bringing the shares together – If an attack happens at that time, it is easy get the secret key Using Threshold cryptography • Produce Bitcoin signatures in a decentralized fashion using the shares of the key(Split) without ever reconstructing the private key on any single device • Steps – split its key material between your desktop and your phone – initiate a payment on your desktop, which would create a partial signature and send it to your phone – Your phone would then alert you with the payment details — recipient, amount, etc. — and request your confirmation – your phone would complete the signature using its share of the private key and broadcast the transaction to the block chain – If a malware in your desktop • It tried to steal your bitcoins, it might initiate a transaction that sent the funds to the hacker’s address, but then you’d get an alert on your phone for a transaction you didn’t authorize Using Multi-signature • Instead of taking a single key and splitting it, Bitcoin script directly allows you to stipulate that control over an address be split between different keys. These keys can then be stored in different locations and the signatures produced separately. • The completed, signed transaction will be constructed on some device – Example: Andrew, Arvind, Ed, and Joseph are cofounders of a company which owns a lot of Bitcoins. To protect their storage they can decide to use a multi-signature 3 out of 4 for their transaction. Each of the four of them will generate a key pair and sign the signature separately. In 3-out-of-4 multi-sign three of them must sign to create a valid transaction. • Advantages – Four key are kept separately and with a different security. So that it is quite difficult for an attacker to retrieve 3 of them – if one or two employees go rogue, they're still not able to take ownership of the money. The majority is necessary to manage it – If one loses the key it is still possible to manage the cold storage and transfer the money to a new place. Threshold Cryptography vs Multi- Signatures • Threshold signatures are a cryptographic technique to take a single key, split it into shares, store them separately, and sign transactions without reconstructing the key. • Multi-signatures are a feature of Bitcoin script by which you can specify that control of an address is split between multiple independent keys. While there are some differences between them, they both increase security by avoiding single points of failure. Online Wallets – Wallet on the Cloud • An online wallet is a kind of local wallet that you might manage yourself, – Except the information is stored in the cloud, and – You access it using a web interface on your computer or – Using an app on your smartphone • site sends code • site stores keys • you log in to access wallet – E.g. Coinbase and blockchain.info. • Pros: – convenient – nothing to install – works on multiple devices • Cons: – Security worries – What if site malicious? – What if site compromised? Bitcoin Exchanges • Typical traditional bank service – Open your account – Deposited the fiat currency, the bank promises to give it back later – Bank take some amount and invest it. – Keep a fraction of it to meet out the usual/unusual day’s demands – fractional reserve. • Bitcoin exchange service – Open your account. – Deposit the fiat currency and bitcoin, the bank promises to give it either or both form – You do credit or debit both bitcoin and fiat currency, buy or sell bitocins using fiat currency • If you want to buy 2 BTC, the exchange identifies a person who is willing to sell 2 BTC and connect him to you. • If my account holds 5000 dollars and 3 bitcoins and I use the exchange, I put an order to buy 2 bitcoins for 580 dollars each, and the exchange finds someone who is willing to take the other side of that transaction and the transaction happens. Now I have 5 bitcoins in my account instead of three, and 3840 dollars instead of 5000 Bitcoin Exchanges • Pros – Exchanges help to connect the Bitcoin economy and the flows of bitcoins with the fiat currency economy • Cons: Three types of risks – Bank Run: A run is what happens when a bunch of people show up all at once and want their money back. – Greedy behavior - Ponzi scheme: someone gets people to give them money in exchange for profits in the future, but then actually takes their money and uses it to pay out the profits to people who bought previously – Inside/outside attackers: someone — perhaps even an employee of the exchange — will manage to penetrate the security of the exchange to key information that controls large amounts of bitcoins • A study in 2013 found that 18 of 40 Bitcoin exchanges had ended up closing due to some failure or some inability to pay out the money that the exchange had promised to pay out. – Failure rate is nearly 45% where the banks do not have that much failure rate due to regulations How Bitcoin exchanges or other Bitcoin business should be regulated? • Proof of reserve (by signing a challenge string ) – Proof of Reserve is made of two pieces: • prove how much reserve it's holding. • prove how many demand deposits the group holds. – Aims to prove that the exchanges has sufficient amount of bitcoin reserve and the valid customers are participated in the proof of reserve. • How much reserve you’re holding? – simply publishes a valid payment-to-self transaction of the claimed reserve amount • How to prove these transactions are legitimate? – sign a challenge string - a random string of bits generated by some impartial party — with the same private key that was used to sign the payment-to-self transaction • Proof of liabilities (by Merkle tree) – How many demand deposits you hold? • If you can prove your reserves and your demand deposits then anyone can simply divide those two numbers and that's what your fractional reserve is • Construction • Leaf nodes are all the customers' accounts and their individual deposit • Root of the Merkle tree will correspond to the total deposit amount • The exchange can sign the root of the tree, making a claim that it's valid. • Verification • Now each customer can ask to see that they are included in the tree. • The exchange can show the path to the customer account and the customer can check that the hash pointers are consistent all the way down and that starting with its deposit the amount add up to the total. • If everybody does it, then every branch of the tree is explored and verified. How Bitcoin exchanges or other Bitcoin business should be regulated? • Proof of liabilities – The exchange publishes the root of a Merkle tree that contains all users at the leaves, including deposit amounts. – Any user can request a proof of inclusion in the tree, and verify that the deposit sums are propagated correctly to the root of the tree. • Proof of Inclusion – The root hash pointer and root value are the same as what the exchange signed and published. – The hash pointers are consistent all the way down, that is, each hash value is indeed the cryptographic hash of the node it points to. – The leaf contains the correct user account info (say, username/user ID, and deposit amount). – Each value is the sum of the values of the two values beneath it. – Neither of the values is a negative number. • Drawback of these: leak lot of private information • Solution: Proof of Solvency Payment services • How a merchant accepts payments in bitcoins in a practical way? – Challenges • New technology may affect their business • Additional cost incurred to include the bitcoin in their business • Security risks • Exchange rate risks – Solution • Payment services exist to allow both the customer and the merchant to get what they want, bridging the gap between these different desires. – The merchant goes to payment service website and fills out a form describing the item, price, and presentation of the payment widget, and so on. – The payment service generates HTML code that the merchant can drop into their website. – When the customer clicks the payment button, various things happen in the background and eventually the merchant gets a confirmation saying, “a payment was made by customer ID [customer-id] for item [item-id] in amount [value].” Payment service Payment process involving user, merchant and payment service Payment service • When a customer chooses to pay with Bitcoin using the new button: – the merchant delivers a page that contains the "Pay with Bitcoin" button. The button will contain a transaction ID, an identifier meaningful to the merchant in its own accounting system, along with an amount to be paid. – The information that the button has been clicked will be sent to the payment service, along with the transaction id, the amount and merchant's identity. – The payments service knows that the customer wants to pay with Bitcoins, so will start an interaction with the user to give information about how to pay. – When the user confirms the payment, there will be a redirect that goes back to user's browser. This will also send a message to the merchant, saying that for the payment service everything is ok until then. – Later, the payment service will directly send a confirmation to the merchant, when it's fully confirmed by the blockchain. – The merchant can now send the product to the customer. • Transaction fee – Transaction fee = value of inputs - value of outputs – fee goes to miner who records the transaction – Costs resources for • peers to relay your transaction • miner to record your transaction – Transaction fee compensates for (some of) these costs – Generally, higher fee means transaction will be forwarded and recorded faster. • Current default-transaction fee – No fee is charged if a transaction meets all of these three conditions • The transaction is less than 1000 bytes in size, • All outputs are 0.01 BTC or larger • Priority is large enough where Priority is defined as: (sum of input age * input value) / (transaction size) – Otherwise • Transaction fee is 0.0001 BTC per 1000 bytes • The approximate size of a transaction is – 148 bytes for each input plus, 34 bytes for each output and 10 bytes for other information. – So a transaction with two inputs and two outputs would be about 400 bytes • Most miners enforce the consensus fee structure. • If you don’t pay the consensus fee, your transaction will take longer to be recorded. • Miners prioritize transactions based on fees and the priority formula. • Currency Exchange Markets – Currency exchanges trade bitcoins against fiat currency like dollars and euros. • Basic market dynamics – market matches buyer and seller – large, liquid market reaches a consensus price – price set by supply (of BTC) and demand (for BTC) • Supply of Bitcoin – supply = coins in circulation (+ demand deposits?) – coins in circulation: fixed number, currently ~13.1 million – When to include demand deposits? • When they can actually be sold in the market. • Demand of Bitcoin – BTC demanded to mediate fiat-currency transactions • Alice buys BTC for $ • Alice sends BTC to Bob • Bob sells BTC for $ – BTC demanded as an investment • if the market thinks demand will go up in future Simple model of transaction-demand
T = total transaction value mediated via BTC ($ / sec)
D = duration that BTC is needed by a transaction (sec) S = supply of BTC (not including BTC held as long-term investments)
S D Bitcoins become available per second Equilibrium: