frontiersofﬁnance introduction to bitcoinshash, / n9Y2lgQm5Hk -signature Thehashofthe messageis-n9Y2lgQm5Hk --message / Send$1000to) Jack)asap.-signature FxcHazPU+7y LZmf27xIq7E

introduction to bitcoins frontiers of finance

overview

Purpose: The purpose of this lecture is to introduce bitcoins – how the system works in general, some of its economics are, and some more specific implementation details for those who are interested ¡  bitcoin basics

§  bitcoin is… §  more bitcoin basics

¡  bitcoin economics §  market dynamics §  money supply §  mining

¡  bitcoin technology (facultative)

© Stefan Loesch / oditorium 2013. All rights reserved.

bitcoin is… introduction to bitcoins

bitcoin is…

bitcoin is an experimental, decentralized digital currency that enables instant payments to anyone, anywhere in the world

-‐‑Bitcoin Wiki bitcoin is a digital cryptocurrency made up of processed data blocks used for online and brick-‐‑and-‐‑mortar purchases

-‐‑Techopedia

© Stefan Loesch / oditorium 2013. All rights reserved. See last pages for license and disclaimer.

bitcoin is an electronic currency


account number bitcoin balance 1CkH8epnCee2jSnoYKVf2no8564LygpZcr 1.5027

1Lm9AuUUcazH54qFFW1Rt3V35mNvUCVFb1 17.3723

1D8L2KPG2U8mUqu6seE1GrYCRw2tkCxBHR 0.0002

1NbLhL5xGS1YF8LEcXo588EPWSswgsvizb 23.5643

1A6mxfhJTFM1ZrH6Vz23gDPNoQCX16kd4v 0.2453

18UMoRwJgCenNWARd1n1CTVp24UcEHEjqL 2.3642

… …

TOTAL* 10,985,850.0000

bitcoins exists only in bookentry form; the bitcoin general ledger is usually referred to as ‘block chain’.

total as of 5 apr 2013; not actual account data

bitcoin enables instant payments to anyone, anywhere in the world


take the bitcoins from those accounts …

…and send them on to those accounts

bitcoins can be sent from any account to any other account in the system; the payment is confirmed as soon as it is recorded in the block chain (usually after a few minutes)

source: blockchain.info

bitcoin is a decentralized electronic currency


Icons: h*p://www.devcom.com/ h*p://www.doublejdesign.co.uk/

bitcoin’s general ledger – usually referred to as the block chain – is jointly maintained by computers orga-‐‑nised in a peer-‐‑to-‐‑peer network. every participant maintains its own copy of the ledger

Block 229811

.................

.................

.................

.................

.................

.................

bitcoin is made up of processed data blocks (in the block chain)


Block 229810

.................

.................

.................

.................

.................

.................

Block 229812

.................

.................

.................

.................

.................

.................

approximately every 10 minutes, a new page (‘block’) containing the latest transactions is added to the general ledger (the ‘block chain’)

bitcoin is a cryptocurrency


the integrity of the ledger (the ‘block chain’) is asserted using cryptographic technology (hashes, public/private keys, digital signatures)

see last section for details!

bitcoins is made up of satoshis


1 BTC

1,000,000.00

100 Satoshi

24m BTC = 24tn x 100 Satoshi

bitcoin is…

¡  bitcoin is an electronic currency maintained in a general ledger called the block chain

¡  the ledger is maintained in a decentralised manner by a network of computers working in peer-‐‑to-‐‑peer mode

¡  the ledger’s integrity is maintained using crypto technology; the ledger however is not encrypted and publicly accessible (eg blockchain.info)

¡  bitcoin enables rapid payments between individuals connected to the Internet

¡  the smallest bitcoin denomination is satoshis, with 1BTC = 1,000,000 x 100 satoshis


more bitcoin basics introduction to bitcoins

for blockchain integrity, it is essential that the cost of maintaining it is high


Block 229810a

.................

.................

.................

.................

.................

.................

Block 229810

.................

.................

.................

.................

.................

.................

Block 229811

.................

.................

.................

.................

.................

.................

block chain integrity maintained against an aYacker if and only if >50% of computing resources are honest this is best achieved by rewarding honest miners, ie proceeds of mining > proceeds of aYacking

in case of conflict, the larger block chain wins

blockchain maintenance (=mining!) cost is kept high by artificially increasing costs


Block 229812 DRAFT

.................

.................

.................

.................

.................

metaphor: miners prepare a block containing the most recent transactions; then they throw a handful of dice; if they get all sixes they put their page into the ledger, and collect their reward.

prepare block roll dice

all sixes?

Block 229812

.................

.................

.................

.................

.................

.................

submit to block chain

bitcoins kept in wallets that more aptly would be called (secret) notebooks

¡  bitcoin wallets are not wallets, but notebooks to keep account numbers & passwords

¡  restoring lost wallet brings back the money when it was lost, not when it was backed up

¡  notebook is permanently amended with new account numbers and passwords -‐‑> loss of notebook might mean irretrievable loss of bitcoins


bitcoin is like old-‐‑style anonymous swiss bank account: you know account number and password, you get the money

typical wallet contains hundreds of account numbers and passwords


001/ 18HqXN4FynmC8k8xg8F5mXMDiQuu2F7rDW 002/ 14UhgJQHg1AyGXPpPnQ4LVjD1R8jwGKLrz 003/ 19aqFB79P7nag41cihoBVbKQxhTfe7U6co 004/ 14usey47NXFYegQXwXKFPr2qBRUucZoUhr 005/ 17AgRGd68i4m7CJ8k2YwuYHFA2ZvN2Eowd 006/ 1CyXrEFSHkoKgx7qN3csBsFyxRY7eDosHd 007/ 1PzB9PB2Srk9riAfMbEVCEaxJy2bYt8ing 008/ 18czPiA9PcCs7rFTBZnhvNAWuh1pEZRpGJ 009/ 18czPiA9PcCs7rFTBZnhvNAWuh1pEZRpGJ 010/ 14ChPPM8rPYJeHnw6kMVUDnNNKx1KnjYW4 011/ 1MLzg4U4RfyuD9mwoNthWQRkduX8dgtM9q 012/ 17uRF3QmqhfHopkuQTvAGT3yS5fsshhLhC

…

in principle it would be enough for every bitcoin participant to have only one account number and associated password; however, most participants chose to generate hundreds of account numbers for privacy reasons

Transaction pay 4BTC (fee 0.0005)

Account

bitcoin transactions generally produce change, connecting an individual’s account


metaphor: bitcoins are received as cheques; for spending bitcoins, the cheques need to be presented again; overpayment is returned as change

0.0054

3.5234

1.2431

0.5000

1.5300

3.5234

1.5300

5.0534

4.0000

1.0053

0.0005

5.0534

Account

0.0054

1.2431

0.5000

1.0053

sender cheque recipient chq miner cheque

more bitcoin basics

¡  the general ledger – the blockchain – is maintained by the ‘miners’ who receive the mining reward for their efforts

¡  in order to make manipulation of the blockchain costly the difficulty of preparing the ledger has been artificially increased

¡  bitcoins are held in so called wallets; a beYer metaphor for wallets would be ‘secret notebooks’ that store the access data for an old-‐‑style Swiss bank account

¡  For privacy reasons, wallets can contain numerous account numbers; however, an individual’s accounts can often be linked due to the way transactions are recorded


market dynamics introduction to bitcoins

bitcoin prices have been increasing dramatically over the last week or so…


source: bitcoincharts.com

…with incredible levels of volatility


source: bitcoincharts.com

+ +30%

1 day

bitcoin market dynamics

¡  the bitcoin market is currently in the process of trying to establish a base level, with liYle success so far

¡  two classes of bitcoin owners §  those we bought in / mined at the very boYom and who are now siYing on significant paper gains & fortunes

§  those who bought in recently and who have a lot to lose in a crash

¡  extreme volatility driven by various factors §  classic “greed & fear” of all investor classes §  insufficient market infrastructure & aYacks §  no natural anchoring point, and no support


money supply introduction to bitcoins

newly minted bitcoins are the miners’ reward for maintaining the block chain


Block 229812 DRAFT

.................

.................

.................

.................

.................

metaphor: miners prepare a block containing the most recent transactions; then they throw a handful of dice; if they get all sixes they put their page into the ledger, and collect their reward.

prepare block roll dice

all sixes?

Block 229812

.................

.................

.................

.................

.................

.................

submit to block chain

system regularly recalibrated to produce one block –worth 25BTC– every 10min


more sixes

needed

more miners

the target is to compute one block every 10min (on average) when more computing resources come online blocks will be computed faster; then difficulty increases (‘more sixes’) and vice versa recalibration performed every 20 days

current money creation: 3600BTC/day, but decreasing rapidly in the future

3600

1800

900

450 225 113 56

2013 2017 2021 2025 2029 2033 2037

bitcoins mined per day

bitcoins produced (in average) at a constant rate that is to halve every 4y. in the 4y period 2013-‐‑2016 mining reward is 25 BTC / block

beginning 2025, only 6.3% of all future bitcoins will still be ‘in the ground’

50.0%

25.0%

12.5%

6.3% 3.1% 1.6% 0.8%

2013 2017 2021 2025 2029 2033 2037

unissued bitcoins, beginning of period (%total)

whilst actual mining only stops in 2140, money creation after 2020 is de minimis

monetary dilution dies down quickly after 2020

10.7%

3.9%

1.7% 0.8% 0.4% 0.2% 0.1%

2013 2017 2021 2025 2029 2033 2037

bitcoin monetary expansion (period CAGR)

bitcoin money supply

¡  for the next four years bitcoin money supply will grow at a CAGR of ca 11%; due to current low market penetration however this might well lack behind demand growth, leading to substantial deflation

¡  supply growth will halve every 4 years, to 3.9% CAGR starting 2017 and 1.7% CAGR starting 2021

¡  the vast majority (90-‐‑95%) of all bitcoins ever to be created will have been created between 2020-‐‑30 §  and no, there are no ‘owners’ who could trick the system into issuing more bitcoins-‐‑ it is on autopilot


mining economics introduction to bitcoins

the system is regularly recalibrated to produce one block every 10min


more sixes

needed

more miners

the target is to compute one block every 10min (on average) when more computing resources come online blocks will be computed faster; then difficulty increases (‘more sixes’) and vice versa recalibration performed every 20 days

aggregate mining profit determined by surface between revenue and cost curve

bitcoins

aggregate computing power of mining pool


surface = mining profit

expected mining reward per unit of computing power (2013-‐‑16) = 25 BTC/N

equilibrium mining reward per unit

cost of mining

marginal (price seYing) miner will just break even on electricity cost

a fall in bitcoin prices removes mining supply and increases the unit reward

bitcoins



equilibrium mining reward per unit cost of mining

surface = mining profit


if cost structure of miners is the same, profits are de minimis

bitcoins



equilibrium mining reward per unit


cost of mining surface = mining profit

with most miners being on the same GPU technology, profit margins are small

bitcoins



cost (GPU)

reward curve

equilibrium reward

miners using the ultra efficient ASICs initially make large profits margins

bitcoins



cost (GPU)

reward curve

equilibrium reward

cost (ASIC)

limited ASICs supply

as long as computing capacity constraint, profit margins remain important

bitcoins



cost (GPU)

reward curve

equilibrium reward

cost (ASIC) limited ASICs supply

once the ASICs supply constraint is removed the profit margin will be low again

bitcoins



mining economics

¡  key fact: bitcoin supply is dynamically managed to stay constant by adjusting mining difficulty levels §  increase in computing capacity does not lead to more mining, but to lower unit profits in the mining pool

¡  economics of bitcoin mining is similar to the economics of real mining operations §  without supply constraints, reward is driven by the variable cost of the marginal miner, and hence profits driven by comparative price advantage (flat curve = no profits!)

§  with supply constraints, reward is above the cost of the marginal miner; it will be driven down if new supply enters the market, but this depends on their marginal cost vs capital outlay


bitcoin technology introduction to bitcoins

in this section…

¡  we explain cryptographic hashes, and show how they are used to build the bitcoin general ledger (the ‘block chain’)

¡  we explain public key cryptography, digital signatures, and how those are used to authenticate transactions within the block chain §  public key = account number §  private key = account password


a hash function is like a checksum, except…


checksums protect against erroneous data entry or transmission. example: European bank account numbers have a 2-‐‑digit checksum

IBAN: GB29 NWBK 6016 1331 9268 19

a hash function is like a checksum, except that it protects against deliberate tampering with the data as well as erroneous transmission

message: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Fusce sit amet risus vitae lectus molestie aliquet. Ut ut ipsum id ipsum ornare aliquam tempor non leo. Etiam imperdiet cursus est, ut auctor dui fringilla in. Nam ut arcu magna, a accumsan mi. signature: 5iZKi55Ep1AkBJ3wX257hvduZ/9juKSJjQNuW/FxcHazP

hash function key properties

¡  everyone knows how to compute it

¡  noone knows how to reverse it

¡  result is ‘all over the place’


The quick brown fox jumps over the lazy dog VYIGWeGwJ6bE…

-‐‑impossible to find any message-‐‑ FYkJIV4HuVhE…

The quick brown fox jumps over the lazy dog! fiCzVTA5QhkE…

The quick brown Fox jumps over the lazy dog LNAQH5PAP/Td…

a hash function’s key application is message integrity, but…


if the hash of a message is known with certainty, then everyone can verify whether or not a message has been

tampered with

but, a priori, knowing the hash with certainty is not that much different from knowing the message with certainty!

we’ll come to that (keyword: cryptographic chain & digital signature)

the difficulty of computing a hash can be increased with this trick


The quick brown fox jumps over the … {000001} fiCzVTA5QhkE…

The quick brown fox jumps over the … {974536} 000QMFEDEp6p…

The quick brown fox jumps over the … {000567} Ke7n2PY/WiA8…

The quick brown fox jumps over the … {002874} YwdP1a+DzVdw…

The quick brown fox jumps over the … {008352} aC3BY9ZITQE4…

The quick brown fox jumps over the … {093886} gf5g84vaUg6P…

The quick brown fox jumps over the … {367894} GTkmqByvxM9A…

trick: append an arbitrary number to the message and recalculate the hash; repeat until the hash starts with three zeros

a cryptographic chain makes tampering with old messages very expensive


message: Peter sends $1000 to Paul [000PaMqGq]

hash

000SxwAb

message: Paul sends $1001 to Mary [000SxwAb]

hash

0007n2PY

message: Mary sends $1003 to Donovan [0007n2PY]

hash

000eWOj1

every message is appended with hash of previous message, so changing one message means that the entire chain has to be recalculated from this point onwards. using the previous trick this can be made prohibitively expensive

the bitcoin block chain (the ledger) is an expensive cryptographic chain

¡  every block represents a page in the ledger, ie it collects a number of transactions

¡  blocks are extremely difficult to produce (many zeroes required); producing blocks is also called ‘mining’ §  The aggregate computing power of the bitcoin network takes 10min to produce a new block; difficulty is adjusted periodically to account for changes in computing power

§  At current (5 Apr 2013) difficulty, this is ~ 5MWh or $650 in electricity per block*; mining reward 25BTC ~ $2500 / block

¡  blockchain maintained by each an every client; in case of conflict, longest chain wins §  aYacker needs >50% of computing power


*source: hYp://blockchain.info/stats

symmetric cypher: same key used for encryption and decryption


cleartext The quick brown fox jumps over the lazy dog…

cyphertext mQCNAzEpXjUAAAE EAKG/4V9oUSiDc9 wIge6Bmg6erDGCL zmFyioAho8kDIJS rcmiF9qTdPq…

key: wejhbgw454jhb…

key: wejhbgw454jhb…

disadvantage: need to negotiate different key for every pairing of participants

asymmetric cypher: different key used for encryption and decryption



cyphertext mQCNAzEpXjUAAAE EAKG/4V9oUSiDc9 wIge6Bmg6erDGCL zmFyioAho8kDIJS rcmiF9qTdPq…

key: x4_tl4yg5vdt…

key: khj354kh2sjhaw…

important: it is easy to generate a pair of keys that reverse each other; however, it is difficult (read, impossible) to generate a key that reverses any given key

public key cryptography uses a keypair to more easily exchange keys



cyphertext mQCNAzEp XjUAAAEA KG4V9oUS iDcwIge6 Bmg6…


public key: known to everyone private key: known only to owner

encrypt with public key

decrypt with private key

owner generates a keypair, and makes one of the keys public; everyone can encrypt messages (using the public key) that only the owner will be able to decrypt (with the private key)

hash n9Y2lgQm5Hk signature The hash of the message is n9Y2lgQm5Hk

message Send $1000 to Jack asap. signature FxcHazPU+7y LZmf27xIq7E 0ihW8zz9JNF WSA9…

more importantly, it also allows to sign messages


message Send $1000 to Jack asap. signature The hash of the message is n9Y2lgQm5Hk

encrypt with private key

clear-‐‑ text

decrypt with public key

compute hash

public key: known to everyone private key: known only to owner

owner computes message hash and encrypts it with his private key; everyone can decrypt hash with the public key and check integrity of the message.

public key cryptography allows to authenticate bitcoin transactions

¡  Note: the actual bitcoin mechanism is slightly more complex, but the principle is the same

¡  a bitcoin account number is a public key, and the account password is the corresponding private key §  people can generate account numbers and passwords themselves

¡  any transfer record in the block chain must be signed with private key corresponding to the account number §  everyone can verify authenticity of transfer request; miners do

¡  account balances are simply difference between incoming and outgoing transactions


bitcoin technology

¡  bitcoin’s general ledger (the ‘blockchain’) is public ¡  its integrity is protected because it is an expensive cryptographic chain §  chained hashes & increased hashing difficulty §  implication: aYacking it is not impossible, but too expensive

¡  authentication for accessing accounts is performed using a cryptographic account number & PIN technology §  account number public key, PIN private key


introduction to bitcoins frontiers of finance

THANK YOU!

licensed under dual license

CC-‐‑BY-‐‑ND

¡  AYribution ¡  Commercial and non-‐‑commercial use

¡  No derivatives §  Single pages can be used §  AYribution to entire pres’n

CC-‐‑BY-‐‑NC-‐‑SA

¡  AYribution ¡  Non-‐‑commercial use only

¡  Derivative work allowed ¡  Share-‐‑alike


see hap://www.oditorium.com/ou/licences for details

aarib: hap://www.oditorium.com/ou/courses/various/introduction-‐‑to-‐‑bitcoins/

disclaimer

¡  this is educational material, not investment, legal, or any other kind of advice

¡  there might be errors in this material, even grave one’s; the author and the publisher might correct errors if they become aware of them, but no-‐‑one is under any obligation to do so

¡  if any of the material is related to investments – or any other opportunity to make or lose money – then it is up to the reader to independently assert (a) the correctness of information, and (b) whether and to which extent they apply to his or her decisions

¡  neither the author nor the publisher can be held responsible for any losses incurred – direct or indirect – because of reliance on this presentation


attribution

¡  Icons and graphics §  hYp://www.devcom.com/ §  hYp://www.doublejdesign.co.uk


Documents

frontiersofﬁnance introduction to bitcoinshash, / n9Y2lgQm5Hk -signature Thehashofthe messageis-n9Y2lgQm5Hk --message / Send$1000to) Jack)asap.-signature FxcHazPU+7y LZmf27xIq7E