Lecture 27: Bitcoin (Part 2)

• Slides
• Playlist (length: 46:24)

Bitcoin Review

Proof of Work

(True/False) In Bitcoin Proof-of-Work, if the hash function isn’t one-way then an attacker can always win by bruteforcing a valid pre-image.

False. Recall that part of the input is determined by the block being added which also has dependence on previous blocks. While an attacker would be able to find a pre-image which hashes to the correct number of zeroes, there’s no guarantee that pre-image will form a valid hash chain.

Proof of Work Example

Proof of Work Security

In Bitcoin, Proof-of-Work (PoW) requires miners to find some random number n such that Hash(block || n) has a certain number of zeroes in it. What would happen if instead, miners had to find Hash(n) for which this held?

This would compromise security as once a single n was found, this could be to valid any block going forward. Even if you made a condition that this n had to be unique, you still allow an adversary to precompute a large number of valid ns since there is no dependence on the actual block being added.

For example, PoW protects against double-spend attacks since on every new block, the entire network ‘starts-over’ on their goal of solving the hashing puzzle (since part of the input to the hash function changes). This enforces the invariant that an attacker has to compromise 51% of the network to consistently solve the puzzle first. If you get rid of that dependence, the attacker no longer needs to compromise 51% of the network since they can simply precompute 2-3 valid ns at any time and then execute their attack.

Consensus & Mining

(True/False) Even if the network eventually switches to an alternate, longer chain, a miner will still receive a mining award

No. The mining award is part of the block they mine, so if the network switches to an alternate chain and loses their block, their award is also lost.

Mining pools

Why might having large mining pools be worrysome?

Because it’s a big centralization of power in the network. If only a few mining pools decided to team up, they could hold 51% of the mining power and launch an attack

Anonymity and Conclusions

If someone bought something from you over Bitcoin, how could you track their future transactions?

You can simply scan through the blockchain looking for anything involving their public key

Note: We won’t have time to cover certificate transparency, but for those interested see here