Bitcoinwhataretheyworth?

LauraMihaelaVasilescu
projectforAdvancedTopicsinComputerandNetworkSecurityclass
laura@rosedu.org

Abstract The highly volatile value of Bitcoinhasledtosomequestionsaboutitsability

to function as a currency. Few arewilling to use acurrency withahighlyvariablevalue.
Its deflationary bias,whichincentivizeshoardingandremovesmoneyfromcirculation,is
also cited as a stumbling block to Bitcoin becoming a function currency. Thisarticle is
presentingtheprinciplesbehindBitcoin,howitworksandiftheyworthanything.
Keywords:bitcoin,cryptocurrency,cypherpunk,peertopeer,surveillance

I.INTRODUCTION
Whitfield Diffie and Martin Hellman are those who brought cryptography closer to the public
awareness, when they published, in 1976, the first publicly available work on publickey
cryptography [1]. Until then, cryptography was mainly done in secret by military and spy
agencies.
Cryptography evolvedasanecessarymechanismforensuringprivacy indigitalenvironments.In
1985, David Chaum published a paper about anonymous digital cash [2] which had political
significance because itoffers an alternative to governmentbackedcurrencies.Histechniquefor
anonymity revocation contingent on doublespending of a coin can be seen as an example of
encodingasocialnormorruleintocryptography(publicexposureofthieves).
In 1988, Timothy May took Cahums ideas and handed out copies of his Crypto Anarchist
Manifesto at the Cryptoconference in SantaBarbara.Theacademicsprettymuchignoredhim,
but, in 1992, together with Eric Hughes and John Gilmore, founded a small group that met
monthly at Gilmores company (Cygnus Solutions) in the San Francisco Bay Area. Thegroup
was humorously named cypherpunks. By the end of 1994, they had 700 subscribers for their
mailing list and had become a very active mailing list with technical discussion ranging over
mathematics, computer science, cryptography, politicalandphilosophicaldiscussions,personal
arguments and attacks, etc. In average, there where 30 messages sent a day. In 1997, the
numberofsubscribersreached2000people.
Theideasthatbroughtthepeopletogetherwerehighlightedinthemanifesto[3]:
Privacyisnecessaryforanopensocietyintheelectronicage.
1

We cannot expect governments,corporations, or other large, faceless organizationsto

grantusprivacy.
Wemustdefendourownprivacyifweexpecttohaveany.
Cypherpunks write code. We know that someone has to write software to defend
privacy,and...weregoingtowriteit.
One of their purposes is to protect against government mass surveillance, such as PRISM,
Tempora,NSAwarrantlesssurveillancecontroversy,Room641A,theFRA,etc.
A second concern is evasion of censorship, particularly Internet censorship,on the grounds of
freedomof expression.Cryptoanarchistsmakecontributionto opensourceprojectsthatmakeit
possible to both publish and read information off the internet or othercomputer networks in an
anonymous manner. For example, Tor, I2P, Freenet and many similar networks allow for
anonymoushiddenwebpagesonlyaccessiblebyusersoftheseprograms.
A third reason is to build and participate in counter economics. This is whybitcoinappeared:to
allowtradinggoodsandservicesinananonymousmanner,withlittleinterferenceoflaw.
Bitcoin is the first cryptocurrency and integrates many existing ideas from the cypherpunk
community. In November 2008, a paper was posted on the Internet under the name Satoshi
Nakamoto titled Bitcoin: A PeertoPeer Electronic Cash System [4]. The paper detailed
methods of using a peertopeer network to generate what was described as a system for
electronic transactions withoutrelying ontrust.NakamotoreleasedthefirstopensourceBitcoin
client in January 2009 and mined the first block ofbitcoinsever(thegenesisblock),whichhas
arewardof50bitcoins.
Chapter II is presentingthemysteryaroundSatoshiNakamoto.ChapterIIIpresentshowbitcoins
works and the nebula behind the mining concept, while Chapter IVis talking about the value of
bitcoins. In Chapter V, there are presented several exploits of the bitcoin system. Chapter VI
presentsconclusions.
II.WHOISSATOSHINAKAMOTO?
Satoshi Nakamoto is the pseudonymous person or group of people who designed and created
theoriginalBitcoinsoftware(BitcoinQt).Hisinvolvementintheoriginal Bitcoin softwaredoesnot
appeartoextendpastmid2010.
Nakamoto claimed on his P2P foundation profile [5]tobeanindividualmaleattheageof37and
living in Japan, which was met with great skepticism due to his use of English and hisBitcoin
software not being documented nor labeled in Japanese. His writtenwork is british formatting
and implies is of British origin.However,healsosometimesusedAmerican spelling,whichmay
indicate that he was intentionally trying to mask his writing style, or that he is more than one
person.
2

There were several private investigations runned to find out who hides behind the
pseudonymous:
1. The New Yorker arrived at Michael Clear, a young graduate student in cryptography at
Trinity College in Dublin, who was named the top computerscience undergraduate in
2008. He was hired byAlliedIrishBankstoimproveitscurrencytrading software,andhe
coauthoredanacademicpaperonpeertopeertechnology.
2. Fast Companys investigation brought up circumstantial evidence that indicated a link
between encryption patent application filed by Neal King, Vladimir Oksman and Charles
Bry on 15 August2008, and thebitcoin.orgdomainnamewhichwasregistered72hours
later. The patent applicationcontained networking and encryption technologies similarto
Bitcoins. Textual analysis showed that some phrases were used in both the patent
applicationandbitcoinswhitepaper.
ButallofthemdeniedtobeNakamoto.
Nakamoto was active in updating Bitcoin software and postingtechnical information on forums
until his contact with other Bitcoins developers began to fade in mid2010.Beforeheleft,heset
up Gavin Andresen as his successor by giving him access to the SourceForge projectand a
copy of the alert key. Gavin Andresen is the chief scientist of the Bitcoin Foundation, a group
modeled after the Linux Foundation that aims to provide some organization to bitcoins
expansion, from establishing new ways to process transactions, to maintaining thebitcoin.org
website,etc.

III.HOWITWORKS
Before Bitcoin, electronic payments were based on trust: a trusted third party was needed in
order to allow two parties to make a transaction. Bitcoins relies on cryptographic concepts:
transactions thatarecomputationallyimpracticaltoreversewouldprotectsellersfromfraud,and
routinewarrantymechanismscouldeasilybeimplementedtoprotectbuyers.
An electronic coin in a chain of digital signatures. Each owner transfers the coin to the next by
digitally signing a hash of the previous transaction and the public key of the next owner and
adding these to the end of the coin. The receiver canverify the signatures to verify the chain of
ownership.
TheflowispresentedinFigure1,originallypublishedinNakamotospaper.
Even if the receiver can verify the previous ownerships of the coin, it cantverify that one ofthe
owners did not doublespend the coin. A common solution is to introduce a trusted central
authority, that checks every transaction. Only transactions verifies by this third partyaretrusted
not tobedoublespent.Theproblemwiththissolutionsisthatthesystemsreliesonathirdparty.
Thisishowbankswork.
3

The only way to confirm the absence of a transaction is to be aware of all transactions. In the
previous model, thethird party was aware of all transactions anddecidedwhicharrivedfirst.To
accomplish this without a trusted party, the transactions must be publicly announced and the
participantstoagreeonasinglehistoryoftheorderinwhichtheywerereceived.

Figure1:Bitcointransactionmechanism[4]
A timestamp server works by taking a hash of a block of items to be timestamped and widely
publishing the hash. The timestamp proves that the data must have existed at the time,
obviously, in order to get into the hash. Each timestamp includes the previous timestamp in its
hash,formingachain,witheachadditionaltimestampreinforcingtheonesbeforeit.
For widely publishing thehash, a proofofwork system similar to Adam Backs Hashcash [6]is
requested. The proofofwork involves scanning for a value that when hashed, the hash begins
with a number of zerobits. The average work required is exponential in the numberofzerobits
required and can be verified by executing a single hash. The bitcoin system implements the
proofofwork by introducing a random value in the block until a value is found that satisfy the
number of required zero bits. Once the CPU effort has been expended to make it satisfy, the
block cannot be changewithoutredoing thework.Aslaterblocksarechainedafterit,theworkto
changetheblockwouldincluderedoingalltheblocksafterit.
The majority decision is represented by the longest chain, which has thegreatestproofofwork
effort invested. If a majority of CPU power is controlled by honest nodes, the honest chain will
grow the fastest and outpace any competing chains. An attacker would have to redo the
proofofwork of the block and all the blocks after it and then catch up and surpass the work of
the honest nodes. The probability of a slower attacker catchingup diminishes exponentially as
4

subsequent blocks are added. The system can identify nodes with larger CPU speed by
counting the average number of blocks per hour. If theyre generated too fast, the difficulty
increases.
New transaction broadcasts do not necessarily need to reach all nodes. As long as they reach
many nodes, they will get into ablockbeforelong.Blockbroadcastsarealsotolerantofdropped
messages. If a node does not receive a block, it will request it whenit receives the next block
andrealizesitmissedone.
The first transaction in a block is a special transaction that starts a new coin owned by the
creator oftheblock.Thisishowthecoinsareinitiallydistributedintocirculation,sincethereisno
central authorityto issue them.Theadditionofnewcoinsisanalogoustogoldminersexpending
resources to add gold circulation. In bitcoin case, itis CPUtime and electricitythatisexpended.
This way, the nodes are encouraged to stay honest. If a greedy attacker is able to assemble
more CPU power than all the honest nodes, he would have to choose between using it to
defraud people by stealing back his payments, or using it to generate new coins. It is more
profitabletoplaybytherules,suchrulesthatfavourhimwithmorenew coinsthaneveryoneelse
combined,thantounderminethesystemandthevalidityofhisownwealth.
Once the last transaction of a coin isburiedunderenoughblocks,thespenttransactionsbefore
can be discarded to save disk space. Transactions are hashed in a Merkle Tree[7] to facilitate
this without breaking the blocks hash. A block header with no transactions would be about 80
bytes. Assuming blocks are generated every 10 minutes, it means 4.2 MB per year. With
computer systems typically selling with 2GM of RAM as of 2008, and Moores Law predicting
current growth of 1.2GB per year, storage should not be a problem even if the block headers
mustbekeptinmemory.
It is possible to verify paymentswithout running afullnetworknode.Auseronlyneedstokeepa
copy of the block headers of the longest proofofwork chain, which he can get by querying
network nodes until hes convinced he has the longest chain, and obtain the Merkle branch
linking thetransactiontotheblockitstimestampedin.Hecantcheckthetransactionforhimself,
but he can see that anetworknodehasacceptedit,andblocksaddedafteritfurtherconfirmthe
network has acceptedit. As such,the verification isreliableaslongashonestnodescontrolthe
network, but is more vulnerable if the network is overpowered by an attacker. Onestrategy to
protect against this would be to accept alerts from network nodes when they detect an invalid
block, prompting the users software to download the full block and alerted transactions to
confirm the inconsistency. Businesses that receive frequent payments will probably stillwantto
runtheirownnodesformoreindependentsecurityandquickerverification.
The traditional banking model achieves a level of privacy by limitingaccesstoinformationtothe
parties involved and the trusted third party. The necessity to announce all transactions publicly
precludes this method,but privacy can still be maintained by breaking the flow of information in
another place: by keeping public keys anonymous. The public canseethatsomeoneissending
5

an amount to someone else, but without information linking the transaction to anyone. This is
similar to the level of information released by stock exchanges, where the time and size of
individual trades, the "tape", is made public, but without telling who the parties were. As an
additional firewall, a new key pair should be used for each transaction tokeep them from being
linked to a commonowner.Some linking is still unavoidable withmultiinputtransactions,which
necessarily reveal that their inputs were owned by the same owner. Theriskisthatiftheowner
ofakeyisrevealed,linkingcouldrevealothertransactionsthatbelongedtothesameowner.

IV.ISITWORTHING?
Historically, money was definedas a certainquantityofacommoditythathadexchangevaluein
the marketplacepriorto and independent of any usage as amediumofexchange. That isntthe
case of bitcoins. Thesedigitalunitsdontexistatallinaphysicaldimensiontherefore,theyhave
no nonmonetary value. Though, this didnt stopped them from becoming a preferred unit of
exchangeforvariousmarketparticipants.
According to Carl Menger, they are worth whatever individuals choosetobelievetheyareworth.
It is clear that manyindividualsvaluethisnewmediumofexchangehighly.Bitcoinshaveseveral
attributesthatmakethemattractiveandvaluabletothosewhochoosetousethem:
digitalcurrencyseemsonlynaturalinadigitalage
they afford privacy, convenience, superior portability and independence from central
banksandintrusivegovernments
Because of its independence, the Chinese government forbidden bitcoins usage. From this
action,arosetwovaluablequestions:
1. DoesChinaactuallysucceedinsuppressingtheuseofbitcoins?
2. What steps the American government may take to regulate, modify or suppress this
challengetoIRSsurveillanceandtheFedsmonetaryhegemony?
Even if bitcoins value exploded during the past two months, somepeople are not ready yet to
embracethem.Themarketpriceofthemistoovolatile.Bitcoinsfirstmovershavegottenrichas
the popularity of and demand of bitcoins had exploded while the supply has remained fixed and
limited.Manypeoplenowvaluebitcoins,notasmoney,butasspeculation.

V.EXPLOITS
Thissectionispresentingdifferentexploitsthathappenedinthepast.
A.ExchangeBitcoinsservicesclosed
On 3 September 2012, nearly a quarter million dollars worth of the peertopeer currency was
stolenbyaccessingunencryptedbackupwalletkeys.
6

BitFloor was a FinCENregistered Bitcoin currency exchange and trading platform site with
headquarters in the state of New York, USA. Their servers were compromised and,asaresult,
the attacker gained access to an unencrypted backup ofthe wallet keys. The actual keys were
stored in an encrypted area, but it wasnt thecase forthebackups.Usingthesekeys,theywere
abletotransferthecoins.
On April 2013,another Bitcoin Wallet Service suffers from attack and decided to suspend itself
andshutdown.
Thishappenedtoothercompaniestoo,likeMyBitcoin.
B.RecoveringBitcoinprivatekeys
Nils Schneider, a researcher, published on 25 December 2012 in his blog [8] an article about
how he discovered a potential weakness in some Bitcoins implementations. He used weak
signatures from the blockchain and that allowed him to recover privatekeys.ECDSArequiresa
random number for each signature. If this random number is ever used twice with the same
private key, it can be recovered. What Schneider observed is a transaction generated by a
hardware bitcoin wallet using a pseudorandom number generatorthatwas returning the same
randomnumbereverytime.
C.JavaPseudoRandomNumberGeneratornotthatrandomly
Not directly related to Bitcoin itself, but on March 2013 three researchers published [9]
information about weaknesses they found in Java Pseudo Random Number Generators which
affectstherandomnessofnumbersgeneratedbySecureRandom.
This made possible for some attackers to get gain of the vulnerability in different Bitcoin
applicationwritteninJava,includingalltheapplicationforAndroid.
D.Otherexploits
Anexhaustivelistofpreviousattackscanbefoundhere:
https://en.bitcoin.it/wiki/History

VI.CONCLUSION
The highly volatile value of Bitcoin has led to some questions about its ability to function as a
currency. Few are willing to use a currency with a highly variable value. Its deflationary bias,
which incentivizes hoarding and removes money from circulation, is also citedas a stumbling
block to Bitcoin becominga function currency. But the conceptsbehindthis currencyarepretty
interesting. It remains a matter of time until we will find out if thecurrencywillbearevolutionary
7

one,oritwillfadeinthehistoryasadigitalspeculationcurrency.

REFERENCES
[1] Diffie, Whitfield, and Martin Hellman. "New directions in cryptography." Information Theory, IEEE Transactions
on22.6(1976):644654.
[2] Chaum, David. "Security without identification: Transaction systems to make big brother obsolete."
CommunicationsoftheACM28.10(1985):10301044.
[3]Hughes,Eric."ACypherpunk'smanifesto."Theelectronicprivacypapers.JohnWiley&Sons,Inc.,1997.
[4]Nakamoto,Satoshi."Bitcoin:Apeertopeerelectroniccashsystem."Consulted1(2008):2012.
[5]http://p2pfoundation.ning.com/profile/SatoshiNakamoto(accessedon3December2013)
[6]Back,Adam."Hashcashadenialofservicecountermeasure."(2002).
[7] Jakobsson, Markus, et al. "Fractal Merkle tree representation and traversal." Topics in CryptologyCTRSA
2003.SpringerBerlinHeidelberg,2003.314326.
[8]http://www.nilsschneider.net/2013/01/28/recoveringbitcoinprivatekeys.html(accessedon9December2013)
[9] Michaelis, Kai, Christopher Meyer, and Jrg Schwenk. "Randomly failed! the state of randomness in

current java implementations." Topics in CryptologyCTRSA 2013. Springer Berlin Heidelberg, 2013.
129144.