Photo By : Zach Copley used under creative commons

“Bitcoin and Cryptocurrency Technologies”Online Course Summery (Lecture 4)

• This is my notes & summery for this course “Bitcoin and Cryptocurrency Technologies” on coursera , the course material is very useful to gain a more technical understanding of Bitcoin and Cryptocurrency in general.
• This is just a summery of the course content and PDF it dosen’t compensate for watching the videos and i posted it so that future students of this course may benefit from it.
• All images are courtesy of the instructors’ PDF published in the course resources .

Segment 4.1 (Simple Local Storage) :

• To spend a bitcoin you need to know some public information and some secret information. The public information is what goes on the block chain — the identity of the coin, how much it’s worth, and so on. The secret information is the secret key of the owner of the bitcoin, presumably, that’s you. So in practice storing your bitcoins is all about storing and managing your keys.
• Different approaches to key management offer different trade-offs between availability, security, and convenience.
• The simplest key management method is storing them on a file on your own local device: your computer, your phone. This is great for convenience: having a smartphone app that allows spending coins with the push of a few buttons is hard to beat. But this isn’t great for availability or security — if you lose the device, if the device crashes, and you have to wipe the disc, your keys are lost, and so are your coins. Similarly for security: if someone steals or breaks into your device, or it gets infected with malware, they can copy your keys and then they can then send all your coins to themselves.

Wallets​:

• are software that keeps track of all your coins, manages all the details of your keys, and makes things convenient with a nice user interface. Wallet software is especially useful because you typically want to use a whole bunch of different addresses with different keys associated with them to improve your anonymity or privacy. Wallet software gives you a simple interface that tells you how much is in your wallet. When you want to spend bitcoins, it handles the details of which keys to use and how to generate new addresses and so on.

Encoding keys: base 58 and QR codes​:

• To spend or receive bitcoins, you also need a way to exchange an address with the other party — the address to which bitcoins are to be sent. There are two main ways in which addresses are encoded so that they can be communicated from receiver to spender: as a text string or as a QR code.
• To encode an address as a text string, we take the bits of the key and convert it from a binary number to a base 58 number. Then we use a set of 58 characters to encode each digits as a character; this is called base58 notation.
• The second method for encoding a Bitcoin address is as a QR code, a simple kind of 2-dimensional barcode. The advantage of a QR code is that you can take a picture of it with a smartphone and wallet software can automatically turn the barcode into the a sequence of bits that represents the corresponding Bitcoin address.

Segment 4.2 (Hot and Cold Storage) :

• Storing bitcoins on your computer is like carrying money around in your wallet or your purse. This is called “hot storage”. It’s convenient but also somewhat risky. On the other hand, “cold storage” is offline. It’s locked away somewhere. It’s not connected to the internet, and it’s archival. So it’s safer and more secure, but of course, not as convenient.
• To have separate hot and cold storage you need to have separate secret keys for each .You’ll want to move coins back and forth between the hot side and the cold side, so each side will need to know the other’s addresses, or public keys.
• Cold storage is not online, and so the hot storage and the cold storage won’t be able to connect to each other across any network. But the good news is that cold storage doesn’t have to be online to receive coins — since the hot storage knows the cold storage addresses, it can send coins to cold storage at any time. Next time the cold storage connects it will be able to receive from the block chain information about those transfers to it and then the cold storage will be able to do what it wants with those coins.
• For privacy we want to be able to receive each coin at a separate address with different secret keys. So whenever we transfer a coin from the hot side to the cold side we’d like to use a fresh cold address for that purpose. But because the cold side is not online we have to have some way for the hot side to find out about those addresses.

Hierarchical wallets​:

• It allows the cold side to use an essentially unbounded number of addresses and the hot side to know about these addresses, but with only a short, one-time communication between the two sides.
• In a hierarchical wallet, Instead of generating a single address we generate what we’ll call address generation info, and rather than a private key we generate what we’ll call private key generation info. Given the address generation info, we can generate a sequence of addresses: we apply an address generation function that takes as input the address generation info and any integer (i) and generate the i’th address in the sequence. Similarly we can generate a sequence of private keys using the private key generation info and for every (i), the i’th address and i’th secret key “match up” — that is, the i’th secret key controls, and can be used to spend, bitcoins from the i’th address just as if the pair were generated the old fashioned way.
• The address generation info doesn’t leak any information about the private keys. That means that it’s safe to give the address generation info to anybody, and so that anybody can be enabled to generate the ‘i’th key.

How cold information can be stored ? :

• The first way is to store it in some kind of device and put that device in a safe. It might be a laptop computer, a mobile phone. The important thing is to turn the device off and lock it up, so that if somebody wants to steal it they have to break into the locked storage

Brain wallets​:

• This is a way to control access to bitcoins using nothing but a secret passphrase.The key trick behind a brain wallet is to have a predictable algorithm for turning a passphrase into a public and private key. For example, you could hash the passphrase with a suitable hash function to derive the private key, and given the private key, the public key can be derived in a standard way. Further, combining this with the hierarchical wallet technique we saw earlier, a we can generate an entire sequence of addresses and private keys from a passphrase, thus enabling a complete wallet. However, an adversary can also obtain all private keys in a brain wallet if they can guess the passphrase.
• In practice, it is also wise to use a deliberately slow function to derive the private key from the passphrase (referred to as key stretching) to ensure it takes as long as possible for the attacker to try all possibilities. The basic approach is to take a fast cryptographic hash function like SHA-256 and compute perhaps 2²⁰ iterations of it, multiplying the attacker’s workload by a factor of 2²⁰.

Paper wallet:

• The third option is what’s called a paper wallet. We can print the key material to paper and then put that paper into a safe or secure place. Obviously, the security of this method is just as good or bad as the physical security of the paper that we’re using.

Tamper-resistant device :

• we can store offline information is to put it in some kind of tamper-resistant device. Either we put the key into the device or the device generates the key; either way, the device is designed so that there’s no way it will output or divulge the key. The device instead signs statements with the key, and does so when we, say, press a button. One advantage is that if the device is lost or stolen we’ll know it, and the only way the key can be stolen is if the device is stolen.

Segment 4.3 (Splitting and Sharing Keys) :

• We’ve always put a key in a single place — whether locked in a safe, or in software, or on paper. This leaves us with a single point of failure.

Secret sharing :

• we want to divide our secret key into some number N of pieces. We want to do it in such a way that if we’re given any K of those pieces then we’ll be able to reconstruct the original secret, but if we’re given fewer than K pieces then we won’t be able to learn anything about the original secret.

• ​(S) represents the secret, encoded as a (large) integer. The green line has a slope chosen at random. The orange points (specifically, their Y-coordinates S+R, S+2R, …) correspond to shares. Any two orange points are sufficient to reconstruct the red point, and hence the secret. All arithmetic is done modulo a large prime number.

• ​Representing a secret via a series of points on a random polynomial curve of degree K-1 allows the secret to be reconstructed if, and only if, at least K of the points (“shares”) are available.

Threshold cryptography​:

• But there’s still a problem with secret sharing: if we take a key and we split it up in this way and we then want to go back and use the key to sign something, we still need to bring the shares together and recalculate the initial secret in order to be able to sign with that key. The point where we bring all the shares together is still a single point of vulnerability where an adversary might be able to steal the key.a way to produce Bitcoin signatures in a decentralized fashion without ever reconstructing the private key on any single device is called a “threshold signature.”
• The best use-case is a wallet with two-factor security, which corresponds to the case N=2 and K=2. Say you’ve configured your wallet to split its key material between your desktop and your phone. Then you might initiate a payment on your desktop, which would create a partial signature and send it to your phone. Your phone would then alert you with the payment details — recipient, amount, etc. — and request your confirmation. If the details check out, you’d confirm, and your phone would complete the signature using its share of the private key and broadcast the transaction to the block chain.

Multi-signatures​:

• There’s an entirely different option for avoiding a single point of failure: multi-signatures, Instead of taking a single key and splitting it, Bitcoin script directly allows you to stipulate that control over an address be split between different keys. These keys can then be stored in different locations and the signatures produced separately. Of course, the completed, signed transaction will be constructed on some device, but even if the adversary controls this device, all that he can do is to prevent it from being broadcast to the network. He can’t produce valid multi-signatures of some other transaction without the involvement of the other devices.

Segment 4.4 (Splitting and Sharing Keys) :

Online wallets​:

• An online wallet is kind of like a local wallet that you might manage yourself, except the information is stored in the cloud, and you access it using a web interface on your computer or using an app on your smartphone. Some online wallet services that are popular in early 2015 are Coinbase and blockchain.info. What’s crucial from the point of view of security is that the site delivers the code that runs on your browser or the app, and it also stores your keys. At least it will have the ability to access your keys. Ideally, the site will encrypt those keys under a password that only you know, but of course you have to trust them to do that. You have to trust their code to not leak your keys or your password.

Bitcoin exchanges​:

• To understand Bitcoin exchanges, let’s first talk about how banks operate in the traditional economy. You give the bank some money — a deposit — and the bank promises to give you back that money later. Of course, the bank doesn’t actually just take your money and put it in a box in the back room. The bank will typically take the money and invest it. The bank will probably keep some money around in reserve in order to make sure that they can pay out the demand for withdrawals that they’ll face on a typical day. Many banks typically use something called fractional reserve​ where they keep a certain fraction of all the demand deposits on reserve just in case.
• Bitcoin exchanges function in a similar way to banks. They accept deposits of bitcoins and will promise to give them back on demand later. You can also transfer fiat currency — traditional currency like dollars and euros — into an exchange by doing a transfer from your bank account. The exchange promises to pay back either or both types of currency on demand. The exchange lets you do various banking-like things. You can make and receive Bitcoin payments. That is, you can direct the exchange to pay out some bitcoins to a particular party, or you can ask someone else to deposit funds into the particular exchange on your behalf — put into your account. They also let you exchange bitcoins for fiat currency or vice versa.
• The important thing to note here is that when transactions happen involving me and another customer of the same exchange, no transaction actually happened on the Bitcoin block chain. The exchange doesn’t need to go to the block chain in order to transfer bitcoins or dollars from account to another. All that happens in this transaction is that the exchange is now making a different promise to me then they were making before.
• One of the big pros is that exchanges help to connect the Bitcoin economy and the flows of bitcoins with the fiat currency economy so that it’s easy to transfer value back and forth.
• The con is risk. You have the same kind of risk that you face with banks, and those risks fall into three categories:

1- Bank run​: A run is what happens when a bunch of people show up all at once and want their money back. Since the bank maintains only fractional reserves, it might be unable to cope with the simultaneous withdrawals.

2- The owners of the banks might just be crooks running a Ponzi scheme. This is a scheme where someone gets people to give them money in exchange for profits in the future, but then actually takes their money and uses it to pay out the profits to people who bought previously.

3- The risk that someone — perhaps even an employee of the exchange — will manage to penetrate the security of the exchange. Since exchanges store key information that controls large amounts of bitcoins, they need to be really careful about their software security and their procedures — how they manage their cold and hot storage.

• The most famous example of this of course is Mt. Gox. Mt. Gox was at one time the largest Bitcoin exchange, and it eventually found itself insolvent, unable to pay out the money that it owed. Mt. Gox was a Japanese company and it ended up declaring bankruptcy and leaving a lot of people wondering where their money had gone.

Proof of reserve​:

• A Bitcoin exchange or someone else who holds bitcoins can use a cryptographic trick called a proof of reserve to give customers some comfort about the money that they deposited. The goal is for the exchange or business holding bitcoins to prove that it has a fractional reserve.
• We can break the proof-of-reserve problem into two pieces. The first is to prove how much reserve you’re holding. The company simply publishes a valid payment-to-self transaction of the claimed reserve amount. That is, if they claim to have 100,000 bitcoins, they create a transaction in which they pay 100,000 bitcoins to themselves and show that that transaction is valid. Then they sign a challenge string — a random string of bits generated by some impartial party — with the same private key that was used to sign the payment-to-self transaction. This proves that someone who knew that private key participated in the proof of reserve.
• Strictly speaking, that’s not a proof that the party that’s claiming to own the reserve owns it, but only that whoever does own those 100,000 bitcoins is willing to cooperate in this process. Also, note that you could always under-claim: the organization might have 150,000 bitcoins but choose to make a payment-to-self of only 100,000. So this proof of reserve doesn’t prove that this all you have, but it proves that you have at least that much.

Proof of liabilities:

• The second piece is to prove how many demand deposits you hold, which is the hard part. If you can prove your reserves and you demand deposits then anyone can simply divide those two numbers and that’s what your fractional reserve is.To do this we’ll use Merkle trees. The exchange executes the proof by constructing a Merkle tree in which each leaf corresponds to a user, and publishing its root hash. Similar to the naive protocol above, it’s each user’s responsibility to ensure that they are included in the tree. In addition, there’s a way for users to collectively check the claimed total of deposits.

• Each customer can go to the organization and ask for a proof of correct inclusion. The exchange must then show the customer the partial tree from that user’s leaf up to the root, The customer then verifies that:
  1. The root hash pointer and root value are the same as what the exchange signed and published. 2. The hash pointers are consistent all the way down, that is, each hash value is indeed the cryptographic hash of the node it points to.
  3. The leaf contains the correct user account info (say, username/user ID, and deposit amount).
  4. Each value is the sum of the values of the two values beneath it.
• If every customer does this, then every branch of this tree will get explored, and someone will verify that for every hash pointer, its associated value equals the sum of the values of its two children.

Segment 4.5 (Payment Services) :

• Merchants generally support Bitcoin payments because their customers want to be able to pay with bitcoins. The merchant may not want to hold on to bitcoins, but simply receive dollars or whatever is the local fiat currency at the end of the day. They want an easy way to do this without worrying too much about technology.
• There are various possible risks: using new technology may cause their website to go down, costing them money. There’s the security risk of handling bitcoins — someone might break into their hot wallet or some employee will make off with their bitcoins. Finally there’s the exchange rate risk: the value of bitcoins in dollars might fluctuate from time to time.
• The process of receiving Bitcoin payments through a payment service might look like this to the merchant:
• The merchant goes to payment service website fills out a form describing the item, price, and presentation of the payment widget, and so on. Figure 4.6 shows an illustrative example of a form from Coinbase.
• The payment service generates HTML code that the merchant can drop into their website.
• When the customer clicks the payment button, various things happen in the background and eventually the merchant gets a confirmation saying, “a payment was made by customer ID [customer-id] for item [item-id] in amount [value].”

• The payment service sends money to the merchant, in dollars or some fiat currency, via a deposit to the merchant’s bank account. This happens at the end of fixed settlement periods, perhaps once a day, rather than once for each purchase. The payment service keeps a small percentage as a fee; that’s how they make their revenue.
• The payment service absorbs all of the risk. It absorbs the security risk, so it needs to have good security procedures to manage its bitcoins. It absorbs the exchange rate risk because it’s receiving bitcoins and paying out dollars. If the price of dollars against bitcoins fluctuates wildly, the payment service might lose money.
• the payment service probably operates at a large scale, so is receives large numbers of bitcoins and pays out large numbers of dollars. it will have a constant need to exchange the bitcoins it’s receiving for more dollars so that it can keep the cycle going. Therefore a payment service has to be an active participant in the exchange markets that link together fiat currencies and the Bitcoin economy.

Segment 4.6 (Transaction Fees) :

Why do transaction fees exist at all? :

• The reason is that there is some cost that someone has to incur in order to relay your transaction. The Bitcoin nodes need to relay your transaction and ultimately a miner needs to build your transaction into a block, and it costs them a little bit to do that. For example, if a miner’s block is slightly larger because it contains your transaction, it will take slightly longer to propagate to the rest of the network and there’s a slightly higher chance that the block will be orphaned if another block was found near-simultaneously by another miner.

Current default transaction fees:

• The current transaction fees that most miners expect is as follows: first of all, no fee is charged if a transaction meets all of these three conditions:

1- The transaction is less than 1000 bytes in size.

2- All outputs are 0.01 BTC or larger.

3- Priority is large enough _Priority is defined as: (sum of input age * input value) / (transaction size).

• If you meet these three requirements then your transaction will be relayed and it will be recorded in the block chain without a fee. Otherwise a fee is charged and that fee is about .0001 BTC per 1000 bytes. The approximate size of a transaction is 148 bytes for each input plus, 34 bytes for each output plus, and ten bytes for other information.
• Most miners enforce the above fee structure, which means that they will either not service or will service last transactions that don’t provide the necessary transaction fees. But there are other miners who don’t enforce these rules, and who will record and operate on a transaction even if it pays a smaller fee or no fee at all.

Segment 4.7 (Currency Exchange Markets) :

• The first thing to understand is that it operates in many ways like the market between two fiat currencies such as dollars and euros. The price will fluctuate back and forth depending on how badly people want to buy euros versus how badly people want to buy dollars on a particular day. In the Bitcoin world there are sites like bitcoincharts.com that shows the exchange rate with various fiat currencies on a number of different exchanges.
• Another option is to meet people to trade bitcoins in real life. There are sites that help you do this. On localbitcoins.com, for example, you can specify your location and that you wish to buy bitcoins with cash. You’ll get a bunch of results of people who at the time of your search are willing to sell bitcoins at that location, and in each case it tells you what price and how many bitcoins they’re offering.
• In some places there are regular meet-ups where people go to trade bitcoins, and so you can go to a certain park or street corner or cafe at a scheduled day and time and there will be a bunch of people wanting to buy or sell bitcoins and you can do business with them.

Supply and demand :

• The price of this market, the consensus price, like the price of anything in a liquid market will be set by supply and demand. By that we mean the supply of bitcoins that might potentially be sold and the demand for bitcoins by people who have dollars. The price through this market mechanism will be set to the level that matches supply and demand.
• What is the supply of bitcoins? This is the number of bitcoins that you might possibly buy in one of these markets, and it is equal to the supply of bitcoins that are in circulation currently. There’s a fixed number of bitcoins in circulation. At the time of this writing it’s about 13.9 million.
• when should you include demand deposits in the total bitcoins in circulation? you should include demand deposits in a market analysis when demand-deposited money can be sold in that market. For example, if you’re talking about exchange of dollars for bitcoins that can happen in an exchange, and the exchange allows demand-deposited bitcoins to be traded for dollars, then they count.

There are really two main sources of demand for bitcoins:

• There’s a demand for bitcoins as way of mediating fiat currency transactions . Imagine that Alice wants to buy something from Bob and wants to pay some money to Bob, So Alice would buy bitcoins for dollars and transfer them, and once they receive enough confirmations to Bob’s satisfaction, he’ll sell those bitcoins for dollars. The key thing here from the point of view of demand for bitcoins is that the bitcoins mediating this transaction have to be taken out of circulation during the time that the transaction is going on. This creates a demand for bitcoins.
• The second source of demand is that Bitcoin is sometimes demanded as an investment. That is if somebody wants to buy bitcoins and hold them in the hope that the price of bitcoins will go up in the future and that they’ll be able to sell them. When people buy and hold, those bitcoins are out of circulation.

A simple model of market behavior :

• (T) is the total transaction value mediated via Bitcoin by everyone participating in the market. This value is measured in dollars per second. (D) is the duration of time that bitcoins need to be held out of circulation in order to mediate a transaction. That’s the time from when the bayer buys the bitcoins to when the receiver is able to sell them back into the market, and we’ll measure that in seconds. (S) is the total supply of bitcoins that are available for this purchase, and so that’s going to be all of the hard-currency bitcoins that exist minus those that are held out by people as long term investments, (P) is the price of Bitcoin, measured in dollars per bitcoin.
• we’ll calculate how many bitcoins become available in order to service transactions every second, every second on average an (S/D) fraction of those bitcoins will become newly available because they’ll emerge from the out-of-circulation state and become available for mediating transactions every second. That’s the supply side.
• On the demand side — the number of bitcoins per second that are needed to mediate transactions — we have (T) dollars worth of transactions to mediate and in order to mediate one dollar worth of transactions we need (1/P) bitcoins. So (T/P) is number of bitcoins per second that are needed in order to serve all of the transactions that people want to serve.
• Now if you look at a particular second of time, for that second there’s a supply of S/D and a demand of T/P. In this market, like most markets, the price will fluctuate in order to bring supply into line with demand. the supply must equal the demand, so we have (S/D) = (T/P) which gives us a formula for the price: P = (T*D)/S . we can assume that (D) doesn’t change. The total supply (S) also doesn’t change, or at least changes slowly over time. That means the price is proportional to the demand for mediation as measured in dollars.

End of Lecture 4.

You can find the summary of the previous lectures here : Lecture 1 , Lecture 2 , Lecture 3 .
If you find this content useful please recommend it so others may see it.