Roman Oliynykov - Bitcoin and Blockchain: Technologies, Scaling and Forks

Bitcoin and Blockchain:
Technologies, Scaling and Forks
Roman Oliynykov
Ph.D., Dr.Habil.
roman.oliynykov@iohk.io
Input Output HK
V. N. Karazin Kharkiv National University
November 25th, 2017
Roman Oliynykov, Ph.D., Dr.Habil. — Input Output HK 1 / 29

Outline
Distinguishing characteristics of Bitcoin and
other blockchain-based altcoins
Transactions, Merkle trees, blocks and
blockchain
Consensus and mining, its complexity
Bitcoin advantages & open problems
Scaling Bitcoin
Bitcoin forks

Distinguishing characteristics of Bitcoin and other
blockchain-based altcoins
a virtual decentralized currency with no trusted
parties and with no pre-assumed identities
among the participants;
network operation support by moderately hard
(solvable by participants) proof-of-work puzzles
with rewards;
a public distributed ledger (to detect and
prevent money double-spending).

Three main technical components
transactions (including scripts) united
into blocks;
the consensus protocol;
the communication network.

Bitcoin transactions
One bitcoin is divided into 108 satoshi
Conservation of value principle: the sum of the values of all transaction is less than
or equal to the sum of the values of all inputs (with an exception: coinbase
transactions used to create new units of currency).
There is no identities or accounts that ”own” bitcoins. Ownership is a knowledge of a
private key which is able to make a signature that redeems certain outputs.

Merkle tree: uniting transactions into blocks

Transaction sequence

Blockchain: a hash-linked list of data blocks
NB: tree data structure for blockchains: GHOST

Double-spending attack

Double-spending prevention

Bitcoin addresses
Hashes of public keys in "pay-to-pub-key-hash"
transactions function represented at base58 encoding as
pseudonymous identities within the system and referred as
addresses. No real-world names or identifying information are
required.
1G9dguLRGKd16YBmM53iCuFVTTAUVog7s9

Bitcoin consensus and mining

Bitcoins core innovation: Nakamoto consensus
The process for choosing a new block (to be added to the
public distributed ledger, or the Bitcoin blockchain):
the first announced valid block containing a solution to
the computational puzzle is considered correct;
on hearing of the new announced valid block, other
participants are meant to begin working to find a followup
block;
if an announced block contains invalid transactions or is
otherwise malformed, all other participants are meant to
reject it and continue working until they have found a
solution for a valid block;
at any given time, the consensus blockchain is the
”longest” version (with the biggest cumulative difficulty)
of already known variants.

The consensus on the diﬀerent branches
(fork handling)
The consensus blockchain is the longest version (with
the greatest expected diﬃculty to produce).
It is also possible for two valid solutions to be found at
approximately the same time (depending on network latency):
there are two equal-length chains (a temporary fork);
miners can choose any fork in this scenario;
one blockchain will eventually be extended further
than the other at which point all miners should
adopt it due to the random nature of the computational
puzzle; the other fork will be discarded being
”shorter” comparing to another.

Conﬁdence that payment has been made
(will not be discarded in the future): theory
Sequential nature of this consensus mechanism implies that
users must wait for blocks to be found in order to gain
high conﬁdence that a transaction is permanently included
in the blockchain.
In theory, users can never be completely sure that a transaction
wont eventually be removed by a very deep fork (there is
always negligible probability that the currently available
blockchain is a fork and will be discarded in the future).

Confidence that payment has been made
(will not be discarded in the future): practice
In practice, most Bitcoin clients require six confirmation
blocks before accepting that a transaction is published (the
probability of discarding such a block becomes smaller
than 10−3
).
Deep forks are also prevented in an ad-hoc manner by
including hard-coded blockchain prefixes (checkpoints) with
the default Bitcoin client which clients require in any valid
blockchain
(it is considered by some researches that Bitcoin does not use
a true decentralized consensus protocol, as checkpoints are
chosen in a centralized manner).

Bitcoin miners
Miners are participants who are working (racing in practice)
to solve the computational puzzle in exchange for monetary
rewards.
A participant who ﬁnds a block can insert a coinbase
transaction minting a speciﬁed amount of currency (a
block reward) and transferring it to an address of their
choosing.
Miners receive all new currency initially and there is no
other allowed mechanism for money creation.

The computational puzzle
Requires finding a pre-image for SHA-256 hash function
(to find a block whose hash is less than a target value starts
with d consecutive zero bits; for November, 2017 this value is
approximately 72 zero bits; cf.: the DES cipher has a 56-bit
key).
The randomized nature of this puzzle is important, each
miner has a probability of finding the next block proportional
to his share of the competing computational power (otherwise,
in non-randomized case, the most powerful individual miner
could be expected to find every block first).

The puzzle complexity
The difficulty of the puzzle is calibrated so that a new
block is found, on average, once every 10 minutes.
To maintain this, the difficulty is adjusted once every
2016 blocks, or approximately every two weeks, by
analysis of timestamps included in the previous blocks (with
sanity checks to prevent manipulations by network rejection of
the implausible timestamps).
The block reward is determined by a fixed schedule. Initially,
each block created B50. This has been halved to B25 and
then to B12.5, and is scheduled to halve roughly every four
years until approximately 2140 at which point no new bitcoins
will be created.

A transaction fee
Additional income: miners are also allowed to claim the
net diﬀerence in value between all input and all output
transactions in this block (a transaction fee).
Fee values have primarily been determined by defaults in the
reference client, with an option to pay higher fees to have their
transactions published more quickly.
Transaction fees have primarily been used to discourage
overuse of the network with many small transactions (called
penny ﬂooding) and have never provided more than 12% of
mining revenue.
After 2140 transaction fees are planned to be main incentive
for miners.

Mining pools: the majority of mining power since 2013
Miners often collaborate in mining pools to lower the
variance of their revenue by sharing rewards with a group of
other miners.
Mining pools are typically administered by a manager, who, for
a small fee, collects mining rewards found by all participating
miners and allocates the funds to members in proportion to
the amount of work they have performed on behalf of the pool
(there is also small amount of ad hoc p2p mining pools).
Participation is proved (probabilistically) by sending
”near-blocks” whose hash starts with a large number of zeros
(d = 40 or more) but are not valid Bitcoin blocks yet.
There is no reason to miner to hide the valid block, because block
reward address is always pool manager’s address (and no other
”near-blocks” are accepted for the pool reward).

Bitcoin advantages
the ﬁrst wide spread virtual decentralized
currency with no trusted parties and with no
pre-assumed identities among the participants;
easy-to-join both for users and miners;
list-of-transactions only: no users, no balances
or identities;
a public distributed ledger with detection and
prevention money double-spending;
robust to cheaters: the network works normally
when it just has an honest majority among all
participants.

Open problems for Bitcoin
a scalability problem: much smaller throughput
comparing to VISA, MasterCard due to network
propagation delay for consensus and complexity of heavy
block processing (attempts to solve via SegWit, etc.);
network latency: long time for transaction approval (not
suitable for high frequency trading, etc.);
centralization: if someone (a big mining pool or
governmental agency) can control significant part of the
network, it can effectively to work against default mining
rules;
mining pools unfair competition: one big pool can
potentially infiltrate another big pool and decrease its
mining efficiency;
huge electricity consumption.

Scaling Bitcoin
Segregated Witness (BIP141)
Increasing block size
SegWit2x
Lightning Network
· · ·

Bitcoin forks
Bitcoin Cash
Bitcoin Gold
Bitcoin Diamond
· · ·
Bitcoin XT
Bitcoin Classic
Bitcoin Unlimited
· · ·

Bitcoin Cash
Increased block size (up to 8 MB)
No Segwit
Emergency Diﬃculty Adjustment (EDA) for keeping
stability of block issuance
Replay protection and diﬃculty adjustment each block

Bitcoin Gold
Changing proof-of-work: Equihash instead of SHA-256
(moving from ASICs to GPUs to eliminate centralization)
A premined coins for developers (up to 1%)
Segwit for scaling
Replay protection and diﬃculty adjustment each block

Bitcoin Diamond
Changing proof-of-work: X13 instead of SHA-256
(moving from ASICs to GPUs to eliminate centralization)
Changed coin supply (210 millions)
Segwit & Increased block size
Replay protection
Claims for more conﬁdentiality (encrypted amount)

Roman Oliynykov - Bitcoin and Blockchain: Technologies, Scaling and Forks

More Related Content

What's hot (20)

Similar to Roman Oliynykov - Bitcoin and Blockchain: Technologies, Scaling and Forks (20)

More from Timetogrowup (20)

Recently uploaded (20)

Roman Oliynykov - Bitcoin and Blockchain: Technologies, Scaling and Forks