Professional Documents
Culture Documents
RESEARCH TOPIC
SECURITY AND PRIVACY IN CRYPTOCURRENCIES A CASE
STUDY OF BITCOINS AND ITS USERS.
BY
SIMBARASHE RAYMOND MUDUKUTI
(M133283)
SUPERVISOR: MR. C. KWENDA
Year 2017
Permission is hereby granted to Great Zimbabwe University library to produce single copies of
this project and lend or sell such copies to students for private, scholarly or scientific research
purposes only.
Signed …………………………………………
Date ……………………………………………
i
APPROVAL FORM
This is to certify that this research project entitled, “Security and Privacy in Cryptocurrencies
a Case Study of Bitcoins and its Users. Case of fourth year students under the faculty of
commerce at Great Zimbabwe University”, has been carefully supervised, read through,
assessed and approved as having met the necessary requirements for the award of the Bachelor of
Commerce Honors Degree in Information Systems at Great Zimbabwe University.
…………………………………………. ……......................................................
………………………………………….. ………………………………………...
………………………………………… ………………………………………..
ii
DECLARATION
I, hereby declare that this report has been solely done by me under the supervision of Mr. C
Kwenda. It has been submitted in partial fulfilment of the Bachelor of Commerce Honors Degree
in Information System to Great Zimbabwe University. The project has not been submitted before
any degree or examination to any other university. All texts consulted and other source materials
used in this work have been duly acknowledged on the references.
In my capacity as supervisor of the candidate’s research project, I certify that the above statements
are true to the best of my knowledge.
Mr. C. Kwenda
iii
DEDICATION
I dedicate this research project to my family and friends for their support and encouragement
during my research and for the inspiration that they gave me during the course of this research
project. This research project is also dedicated to the local authorities in Zimbabwe to show them
that their researches can make a difference on a global scale.
iv
ABSTRACT
Bitcoins are becoming the next big thing and with so much attention it has been getting of
late, it deserves to honors to be research and besides that, the currency is proving to be highly
profitable.
1
Contents
APPROVAL FORM ........................................................................................................................ ii
DECLARATION ............................................................................................................................ iii
DEDICATION................................................................................................................................ iv
ABSTRACT ..................................................................................................................................... 1
CHAPTER 1 ........................................................................................................................................ 6
1.0 INTRODUCTION ....................................................................................................................... 6
1.0.1 What Is Bitcoin? ................................................................................................................ 6
1.0.2 What is e-commerce? ....................................................................................................... 7
1.1 BACKGROUND OF THE STUDY .................................................................................................. 8
1.2 PROBLEM STATEMENT ........................................................................................................... 10
1.3 RESEARCH QUESTIONS ........................................................................................................... 12
1.4 RESEARCH OBJECTIVES........................................................................................................... 13
1.5 STATEMENT OF HYPOTHESIS. ................................................................................................. 13
1.6 JUSTIFICATION OF THE RESEARCH .......................................................................................... 13
1.7ASSUMPTIONS. ....................................................................................................................... 14
1.7 DELIMITATIONS OF THE STUDY. ............................................................................................. 15
1.8 LIMITATIONS OF THE STUDY. ................................................................................................. 15
1.8.1Confidentiality ................................................................................................................. 15
Time ........................................................................................................................................ 15
Resources ................................................................................................................................ 16
ORGANISATION OF THE STUDY. ............................................................................................... 16
TIMEFRAME. ............................................................................................................................ 16
1.9.7 SUMMARY ...................................................................................................................... 18
CHAPTER 2 ...................................................................................................................................... 19
2.0 LITERATURE REVIEW .............................................................................................................. 19
2.0.1 INTRODUCTION ............................................................................................................... 19
2.0.2 CONCEPTUAL LITERATURE............................................................................................... 19
2.0.3 BITCOINS VS THREATS ..................................................................................................... 20
2.0.4 ADVANTAGES AND DISADVANTAGES OF BITCOINS .......................................................... 21
2.1 ALGORITHMS USED IN BITCOINS ............................................................................................ 25
2.1.1 BITCOIN TRANSACTIONS ................................................................................................. 25
2.1.2 What is Bitcoin Mining? .................................................................................................. 28
2.1.4 SHA-256(Secure Hash Algorithm 256) .............................................................................. 30
2.2 BITCOIN ADDRESSES .............................................................................................................. 31
2
2.2.1 DETAILED EXPLANATION ................................................................................................. 31
2.2.2 COLLISIONS (LACK THEREOF) ........................................................................................... 32
2.3 HOW TO CREATE BITCOIN ADDRESS (Detailed)....................................................................... 33
2.3.1 STRENGTHS ..................................................................................................................... 35
2.3.2 WEAKNESSES .................................................................................................................. 37
2.4 IMPERICAL LITERATURE ......................................................................................................... 38
2.5 Double spending .................................................................................................................... 39
2.6 SUMMARY ............................................................................................................................. 41
CHAPTER 3 ...................................................................................................................................... 42
RESEARCH METHODOLOGY ......................................................................................................... 42
3.0 Introduction ........................................................................................................................... 42
3.1 Research Design..................................................................................................................... 42
3.1.1 Response errors. ............................................................................................................. 42
3.1.2 Qualitative approach ....................................................................................................... 43
3.1.3 Quantitative approach .................................................................................................... 43
3.1.4 Regression analysis ......................................................................................................... 44
3.1.5 Mixed research methodology .......................................................................................... 44
3.1.6 User Study Methodology ................................................................................................. 45
3.1.7 Reliability and Validity ..................................................................................................... 45
3.2 Data collection procedures .................................................................................................... 46
3.2.1 Online Survey .................................................................................................................. 46
3.2.2 Primary data ................................................................................................................... 46
3.2.3 Secondary data ............................................................................................................... 46
3.3 Data presentation and analysis .............................................................................................. 48
3.4 Population and sampling methods ......................................................................................... 49
3.4.1 Target population............................................................................................................ 49
3.4.2 Sampling ......................................................................................................................... 49
3.4.3 Sampling techniques ....................................................................................................... 50
3.4.4 Sample group and size .................................................................................................... 51
3.5 Research instruments ............................................................................................................ 51
3.5.1 Questionnaires................................................................................................................ 51
3.5.2 Interviews ....................................................................................................................... 54
3.6 Methods of Data Presentation ............................................................................................... 55
3.6.1 Tabular Presentation ....................................................................................................... 55
3.6.2 Graphical Presentation .................................................................................................... 56
3
3.6.3 Pie Charts........................................................................................................................ 56
3.6.3 Advantages ..................................................................................................................... 56
3.7 Data Analysis ......................................................................................................................... 56
3.7.1 Problems encountered with data gathering..................................................................... 57
3.7.2 Solutions encountered with data gathering ..................................................................... 57
3.8 Conclusion ............................................................................................................................. 57
CHAPTER 4 ...................................................................................................................................... 58
DATA PRESENTATION, ANALYSIS AND INTERPRETATION .............................................................. 58
4.0 Introduction ........................................................................................................................... 58
4.1 Presentation of results ........................................................................................................... 58
4.1.1 Questionnaire Response Rate ......................................................................................... 58
4.1.2 Interview Response Rate ................................................................................................. 59
4.1.3 Demographic data ........................................................................................................... 60
4.1.4 Countries of participants ................................................................................................. 62
4.1.5 Academic qualifications................................................................................................... 64
4.1.6 Experience in using Bitcoins ............................................................................................ 65
4.1.7 General Bitcoin Usage ..................................................................................................... 66
4.1.8 Practices of Bitcoin Management .................................................................................... 67
4.2 Conclusion ............................................................................................................................. 71
CHAPTER 5 ...................................................................................................................................... 72
RECOMMENDATIONS AND CONCLUSION..................................................................................... 72
5.0 Introduction ........................................................................................................................... 72
5.1 Summary of the findings ........................................................................................................ 72
5.1.1 Research question 2: How do participants manage their Bitcoins and what are
participants’ current practices and how do they deal with security, privacy and anonymity? ... 72
5.1.2 Research question 4: What security breaches have affected users and how did they
recover their ............................................................................................................................ 73
Bitcoin keys and bitcoins .......................................................................................................... 73
5.1.3 Research question 5: What are the main usability challenges that users have to deal with
when using Bitcoin? ................................................................................................................. 73
5.1.4 Research question 1: What are the main usage scenarios of Bitcoin? .............................. 73
5.2 Significances of findings ......................................................................................................... 74
5.3 Conclusion ............................................................................................................................. 74
5.4 Recommendations ................................................................................................................. 75
5.4.1 Recommendations from the research findings ................................................................ 75
5.4.2 Recommendations for further work ................................................................................ 75
4
REFERENCES .................................................................................................................................... 77
QUESTIONNAIRE.......................................................................................................................... 81
5
CHAPTER 1
1.0 INTRODUCTION
Villasenor, J., Monk, C., & Bronk, C. (2011) “In today’s world, the increased connectivity
provided by the Internet has changed the nature of financial transactions. With recent
developments in social media, peer-to-peer software, and smartphone technology, we have
seen the definition of money extend beyond the traditional, physical tender of government-
backed currencies to include mobile payments, digital currencies, and virtual goods.” Joining
this revolution of payment technologies is Bitcoin. Brito J., & Castillo, A. (2013) “the world’s
first completely decentralized digital currency”, created by an unidentified programmer named
Satoshi Nakamoto in 2008.
Bitcoins can be purchased, sold, and exchanged for other currencies at specialized currency
exchanges. Bitcoin in a sense is the perfect form of money for the Internet because it is fast,
cheap, and borderless. Unlike traditional currencies, bitcoins are entirely virtual. There are no
physical coins or even digital coins per se. The coins are implied in transactions that transfer
value from sender to recipient. Users of bitcoin own keys that allow them to prove ownership
of transactions in the bitcoin network, unlocking the value to spend it and transfer it to a new
recipient. Those keys are often stored in a digital wallet on each user’s computer. Possession
of the key that unlocks a transaction is the only prerequisite to spending bitcoins, putting the
control entirely in the hands of each user. Bitcoin is a distributed, peer-to-peer system. As such
there is no “central” server or point of control, because of this peer to peer network, it makes
transactions cheap than if a central node or authority like a bank was involved. Bitcoins are
6
used for E-commerce as we have noted from above, which makes them important for study
and scrutiny.
Bitcoins are created through a process called “mining,” which involves competing to find
solutions to a mathematical problem while processing bitcoin transactions. Any participant in
the bitcoin network (i.e., anyone using a device running the full bitcoin protocol stack) may
operate as a miner, using their computer’s processing power to verify and record transactions.
Every 10 minutes on average, someone is able 1 to validate the transactions of the past 10
minutes and is rewarded with brand new bitcoins. Essentially, bitcoin mining decentralizes the
currency-issuance and clearing functions of a central bank and replaces the need for any central
bank with this global competition.
The bitcoin protocol includes built-in algorithms that regulate the mining function across the
network. The difficulty of the processing task that miners must perform—to successfully record
a block of transactions for the bitcoin network—is adjusted dynamically so that, on average,
someone succeeds every 10 minutes regardless of how many miners (and CPUs) are working
on the task at any moment. The protocol also halves the rate at which new bitcoins are created
every four years, and limits the total number of bitcoins that will be created to a fixed total of
21 million coins. The result is the number of bitcoins in circulation closely follows an easily
predictable curve that reaches 21 million by the year 2140. Due to bitcoin’s diminishing rate
of issuance, over the long term, the bitcoin currency is deflationary. Furthermore, bitcoin
cannot be inflated by “printing” new money above and beyond the expected issuance rate.
7
Behind the scenes, bitcoin is also the name of the protocol, a network, and a distributed
computing innovation. The bitcoin currency is really only the first application of this invention.
As a developer, I see bitcoin as akin to the Internet of money, a network for propagating value
and securing the ownership of digital assets via distributed computation. There’s a lot more to
bitcoin than first meets the eye. In this chapter we’ll get started by explaining some of the main
concepts and terms, getting the necessary software, and using bitcoin for simple transactions.
In following chapters we’ll start unwrapping the layers of technology that make bitcoin
possible and examine the inner workings of the bitcoin network and protocol.
Explaining Bitcoins to a normal person on a normal day I would say it is a currency used to
transact anonymously that you buy using a wallet which helps you manage access to your
bitcoins, however, the access to your bitcoins needs to be secured so that they are not stolen or
unusable and that when transacting in bitcoins you need not to make mistakes, there is no room
for carelessness because transactions are not reversible. This chapter is under the following
subheadings:
8
In fig. 1 above, it shows when bitcoins were first introduced and show the rise in usage and the
probable forecast. If you can see clearly in fig. 1, the bitcoins will end at 21 million bitcoins.
This was what Satoshi Nakamoto the brains behind the bitcoin theory into practical transition
made them have a limit so as not to flood the market with too many bitcoins which may end
up making their price cheaper. Where there is money, fraud and theft is inevitable and in
bitcoins an added advantage to thieves is that there is anonymity involved, meaning if you
transfer someone’s coins to your account, there is no proof that you ever did it unless the person
knows your address.
There is also a perception among e-commerce users that bitcoins are a fraud scheme so they
end up not knowing what they really are and if they hear of such loopholes such as the one
identified above, the will end up not trusting the bitcoin currency and may not even use it or
may use it for smaller transactions.
Of recent, there has been an increase in hacking in the bitcoin network and wallets. This has
led to some bitcoin companies even closing.
Bitcoin Risk Analysis by Mariam Kiran (2011). In this paper, she, Mariam was looking at the
worst case scenarios that could come as a result of using Bitcoins. She was conducting an in-
depth analysis of what-if scenarios. Her conclusion was that Bitcoins were not worth taking
the risks that people were making since she believed that Bitcoins was a prototype of electronic
money.
9
Bitcoin in Islamic Banking and Finance by Charles W. Evans (2013). In his research, he was
focusing on Bitcoin or a similar system that it might be a more appropriate medium of exchange
in Islamic Banking and Finance. This paper analyses the relationship between a distributed,
autonomous block chain management systems. (BMS) like Bitcoin—also referred to as a
'virtual currency'—and Islamic Banking and Finance (IBF). It shows that a BMS can conform
to the prohibition of riba (usury)—as Bitcoin does—and incorporate the principles of maslaha
(social benefits of positive externalities) and mutual risk-sharing (as opposed to risk-shifting).
With regard to maslaha, the worlds unbanked number in the billions and represent the majority
of the world's adults.
Bitcoin: Examining the Benefits and Risks for Small Business U. S. House Committee on
Small Business April 2, 2014 L. Michael Couvillion (2014). In this paper, he was looking at
the effects and benefits of Bitcoins on small business and giving predictions of how Bitcoins
might shape the future. He, Michael was looking at financial benefits and disadvantages.
To relate bitcoins to our country, Zimbabwe, we can see that currently as of when this paper is
being written, (October 2016 - May 2017), Zimbabwe is facing a serious problem in term of
cash, the society is used to transacting in real cash that is paper or notes, they are not used to
transacting in virtual cash because they still have a perception that its associated with many
risks and that it may fail just like the economic meltdown that happened in 2008.
If people in Zimbabwe are to be educated about bitcoins and they see what it has to offer, we
will be well off using such a currency which is not regulated by any central authority since the
central authority is bound to fail us. As we speak right now, bitcoins do not have a central
regulating authority, though my future predictions see it being regulated by greedy socialists
who would want to have authority on one of the world rising currencies. Because bitcoins do
not have a centralised authority, it means that if the economy of a certain country meltdown, it
will not crash a good example is in 2008 when USA was hit by the financial crisis which spend
globally because of the spill over effect of USA being more like a centralised monitor of world
currency, the currency being the US dollar.
In Zimbabwe bitcoin usage is still in its infantry stage, its impact is not yet clearly understood
by many business people in Zimbabwe. Just a few people have gotten the grip of how it slightly
10
works. If people do not understand a concept, they tend to bad mouth it, which is the case to
those who do not fully understand bitcoins.
Understanding how bitcoins works will help gain trust in possible currency users and this
would lead to more people using this currency which we can depend on as a circulating
currency.
Matonis, J. (1995, April) “Additionally, it would be highly desirable for digital cash to be
widely accepted and to exist in a user-friendly form.” This shows that digital currency has to
be secure so as to be accepted by the normal day business people, but this had not been fully
the case in terms of bitcoins because in June 12, 2013 bitcoin got hacked and USD$375 000
worth of Bitcoins were lost and no coins were ever recovered. This lead to people losing their
trust in bitcoins. Theft of bitcoin has been documented on numerous occasions. At other times,
bitcoin exchanges have shut down, taking their clients' bitcoins with them. Meni Rosenfeld
(2011). “A Wired study published April 2013 showed that 45 percent of bitcoin exchanges end
up closing.”
On 19 June 2011, a security breach of the Mt. Gox bitcoin exchange caused the nominal price
of a bitcoin to fraudulently drop to one cent on the Mt. Gox exchange, after a hacker used
credentials from a Mt. Gox auditor's compromised computer illegally to transfer a large number
of bitcoins to himself. They used the exchange's software to sell them all nominally, creating a
massive "ask" order at any price. Within minutes, the price reverted to its correct user-traded
value. Accounts with the equivalent of more than US$8,750,000 were affected.
In July 2011, the operator of Bitomat, the third-largest bitcoin exchange, announced that he
had lost access to his wallet.dat file with about 17,000 bitcoins (roughly equivalent to
US$220,000 at that time). He announced that he would sell the service for the missing amount,
aiming to use funds from the sale to refund his customers.
In August 2011, MyBitcoin, a now defunct bitcoin transaction processor, declared that it was
hacked, which caused it to be shut down, paying 49% on customer deposits, leaving more than
78,000 bitcoins (equivalent to roughly US$800,000 at that time) unaccounted for.
In early August 2012, a lawsuit was filed in San Francisco court against Bitcoinica — a bitcoin
trading venue — claiming about US$460,000 from the company. Bitcoinica was hacked twice
in 2012, which led to allegations that the venue neglected the safety of customers' money and
cheated them out of withdrawal requests.
11
In late August 2012, an operation titled Bitcoin Savings and Trust was shut down by the owner,
leaving around US$5.6 million in bitcoin-based debts; this led to allegations that the operation
was a Ponzi scheme. In September 2012, the U.S. Securities and Exchange Commission had
reportedly started an investigation on the case.
In September 2012, Bitfloor, a bitcoin exchange, also reported being hacked, with 24,000
bitcoins (worth about US$250,000) stolen. As a result, Bitfloor suspended operations. The
same month, Bitfloor resumed operations; its founder said that he reported the theft to FBI, and
that he plans to repay the victims, though the time frame for repayment is unclear.
On 3 April 2013, Instawallet, a web-based wallet provider, was hacked, resulting in the theft
of over 35,000 bitcoins which were valued at US$129.90 per bitcoin at the time, or nearly $4.6
million in total. As a result, Instawallet suspended operations.
On 11 August 2013, the Bitcoin Foundation announced that a bug in a pseudorandom number
generator within the Android operating system had been exploited to steal from wallets
generated by Android apps; fixes were provided 13 August 2013.
March 2013 Bitcoin reached USD $1 billion in worth of bitcoins transacting, risk of losing
bitcoins again is countered by the introduction of complex key management technics leading
to low leverage.
Here are some of the risk associated with bitcoins. A risky situation is one which presents
potential exposure to danger, and the level of risk can be thought of as a measure of the assets
that would be affected as a result of a particular threat being realized through the system under
analysis. Various research teams and businesses have used risk analysis to manage and evaluate
their systems, allowing system security to be brought up to acceptable levels.
With respect to crypto currencies, the paper argues that these can’t undermine the ability of
central banks to conduct monetary policy. They do, however, raise consumer protection and
bank secrecy issues. In other words, Bitcoins provide the much needed customer protection,
confidentiality and secrecy issues because we do not transact knowing each other’s name or
personal credentials, but rather by knowing your wallet address of the transaction involved
which is a once off address. The anonymity features of the crypto-currencies also facilitate tax
evasion and money laundering, both of which are major public policy concerns. The technology
13
associated with crypto-currencies, on the other hand, could ultimately shift the entire basis of
trust involved in any financial transaction.
Former USA Federal Reserve chairman Ben Bernanke "But I think bitcoin itself has some
serious problems. The first is that it hasn’t shown to be a stable source of value. Its price has
been highly volatile and it hasn’t yet established itself as a widely accepted transactions
medium."The valuation of Bitcoins and price volatility issues are discussed, as well as
electronic theft, contract failures, etc., all of which could result in large losses to users and
hence ultimate costs to the users thereby reducing leverage and usage in E-commerce. These
security concerns like hacking make Bitcoins usage a gamble rather than a means of payment.
If addressed adequately, trust can be gained and if trust is gained, there is more leverage and
usage.
Bitcoins are relatively cheap, if not the cheapest, as compared to other buying methods that are
currently being used as of when this research was done. Bitcoin is an innovation that creates
the ability to carry out transactions without the need for a trusted third party; i.e. a move
towards trust-less transactions. This mechanism could work to eliminate the role of many
intermediaries, thereby reducing transactions costs by introducing much needed competition to
incumbent firms.
Speaking to Quartz, Bernanke offered muted praise and said that bitcoin is "interesting from a
technological point of view", pointing to wider developments in the emerging payments space.
From my own point of view, Bitcoin is going to be the next main E-commerce buying currency
and for people to be able to use it, they must understand it so as to have confidence to use it
that is trusting the currency. People usually do not feel secure if they know that there are
security issues involved in the currency they use, this will lead them to using alternative paying
methods like Pay Pal and MasterCard.
1.7ASSUMPTIONS.
This research on Bitcoins is based on the following assumptions:
14
There will be a 100% expectancy on filing in questionnaires with complete, accurate,
and consistent data regarding to the research topic.
The respondents of the questionnaires are eligible and very knowledgeable in the
Bitcoin industry, thus the attained information will be reliable.
The organisations visited are those involved with Bitcoins on their day-to-day
operations leading to relevant data obtained.
The respondents are fully committed and willing to participate in the research by
providing accurate and update information.
2. The study will focus on making Bitcoins a better currency in terms of security and
usability.
1.8.1Confidentiality
The businesses’ stakeholders may regard data required as confidential to the organisation and
so may be unwilling to cooperate fully. To counter this, the researcher will not use personal
details from findings to assure respondents of confidentiality. In some cases, pseudo names
will be used
Time
Due to possible delays in submissions of questionnaires the researcher will administer this
personally and ensure a 100% return of questionnaires. There is not enough time to carry out
this research.
15
Resources
Another limitation to this research is Limited resources. There is lack of adequate funds to
carry out the research. The researcher needs funds to purchases stationery, software, and
transport costs. This will hinder the progress of the research thereby leading to the poor
collection, presentation, and analysis of data.
1.7.1 Location
The location of the researcher is another limitation to the research. Organisations in the world
are used as case companies and the researcher is located in Mashava. This will affect the
research since a lot of time will be wasted trying to connect online to collect the required data
to do the research.
Chapter 3 is the research methodology; an overview of the research strategy and methods is
given. This defines how the research will be carried out, that is, activities and procedures to be
undertaken during the course of the research will be specified. Research instruments that are
going to be used for data collection will also be discussed in this chapter.
Chapter 4 is data presentation, analysis and interpretation. It summarizes and analyses the
research’s data. It will give the researcher a chance to form his own inferences from the
collected data.
Chapter 5 covers three sections which are; summary where the whole project and major
findings of the research are highlighted, the conclusion arrived at based on the findings, and
the relevant recommendations are provided.
TIMEFRAME.
The following is the proposed timeline to carry out the research (Oct 2016-May 201
16
ACTIVITY Oct Nov Dec Jan Feb Mar Apr May
Problem
Identification
Reviewing
Literature
Devising
Objectives,
Questions,
Prepositions
Designing
Research
Writing
Research
Proposal
Submission
of Research
Proposal
Further
Literature
Review
Designing
and Pilot
Testing
Questionnaire
Documents
Review
Conducting
Interviews
and Focus
17
ACTIVITY Oct Nov Dec Jan Feb Mar Apr May
Group
Discussions
Data
Analysis
Submission
of Draft
Research
Revision of
Draft
Research
Final
Submission
Figure 1
1.9.7 SUMMARY
This chapter introduced the research to be carried out. A background to the study was done and
it looked at the current status of Bitcoins and associated problems basing on the findings from
previous researches and journals. The research questions and the objectives of the research
were specified. The justification of the research provided an insight on the benefits of carrying
out a research on Bitcoins. The potential applications of the research findings was also outlined
in the research justification, however, this will be discussed in detail in chapter 5. Delimitations
of the research were discussed. This chapter also looked at the limitations of the research. The
organisation of the study gives an outline of how the entire project is going to be carried out.
The proposed timeframe to carry out the research was also outlined. The next chapter will be a
review of the related literature to the study. The literature review will include a theoretical
literature review, conceptual framework and the empirical framework.
18
CHAPTER 2
2.0 LITERATURE REVIEW
2.0.1 INTRODUCTION
Many researches have been done on Bitcoin and its related algorithms. This research will be
specific to making Bitcoin a better currency, in trying to improve security and usability. To
give a broad overview of Bitcoin, this chapter will look at the theoretical, conceptual and the
empirical literature on the topic.
Bitcoins are created as a reward in a competition in which users offer their computing power
of their machines to verify and record Bitcoin transactions into the Block chain. This activity
is referred to as mining and successful miners are rewarded with transaction fees and newly
created Bitcoins. Besides being obtained by mining, Bitcoins can be exchanged for other
currencies, products, and services. When sending Bitcoins, users can pay an optional
transaction fee to the miners. This may expedite the transaction being confirmed.
One of the first supporters, adopters, contributor to Bitcoin and receiver of the first Bitcoin
transaction was programmer Hal Finney. Finney downloaded the Bitcoin software the day it
19
was released, and received 10 Bitcoins from Nakamoto in the world's first Bitcoin transaction.
Other early supporters were Wei Dai, creator of Bitcoin predecessor b-money, and Nick Szabo,
creator of Bitcoin predecessor bit gold.
In the early days, Nakamoto is estimated to have mined 1 million Bitcoins. Before disappearing
from any involvement in Bitcoin, Nakamoto in a sense handed over the reins to developer
Gavin Andresen, who then became the Bitcoin lead developer at the Bitcoin Foundation, the
'anarchic' Bitcoin community's closest thing to an official public face. Based on Bitcoin's open
source code, other cryptocurrencies started to emerge in 2011.
Below are some of the biggest and most current threats to Bitcoins, divided into 2 categories:
deliberate acts and non-deliberate.
20
and misuse the information they find their which may possibly be theft for example on
19 June 2011, a security breach of the Mt. Gox Bitcoin exchange caused the nominal
price of a Bitcoin to fraudulently drop to one cent on the Mt. Gox exchange, after a
hacker used credentials from a Mt. Gox auditor's compromised computer illegally to
transfer a large number of Bitcoins to himself. They used the exchange's software to
sell them all nominally, creating a massive "ask" order at any price. Within minutes,
the price reverted to its correct user-traded value. Accounts with the equivalent of more
than US$8,750,000 were affected.
3. Viruses and spyware - Malicious software and computer viruses are two of the biggest
threats. Viruses are normally from external sources and can corrupt or replicate
encryption keys of your Bitcoin wallet if introduced into the internal network. Viruses
can completely destroy a computer system and disrupt the operations of the wallet be it
a standalone application for example an apk your android phone or on a website such
as on www.Bitcoinwallet.org. Trojan horse is a malicious software that has the ability
to capture the client’s information, before any encryption software can take effect. They
can also impersonate a customer and pass over bad and malicious codes into your
wallet. Spyware which secretly collects the information on your device including
keystrokes and Bitcoin wallet addresses with their encryption and decryption keys.
4. Theft – If your device that contains information about your wallet which contains
addresses to Bitcoins is stolen, that is the end of your Bitcoins, they will have been lost
into the wrong hands and you will not recover them
21
2.0.4.1 Advantages of Bitcoins in this context
What makes Bitcoins so attractive and why more and more people and businesses use this
payment system? Below are the advantages of using Bitcoins.
Bitcoins are yours and only yours. The central authority can’t take your cryptocurrency,
because it does not print it, own it and control it correspondingly.
Inflation is powerless in case with Bitcoins. Inflation decreases the value of money and
increases prices for services and goods. Central bank solves this problem usually by
printing additional amount of money to fill in the gap. As the central bank has nothing
to do with cryptocurrency, it can’t influence it. Supply and demand is the only
regulating mechanism defining its value. Besides, 21 million digital coins can’t be
exceeded. This limitation is another reason why electronic cash is inflationary.
No Counterfeit Bitcoins, counterfeiting (which are standard practice in
banking/government finance systems) are completely impossible
Fees to be paid for dealing with Bitcoins are significantly lower than bank charges. In
some cases, no fees are required at all. Saving money is not the last reason in favour of
cryptocurrency amid the global financial crisis.
If you want to send Bitcoins somewhere or to receive them, neither location nor time
matters any more. Since no intermediates are involved, you are absolutely free to send
electronic cash at any moment and any place. Independence and freedom are the key
characteristics of Bitcoin system.
As mentioned above, all transactions are recorded in the Blockchain. That makes
Bitcoin system absolutely transparent. Anyone can check all information related to
digital cash supply at any time. You can enter an address, block or transaction and get
a full report. Since all protocols are protected with the help of cryptography, nobody
can manipulate and change data. Under all information it is meant where transactions
were sent to and came from. Though, who is the owner of that particular Bitcoin address
is a secret that is not revealed by any means.
When you decide on which bank to choose to deposit your money, you have to do
thorough researches to find that one you can rely on. You ask for recommendations and
study their rates and reputation. In case of digital currency, all these activities have no
sense. Mathematics will not fail, and Bitcoin system is totally independent on any
authorities. To trust or not to trust is no longer a question here.
22
Bitcoins sent are Bitcoins lost. In other words, you can’t retrieve Bitcoins if the
recipient does not agree to send them back. That excludes fraud often happened while
using a credit card.
Low collapse risk. Regular currencies depend on governments which fail occasionally.
Such events either cause hyperinflation or a complete collapse of a currency, which can
wipe out savings of a lifetime in day. Bitcoin is not regulated by any one government.
It's a virtual global currency.
Safe, simple and cheap. The problem with traditional online transactions from the
perspective of the seller is that Credit cards, PayPal you and other online payment
systems allow buyers to claim their money back. You can use escrow services but that
makes things complicated and slow. With Bitcoins once you have the money you have
it and that's that. Buyers can not in any way take the money back and the seller can
safely ship the product or perform the service that the client purchased. From the buyer's
perspective the infrastructure for payments and sending money between accounts is
potentially going to be simpler and cheaper because it is peer-to-peer rather than done
through some intermediary.
Easy to carry. Not a real problem that needs a solution, but you can carry a billion
dollars’ worth of Bitcoins on a memory stick in your pocket. You can't do that with
cash or even gold.
Untraceable. This is both a benefit and a risk for Bitcoin. The benefit is that you don't
have to be afraid of any organization of being able to trace the source of your funds.
This is a clear benefit in many areas of the world because governments that are
supposed to guard against fraud are actually defrauding people by taking their savings
partially or fully. Regarding risks I will discuss them in the next section.
A bitcoin has a high volatility. By comparison, in 2014 it was seven times higher than
gold and eighteen times higher that USD. Opinions why volatility is so great differ.
Some say it is due to absence of stabilization mechanism. Others think it is normal
because bitcoins are the first startup currency and is in process of stabilizing.
23
Bitcoin is not well-defined as a currency in comparison to a dollar or yuan, and thus its
uniqueness is much less clear. The currency based on a mysterious algorithm whose
originator is anonymous. No one really knows whether the algorithm can be trusted to
generate Bitcoins as promised, or who would be accountable for errors or frauds; there
is no definitive monetary authority. Cryptocurrency is innovation, and nobody knows
what it will become in future. Uncertainty is high. Though, risks related to operating
with fiat money are not lower.
Untraceable. This feature of Bitcoin of also attracts crime. People can buy and sell drugs
and other illegal items with significantly less risk of being tracked by authorities.
Bitcoins in this regard are similar to regular cash which is used by criminals. This fact
may bring unwanted attention from governments that will outlaw Bitcoin. Bitcoin
enables fraud and other criminal activities. This is absolutely the single most salient
feature of Bitcoin’s anonymity. Conventional currencies are indeed subject to
laundering and counterfeit. There is probably no way to eliminate those risks
completely. Bitcoin magnifies those risks because it can only be exchanged
anonymously. It dominates dark networks that have been known to traffic in narcotics.
Law enforcement efforts to shut those networks down will terminate the ability of any
financial actor to transact in Bitcoins even for legitimate reasons. When the network is
down, your Bitcoins are gone. Conventional currency doesn’t work that way in real
transactions. Banks and brokerages have offsite business continuity backups.
Securities exchanges and central banks maintain counterparty records. These
mechanisms lack Bitcoin’s anonymity but make up for that in resiliency and
trustworthiness.
Easy to lose. If your credit card is stolen or somebody hacks into your bank account
there is a good chance you will not lose any money as banks will fix your balance. Even
cash can be potentially recovered if the police acts fast. But with Bitcoin if you lose it
you lost it for good. There is no mechanism to recover stolen or lost Bitcoins. If
somebody hacks into your wallet where you store your Bitcoins you lost them for good.
The best way to store your Bitcoins is on disk that is disconnected from the internet.
Hard to trade. You can't just use a credit card to buy Bitcoins online specifically because
of the reasons outlined above. There is no easy way to buy them or sell them. There are
many exchanges that offer such services in various ways, but it's not as easy as
24
transferring money to and from a PayPal account just yet. This is likely to improve fast
as more services will compete to offer convenient solutions.
Can't buy stuff. There aren't a lot of places where Bitcoins are accepted as payment.
This is likely to change, but for now the average person will mostly buy Bitcoins as
investment.
Too volatile. Currently Bitcoin prices are going up like crazy. It's likely that the price
will stabilize at around US$10 from the current US$200. Currently the price is going
up so fast a web shop would have to adjust their prices almost daily if they wanted to
accept Bitcoins. It's not very convenient.
25
Figure 2. Transaction as double-entry bookkeeping
The transaction also contains proof of ownership for each amount of bitcoin (inputs) whose
value is transferred, in the form of a digital signature from the owner, which can be
independently validated by anyone. In bitcoin terms, “spending” is signing a transaction that
transfers value from a previous transaction over to a new owner identified by a bitcoin address.
Transactions move value from transaction inputs to transaction outputs. An input is where the
coin value is coming from, usually a previous transaction’s output. A transaction output assigns
a new owner to the value by associating it with a key. The destination key is called an
encumbrance. It imposes a requirement for a signature for the funds to be redeemed in future
transactions. Outputs from one transaction can be used as inputs in a new transaction, thus
creating a chain of ownership as the value is moved from address to address (see Figure 3).
26
Figure 3. A chain of transactions, where the output of one transaction is the input of the next
transaction.
A proof of work is a piece of data which is difficult (costly, time-consuming) to produce but
easy for others to verify and which satisfies certain requirements. Producing a proof of work
can be a random process with low probability so that a lot of trial and error is required on
average before a valid proof of work is generated. Bitcoin uses the HashCash proof of work
system. Hashcash proofs of work are used in Bitcoin for block generation. For a block to be
valid it must hash to a value less than the current target; this means that each block indicates
that work has been done generating it. Each block contains the hash of the preceding block,
thus each block has a chain of blocks that together contain a large amount of work. Changing
a block (which can only be done by making a new block containing the same predecessor)
requires regenerating all successors and redoing the work they contain. This protects the block
chain from tampering. The most widely used proof-of-work scheme is based on SHA-256 and
was introduced as a part of Bitcoin. To understand how we got involved with SHA-256, we
have to understand what mining is in Bitcoins.
27
2.1.2 What is Bitcoin Mining?
Bitcoin is really three things. First it is a protocol (or set of rules) that defines how the network
should operate. Second it is a software project that implements that protocol. Third it is a
network of computers and devices running software that uses to protocol to create and manage
the Bitcoin currency.
According to David R. Sterry (2012) “Mining is defined in the protocol, implemented in
software, and is an essential function in managing the Bitcoin network. Mining verifies
transactions, prevents double-spending, collects transaction fees and creates the money supply.
Mining also protects the network by piling tons of processing power on top of past transactions.
Mining verifies transactions by evaluating them against the transactions that happened before.
Transactions cannot spend bitcoins that do not exist or that were spent before. They must send
bitcoins to valid addresses and adhere to every rule defined by the protocol.”
In simpler terms, mining is the process of validating the authenticity of bitcoins and transferring
the value from one owner to the other using many computers on a network and saving the
transaction on the Blockchain.
2.1.3 What are Bitcoin miners actually solving? What kind of math problems are they
solving and what do they achieve by solving them?
Miners are not so much solving a math problem as they are spending a lot of effort making
guesses until they guess correctly. Bitcoin works by having a linked set of "blocks" of
transaction records that document who has what bitcoin. To make bitcoin work, they needed
some way to ensure that the record of blocks is immutable, i.e. nobody can change it. The way
they accomplished this was to create the concept of mining as show in the diagram below.
28
Figure 4 shows the whole process of a transaction in a single bitcoin process.
2. Both Alice and Bob send the transaction to the Bitcoin peer-to-peer network.
4. The miner creates a set of new transactions, including that of step 1, and works to confirm
it.
29
5. The miner sends the new block of confirmed transactions to the Bitcoin peer-to-peer
network.
6. The rest of the Bitcoin users update their status including the transaction block, verifying
that the block is valid.
Miners take a current set of transactions, which includes a link to the last set accepted, and
make many trillions of guesses, each time putting a number into the "nonce" field of the block
header. The block header is run through a hash function, also known as a "one-way" or "trap-
door" function. In this case, the SHA-256 hash function is used, which is discussed in the
paragraph below.
If the output of the hash function is below a threshold value, then the block is valid, is accepted
by other miners, and the miner who guessed correctly is rewarded with the block reward,
currently 12.5 bitcoins. The lower the hash function output threshold, the harder it is to provide
a guess that will cause the output of the hash function to be low enough, and just how low the
threshold is determined by something called bitcoin "difficulty." Difficulty adjusts every two
weeks so that no matter how much mining is happening worldwide, a new block continues to
be created every 10 minutes on average.
It's a little hard to get your head around, but as soon as you do you'll see that bitcoin has created
the world's first immutable ledger, the Blockchain. What you write in it, stays in it. Bitcoin is
a currency that is the first asset tracked on the Blockchain, and because it is used to pay the
miners, Bitcoin and the Blockchain are intertwined. But as long as the Bitcoin ecosystem
continues to roar away, you can use the Blockchain to write anything down forever.
30
Mining uses SHA-256 as the Proof of work algorithm.
SHA-256 is used in the creation of bitcoin addresses to improve security and privacy.
This takes us to how the current system addressing mode as of when the day of study was done
(May 2017).
A Bitcoin address is made up of a pair of ECDSA public and private keys. The address is
identified by the public key’s hash, to which the checksum is added. This is then encoded in a
modified version of base 5836, which maintains the zeros on the left when the encoding is
carried out. Thus, an address is identified in the following way:
On being identified by the ECDSA public key, all the operations carried out with this address
have to be supported by the use of the associated private key.
Wallets are thus a grouping together of public and private keys. This does not suppose any
limit on the wallets being used to carry out other tasks, for example realizing transactions.
A new keypair is generated for each receiving address (with newer HD wallets, this is done
deterministically). The public key and their associated private keys (or the seed needed to
generate them) are stored in the wallet data file. This is the only file users should need to
31
backup. A "send" transaction to a specific Bitcoin address requires that the corresponding
wallet knows the private key implementing it. This has the implication that if you create an
address and receive coins to that address, then restore the wallet from an earlier backup, before
the address was generated, then the coins received with that address are lost; this is not an issue
for HD wallets where all addresses are generated from a single seed. Addresses are added to
an address key pool prior to being used for receiving coins. If you lose your wallet entirely, all
of your coins are lost and can never be recovered.
Bitcoin allows you to create as many addresses as you want, and use a new one for every
transaction. There is no "master address": the "Your Bitcoin address" area in some wallet UIs
has no special importance. It's only there for your convenience, and it should change
automatically when used.
Bitcoin addresses contain a built-in check code, so it's generally not possible to send Bitcoins
to a mistyped address. However, if the address is well-formed but no one owns it (or the owner
lost their wallet.dat), any coins sent to that address will be lost forever.
Hash values and the checksum data are converted to an alpha-numeric representation using a
custom scheme: the Base58Check encoding scheme. Under Base58Check, addresses can
contain all alphanumeric characters except 0, O, I, and l. Normal addresses currently always
start with 1 (addresses from script hashes use 3), though this might change in a future version.
Testnet addresses usually start with m or n. mainline addresses can be 25-34 characters in
length, and testnet addresses can be 26-34 characters in length. Most addresses are 33 or 34
characters long.
32
generate a block. As long as the signing and hashing algorithms remain cryptographically
strong, it will likely always be more profitable to collect generations and transaction fees than
to try to create collisions. It is more likely that the Earth is destroyed in the next 5 seconds,
than that a collision occur in the next millennium.
18E14A7B6A307F426A94F8114701E7C8E774E7F9A47E2C2035DB29A206321725
1 - Take the corresponding public key generated with it (65 bytes, 1 byte 0x04, 32 bytes
corresponding to X coordinate, 32 bytes corresponding to Y coordinate)
0450863AD64A87AE8A2FE83C1AF1A8403CB53F53E486D8511DAD8A04887E5B23522
CD470243453A299FA9E77237716103ABC11A1DF38855ED6F2EE187E9C582BA6
600FFE422B4E00731A59557A5CCA46CC183944191006324A447BDB2D98D4B408
010966776006953D5567439E5E39F86A0D273BEE
4 - Add version byte in front of RIPEMD-160 hash (0x00 for Main Network)
00010966776006953D5567439E5E39F86A0D273BEE
(Note that below steps are the Base58Check encoding, which has multiple library options
available implementing it)
5 - Perform SHA-256 hash on the extended RIPEMD-160 result
445C7A8007A93D8733188288BB320A8FE2DEBD2AE1B47F0F50BC10BAE845C094
33
6 - Perform SHA-256 hash on the result of the previous SHA-256 hash
D61967F63C7DD183914A4AE452C9F6AD5D462CE3D277798075B107615C1A8A30
7 - Take the first 4 bytes of the second SHA-256 hash. This is the address checksum
D61967F6
8 - Add the 4 checksum bytes from stage 7 at the end of extended RIPEMD-160 hash from
stage 4. This is the 25-byte binary Bitcoin Address.
00010966776006953D5567439E5E39F86A0D273BEED61967F6
9 - Convert the result from a byte string into a base58 string using Base58Check encoding. This
is the most commonly used Bitcoin Address format
16UwLL9Risc3QfPqBUvKofHmBQ7wMtjvM
34
2.3.1 STRENGTHS
2.3.1.1 Distributed trust
In traditional models, trust is deposited in an authority or entity which controls all the relevant
information. In Bitcoin, conversely, there is no such authority; rather, information is managed
by the users as a whole. In this way, whenever more than half of the users of the system are
honest, the “rules” set out by the system cannot be broken by any dishonest users.
35
2.3.1.2 Incentives
By convention, until the limit of 21 million bitcoins is reached, when a miner builds a new
block they are rewarded with a predefined amount of bitcoins. In this way all the nodes have
an incentive to support the network, and a way of creating and distributing cash is defined,
which is necessary given that there is no central authority minting new money,.
These incentives can also be provided through fees for the verification of transactions, such
that the user who creates a valid block receives as a payment a part of the money involved in
the verified transaction.
2.3.1.3 Cryptography
The use of a strong asymmetric cryptographic system, like ECDSA, and of robust hash
algorithms, like SHA-256, guarantees the current integrity of the system. But taking into
account that computing capacity increases year on year, in addition to the appearance of new
advances in cryptographic and cryptanalytic theory, it is not unreasonable to believe that
algorithms that are secure today will not be tomorrow. It is for this reason that the system is
designed in such a way that the cryptographic system used can be changed, using the same
peer-to-peer protocol and transaction management. It is simply a question of allowing, should
it be necessary, new transactions to use a different cryptographic system54.
2.3.1.4 Scalability
As has already been seen, Bitcoin works with peer-to-peer communications, for which its
growth is based on the adhesion of new nodes to the network.
However, it must not be forgotten that Bitcoin’s functioning is based on cryptography, and
specifically on the use of ECDSA (leaving aside the RIPEMD-160 and y SHA-256 operations,
which are sufficiently rapid not to have to take them into account with regard to scalability).
Calculations carried out on the implementation of ECDSA indicate that some 8,000
verifications of digital signatures a second can be carried out by a current desktop processor.
The most recent data from Bitcoin Watch show that around 2,500 transactions an hour – about
0.7 per second – are performed. The network would have to experience spectacular growth
indeed to reach the theoretical limits of its functioning.
When it comes to scalability, storage necessities also need to be taken into account. Bitcoin
keeps a list of all the transactions that have been realized in the network since its beginning.
This suggests that the Blockchain will grow in time without limit. Nevertheless, it should be
36
remembered that most transactions can be eliminated from the Blockchain, allowing the size
of this to fall notably.
According to the original paper describing Bitcoin, where it was anticipated that the block
header would be 80 bytes, and taking into account the creation of blocks every ten minutes, the
chain will grow 4.2MB a year (80 bytes * 60 minutes/10 minutes * 24 hours * 365 days).
2.3.1.5 Transparency
As its own wiki observes, Bitcoin is probably the most transparent electronic payment system
that has ever existed. This is due to the fact that anyone is able to consult the complete
transaction history, and know where each amount of money has come from and where each has
gone. This, for example, permits the “marking” of stolen money, or money which has been
used in illegitimate activities, in such a way that any potential payee can subsequently reject it.
Nevertheless, this is not always seen as positive.
2.3.2 WEAKNESSES
2.3.2.1 Vulnerabilities
Throughout the Bitcoin network’s life, vulnerabilities have been discovered in the different
implementations that have appeared, which can be exploited by malicious users for different
ends, from the theft of bitcoins or double-spending, to causing the whole network to
malfunction. A table of the five most serious vulnerabilities is shown in Appendix II; and a full
list of vulnerabilities can be found in the Open Sourced Vulnerability Database.
In this respect, special care needs to be taken with regard to back-up copies of wallets: owing
to how the system functions, bitcoins stored in a more recent wallet version could be accessed
through a back-up copy with an old password.
37
2.3.2.3 Unencrypted traffic
Communication between peers is unencrypted. Although this does not impact on Bitcoin
strongly (any user can connect to the network and access the totality of transactions), it is
something to be borne in mind, since according to the needs of the user, complementary
security measures should be implemented. According to how Bitcoin functions, a malicious
user can spy on another user’s traffic and identify the transactions they carry out by simply
comparing incoming and outgoing transactions.
Taking into account the increasing difficulty that the network introduces for the mining of
bitcoins and the cost of electricity, in the long-term mining will cease to be profitable. For this
reason, transaction fees will have to increase to keep the system sustainable. This lowering of
profitability, however, may also make users abandon the network for others with lower costs.
Taking this into account, given that the amount of cash in bitcoins in any address is publically
available information, not only can the money owned by a person whose identity has been
compromised be deduced, but where that money has come from and where it has gone can also
be known too. Without any doubt, this supposes a serious danger for people’s privacy (and
even integrity) should Bitcoin ever be taken up on a massive scale.
El Khyari Yasmine and Reis Benjamin (2012) agree that attacks are being made in the Bitcoin
system and these attacks are being done by those who have detailed knowledge on how the
Blockchain works. They identify loop holes in the system and make use of those to gain on the
not suspecting newcomers or those who do not know of the vulnerability. One of these attack
is double spending.
39
Figure 5: Sketch of a double spending attack.
They, go on to provide a solution “In fact, it is advised to wait for 6 blocks to be created make
sure that no other branch in the block chain will be validated. This takes approximately one
hour. Once the seller is sure that the transaction is valid he can offer his service and be confident
about the payment.”
On the same issue of double spending, Dibyojyoti Mukherjee et al (2015) agree with El Khyari
Yasmine and Reis Benjamin(2012) that double spending is possible and go on to suggest a
better solution “…But, a better solution for preventing this attack is to have a timestamp server.
A timestamp server works by taking a hash of a block of item to be timestamped and widely
publishing the hash. Timestamp proves that the data must have existed at the time.” The next
figure shows block chain structure with timestamp.
40
Figure 6: Blockchain with a timestamp to avoid double spending.
2.6 SUMMARY
The chapter has highlighted the conceptual literature related with this research. Empirical
literature has been included to show related studied that have been conducted by other scholars
and the niche into which this study has looked at. The following chapter will look at the
methodology used in this research in detail.
41
CHAPTER 3
RESEARCH METHODOLOGY
3.0 Introduction
This chapter focuses on research methodology, the description of the various methods and
research instruments that were used to collect and analyse data. Data sources such as primary
data and secondary data were also used in the research methodology. In this chapter,
methodology for the study is presented. It defines how the research will be carried out assuming
activities and procedures undertaken during the course of the research. The research design
used in carrying out the research is presented. The research methods which will be used to
gather necessary data to answer the research questions outlined in chapter one will be
discussed. The pros and cons of the research methods used in data collection are also discussed.
42
in such a way to avoid sensitive questions was used to ensure the respondents that the
information will be purely for academic purposes.
• Non deliberate factors: these may be caused by fatigue especially to managers who
usually work under pressure. It may also be due to question format or content. The
questionnaire was made simple to understand by use of simpler terms.
43
hypotheses which predicts possible relationships between variables. Data gathered using
quantitative research techniques include gender, in-depth interviews, story completion tests,
sentence completion test, and word association tests. Quantitative approach is linked to
deductive method of theory testing while qualitative approach is characterised by inductive
testing (Saunders, et al., 2003). Anything that can be expressed in terms of numerical values is
quantitative data. Closed ended questionnaires will be used generate statistics in quantitative
research. These questionnaires follow a set format and can be scanned straight into a computer
for ease of analysis stage. There are standard answers to these questions and might be used to
find how many people use a service making data analysis easier.
Qualitative approach will be conducted first for exploration purpose, followed by quantitative
approach based on qualitative findings for testing purpose. The qualitative approach strives to
understand the perspective of the respondents. The study will take qualitative approach to
provide a more realistic feel of the findings which cannot be quantified by using interviews and
observation. Quantitative design makes effort to control for bias so that facts can be understood
in an objective way. A mixed method design combines the strength of both quantitative and
qualitative research approaches. On their own, though quantitative and qualitative methods
44
have some strengths, but more benefits are realised when they are brought together. This point
is further highlighted by Connelly (2009) who wrote that “the goal of mixed methods research
is to draw on the strengths and minimise the weaknesses of both types of research”. Many
researchers tend to use a combination of both open and closed questions. That way it is possible
to find out how many people use a service and what they think about the service on the same
form, (Ngumi, 2013).
45
interview questions, the researcher also approached senior scholars who assisted in the phrasing
and elimination of some of the questions in order to meet the objectives of the study.
To carry out this research, the researcher will use both primary and secondary data. Primary
data will be collected by carrying out his own survey through the use of a user study consisting
of an online survey and qualitative interviews. Secondary data will be collected from previous
researches relevant to the area of study. The data collected will be sufficient to provide answers
to the research questions under study. Polit and Beck (2003) said that secondary research
involves the use of data gathered in a previous study to test new hypotheses or explore new
relationships. They also indicate that secondary analysis of existing data is efficient and
economical because data collection is typically the most time-consuming and expensive part
of a research project. Secondary data used to validate the findings from analysis of primary
data which was collected using online questionnaires and interviews. The strategy of using
both primary and secondary data to address the same study objectives is meant to improve the
interpretive coherence and improve both communicative and pragmatic validity of the study
results, (Ngumi, 2013).
Secondary information provides insight into what has already been researched and thus
provide some guidelines on what should be done and avoiding repetitions so the
researcher was doing her research basing on those guidelines to avoid writing
unnecessary data.
Secondary data is the cheapest, easy, and faster way to find out more about the research
topic, since the researcher does not have money this was a great benefit.
The internet provides extensive information on every subject and it is updated more
frequently than any other source.
47
3.2.3.2 Disadvantages of secondary data
It is difficult to circumvent biased opinions expressed in the secondary sources of
information as biases and inaccuracies cannot be checked so the researcher had to go
through difficulty challenges to check if the information was accurate or not.
Accessing internet services from the internet cafes is costly, the researcher is just a
student so paying for the internet costs was a problem.
Can be difficult to gather data especially if there are few authors who have addressed
the issue, the researcher had to move from one library to another in search of data from
different books.
The data is historical and is not representative of the future, some data which the
researcher found was of no use it was obsolete and out dated.
Both qualitative and quantitative data analysis techniques will be used in analysing and
presenting the data. Using qualitative technique the researcher will identify several topics from
the entire interview. These topics then become primary categories or category labels. Using
quantitative data analysis, the researcher will arrange data into groups after correcting errors
on the questionnaire. A clear representation of what data will look like will help the researcher
in discussing the research findings.
48
Data is going to be presented by the use of tables, graphs and pie charts. Narratives will also
be used and these will aid in the reading, understanding and summarizing findings of data
gathered in a more narrative way. Data collected will be analyzed by use of graphs, charts and
tables. Responses gathered through questionnaires and interviews will be analyzed using the
Statistical Package for Social Scientists (SPSS).
When doing a research a single method can never adequately shed light on a phenomenon. To
validate the data on this research, methodology triangulation will be used. According to Patton
(1999), this type of triangulation checks for consistency of findings generated by different data
collection methods. Bekhet et al (2012) methodology triangulation has been found to be
beneficial in providing confirmation of findings, more comprehensive data, increased validity
and enhanced understanding of studied phenomena.
3.4.2 Sampling
Sampling is the technique of selecting suitable representative part of a population for the
purpose of determining characteristics of the whole population. A sample is a representative
part of a target population taken to show what the rest of the population is like. According to
Wagner (1995), it is ideally synonymous with entire population conveniently scaling down the
study elements where it is impossible to study the whole population. Sekeran (1992) defines a
sample as subset of the entire population. Grinell (1993) defines a sample frame as that
49
collection of units- people objects, events that has a possibility of being selected. The subjects
of the research are the participants that were used to carry out the study and include a population
from which the sample was chosen.
Probability sampling gives each sample the same probability of being chosen. It helps
the researcher to select units from a population that he is interested in studying.
Collectively, these units form the sample that the researcher will use in collecting data
for the research.
Multistage sampling combines various probability techniques in the most efficient and
effective possible manner. The process of estimation is carried out stage by stage using
the most appropriate methods of estimation at each stage. According to Raj (1968), in
multistage sampling, for a given number of elements, greater precision is attained by
distributing the elements over a large number of clusters than by taking a small number
of clusters and sampling a large number of elements from each one of them.
The researcher will use purposive sampling as a sampling technique. The researcher will use
a technique that provides a range of methods to reduce the amount of data to be collected, by
considering only data from a sub-group rather than all possible cases or elements. Purposive
or judgmental sampling enables the researcher to use his judgment to select cases that will best
enable him to answer the research questions. Purposive sampling allows the researchers to
choose the sample based on who they think would be appropriate for the study. This is used
primarily when there are a limited number of people that have expertise in the area being
50
researched. This form of sample is often used when working with very small samples such as
in case study research and when you wish to select cases that are particularly informative,
(Neuman, 2005). Judgmental sampling technique is a technique where participants who are
viewed as the best source of information are chosen by the researcher, (Leedy, 1997). This
method will make data gathering faster as the researcher knows exactly what to include and
what not to include in the sample.
Two instruments will be used to collect data in the research, namely interviews and self-
administered questionnaires. The instruments will be used concurrently in order to increase the
validity of the research outcome. This is in line with Cohen et al (2007)’s contention that if two
or more different data collection instruments are used, then the validity of the research results
is not only increased but assured. A brief presentation of how each of the two instruments will
be used is included below.
3.5.1 Questionnaires
Questionnaires technique is used for gathering information. They are used to collect most of
the primary data. A structured questionnaire will be used. The questionnaire was uploaded to
the internet and the link was shared in different forums and group communication of people
who transact in Bitcoins. The researcher will issued out the questionnaire with a cover letter
meant to explain the purpose of the research in more detail. Internet calls and e-mails will be
made to respondents to pave way for the timely completion of the questionnaire, to confirm
51
receipt of the questionnaire and to follow up on the completed questionnaire. The questionnaire
will contain both closed ended questions and open ended questions. The researcher will provide
guidelines on how to answer questions by means of instructions in order to solve the wrong
interpretation problems.
Closed ended questions are useful for eliciting factual information. It ensures that the
respondent sticks to the matter addressed and is asked to choose, among a possible set of
answers, the response that most closely represents his/her viewpoint. The respondent is usually
asked to tick or circle the chosen answer.
Open ended questionnaires are useful for seeking opinions, attitudes and perceptions. These
types of questions promote critical thinking and increase the respondent’s participation.
Answers are recorded in full, either by the interviewer or, in the case of a self-administered
survey, the respondent records his or her own entire response.
The researcher will prepare and design questionnaires with questions, accurate and
straightforward responses that will be uploaded online for the Bitcoin users to answer. Using
questionnaires as a research instrument will motivate accuracy due to anonymity,
standardization and uniformity from the Bitcoin users. The respondents which are the Bitcoin
users can thoroughly think about a question because they are not under pressure to respond
immediately. This will help the researcher to obtain less manipulated or corrupted responses
since respondents will give a personal opinion without the researchers or other people’s
influence. Anonymity and privacy encourage honest and unbiased responses. Questionnaires
prove to be cost and time effective when dealing with large sample sizes because the researcher
can send them through emails or post. Data analysis will be made easy by using questionnaires
as each respondent will receive the identical set of questions, which will give standardized
responses. A questionnaire is the best tool to use to obtain data from the Bitcoin users because
they will be able to air their views without fear.
However the response rate might be low and there is need to keep following up in the Bitcoin
Forums and groups to ensure that they fill in the questionnaire. Since the researcher will select
his target sample randomly not looking at qualification levels some of the respondents might
not fully understand the questions. The questionnaire will be uploaded online, the researcher
might not be able to get more information from the respondents’ gestures and actions as the
respondents will fill out the questionnaire on their own. Since the questionnaires are done
online, another component of connectivity may hinder the smooth from of data collection since
52
the investigated parties have to be connected for it to go well. Using information obtained on
questionnaires the researcher cannot ask for further clarification on issues raised by the Bitcoin
users.
3.5.1.1 Advantages
3.5.1.2 Disadvantages
Other actors such as stress and pressure from other assignments at work may cause
unwillingness to respond especially in a case in which respondents are operating tight schedules
to meet deadlines.
53
3.5.2 Interviews
Interviews are the best technique to acquire deeper information from respondents. The main
objective of the interview is to verify the findings obtained with the help of questionnaires.
According to Kothan (2009), interviews are the verbal conversation between two people with
the objective of collecting relevant information for the purpose of research. According to
Panneerselvam (2008), interviews make the researcher feel that the data collected is true,
honest and original by nature because of the face-to-face interaction.
Interviews will be conducted with some users to find out their opinions relating to their
experiences with Bitcoin. The researcher will use interviews to reinforce the data collected
from questionnaires, help fill in unanswered questions from questionnaires and to obtain
information from Bitcoin Org responsible for the Bitcoin currency usage and its originality and
other persons of interest. Using interviews will help the researcher collect data relatively
quickly as the researcher will get immediate feedback. Interviews are language flexible as the
researcher can explain to the respondents in a language understood by the samples Bitcoin
users therefore bringing easier communication.
The study will figure out important information from respondents, incidental information,
voice tones, and attitudes. Advantages of using interviews include a high question completion
rate, because of personal contact. The fact that the respondents cannot ignore a person they are
talking to than a written questionnaire by itself gives the questionnaire completion rate of 100%
as well as the response rate. Respondents answers will be recorded by taking down notes, voice
recording and clarification will be made by the researcher when need arises.
However as a student, it will be difficult for the researcher to set appointments especially with
the guys from Bitcoin Org because they are mostly be busy and unwilling to spare time for the
interview. The Bitcoin Org might not use “utmost of good faith” when responding so that they
will not tarnish their firm’s reputation. Since the interviews are done online, another component
of connectivity may hinder the smooth from of data collection since we both have to be
connected for it to go well. Interviews can be time consuming especially when dealing with the
older population that need extra clarity to understand what they are required of.
In an effort to ensure validity and reliability of interviews, the researcher will reduce the hallow
effect by effectively using simple and straight forward English language without any jargon in
all the dialogues.
54
3.5.2.1 Advantages
i. Supports one-on-one series of meetings, that is respondent can express him-self freely,
the researcher enjoyed this advantage since interviewees were comfortable and
expressed themselves to the fully extent.
ii. Provides detailed information about a particular problem or area under study, the
interview were able to give important information which was so useful to the research.
iii. Easy to detect the emotions and feelings of the respondent as he can explain himself,
because of face to face interaction the researcher was able to note the facial expressions
iv. Provides a platform for clarification, the researcher was able to probe further for better
explanations.
v. Data collection is immediate, that is, interview saves on time, the researcher did not
have to go back to collect information.
3.5.2.2 Disadvantages
The major disadvantage of interviews as a data collection method is the presence of
interviewer’s influence, which may influence the manner in which the questions are going to
be answered, this researcher noted that some of the interviewees were uneasy.
Also some respondents might be biased towards the sensitivity of the research topic during
interviews as they fear to divulge information that will whistle blow to the relevant authorities,
the respondents had a tendency of making the interview too informal such that they could easily
distort the subject question due to the sensitivity of the research topic however The researcher
tried to create an environment of trust by disclosing the purpose of the study and assuring
respondents that the information obtained will be used solely for the purpose of the research.
55
3.6.1.1 Advantages
Tables are also easy to read and compare data so this will help the researcher to analyze data
quickly.
3.6.2.1Advantages
The researcher uses the graphs and line graphs because they enable her to have an easy
comparison and it will serve time of the user to make quick comparison of large data.
Comparison and trends will be easier to see.
3.6.3 Advantages
The pie chart provides a functioning as a visual aid to help the researcher to examine and
interprets the data being presented. Also since it permits visualization the researcher is able to
check the reasonableness and accuracy of accuracy of data
Data reduction, this process is applied to qualitative data and focus remains on selection,
simplification and transformation of data. In this continuous process the data is organized
throughout the research to draw and finalize a conclusion Miles and Huberman (1994). In this
56
research, the data was reduced from critical elements in user experiences with Bitcoin security
and privacy.
In data display the data is shown in an organized way or the data has to be put into a format
which can easily draw the conclusion. Tables, pie charts and graphs are used to indicate distinct
frequencies of various factors of related with user experience in Bitcoin specifically looking at
security and privacy.
After collecting the data, it was edited, coded and checked to have the required quality,
accuracy and completeness. Then data was analyzed using SPSS program which provided
descriptive outputs. It was seen to be a good method for this study because; firstly it does not
disturb the setting in any way and secondly the method can be used without arousing anyone’s
interest on the matter that is under research. The method is relatively easy to use since it
involves using the data that was already collected by the participants themselves
ii. Some respondents took too long to respond to the questionnaires. This was due to
pressure to meet their own work’s deadlines.
ii. The researcher made a follow up through the phone and internet to speed up the
responses.
3.8 Conclusion
The chapter gave an insight into the research design, the data collection methods, the research
population, the sampling techniques, methods of analyzing and lastly how the data will be
presented in the research study. Merits and demerits of the data collection methods the
researcher will use were indicated. The validity and reliability of the methods used for data
collection and compilation depends on time, cost and quality of data to be generated. The next
chapter will focus on detailed data analysis and presentation
57
CHAPTER 4
DATA PRESENTATION, ANALYSIS AND INTERPRETATION
4.0 Introduction
The previous chapter focused on the research methodology that was used by the researcher in
carrying out the study. It gave a report on the methods that were used by the researcher to
collect data from respondents. This chapter forms an integral part of the research work as it
presents the results of the research. It focuses on the presentation and analysis of data collected
from interviews, questionnaires and secondary data. Furthermore, it also presents the data in
the form of tables, graphs and charts. In this chapter the data that was collected will be tabulated
and the findings discussed. Rankings and percentages of frequency of occurrence will also be
used in data analysis. The data that was collected from questionnaires and interviews will be
analysed and presented using statistical software called (SPSS).
58
Frequenc Percent Valid Cumulative
y Percent Percent
responded 36 36.0 72.0 72.0
Expected
(50- 36) 14.0 28.0 28.0
response
Figure 2
36 𝟏𝟎𝟎
Response rate = x
50 𝟏
= 72%
The expected response for the questionnaires was 50. Out of the 50 expected, 36 managed to
answer the questionnaires making it 72% response rate. The 72% response rate shows that
data compiled have the majority views of the respondents and this is reliable enough to arrive
at generalizations of the research findings.
7 𝟏𝟎𝟎
Response rate = x
10 𝟏
=70%
59
A total of 10 interviews were scheduled to be conducted with Bitcoin users. 7 of the
interviews were successful and 3 failed making it a 70% response rate.
Questionnaires
FEMALE 8.30%
Gender
MALE 91.70%
% of respondence
Interviews
FEMALE 14.30%
Gender
MALE 85.70%
0.00% 10.00% 20.00% 30.00% 40.00% 50.00% 60.00% 70.00% 80.00% 90.00%
% of Respondence
60
As shown in figure 4.2, 85.7% of the respondents were males and 14.3% were females. The
findings of the study further supported the notion that men are somewhat more likely to transact
using Bitcoins than women as had been the situation with questionnaires.
4.1.3.3 Age range
Table 4.3 Age of respondents in questionnaires
From the table above, it shows the age range of the respondents of which 0% were below 18
years of age. The highest percentage of the age range is 58.4 % which represent age range 26
to 40 years. 41.6% of the respondents are aged between 18 and 25 years and 0% is in the age
range of 40 years and above. The above information shows that the young ones and the oldest
are not willing to take risks. This might be because the youngest ones may not know enough
information about what Bitcoins are and not willing to invest in what they have not understood
yet. As age increases people generally tend to be late adopters of technology so the oldest one
may not invest in Bitcoins because they have seen many Ponzi schemes and fear being part of
this still developing currency. For both the age groups, that is 18 and less and 41 and above,
with 0% the reason might be because of insufficient and non-existent training respectively, on
how to use the technology. To further confirm this issue, interviews clarified this issue.
61
Table 4.4 Age of respondents in interviews
The interview that were held showed that the below 18 and above 40 group had zero
participants. With this in mind, we can positively conclude that these two group have little to
no knowledge about how Bitcoins operate, this is for the below 18 group or that they have little
to no trust in the currency based on perceptions that it can one day collapse going away with
their money as we have seen in the past, basing on Ponzi Schemes.
62
12
Number of Participants
10
8
6
4
2
0
Country Of Participants
Interviews
3.5
3
Number of participants
2.5
1.5
0.5
0
USA India Zimbabwe Others
Country of Participants
63
4.1.5 Academic qualifications
4.1.5.1 Questionnaires
Questionnaires 6%
22%
47%
25%
4.1.5.2 Interviews
Interviews 0%
29%
71%
64
High School respondents had certificate qualifications as part of their credentials, this was only
stated after the researcher had asked during an interview
Questionnaires:Experience in using
Bitcoins
5+ years
1-4 years
Interviews:Experience in using
Bitcoins
5+ years
1-4 years
66
of them started mining after 2014. Many of those who started earlier have stopped mining as
they currently consider it infeasible. All participants from our qualitative interviews are
frequent Bitcoin users, and some of them are active in the local Bitcoin association. Most
interviewees mentioned that the decentralized nature of Bitcoin was among the main reasons
to start using Bitcoin. The second-most mentioned reason was simply curiosity. Some
participants also mined Bitcoins some years ago when it was still profitable to mine at small
scale and most of these participants were in the class that had used for more than 4 years.
Table 4.5 Properties of the most frequently used wallets mentioned by our participants.
CMT Number Percentage Bitcoins
Coinbase 24 33.8 % 115
Bitcoin core 18 25.4% 230
Xapo 13 18.3% 98
Electrum 9 12.7% 103
MyCelium 4 5.8% 35
Others 4 4% 72
Furthermore, the table below shows whether the users protect their wallets with a password
and if these wallets are encrypted.
67
In the table above, the three blocked columns contain information on whether the CMT is
encrypted, if it is backed up, whether there exists an additional backup and the mentions in
percent (Yes, No and I don’t know (IDK)). The rightmost column contains the sum of
bitcoins stored in a respective CMT by our participants. Our findings show that the majority
of users protect their wallets with a password. In case of web clients, we observed a lack of
background knowledge. For example, 47.7% of Coinbase users in our sample say that their
wallet is encrypted and 34% claim that they do not know if it is encrypted. We observed a
similar trend for Xapo which is the third-most used wallet in our sample. Just like Coinbase,
it is also a webhosted tool and, similarly to Coinbase, only about half of the users say it is
encrypted and about a third does not know if it is encrypted. Regarding backups, only a third
of Coinbase users and 43% of Xapo users backup their wallets. 33.9% of Coinbase and
28.5% of Xapo users do not know whether their wallet is backed up. We also found that
Bitcoin users with more than 0.42B (100 USD) do not backup their CMT more often than
users with less bitcoins.
4.1.8.2 Anonymity
We found that 32.3% of our participants think that Bitcoin is per-se anonymous while it is in
fact only pseudonymous. 47% thinks that Bitcoin is not per-se anonymous but can be used
anonymously. However, about 80% think that it is possible to follow their transactions. 25%
reported to have used Bitcoin over Tor to preserve their anonymity. We also asked
participants if they take any additional steps to stay anonymous. 18% reported to frequently
apply methods to stay anonymous on the Bitcoin network. Most of them reported to use
Bitcoin over Tor followed by multiple addresses, mixing services, multiple wallets and VPN
services.
68
scientific literature and evidence from online resources. For each risk scenario, we provided an
easy-to-understand description and asked the participants whether they think the risk is likely
or unlikely to occur. The graph below shows the participants’ risk estimation. Our results show
that the participants consider value fluctuation as the highest risk, followed by vulnerabilities
in hosted wallets and Bitcoin theft via malware. Our participants estimated the risk for
cryptographic flaws as the lowest, followed by double-spending attacks and Denial of Service
attacks on the Bitcoin network.
69
were lost. Hence, interpreting this result we must take into consideration that the Bitcoin
exchange rate is highly volatile and it is therefore hard to provide an overall estimation in
USD. About 40% of our participants reported to have lost money due to a self-classified major
security breach. 13.1% of our overall sample reported to have lost bitcoins in HYIPS (high-
yield investment programs) and pyramid schemes. 7.9% lost money at Mt. Gox.
During the interviews, we gave our participants the opportunity to describe how they dealt with
the incident. Most participants stated that they did not do anything to recover their keys and
simply accepted the loss. Some argued that the financial loss was not worth the effort to take
further steps or that they felt helpless as they didn’t know what to do. Those who actually took
action most frequently mentioned that they filed claims and contacted the exchange or online
wallet provider. Those who lost money to a malicious online wallet reported to have moved to
other types of wallets instead of hosted/online wallets. The participants who lost money in
HYIPS mostly stated that they started to use less risky investments and learned from their
previous mistakes. Irrespective of the security breach, many participants reported to have
spread the word over forums on the Internet and shared their experiences with other affected
users.
Some of the participant statements were as follows:
“I follow the ‘do not invest more than you’re ready to lose’ rule.”
“I just had to accept that my money was stolen ... and that I learned my lesson to never
use exchanges as wallets. Keep everything in your own hand.”
“Just learned from it. It was exceedingly stupid on my part.”
One participant from our qualitative interviews reported that he have already experienced an
intentional or accidental key and/or Bitcoin loss. Two participants were affected from the Mt.
Gox security breach.
4.1.8.5 Perceptions of Usability
Even though most participants of our qualitative interviews were very much concerned about
security and privacy aspects of Bitcoin management, two of them said that they would
recommend web wallets and deterministic wallets to non-tech-savvy Bitcoin users.
Convenience and easiness of use were highlighted as the main benefits. One participant said
that he would definitely recommend a wallet where the private key is stored on a central server
to make key recovery easier and to obviate the need for comprehensive backups as well as that
mnemonics would help. The same two interviewees from above also said that they would
70
recommend MyCelium14 as the most usable wallet. Those who had already used MyCelium
consider the paper backup procedure as the most usable and secure way. To create a paper
backup with MyCelium, the user has to print out a template that contains some parts of the key
and then lets the user fill out the empty spots manually. One participant expressed initial
discomfort when she used paper wallets.
Most interviewees also highlighted the need for fundamental education in early years of
childhood. P2 said that Bitcoin is inherently complex, that the fundamental idea of public key
cryptography should be taught in school and monetary systems are a matter of culture.
Another participant also highlighted that user interfaces should be simplified and minimalized.
To support that other participants also stated that for a fast proliferation of Bitcoin, simple and
intuitive User Interfaces are more important than security. They argued that computers
proliferated even though most people do not know how computers work and that security is
not necessarily an argument for large-scale adoption. They provided examples such as cars in
the 1940s, computers, credit cards and WhatsApp. They also said that the amount of money
that is circulating in the Bitcoin network is low enough to take the risk of losing it and compared
this scenario to the risk of losing cash. Some participants also proposed a dedicated device with
an intuitive User Interface for key management and think that such an artefact would be the
most secure and usable option.
4.1.8.6 Participant Statements
“It somehow didn’t feel right for me to go out of the digital realm.” (interviewee X on
paper wallets)
“Children learn about our monetary system in their very early days in primary school.
This is why society knows how to use cash and credit cards. I’m sure it could be the
same thing with a decentralized crypto-currency.”
4.2 Conclusion
This chapter was used to present and analyse and interpret the data collected from the field.
Quantitative and qualitative data analysis were used. Effort was made to make the analysis easy
to understand and interpret by means of graphs and tables (Visualization). The next chapter
will highlight the findings of the research, conclusions drawn from the analysis and the
recommendations from research findings will be provided.
71
CHAPTER 5
RECOMMENDATIONS AND CONCLUSION
5.0 Introduction
This chapter, summarises the whole study, research findings, draw some conclusions from the
findings, thereby trying to answer objectives. The researcher concluded coming up with
recommendations basing on the findings of this research.
5.1.1 Research question 2: How do participants manage their Bitcoins and what are
participants’ current practices and how do they deal with security, privacy and
anonymity?
Regarding Bitcoin management tools and practices to answer this question, we found that two
of the most widely used CMTs were web-hosted solutions that obviate the need for users to
deal with key management and backups. Our results show that our participants had clear
preferences regarding their choice of CMT. In contrary, this is not the case for Bitcoin
exchanges. Our data shows that the Bitcoin exchanges chosen by our participants were almost
evenly distributed. Even though our data reveals a clear tendency towards webhosted solutions,
these CMTs do not host the majority of our participants’ bitcoins. According to our
participants’ self-reported data, the highest amount of accumulated bitcoins is hosted in
Armory. At the time of writing, if used correctly, Armory is one of the most secure solutions.
For the two most widely used web-hosted CMTs, about a third of our participants are unaware
of whether their wallet is encrypted or backed up. In such a scenario, users shift responsibilities
to a third party. Even though this seems to be a convenient and usable solution for non-expert
users, it implies that the user trusts these third parties to take care of their security. About 50%
of web client users indicated to use an additional local client to store their virtual assets.
According to our results, users that have a higher number of bitcoins do not necessarily back
up their wallets more often. Also, Mycelium
72
Users back up their wallets more often than others. Hence we conclude that backup motivation
and respectively fatigue depend highly on usability and not on the number of coins.
5.1.2 Research question 4: What security breaches have affected users and how did they
recover their
Regarding anonymity measures, many users reported to use Bitcoin over Tor, which in fact
creates an attack vector for deterministic and stealthy MITM attacks.
5.1.3 Research question 5: What are the main usability challenges that users have to
deal with when using Bitcoin?
Our results also suggest that our participants trust the cryptography behind Bitcoin and are
aware of risks according to value fluctuation and software vulnerabilities. Poor usability and
the lack of knowledge are major contributors to security failures. Almost a fourth of our
participants indicated that they had already lost bitcoins or Bitcoin keys at least once.
To our surprise, almost half of those who lost bitcoins due to a self-induced error which
indicates that state of the art CMTs are sometimes still difficult to use or require users to
manually take care of security tasks, such as backups and encryption.
5.1.4 Research question 1: What are the main usage scenarios of Bitcoin?
Our results also indicate that the Bitcoin ecosystem is mostly utilized for tipping and donations
as well as acquiring digital goods, but to some extend also for criminal activity and adventurous
gambling. This has given the researcher the conclusion that people use Bitcoins where they
feel that if their information or identity is discovered, they will be compromised for example
73
buying drugs. Another conclusion from the results we got is that today, there many E-
commerce website that transact on line and what they do we our personal information has led
others not to trust E-commerce sites with your personal information especially your credit card
information. So they end up using Bitcoins that use a once of address every time you transact.
5.3 Conclusion
In this work we presented the user study to examine how users interact with the Bitcoin
ecosystem in terms of security and privacy. We conducted an online questionnaire with 36
Bitcoin users and qualitative interviews with a subset of 7 participants. Furthermore, we
introduced the term Coin Management Tools (CMTs) to describe tools that let users manage
their virtual assets (keys) and interact with the Bitcoin network. We found that managing
bitcoins is still a major challenge for many users, as many of them do not apply sufficient
security measures such as encryption and backups. We found that many participants were not
even aware of security features provided by their used CMT. Two of the most widely used
CMTs among our participants were webhosted solutions. About half of their users reported to
use such solutions exclusively, while the other half also used local clients. Even though web
clients ought to be a usable and convenient solution, they require a certain level of trust and
shift the responsibilities of encryption and managing backups to a third party. We also found
that 22.5% of our participants have already experienced security breaches and lost bitcoins.
About half of them mentioned a self-induced error as the reason, which highlights that users
find it still difficult to manage their bitcoins in a secure way.
We believe that our insights and suggestions are an important first step towards improving the
usability of Bitcoin security. In order to guarantee secure interactions with the Bitcoin
ecosystem to both expert and non-expert users, we must re-think the concept of Bitcoin
74
management, since it is more than just the secure handling of secret keys. Bitcoin is a
decentralized system where the interactions between peers and the propagation and verification
of messages and data is important. If this aspect is ignored, Bitcoin would just consist of signed
numbers without value.
5.4 Recommendations
This research has thrown up an issue of CMT usability so the recommendation from this
research is that there should be a standard CMT design so that people can be taught how to
use them and in case they switch to another CMT, they will still be able to use the next CMT
without any hustles.
Lastly, the findings has concluded that people do not really fully understand the concept of
Bitcoins, because during the interviews, some thought that Bitcoins were anonymous, they
were confusing it with the term that Bitcoins can be used anonymously. So a simpler paper
can be written to explain what Bitcoin is to a simple man without useless jargon.
A good starting point would be to build new research into the following.
1. The ongoing development and deepening of global Bitcoin markets, tracing to what extent
those in developing country contexts are actually adopting it. There is a definite need for
baseline studies of usage, against which future changes can be measured.
75
2. The challenges and potentials for the Bitcoin system’s usage from a financial inclusion
perspective. This includes its use as a remittance system and as an alternative bank account.
This can be complemented with studies on the extent to which Blockchain-based property
title systems (such as land registries), have the potential to open up normal bank financing
to people who otherwise cannot get access to credit from financial institutions.
3. The extent to which Bitcoin as a currency system could interact in the future with
Blockchain 2.0 smart-contract technology to create collectively-run and also how they can
be made to interact, that is cryptocurrencies as a whole.
76
REFERENCES
1) Aliaga and Gunderson (2005) ‘Interactive Statistics ‘3rd Edition
2) W. Baur, J. B¨uhler, M. Bick, and C. S. Bonorden. Cryptocurrencies as a disruption?
Empirical findings on user adoption and future potential of bitcoin and co. In Open and
Big Data Management and Innovation, pages 63–80. Springer, 2015.
3) Cooper, D.R. & Schindler, P.S. (2003) Business research methods (8th ed.).Boston:
McGraw-Hill.
4) Creswell J.W (2009) Research design: Qualitative, Quantitative and mixed methods
approaches, Los Angeles, Sage.
5) Carl Weathers (2016) https://disqus.com/by/disqus_BgLaXgudnZ (Visited on
3/5/2017).
6) cgminer. https://github.com/ckolivas/ cgminer. (Visited on 12/13/2014).
7) Crypto-currency market capitalizations. http:// coinmarketcap.com/. (Visited on
12/13/2014).
8) Intel sha extensions | intel developer zone. https://software.intel.com/en-us/
articles/intel-sha-extensions. (Visited on 12/13/2014).
9) Elli Androulaki, GhassanO. Karame, Marc Roeschlin, Tobias Scherer, and Srdjan
Capkun. Evaluating user privacy in bitcoin. In Ahmad- Reza Sadeghi, editor, Financial
Cryptography and Data Security, volume 7859 of Lecture Notes in Computer Science,
pages 34{51. Springer Berlin Heidelberg, 2013.
10) Ittay Eyal and Emin G•un Sirer. Majority is not enough: Bitcoin mining is vulnerable.
CoRR, abs/1311.0243, 2013.
11) Reuben Grinberg. Bitcoin: An innovative alternative digital currency. Hastings Science
& Technology Law Journal, 4:160, 2011.
12) Chi-Keung Luk, Robert Cohn, Robert Muth, Harish Patil, Artur Klauser, Geo Lowney,
Steven Wallace, Vijay Janapa Reddi, and Kim Hazelwood. Pin: Building customized
program analysis
13) tools with dynamic instrumentation. In Proceedings of the 2005 ACM SIGPLAN
Conference on Program-ming Language Design and Implementation, PLDI '05, pages
190{200, New York, NY, USA, 2005. ACM.
14) Satoshi Nakamoto. Bitcoin: A peer-to-peer electronic cash system. May 2009,
Bitcoin.org
77
15) Meni Rosenfeld. Analysis of bitcoin pooled mining reward systems. CoRR,
abs/1112.4980, 2011
16) Villasenor, J., Monk, C., & Bronk, C. (2011). Shadowy Figures: Tracking Illicit
Financial Transactions in the Murky World of Digital Currencies, Peer-to-peer
Networks, and Mobile Device Payments. Brookings Institution. Retrieved from
http://bakerinstitute.org/media/files/Research/d9048418/ITP-pub-
FinancialTransactions 082911.pdf.
17) Brito J., & Castillo, A. (2013). Bitcoin: A Primer for Policymakers.
18) Retrieved from
http://mercatus.org/sites/default/files/Brito_BitcoinPrimer_embargoed.pdf.
19) 12 N. Hajdarbegovic, “Warren Buffett: Bitcoin is Not a Currency”, [online] 2014,
http://www.coindesk.com/warren-buffet-bitcoincurrency/ (Accessed: 6 April 2017)
20) https://www.tutorialspoint.com/e_commerce/e_commerce_tutorial.pdf(Accessed: 6
April 2017)
21) Matonis, J. (1995, April). Digital cash and monetary freedom. Institute for Monetary
Freedom. Retrieved from http://libertarian.co.uk/lapubs/econn/econn063.pdf.
22) M. Hovestadt, N. Lerch, H. Nitsche, and K. Voss. First steps of a monitoring framework
to empower risk assessment on grids. Kracow Grid Workshop, 2006.
23) "Statement of Jennifer Shasky Calvery, Director Financial Crimes Enforcement
Network United States Department of the Treasury Before the United States Senate
Committee on Banking, Housing, and Urban Affairs Subcommittee on National
Security and International Trade and Finance Subcommittee on Economic Policy"
(PDF). fincen.gov. Financial Crimes Enforcement Network. 19 November 2013.
Retrieved 1 March 2017.
24) Carr, I., ‘Anonymity, the internet and criminal law issues’, in C. Nicoll, J.E.J.Prins,
.J.M. van Dellen (Eds). Digital Anonymity and the Law, The Hague: T M C Asser
Press, pp. 197-206 (2003).
25) http://www.movable-type.co.uk/scripts/sha256.html
26) Mastering Bitcoin by Andreas M. Antonopoulos Unlocking Digital crypto-currencies
Copyright © 2010 Andreas M. Antonopoulos LLC.
27) Introduction to Bitcoin Mining A Guide For Gamers, Geeks, and Everyone Else By
David R. Sterry 2012
78
28) D. Bayer, S. Haber, W.S. Stornetta, "Improving the efficiency and reliability of digital
time-stamping,"
29) El Khyari Yasmine and Reis Benjamin New attacks on Bitcoin (2012)
30) S. Eskandari, D. Barrera, E. Stobert, and J. Clark. A first look at the usability of bitcoin
key management. In Workshop on Usable Security (USEC), 2015.
31) Wharton, J. Rieman, C. Lewis, and P. Polson. The cognitive walkthrough method: A
practitioner’s guide. In Usability inspection methods, pages 105–140. John Wiley &
Sons, Inc., 1994.
32) T. Moore and N. Christin. Beware the middleman: Empirical analysis of bitcoin-
exchange risk. In Financial Cryptography and Data Security, pages 25–33. Springer,
2013.
33) S. L. Garfinkel and R. C. Miller. Johnny 2: a user test of key continuity management
with s/mime and outlook express. In Proceedings of the 2005 symposium on Usable
privacy and security, pages 13–24. ACM, 2005.
34) S. Eskandari, D. Barrera, E. Stobert, and J. Clark. A first look at the usability of bitcoin
key
35) management. In Workshop on Usable Security (USEC), 2015.
36) Wharton, J. Rieman, C. Lewis, and P. Polson. The cognitive walkthrough method: A
37) practitioner’s guide. In Usability inspection methods, pages 105–140. John Wiley &
Sons,
38) Inc., 1994.
39) T. Moore and N. Christin. Beware the middleman: Empirical analysis of bitcoin-
exchange risks. In Financial Cryptography and Data Security, pages 25–33. Springer,
2013.
40) W. Baur, J. B¨uhler, M. Bick, and C. S. Bonorden. Cryptocurrencies as a disruption?
empirical findings on user adoption and future potential of bitcoin and co. In Open and
Big Data Management and Innovation, pages 63–80. Springer, 2015.
41) Baley (1982). Research Methods in Education. Routledge.London.
42) Leeds, S (1997) Research in Education. McMillan, London.
43) Nathan Binkert, Bradford Beckmann, Gabriel Black, Steven K. Reinhardt, Ali Saidi,
Arkaprava Basu, Joel Hestness, Derek R. Hower, Tushar Krishna, Somayeh Sardashti,
Rathijit Sen, Korey Sewell, Muhammad Shoaib, Nilay Vaish, Mark D. Hill, and David
79
A. Wood. The gem5 simulator. SIGARCH Comput. Archit. News, 39(2):1{7, August
2011.
44) Babbie E.R (2005) The basics of social research, 3rd edition, Wadsworth.
45) Bekhet et al (2012) Methodology triangulation: An approach to understanding data,
Marquette University College of Nursing, Milwaukee, Wisconsin, USA.
46) Bryman, A. & Bell, E. (2007) Planning a research project and formulating research
questions. In: Business Research Methods. New York. Oxford University Press.
47) Bryman, A. & Bell, E. (2007) Business research strategies. In: Business Research
Methods. New York. Oxford University Press.
48) Grinell R.M (1993) Social work research and evaluation, Peacock Publishers.7
49) Kothari, C.R. (1985) Research Methodology—Methods and Techniques. Wiley Eastern
Limited, New Delhi.
50) Leedy P.D, Newby T.J and Ertmel P.A (1997) Practical research: Planning and
Design, 9th Edition, Prentice Hall.
51) Nachmias, R., Mioduser, D., & Chen, D. A cognitive –Curricular Model for teaching
computer programming to children. WCCE/85 World conference of computers in
Education, Virginia 1985.
52) Neuman L (2005) Social research methods: Quantitative and Qualitative Approaches,
1st Edition, Pearson.
53) Raj. D (1968) Sampling theory, McGraw-Hill Book Company, New York
54) Sekaran, U. And Boogie, R. (2010). Research methods for business, a skill building
approach”, New York NY. Willey.
55) Sha-2 - wikipedia, the free encyclopedia. http: //en.wikipedia.org/wiki/SHA-2. (Visited
on 12/13/2014).
80
QUESTIONNAIRE
Online QUESTIONNAIRE
For this cause I am carrying out data collection on the subject mentioned by way of this online
questionnaire. Information collected form you will be used strictly for academic purposes only.
Your responses will not be released to anyone and they will be regarded as confidential.
………….......... Date…………….
The Researcher (Simbarashe Raymond Mudukuti)
B Interview Questions
81
Questions with answer options as ”( )” are multiple choice checkboxes whereas answer
Q2 Select which main features are responsible for you using Bitcoin (multiple selections
possible):
( ) Curiosity
( ) Anonymous nature
( ) Decentralized nature
( ) Other:
Q4 Please provide what services or products you pay for with bitcoins (multiple selections
possible):
( ) Bars, restaurants
82
( ) Bitcoin gift cards
( ) Donations, tipping
( ) Drugs
( ) Gambling sites
( ) Hotels, travel
( ) Underground marketplaces
( ) Other:
Q5 What do you think are the most likely risks associated with Bitcoin?
Q6 Please select the crypto currencies you are holding or using besides Bitcoin (multiple
selections possible):
( ) BanxShares
( ) BitShares
( ) BlackCoin
( ) Bytecoin
( ) Counterparty
83
( ) Dash
( ) Dogecoin
( ) Litecoin
( ) MaidSafeCoin
( ) MonaCoin
( ) Monero
( ) Namecoin
( ) Nxt
( ) Peercoin
( ) Primecoin
( ) Ripple
( ) Startcoin
( ) Stellar
( ) SuperNET
( ) Vertcoin
( ) YbCoin
( ) Other
Q7 Select the Bitcoin exchanges you have used in the past or you are using on regularly
( ) None
( ) BanxIO
( ) Bittrex
84
( ) Bitcoin Indonesia
( ) bitcoin.de
( ) Bitfinex
( ) Bitstamp
( ) BTC-e
( ) BTC38
( ) BTCChina
( ) CCEDK
( ) Cryptsy
( ) Gatecoin
( ) hibtc
( ) Kraken
( ) Mt. Gox
( ) OKCoin
( ) Poloniex
( ) QuadrigaCX
( ) VirWox
( ) Other:
85
a) At least once a day b) At least once a week c) At least once a month d) At least
once every six months e) At least once a year f) Less than once a year
Q10 Please tick which wallets you are ¡b¿currently¡/b¿ using (multiple selections possible):
( ) Airbitz
( ) Armory
( ) Bitcoin Core
( ) BitGo
( ) Bither
( ) breadwallet
( ) Circle
( ) Coinapult
( ) Coinbase
( ) Coinkite
( ) Coinomi
( ) Electrum
( ) Green Address
( ) Hive
( ) Ledger Nano
( ) mSIGNA
( ) MultiBit
( ) Mycelium
86
( ) Ninki
( ) TREZOR
( ) Xapo
( ) Not in list
Q11 Why did you choose to use multiple wallets to manage your bitcoins?
Q12 Why did you choose wallet - name to manage your Bitcoins?
87
a) Yes, since b) No, but I have mined from-to c) No, I have never mined bitcoins
a) Yes b) No
Q20 Please tick the names of the mining pools you have or are participating in (multiple
Mentions possible):
( ) 21 Inc.
( ) AntPool
( ) BitFury
( ) BitMinter
( ) Bitsolo
( ) BTCChina Pool
( ) BTC Guild
( ) BTC Nuggets
( ) BW.COM
( ) EclipseMC
( ) Eligius
( ) F2Pool
( ) GHash.IO
( ) Kano CKPool
88
( ) KnCMiner
( ) MegaBigPower
( ) P2Pool
( ) Slush
( ) Telco 214
( ) Other:
Q23 How would you estimate the risk of monetary loss for Bitcoin compared to credit
cards?
Q24 How high do you think is the risk of becoming a victim of a successful double
spending attack?
Q25 How high or low would you estimate the risk for malware that steals your Bitcoins?
Q26 How would you estimate the risk of monetary theft in case the device with your
89
(7 Point Likert-Scale from ”High” to ”Low”)
Q28 How high do you think the risk of cryptographic flaws is?
Q29 How high do you think is the risk of security vulnerabilities in hosted/web wallets
or Exchange services?
Q30 How high do you think is the risk of key loss due to a device failure?
Q31 How high do you think is the risk that the Bitcoin network is temporarily not
available?
Q33 How high do you think is the risk of a strong fluctuation in the Bitcoin exchange
90
Q34 Do you think that Bitcoin usage is anonymous?
a) Yes, Bitcoin is fully anonymous b) No, Bitcoin is not anonymous c) Not per se,
a) Yes b) No
Q36 Have you ever used Bitcoin over Tor title=”Tor is free software and an open Network that
helps you defend against traffic analysis, a form of network surveillance that threatens personal
freedom and privacy, confidential business activities and relationships, and state security. More
info at www.torproject.org”
a) Yes b) No
Q37 Do you take additional steps to ensure your privacy using Bitcoin?
a) Yes b) No
a) Yes b) No
Q39 Please select the reason for your key/Bitcoin loss (multiple selections possible):
( ) Self induced event (e.g. hard drive formatted, physical device lost, etc)
( ) Other
91
Q40 Have you been able to recover your keys?
a) Yes, b) No,
Q41 How many bitcoins did you loose due to this incident?
Q42 Please select the security incidents you have been affected by (multiple selections
possible):
( ) None
( ) inputs.io hack
( ) Scam wallets
( ) Other:
92
Q44 What was the approximate value of your lost bitcoins in USD?
B.9 Demographics
a) Yes b) No
93