bitcoin, the protocol
DESCRIPTION
After four years of quiet growth and development, the Bitcoin cryptocurrency leaped into prominence during 2013. Much of the current discourse around Bitcoin focuses on its viability as currency and its valuation. However, to appreciate its potential as the “Internet of ownership transfer”, a deeper understanding of its technical underpinnings is needed. In this colloquium, Prof G-J van Rooyen gives a technological primer on the nuts and bolts of the cryptocurrency. The talk will demonstrate how the cunning use of hashes makes it possible to transfer ownership in such a way that cheating (double-spending) is impossible in a correctly functioning network. This is shown to be the most successful solution to the long-standing Byzantine Generals Problem, and a breakthrough in distributed information management. The talk will also show how the Bitcoin peer-to-peer network forms the first widespread use of triple-entry accounting, and consider the applications of such technology. We will briefly dip into the scripting language built into the protocol: “DUP HASH160 EQUALVERIFY CHECKSIG” turns the Bitcoin protocol into Bitcoin the currency. More advanced scripts can make arbitrarily complex contracts and interactions possible.TRANSCRIPT
![Page 1: Bitcoin, the Protocol](https://reader030.vdocuments.net/reader030/viewer/2022012312/540dcc3e8d7f728d7e8b4af1/html5/thumbnails/1.jpg)
the ProtocolG-J van Rooyen
20 February 2014
![Page 2: Bitcoin, the Protocol](https://reader030.vdocuments.net/reader030/viewer/2022012312/540dcc3e8d7f728d7e8b4af1/html5/thumbnails/2.jpg)
“With e-currency based on cryptographic proof, without the need to trust a third-party middleman, money can be secure and transactions effortless.”
!– Satoshi Nakamoto
![Page 3: Bitcoin, the Protocol](https://reader030.vdocuments.net/reader030/viewer/2022012312/540dcc3e8d7f728d7e8b4af1/html5/thumbnails/3.jpg)
“We can laugh at Bitcoin, but real guys, in real basements, are losing real fake money right now.”
!– David Clinch
![Page 4: Bitcoin, the Protocol](https://reader030.vdocuments.net/reader030/viewer/2022012312/540dcc3e8d7f728d7e8b4af1/html5/thumbnails/4.jpg)
This talk is not about…• …is Bitcoin “real” money?
• …is Bitcoin a good investment?
• …will Bitcoin replace the dollar/rand/yen?
• …is Dogecoin/Litecoin better than Bitcoin?
• …exchange volatility
![Page 5: Bitcoin, the Protocol](https://reader030.vdocuments.net/reader030/viewer/2022012312/540dcc3e8d7f728d7e8b4af1/html5/thumbnails/5.jpg)
We will talk about…• …difficulty of trust-free agreement in a
decentralised P2P network (Byzantine Generals)
• …triple-entry accounting
• …how Bitcoin transactions are built and verified
• …the scripting language built into the protocol
• …scripted contracts (“Bitcoin 2.0”)
![Page 6: Bitcoin, the Protocol](https://reader030.vdocuments.net/reader030/viewer/2022012312/540dcc3e8d7f728d7e8b4af1/html5/thumbnails/6.jpg)
Abstraction, Level 1
![Page 7: Bitcoin, the Protocol](https://reader030.vdocuments.net/reader030/viewer/2022012312/540dcc3e8d7f728d7e8b4af1/html5/thumbnails/7.jpg)
Abstraction, Level 2
![Page 8: Bitcoin, the Protocol](https://reader030.vdocuments.net/reader030/viewer/2022012312/540dcc3e8d7f728d7e8b4af1/html5/thumbnails/8.jpg)
Abstraction, Level 3BANKING EFT
BITCOIN
![Page 9: Bitcoin, the Protocol](https://reader030.vdocuments.net/reader030/viewer/2022012312/540dcc3e8d7f728d7e8b4af1/html5/thumbnails/9.jpg)
Byzantine Generals• N generals need to coordinate
an attack
• Messages are passed amongst each other
• Traitorous generals may pass on false messages
• Consensus very difficult
• Lamport: solution for 2/3 trust (later > 50%)
![Page 10: Bitcoin, the Protocol](https://reader030.vdocuments.net/reader030/viewer/2022012312/540dcc3e8d7f728d7e8b4af1/html5/thumbnails/10.jpg)
Nakamoto’s Solution• Scenario: generals have to agree on time to attack
• A random general proposes a time and distributes the message
• Other generals “sign off” (agree) on time adding a hash that’s computationally difficult to compute (but trivial to verify)
• A chain of time-plus-hashes builds up and is distributed
• Over time, the generals become convinced that the majority of the computational power of the network has reached consensus.
• If an attacker injects a fake time to spread confusion, the network selects the chain with the longest sequence of valid hashes
![Page 11: Bitcoin, the Protocol](https://reader030.vdocuments.net/reader030/viewer/2022012312/540dcc3e8d7f728d7e8b4af1/html5/thumbnails/11.jpg)
Proof-of-work
![Page 12: Bitcoin, the Protocol](https://reader030.vdocuments.net/reader030/viewer/2022012312/540dcc3e8d7f728d7e8b4af1/html5/thumbnails/12.jpg)
Application to ownership transfer
• I can sign a “cheque” giving away money I own
• Everyone can verify the transaction is valid
• A double-spend of money is always invalid
• People who “audited” the transaction sign it off by proof-of-work
![Page 13: Bitcoin, the Protocol](https://reader030.vdocuments.net/reader030/viewer/2022012312/540dcc3e8d7f728d7e8b4af1/html5/thumbnails/13.jpg)
Single-entry accounting
• “Write down income and expenses”
• If you leave out a number, no-one will know
• Bookkeeper always has plausible deniability (it was an honest mistake!)
• Limited businesses to family and crown
![Page 14: Bitcoin, the Protocol](https://reader030.vdocuments.net/reader030/viewer/2022012312/540dcc3e8d7f728d7e8b4af1/html5/thumbnails/14.jpg)
Double-entry accounting• Florence, late 13th century
• Much more difficult to “cook books”
• Gave rise to the modern enterprise
![Page 15: Bitcoin, the Protocol](https://reader030.vdocuments.net/reader030/viewer/2022012312/540dcc3e8d7f728d7e8b4af1/html5/thumbnails/15.jpg)
Bitcoin as triple-entry• Alice debits her wallet, and credits Bob’s
(double-entry)
• Ivan audits transaction
• Ivan commits it to the public ledger (third entry)
• No central authority
• Non-repudiable transaction
![Page 16: Bitcoin, the Protocol](https://reader030.vdocuments.net/reader030/viewer/2022012312/540dcc3e8d7f728d7e8b4af1/html5/thumbnails/16.jpg)
The basics of BitcoinBack to Abstraction, Level 2
![Page 17: Bitcoin, the Protocol](https://reader030.vdocuments.net/reader030/viewer/2022012312/540dcc3e8d7f728d7e8b4af1/html5/thumbnails/17.jpg)
The basics of Bitcoin:Private keys
• Each “account” = random 256-bit number
• Private key, must be kept secret
• Need not be stored digitally – can be on paper or memorised
• Want to open an account? Guess a number!
2014/02/19, 10:01 PMbitaddress.org
Page 1 of 1https://www.bitaddress.org/bitaddress.org-v2.8.1-SHA1-a6e63f2712851710255a27fa0f22ef7833c2cd07.html
Bitcoin Address
1MZhiFUaJSLpUyrCj8de7d5UMvZLtyuu1z
SHARE
Private Key (Wallet Import Format)
5KQx3qRcMD5FyogomtVnABuToGCoVVDC9HvPMwDgARWBqzzzNte
SECRET
A Bitcoin wallet is as simple as a single pairing of a Bitcoin address with its corresponding Bitcoin privatekey. Such a wallet has been generated for you in your web browser and is displayed above.
To safeguard this wallet you must print or otherwise record the Bitcoin address and private key. It isimportant to make a backup copy of the private key and store it in a safe location. This site does not haveknowledge of your private key. If you are familiar with PGP you can download this all-in-one HTML page andcheck that you have an authentic version from the author of this site by matching the SHA1 hash of thisHTML with the SHA1 hash available in the signed version history document linked on the footer of this site. Ifyou leave/refresh the site or press the "Generate New Address" button then a new private key will begenerated and the previously displayed private key will not be retrievable. Your Bitcoin private key should bekept a secret. Whomever you share the private key with has access to spend all the bitcoins associated withthat address. If you print your wallet then store it in a zip lock bag to keep it safe from water. Treat a paperwallet like cash.
Add funds to this wallet by instructing others to send bitcoins to your Bitcoin address.
Check your balance by going to blockchain.info or blockexplorer.com and entering your Bitcoin address.
Spend your bitcoins by going to blockchain.info or mtgox.com and sweep the full balance of your privatekey into your account at their website. You can also spend your funds by downloading one of the popularbitcoin p2p clients and importing your private key to the p2p client wallet. Keep in mind when you importyour single key to a bitcoin p2p client and spend funds your key will be bundled with other private keys in thep2p client wallet. When you perform a transaction your change will be sent to another bitcoin address withinthe p2p client wallet. You must then backup the p2p client wallet and keep it safe as your remaining bitcoinswill be stored there. Satoshi advised that one should never delete a wallet.
QR code representation of the private key!5KQx3qRcMD5FyogomtVnABuToGCoVVDC9HvPMwDgARWBqzzzNte
![Page 18: Bitcoin, the Protocol](https://reader030.vdocuments.net/reader030/viewer/2022012312/540dcc3e8d7f728d7e8b4af1/html5/thumbnails/18.jpg)
The basics of Bitcoin:Public keys and addresses
• ECDSA is used to generate a public key from the PrivKey
• The PubKey can be used to verify transactions signed using the PrivKey
• 64-byte PubKeys are unwieldy, and are hashed down to 20-byte addresses
QR code representation of the address!1MZhiFUaJSLpUyrCj8de7d5UMvZLtyuu1z
2014/02/19, 10:01 PMbitaddress.org
Page 1 of 1https://www.bitaddress.org/bitaddress.org-v2.8.1-SHA1-a6e63f2712851710255a27fa0f22ef7833c2cd07.html
Bitcoin Address
1MZhiFUaJSLpUyrCj8de7d5UMvZLtyuu1z
SHARE
Private Key (Wallet Import Format)
5KQx3qRcMD5FyogomtVnABuToGCoVVDC9HvPMwDgARWBqzzzNte
SECRET
A Bitcoin wallet is as simple as a single pairing of a Bitcoin address with its corresponding Bitcoin privatekey. Such a wallet has been generated for you in your web browser and is displayed above.
To safeguard this wallet you must print or otherwise record the Bitcoin address and private key. It isimportant to make a backup copy of the private key and store it in a safe location. This site does not haveknowledge of your private key. If you are familiar with PGP you can download this all-in-one HTML page andcheck that you have an authentic version from the author of this site by matching the SHA1 hash of thisHTML with the SHA1 hash available in the signed version history document linked on the footer of this site. Ifyou leave/refresh the site or press the "Generate New Address" button then a new private key will begenerated and the previously displayed private key will not be retrievable. Your Bitcoin private key should bekept a secret. Whomever you share the private key with has access to spend all the bitcoins associated withthat address. If you print your wallet then store it in a zip lock bag to keep it safe from water. Treat a paperwallet like cash.
Add funds to this wallet by instructing others to send bitcoins to your Bitcoin address.
Check your balance by going to blockchain.info or blockexplorer.com and entering your Bitcoin address.
Spend your bitcoins by going to blockchain.info or mtgox.com and sweep the full balance of your privatekey into your account at their website. You can also spend your funds by downloading one of the popularbitcoin p2p clients and importing your private key to the p2p client wallet. Keep in mind when you importyour single key to a bitcoin p2p client and spend funds your key will be bundled with other private keys in thep2p client wallet. When you perform a transaction your change will be sent to another bitcoin address withinthe p2p client wallet. You must then backup the p2p client wallet and keep it safe as your remaining bitcoinswill be stored there. Satoshi advised that one should never delete a wallet.
![Page 19: Bitcoin, the Protocol](https://reader030.vdocuments.net/reader030/viewer/2022012312/540dcc3e8d7f728d7e8b4af1/html5/thumbnails/19.jpg)
Crypto-primer: Hashes
• Hashing: D = H(M)
• D is usually much shorter than M
• It is impossible to get back to M just from D
• SHA256 and RIPEMD-160 used in Bitcoin
![Page 20: Bitcoin, the Protocol](https://reader030.vdocuments.net/reader030/viewer/2022012312/540dcc3e8d7f728d7e8b4af1/html5/thumbnails/20.jpg)
Crypto-primer: Signatures• Hashing: D = H(M)
• Signing: σ = S(D, Pr)!
• Verification: ß = V(D, σ, Pu)
• Only the owner of the private key can sign a message (transaction)
• Anyone who knows a user’s public key can verify that she signed it
• ECDSA used in Bitcoin
![Page 21: Bitcoin, the Protocol](https://reader030.vdocuments.net/reader030/viewer/2022012312/540dcc3e8d7f728d7e8b4af1/html5/thumbnails/21.jpg)
Bitcoin transactions
![Page 22: Bitcoin, the Protocol](https://reader030.vdocuments.net/reader030/viewer/2022012312/540dcc3e8d7f728d7e8b4af1/html5/thumbnails/22.jpg)
Signing inputs
![Page 23: Bitcoin, the Protocol](https://reader030.vdocuments.net/reader030/viewer/2022012312/540dcc3e8d7f728d7e8b4af1/html5/thumbnails/23.jpg)
A full transactionField Description Size!
[b]Version # Currently 1 4
In-counter Positive integer 1-9
List of inputs References to outputs of previous transactions
Out-counter Positive integer 1-9
List of outputs Values of outputs, and scripts dictating how they may be claimed
Lock time Time stamp when transaction becomes final (default 0 = immediately) 4
![Page 24: Bitcoin, the Protocol](https://reader030.vdocuments.net/reader030/viewer/2022012312/540dcc3e8d7f728d7e8b4af1/html5/thumbnails/24.jpg)
A sample transactionInput:!Previous tx: f5d8ee39a430901c91a5917b9f2dc19d6d1a0e9cea205b009ca73dd04470b9a6!Index: 0!scriptSig: 304502206e21798a42fae0e854281abd38bacd1aeed3ee3738d9e1446618c4571d1090db022100e2ac980643b0b82c0e88ffdfec6b64e3e6ba35e7ba5fdd7d5d6cc8d25c6b241501!!Output:!Value: 5000000000!scriptPubKey: OP_DUP OP_HASH160 404371705fa9bd789a2fcd52d2c580b65d35549d!OP_EQUALVERIFY OP_CHECKSIG
![Page 25: Bitcoin, the Protocol](https://reader030.vdocuments.net/reader030/viewer/2022012312/540dcc3e8d7f728d7e8b4af1/html5/thumbnails/25.jpg)
The output script• Each output has a script specifying how it may be claimed
• FORTH-like scripting language
• Deliberately Turing-incomplete
• Can specify anything:
• “anyone can have this”
• pay to specific address
• highly complex contracts (e.g. “pay out when I die”)
![Page 26: Bitcoin, the Protocol](https://reader030.vdocuments.net/reader030/viewer/2022012312/540dcc3e8d7f728d7e8b4af1/html5/thumbnails/26.jpg)
The simplest script
• Pay-to-PubkeyHash (give money to an address)
• scriptPubKey: OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG
• scriptSig: <sig> <pubKey>
• scriptSig and scriptPubKey are combined, and then stack processing is done operation-by-operation
![Page 27: Bitcoin, the Protocol](https://reader030.vdocuments.net/reader030/viewer/2022012312/540dcc3e8d7f728d7e8b4af1/html5/thumbnails/27.jpg)
The simplest script: Step 1
• scriptSig and scriptPubKey are combined
• Unprocessed script:<sig> <pubKey> OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG
(empty)
STACK
![Page 28: Bitcoin, the Protocol](https://reader030.vdocuments.net/reader030/viewer/2022012312/540dcc3e8d7f728d7e8b4af1/html5/thumbnails/28.jpg)
The simplest script: Step 2
• The constants <sig> and <pubKey> are added to the stack
• Unprocessed script:<sig> <pubKey> OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG
<pubKey> <sig>
STACK
![Page 29: Bitcoin, the Protocol](https://reader030.vdocuments.net/reader030/viewer/2022012312/540dcc3e8d7f728d7e8b4af1/html5/thumbnails/29.jpg)
The simplest script: Step 3
• The top stack item is duplicated
• Unprocessed script:<sig> <pubKey> OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG
<pubKey> <pubKey>
<sig>
STACK
![Page 30: Bitcoin, the Protocol](https://reader030.vdocuments.net/reader030/viewer/2022012312/540dcc3e8d7f728d7e8b4af1/html5/thumbnails/30.jpg)
The simplest script: Step 4
• The top stack item is hashed!
• This calculates and address from the claimant’s public key
• (we must ensure this is the same as the TXout’s address)
• Unprocessed script:<sig> <pubKey> OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG
<pubHashA> <pubKey>
<sig>
STACK
![Page 31: Bitcoin, the Protocol](https://reader030.vdocuments.net/reader030/viewer/2022012312/540dcc3e8d7f728d7e8b4af1/html5/thumbnails/31.jpg)
The simplest script: Step 5
• Another constant (the previous output’s destination address) is added to the stack
• Unprocessed script:<sig> <pubKey> OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG
<pubKeyHash> <pubHashA>
<pubKey> <sig>
STACK
![Page 32: Bitcoin, the Protocol](https://reader030.vdocuments.net/reader030/viewer/2022012312/540dcc3e8d7f728d7e8b4af1/html5/thumbnails/32.jpg)
The simplest script: Step 6
• Verify that the claimant’s public key actually matches the previous transaction’s output address!
• If false, the transaction is rejected an not distributed further
• Unprocessed script:<sig> <pubKey> OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG
<pubKey> <sig>
STACK
![Page 33: Bitcoin, the Protocol](https://reader030.vdocuments.net/reader030/viewer/2022012312/540dcc3e8d7f728d7e8b4af1/html5/thumbnails/33.jpg)
The simplest script: Step 7
• Verify that the claimant’s public key confirms the transaction’s signature!
• If false, the transaction is rejected an not distributed further
• Unprocessed script:<sig> <pubKey> OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG
(empty)
STACK
![Page 34: Bitcoin, the Protocol](https://reader030.vdocuments.net/reader030/viewer/2022012312/540dcc3e8d7f728d7e8b4af1/html5/thumbnails/34.jpg)
We just used 4 opcodes…enum opcodetype { // push value OP_0 = 0x00, OP_FALSE = OP_0, OP_PUSHDATA1 = 0x4c, OP_PUSHDATA2 = 0x4d, OP_PUSHDATA4 = 0x4e, OP_1NEGATE = 0x4f, OP_RESERVED = 0x50, OP_1 = 0x51, OP_TRUE=OP_1, OP_2 = 0x52, OP_3 = 0x53, OP_4 = 0x54, OP_5 = 0x55, OP_6 = 0x56, OP_7 = 0x57, OP_8 = 0x58, OP_9 = 0x59, OP_10 = 0x5a, OP_11 = 0x5b, OP_12 = 0x5c, OP_13 = 0x5d, OP_14 = 0x5e, OP_15 = 0x5f, OP_16 = 0x60, ! // control OP_NOP = 0x61, OP_VER = 0x62, OP_IF = 0x63, OP_NOTIF = 0x64, OP_VERIF = 0x65, OP_VERNOTIF = 0x66, OP_ELSE = 0x67, OP_ENDIF = 0x68, OP_VERIFY = 0x69, OP_RETURN = 0x6a,
! // stack ops OP_TOALTSTACK = 0x6b, OP_FROMALTSTACK = 0x6c, OP_2DROP = 0x6d, OP_2DUP = 0x6e, OP_3DUP = 0x6f, OP_2OVER = 0x70, OP_2ROT = 0x71, OP_2SWAP = 0x72, OP_IFDUP = 0x73, OP_DEPTH = 0x74, OP_DROP = 0x75, OP_DUP = 0x76, OP_NIP = 0x77, OP_OVER = 0x78, OP_PICK = 0x79, OP_ROLL = 0x7a, OP_ROT = 0x7b, OP_SWAP = 0x7c, OP_TUCK = 0x7d, ! // splice ops OP_CAT = 0x7e, OP_SUBSTR = 0x7f, OP_LEFT = 0x80, OP_RIGHT = 0x81, OP_SIZE = 0x82, ! // bit logic OP_INVERT = 0x83, OP_AND = 0x84, OP_OR = 0x85, OP_XOR = 0x86, OP_EQUAL = 0x87, OP_EQUALVERIFY = 0x88, OP_RESERVED1 = 0x89, OP_RESERVED2 = 0x8a, !
// numeric OP_1ADD = 0x8b, OP_1SUB = 0x8c, OP_2MUL = 0x8d, OP_2DIV = 0x8e, OP_NEGATE = 0x8f, OP_ABS = 0x90, OP_NOT = 0x91, OP_0NOTEQUAL = 0x92, ! OP_ADD = 0x93, OP_SUB = 0x94, OP_MUL = 0x95, OP_DIV = 0x96, OP_MOD = 0x97, OP_LSHIFT = 0x98, OP_RSHIFT = 0x99, ! OP_BOOLAND = 0x9a, OP_BOOLOR = 0x9b, OP_NUMEQUAL = 0x9c, OP_NUMEQUALVERIFY = 0x9d, OP_NUMNOTEQUAL = 0x9e, OP_LESSTHAN = 0x9f, OP_GREATERTHAN = 0xa0, OP_LESSTHANOREQUAL = 0xa1, OP_GREATERTHANOREQUAL = OP_MIN = 0xa3, OP_MAX = 0xa4, ! OP_WITHIN = 0xa5, ! // crypto OP_RIPEMD160 = 0xa6, OP_SHA1 = 0xa7, OP_SHA256 = 0xa8, OP_HASH160 = 0xa9, OP_HASH256 = 0xaa, OP_CODESEPARATOR = 0xab,
OP_CHECKSIG = 0xac, OP_CHECKSIGVERIFY = 0xad, OP_CHECKMULTISIG = 0xae, OP_CHECKMULTISIGVERIFY = ! // expansion OP_NOP1 = 0xb0, OP_NOP2 = 0xb1, OP_NOP3 = 0xb2, OP_NOP4 = 0xb3, OP_NOP5 = 0xb4, OP_NOP6 = 0xb5, OP_NOP7 = 0xb6, OP_NOP8 = 0xb7, OP_NOP9 = 0xb8, OP_NOP10 = 0xb9, !!! // template matching params OP_SMALLDATA = 0xf9, OP_SMALLINTEGER = 0xfa, OP_PUBKEYS = 0xfb, OP_PUBKEYHASH = 0xfd, OP_PUBKEY = 0xfe, ! OP_INVALIDOPCODE = 0xff, };
![Page 35: Bitcoin, the Protocol](https://reader030.vdocuments.net/reader030/viewer/2022012312/540dcc3e8d7f728d7e8b4af1/html5/thumbnails/35.jpg)
Mining• “Auditors” collect transactions into a “block”
(up to 1 Mb)
• Each transaction in the block is verified for validity
• The miner then does a proof-of-work calculation to “sign off” the block and add it to the blockchain
• Difficult hash calculation takes +/- 10 min regardless of number of miners in the network
![Page 36: Bitcoin, the Protocol](https://reader030.vdocuments.net/reader030/viewer/2022012312/540dcc3e8d7f728d7e8b4af1/html5/thumbnails/36.jpg)
Advanced mining• A miner who successfully finds a suitable hash for
a block, gets reward (currently 25 XBT = 625 USD)
• Each transaction has optional transaction fees (difference between sum of inputs and outputs) that also go to the miner
• Hash difficulty: number of “leading zeros” in hash
• Adjusted dynamically, aims for 1 block in 10 mins
![Page 37: Bitcoin, the Protocol](https://reader030.vdocuments.net/reader030/viewer/2022012312/540dcc3e8d7f728d7e8b4af1/html5/thumbnails/37.jpg)
More interesting contracts
• Scripting language can be used to enforce arbitrary constraints on how outputs are spent
• Entire financial applications involving transfer of ownership can be built using the Bitcoin protocol
![Page 38: Bitcoin, the Protocol](https://reader030.vdocuments.net/reader030/viewer/2022012312/540dcc3e8d7f728d7e8b4af1/html5/thumbnails/38.jpg)
Dispute mediation• Third party (escrow / arbiter) may optionally be
called in to sign off on a transaction if something goes wrong.
• Script: 2 <K1> <K2> <K3> 3 OP_CHECKMULTISIGVERIFY!
• 2 out of 3 parties must agree on the outcome of the transaction in order to spend the output
• The output may be spent as a payment or a refund
![Page 39: Bitcoin, the Protocol](https://reader030.vdocuments.net/reader030/viewer/2022012312/540dcc3e8d7f728d7e8b4af1/html5/thumbnails/39.jpg)
Micropayment channels• Each Bitcoin transaction carries a transaction cost
(or processing delay), so normal transactions aren’t ideal for micropayments
• Client send rapid adjustments in what it is willing to transfer to the server, directly to the server
• These transactions aren’t broadcast until the session ends, when the final payment is made.
![Page 40: Bitcoin, the Protocol](https://reader030.vdocuments.net/reader030/viewer/2022012312/540dcc3e8d7f728d7e8b4af1/html5/thumbnails/40.jpg)
Oracle conditions• E.g. script to pass on an inheritance:
• <hash> OP_DROP2 <son’s pubkey><oracle’s pubkey> CHECKMULTISIG
• Uses an external, trusted oracle who will only sign off when predetermined condition is met, e.g.
• if (has_died(‘G-J van Rooyen’, id=‘7609257364083’)) return (10.0, 1MZhiFUaJSLpUyrCj8de7d5UMvZLtyuu1z)
![Page 41: Bitcoin, the Protocol](https://reader030.vdocuments.net/reader030/viewer/2022012312/540dcc3e8d7f728d7e8b4af1/html5/thumbnails/41.jpg)
Colored coins• From “wallet point-of-view”, Bitcoins are fungible
• However, transaction outputs are traceable
• 0.00000001 XBT outputs can be used to trace ownership of associated digital or physical goods in the real world
• Software, movies, stocks, cars, houses can be traded without intermediaries
![Page 42: Bitcoin, the Protocol](https://reader030.vdocuments.net/reader030/viewer/2022012312/540dcc3e8d7f728d7e8b4af1/html5/thumbnails/42.jpg)
In Conclusion• The Bitcoin protocol is brilliant,
subtle, intricate and (in some places) horribly complex
• Proof-of-ownership protocol with built-in scripting language
• Currency (“pay-to-address”) is the “Hallo, world!” of Bitcoin applications
• Understand the protocol. Then go understand traditional financial systems
![Page 43: Bitcoin, the Protocol](https://reader030.vdocuments.net/reader030/viewer/2022012312/540dcc3e8d7f728d7e8b4af1/html5/thumbnails/43.jpg)
Questions are welcomeAlso,
5KQx3qRcMD5FyogomtVnABuToGCoVVDC9HvPMwDgARWBqzzzNte
![Page 44: Bitcoin, the Protocol](https://reader030.vdocuments.net/reader030/viewer/2022012312/540dcc3e8d7f728d7e8b4af1/html5/thumbnails/44.jpg)
2014/02/19, 10:01 PMbitaddress.org
Page 1 of 1https://www.bitaddress.org/bitaddress.org-v2.8.1-SHA1-a6e63f2712851710255a27fa0f22ef7833c2cd07.html
Bitcoin Address
1MZhiFUaJSLpUyrCj8de7d5UMvZLtyuu1z
SHARE
Private Key (Wallet Import Format)
5KQx3qRcMD5FyogomtVnABuToGCoVVDC9HvPMwDgARWBqzzzNte
SECRET
A Bitcoin wallet is as simple as a single pairing of a Bitcoin address with its corresponding Bitcoin privatekey. Such a wallet has been generated for you in your web browser and is displayed above.
To safeguard this wallet you must print or otherwise record the Bitcoin address and private key. It isimportant to make a backup copy of the private key and store it in a safe location. This site does not haveknowledge of your private key. If you are familiar with PGP you can download this all-in-one HTML page andcheck that you have an authentic version from the author of this site by matching the SHA1 hash of thisHTML with the SHA1 hash available in the signed version history document linked on the footer of this site. Ifyou leave/refresh the site or press the "Generate New Address" button then a new private key will begenerated and the previously displayed private key will not be retrievable. Your Bitcoin private key should bekept a secret. Whomever you share the private key with has access to spend all the bitcoins associated withthat address. If you print your wallet then store it in a zip lock bag to keep it safe from water. Treat a paperwallet like cash.
Add funds to this wallet by instructing others to send bitcoins to your Bitcoin address.
Check your balance by going to blockchain.info or blockexplorer.com and entering your Bitcoin address.
Spend your bitcoins by going to blockchain.info or mtgox.com and sweep the full balance of your privatekey into your account at their website. You can also spend your funds by downloading one of the popularbitcoin p2p clients and importing your private key to the p2p client wallet. Keep in mind when you importyour single key to a bitcoin p2p client and spend funds your key will be bundled with other private keys in thep2p client wallet. When you perform a transaction your change will be sent to another bitcoin address withinthe p2p client wallet. You must then backup the p2p client wallet and keep it safe as your remaining bitcoinswill be stored there. Satoshi advised that one should never delete a wallet.