BLOCKCHAIN

Dr. Emmanuel S. Pilli

Malaviya NIT Jaipur
Bitcoin: First Blockchain Based
Cryptocurrency
■ Proposed by Satoshi
Nakamoto in 2008- “Bitcoin:
A Peer-to-Peer Electronic
Cash System”

■ On January 3, 2009, Satoshi

Nakamoto mined the first
ever block on chain, known
as the genesis block.
Genesis Block
On the day of its launch,
coinbase of genesis block
references a story in
Times of London-

“Chancellor bailing out

banks - Bitcoin’s libertarian
roots”

Block Reward: 50 BTC

Mining of Bitcoins
■ Generation of Bitcoins is based on solving an encryption formula
which requires extreme amounts of computing power.
– Each time you solve the formula you earn some bitcoins.
■ Only 21 million bitcoins will ever exist.
■ Nearly 93% bitcoins have been mined.
■ Daily on an average 144 blocks are mined.
■ Daily about 900 new bitcoins are mined with the current block
reward of 6.25 BTC per block.
Bitcoin Denominations

Other Bitcoin denominations:

1 bitcoin
= 1,000 millibitcoins (mBTC);
= 10,00,000 microbitcoins (μBTC);
= 100,000,000 satoshis
Bitcoins transactions and transaction fees are made in Satoshis.
Transfer of Bitcoins

If you want to get some bitcoins, you either:

■ Buy it from a bitcoin exchange using fiat currency (ex. Rs, USD)
■ Get a friend to transfer it to your bitcoin address
■ Mine a bitcoin block with -
– current hashrate: ~494.6 Million TeraHashes per second (on Nov
23rd, 2023)
– current mining reward: 6.25 BTC

Source: Blockchain.com
Bitcoin Hash Rate

■ It is a measure of how many times the Bitcoin network can attempt

to solve Proof of Work (POW) puzzle per second for mining.
■ The more hashing power in the network, the greater its security
and overall resistance to 51% attack.
Halving of Bitcoin Rewards
Halving of Bitcoin rewards:
■ Every 210,000 blocks (approx. 4 yrs)
■ Maintains a controlled supply of currency. As reduced supply
leads to an increased demand.
■ Previous halvings:
– Jan 2009: 50 BTC
– Nov 2012: 25 BTC
– Jul 2016: 12.5 BTC
– May 2020: 6.25 BTC
■ Next halving:
– At block 740,000, approx in April, 2024
– Block reward: 3.125 BTC
Bitcoin - Gaining Value
■ 1st Bitcoin transfer: from Satoshi Nakamoto to Hal Finney.
■ May, 2010: Laszlo Hanyecz purchased $25 worth of pizza for
10,000 BTC.
■ 2010: Jed McCaleb creates Mt. Gox, the biggest online bitcoin
exchange.
■ 2014: Mt. Gox loses 744,408 bitcoins in a theft; Mt. Gox declares
bankruptcy.
Bitcoin- Gaining Value
■ Feb 2011: Silk Road
opens as the
anonymous “eBay of
Drugs”, using Tor and
payments using
Bitcoin.
■ Oct 2013: the FBI
shut down Silk Road.
■ Bitcoin Boom:
Dec 2017: Bitcoin
price ~ Rs. 13 lacs
Nov, 2021: 1 BTC ~
Rs. 47 lacs
Bitcoin - Gaining in Last 1 Year
Highest BTC value in Nov 2021, 1 BTC ~ Rs. 47 lacs
Currently, 1 BTC ~ Rs. 31.4 lacs (on Nov 24th, 2023)

Considered as
Digital Gold by
market experts.

Source: Coinbase (Accessed on Nov 24th, 2023)

Explosion of Altcoins
 Top 10 Crypto Coins

Token
pegged to
US dollar

ETH staked
in LIDO
liquidity
Token protocol
pegged to
US dollar

Token on
Binance
blockchain
Token on
Cardano
blockchain

Ripple Currency
Token on used as a
XRP ledger tipping
system
Cryptography in Bitcoin

■ Elliptic Curve Cryptography:

– secp256k1 elliptic curve over a finite field of prime order
p:
y2 = (x3 + 7) mod p

■ p = 2256 – 232 – 29 – 28 – 27 – 26 – 24 – 1
■ Security of Bitcoin is guaranteed by the inefficiency of
Elliptic Curve Discrete Logarithm Problem (ECDLP) solution
for large enough private keys.
i.e. finding the integer k such that P = k * G
Cryptography in Bitcoin
■ Ownership of Bitcoins is established through:
– Digital keys
– Digital signature
■ Use of Asymmetric cryptography in which a pair of keys
(public/private) is used.
■ Public key is used to receive funds and Private key is used to
sign txns to spend funds.
■ Private key, k is a 256 bit random number within 1 and 2256.
■ Public key, P is a point on elliptic curve generated from
private key:
P=k*G
where, G is the generator for the elliptic curve
It is a one-way function and calculating P from k is not possible.
Cryptography in Bitcoin
Public key and Address generation:
Digital Signatures

■ Digital signatures are used in txns to provide authentication of

who is signing the transaction and integrity of the msg being
signed.
■ It also provides non-repudiation which ensures that neither the
sender or receiver can deny participating in the communication.
■ Digital Signature used in Bitcoin:
– Elliptic Curve Digital Signature Algorithm (ECDSA)
– Schnorr Signature
Digital Signatures
Significance of Bitcoin
■ First ever cryptocurrency which is:
– purely digital,
– not controlled by any central entity,
– solves double spending issue.
■ Peer-to-peer network in which transactions directly
between users; no intermediary.
■ Transactions verified by network users.
■ Transactions recorded as block in public ledger- blockchain
Blockchain

Blocks are chained together using the previous block’s hash to

form a Blockchain.

Source: Bitcoin whitepaper

Blockchain – Distributed Ledger

It is a method of storing data amongst multiple parties that

ensures data integrity.
A “distributed ledger” or shared database where:
❏ everyone holds a copy of entire logged history of txns,
❏ is immutable,
❏ is timestamped.
Blockchain Transaction

Txns are msgs that let users spend their Bitcoins.

Hash of the txn

Output public keys (addresses)
Input public key (address) receiving bitcoins
spending bitcoins

Amount of Bitcoin
Txn fees = Output bitcoins - Input transferred
bitcoins
Blockchain Transaction
In a Bitcoin txn, each input spends the bitcoins paid to a
previous output.

Source: Bitcoin Wiki

Blockchain Transaction

When a user wants to spend bitcoins:

1. User creates a txn.
2. Txn is sent to her immediate peers.
3. Txn is verified, if validated it is sent to their neighbouring
peers.
4. Txn is broadcasted in the entire peer-to-peer (p2p) network.
Bitcoin Transaction
 Bitcoin Transaction

Receiver’s address
Blockchain Databases
Other than blockchain, each bitcoin client stores these
databases as well:

UTXO set -
■ file that contains all the spendable o/p that are available to
be spent in a txn.

Mempool -
■ file that contains txns which are received by peer nodes but
are yet to be included in any block i.e. unconfirmed txns.
Hashing
Cryptographic hash function used: SHA256

Source: Blockchain Demo

Block

Source: Blockchain Demo

Block

Each block is linked to its previous block by a link making it a

chain of blocks.
Bitcoin Block Size

Bitcoin block size ~ 1MB

Number of transactions may differ in each block.
■ Segwit has increased the number of transactions in a block.
 Blockchain Hash

Source: Blockchain demo

Block Header

Each block contains:

● cryptographic hash of
the previous block,
● timestamp,
● transaction data

BlockID = H(block header) = H(prev block hash || merkle root ||

nonce)
Immutability

Blockchain is Immutable as any change in a previously accepted

txn will cause change in hash of subsequent blocks.
■ prevents Double Spending of funds.
Immutability in Blockchain

Difficult to change data in transactions in blockchain as:

■ Avalanche Effect in Cryptographic hash function
– Slight change in input can cause significant and unpredicted
change in output.
Immutability in Blockchain

As each block chains back to the previous block.

change in data in a transaction

change in hash of transaction

change in hash of block

change in hash of next block

Immutability in Blockchain

Difficult to change data in a block without mining successive

blocks.
Data changed in this block. Change in hash of next blocks. Requires re-mining of blocks.
 Bitcoin Ledger
We can check ledger of bitcoin on a blockchain explorer like
blockchain.info, blockexplorer.com

No. of block added to Mining pool which

the longest chain has mined this No. of txns in Size of the Time at which block is
block block block ~ 1 MB mined, included by
miner
Bitcoin Ledger

Block Size > 1MB

Source: Blockchain.com (Accessed on Nov 24th, 2023)

 Bitcoin Ledger
No. of blocks added referring to
this block
Block hash
with 19 preceding zeros. Hash of previous block it refers to
Depends upon the difficulty of block mining

Hash of next block that

No. of txns included in this refers to it Txns are arranged in data structure: Merkle
block Tree.
This is the hash of its root.
 Bitcoin Ledger
Bitcoin Transaction:
Fees Included in txn
Input bitcoin addresses = Output - input
sending bitcoins Claimed by miner
Amount of bitcoins Output bitcoin
Txn hash sent in the txn addresses Amount of bitcoin
receiving bitcoins received
Merkle Root

Merkle Root combines the hash values of txns together until

there is a singular root (a Merkle tree root hash).

It is an effective mechanism to:

■ summarize txns in a block.
■ verify the presence of a txn in a block.
■ provide immutability of txns since Merkle root hash will
not match if change is made to any txn.
Merkle Root
● Tree like data structure to store blockchain txns
information in a block header.
● Merkle tree root hash is stored in the block header.
Consensus Mechanism

■ Consensus Mechanism is implemented in a decentralized

network to take over the responsibilities from the central
control. ex. a bank managing users’ money.
■ In a blockchain, it ensures the integrity of the block and the
transaction within it that have to be added in the ledger.
■ The ledger is updated when all the participating nodes
accepts a block and constituent transactions as valid.
■ The updated ledger is broadcasted to all the nodes in the
network.
Byzantine Generals’ Problem

■ Faults in a distributed network:

– Fail-stop fault- When a node is unable to
communicate/offline/ NA.
– Byzantine fault- When a node if malicious. It can validate
an incorrect transaction/stop valid transactions from
being included in blockchain.
Two Generals’ Problem

■ In an army, the
generals have to
agree on either
Attack or Retreat.
■ In case of 2 generals,
even if both are
honest, due to
unreliable nature of
communication, the
consensus cannot be
achieved in an
assured manner.
Three Generals’ Problem

■ In case of 3 generals, 1
commander and 2
lieutenants, if 1 is faulty
(Byzantine) and others are
loyal:
– Consensus cannot be
achieved as Lieutenant1
has received conflicting
msgs- Retreat, Attack.
Four Generals’ Problem

■ In case of 4 generals, 1
commander (Byzantine) and
3 lieutenants (honest).
Consensus can be achieved
as the received msgs are:
– Lieutenant1- R, R, A
– Lieutenant2- R, R, A
– Lieutenant3- R, R, A
■ Final decision- Retreat.
Consensus achieved
n Generals’ Problem

■ To achieve consensus in a distributed network with upto f

faulty nodes, a minimum of 3f+1 total nodes are required.
– f : Byzantine nodes
– 2f+1 : Honest nodes
■ Some common consensus mechanisms used in Blockchains:
– Proof of Work- Bitcoin, Litecoin
– Proof of Stake- Ethereum, Cardano
– RAFT- used in enterprise blockchains
Mining a Block

Mining is the process to find new block.

■ To add a new block, miners need to verify it by solving a

computationally difficult Proof of Work (PoW) puzzle.
■ It involves brute force computations which spend resources.
■ PoW involves scanning for a value (called nonce) that when
hashed results in a hash beginning with a number of 0s.
Mining Process

A bitcoin miner must:

1. Download the entire bitcoin blockchain
2. Verify incoming transactions
3. Create a block
4. Find a valid nonce
5. Broadcast your block
6. Profit!
Mining Process

It confirms the
transactions in a trustful
manner when enough
computational power is
devoted to block.
Proof of Work

Mining a block is difficult

because the SHA-256
hash of a block header
must be lower than or
equal to the target.
Bitcoin Difficulty

■ Measure of how difficult it is to mine a Bitcoin block.

– Difficulty = MAX_TARGET / current_target

■ Adjusted every 2016 blocks to keep average block

mining time ~ 10 mins.
– Next Difficulty = current difficulty * 2 weeks / T ( Time in
which previous 2016 blocks found)
– High difficulty => Lower target value
– Low difficulty => Higher target value
Target Value

To compensate for increasing hardware speed and varying

interest in running nodes over time, the proof-of-work difficulty
is determined by a moving average targeting an average
number of blocks per hour. If they’re generated too fast, the
difficulty increases.
■ adjusts every 2016 blocks (roughly 2 weeks).
■ ensures that a block is mined once every 10 mins on
average.
CPU, GPU, ASIC Mining

■ Originally Satoshi Nakamoto proposed "1 CPU 1 vote" mining,

but over time Bitcoin miners adopted GPUs , FPGA and ASICs.
■ When bitcoin was first released, one could mine 100 bitcoins a
day using CPU.
■ Now, bitcoin mining hardware (ASICs) are high specialized
computers used to mine bitcoins.
CPU, GPU, ASIC Mining

■ ASIC is a microchip specifically designed to execute a

hashing algorithm as quickly as possible.
■ ASICs cost a significant amount of money in electricity bills.
■ Cooperating miners pool together who agree to share block
rewards in proportion to their contributed mining power.
CPU, GPU, ASIC Mining

Centralization in Mining:
Due to the costs and logistical issues, ASICs inevitably leads to
powerful mining farms taking over huge % of the hash rate.
So, ASIC resistant mining algorithms (memory-hard
algorithms) are developed:
■ HashCash (BitCoin) : https://github.com/bitcoin/bitcoin
■ Proof of Stake ( Upcoming Ethereum Mining Algo) :
https://github.com/ethereum/casper
CPU, GPU, ASIC Mining

ASIC resistant mining algorithms:

■ Equihash : https://github.com/khovratovich/equihash
■ Ethash (Current Ethereum Mining Algo) :
https://github.com/ethereum/ethash
■ RandomX: adapted by Monero
Proof of Stake
Eth 2.0: Proof-of-Stake blockchain and Shard Chains.

Phase 0 rolled out as Beacon chain in Dec, 2020:

Shard Chains-
■ Rather than just one blockchain, Ethereum will become 64
blockchains all running in parallel.
■ It will increase the number of txns Ethereum can handle per
second.
Proof of Stake

Miners are chosen depending on:

■ The relative value of coins held in the miner’s wallet.
■ The length of time that a miner has held coins in their wallet.

More stake a user has in the system, the more likely it will want
the system to succeed thus expecting honest behavior.
Delegated Proof Of Stake

■ Stakeholders select a node (delegate) that proposes and

validates a block.
■ Delegates are selected using some lottery mechanism.
■ Delegates are scored based upon:
– Punctuality in block creation when selected.
– Creating valid blocks.
■ Blockchains like Ethereum and Cardano use DPoS, as they
use staking pools which other users can delegate to.
■ The more stake that is delegated to a stake pool, the greater
chance it has of being selected as a slot leader.
Risks in Cryptocurrency

■ Cryptocurrencies are extremely volatile as they are prone to:

– Market hype
– Security risks - double spending, 51% attack, network
attacks, privacy attacks.
– Volatility
– Liquidity
– Unclear regulations
■ Once cryptocurrency is stolen, it gets difficult to recover it
due to irreversible nature of txn.
Top Crypto Hacks

■ Mt. Gox Hack (2011, 2014)

■ Decentralized Autonomous Organization (DAO) attack
■ Nomad Bridge hack
■ Ronin network, Axie Infinity hack
■ Poly network attack
■ Coincheck exchange hack
■ Binance exchange hack
■ …. many more !!!
What is Double Spending?

Gillian promises 10 BTC to

Brian in one txn, and she
promises same 10 BTC to
Nadir in another.
Here, Gillian is performing a
double spend attack.
A Successful Double Spending Attack
in Blockchain

■ Buyer sends the same coin to 2 sellers in different txns.

■ Possible if two blocks each with one of these conflicting txns
are mined at same approx time.
■ Successful if Seller B sends the services before confirmation
of txn and is later rejected by the network.
A Successful Double Spending Attack
in Blockchain

The transaction which get the maximum number of confirmations

from the network will be included in the blockchain.
A Successful Double Spending Attack
in Blockchain

Buyer succeeds in double spending his coin by issuing a:

■ confirmed txn to Seller A.
■ rejected txn to Seller B, but received services nonetheless.
51% Attack in Blockchain

When a single miner or a group of miners attains majority of the

network’s hash rate.
Effects:
■ prevent txns & blocks from being verified.
■ reverse txns to allow double spending.
■ prevent other miners from finding any block.
■ fork the blockchain.
51% Attack in Blockchain

■ Can happen when there is centralization by mining pools

which acquire >50% hash power.
■ It is easy to implement in altcoins.
■ In order to control 51% of an altcoin network hashrate, only a
small proportion of miners from larger coins need to switch
to a smaller coin.
51% Attack in Blockchain

■ Extremely expensive for popular blockchains like Bitcoin,

Ethereum.
■ But it gets much cheaper quickly for newer blockchains.
■ A research has demonstrated that it would take as little
as $1.5 million to execute a 51% attack on Ethereum
Classic (ETC) — with a market cap of over $2 billion.
51% Attack in Blockchain

Ex. An Ethereum hard fork, Ethereum Classic (ETC), suffered

51% attack 3 times in Aug 2020.
■ Attack can be identified by an unusual high rate of orphaned
blocks.
Mitigation:
A blockchain DASH uses a secondary validation layer called
Chainlocks.
It prevents block reorg by making it expensive for attacker.
Selfish Mining Attack in Blockchain
Honest Chain

Selfish Miner Chain

■ It is when the miners deliberately keep their blocks private upon

discovery.
■ They continue to mine their own private blocks to obtain a chain
longer than the public blockchain.
■ Then they release the private blocks for higher rewards.
Effect:
Efforts put by honest miners to mine blocks are wasted.
DDoS Attack on Blockchain

No or minimal adverse effect due to distributed network.

But, Multiple DDoS Attack launched on:
■ competing miners, effectively taking them out of the
network and increasing the malicious miners’ effective
hashrate.
■ honest miners to waste their time in verifying fake txns,
reducing their chance of mining a block.
Network Attacks on Blockchain
Goal is to isolate a user from the real network and lead them to
a fake network.
ex. DNS Attack:

● When a new node

joins the blockchain
network, it is
bootstrapped to some
DNS nodes to
download the
blockchain.
Network Attacks on Blockchain
Goal is to isolate a user from the real network and lead them to
a fake network.
ex. DNS Attack:

● Fake entry point

nodes returned to
user.
● User could be routed
to some alternate
network rather than
current blockchain.
Network Attacks on Blockchain
Eclipse Attack:
■ When a group of malicious nodes isolate its neighboring
node, compromising their incoming and outgoing traffic.
■ They change the blockchain view of honest node.
■ Feed them fake information regarding blockchain and txns.

White honest nodes attacked by red malicious

nodes
Network Attacks on Blockchain
Eclipse Attack:
■ Malicious nodes then send fake transactions and blocks to
these nodes.

White honest nodes attacked by red malicious

nodes
Privacy Attacks on Blockchain

A blockchain
network is
considered
anonymous as:
each user is
identified by its
address only and
can generate as
many addresses
as required.
Privacy Attacks on Blockchain

As blockchain is replicated at each node,

■ observer can use the txn history in blockchain to find:
– topology of the network
– patterns of the transactions
– patterns of users’ interactions
Privacy Attacks on Blockchain
User can be mapped to its geographical location using network
information.
Privacy Attacks on Blockchain

■ Txn network can be developed to study the flow of Bitcoins

in the network.
■ User network can be developed to study the ownership and
spending patterns of users.
Privacy Attacks on Blockchain

Using txn patterns and info gathered off the network, an

adversary can attempt to deanonymize the users
by mapping their bitcoin addresses with their real-world
identities making it pseudo-anonymous.
 Txn Network Analysis: example

Payment to a vendor whose addr is scrapped off internet

User address Vendor address

Txn Network Analysis: example

All input addresses belong to a same user as txn is generated

from one source.
Txn Network Analysis: example

Txn 1

Txn 2

All change addresses and Original Address belong to the same

user.
Illegal Activity using Cryptocurrency

Digital coins provide anonymity to its user to some extent.

■ can be used for money-laundering.
■ can be used for illicit activities on deep web.
■ irreversible scam activities like tricking people into sending
Bitcoins. No central authority makes it hard to claim fraud
and expect reimbursement.
Wallet Theft Attack

■ Wallet is a file that contains credentials, i.e. public and

private keys for a blockchain address.
■ In some blockchains like Bitcoin, wallet file is stored
unencrypted by default.
■ Malware attacks on host computer can led to wallet theft.
■ If adversary steals the file, they can sign txns on user’s
behalf, spending their balance.
Bitcoin Scripting Language

■ Bitcoin transaction script language: Script

• Stack-based execution language
• Simple language with limited operations
• Designed to be limited in scope and executable on a
range of hardware, perhaps as simple as an embedded
device.
• Requires minimal processing
• Limited in operations as compared to modern
programming languages.
Bitcoin Transaction

Input Outputs
 Bitcoin Locking Script
● Locking script is a spending condition placed on a Bitcoin
transaction output.
○ Specifies the conditions that must be met to spend the
output in the future.
○ Also called scriptPubKey, as it usually contains a public
key or bitcoin address (public key hash).
Locking script for Output 1: Locking script for Output 2:
Bitcoin Unlocking Script
● Unlocking script is a script that:
○ Satisfies the conditions placed on an output by a locking
script.
○ Allows the output to be spent.
○ Part of every transaction input.
○ Mostly contains a digital signature produced by the user’s
wallet using its private key.
○ Also called scriptSig as it usually contained a digital
signature.
Bitcoin Unlocking Script

Locking script on the input

applied on previous transaction
when the input UTXO was
created.

Unlocking script on the input applied

in this transaction to spend it:
<Signature> <Public Key>
Script Example
● Script consists of two components:
○ Data - ex., public keys and signatures.
○ Opcodes - Simple functions that operate on the data.

Unlocking script Locking script

Executing a Script

● Data is always pushed onto the stack.

Executing a Script

● Opcodes - can pop elements off the stack, do mentioned

operation on them, then optionally “push” new elements on
to the stack.
Executing a Script

● A script is valid if the top and only element left on the stack
is a 1 (or greater).

Unlocking Locking
Script Script
Executing a Script

The script is invalid if:

1. The final stack is empty.

2. The top element is on the stack is 0.
3. There is more than one element left on the stack at the
end of execution.
4. The script exits prematurely.
Bitcoin Standard Transactions

● P2PK (Pay to Public Key)

● P2PKH (Pay to Public Key Hash)
● P2MS (Pay to MultiSig)
● P2SH (Pay to Script Hash)
Segwit Txns:
● P2WPKH (Pay to Witness Public Key Hash)
● P2WSH (Pay to Witness Script Hash)
● P2TR (Pay to Taproot)
P2PK Script

● P2PK (Pay To Pubkey) is a script pattern that locks

an output to a public key.
● It is a simpler version of more commonly used P2PKH
locking script.
Working of P2PK Script
P2PKH Script

● P2PKH is the default script used by wallets when you want

to send someone bitcoins.
● Most common scripts used in transactions.
Working of P2PKH Script

● The P2PKH script pattern contains a hashed public key surrounded

by following shown opcodes.

● To solve this script,

the owner of
hashed public key
needs to provide
the original public
key, along with
valid signature.
Multisignature Script

■ Sets a condition where N public keys are recorded in the script and
at least M of those must provide signatures to unlock the funds.
■ Also known as an M-of-N scheme, where N is the total number of
keys and M is the threshold of signatures required for validation.
■ General form of a locking script setting an M-of-N multisignature
condition is:
M <Public Key 1> <Public Key 2> ... <Public Key N> N
CHECKMULTISIG
Issues with Multisignature Script

● Longer locking scripts

● Ex.
2 <Mohammed's Public Key> <Partner1 Public Key> <Partner2 Public Key> <Partner3 Public Key> <Attorney
Public Key> 5 CHECKMULTISIG

2
04C16B8698A9ABF84250A7C3EA7EEDEF9897D1C8C6ADF47F06CF73370D74DCCA01CDCA79DCC5C39
5
D7EEC6984D83F1F50C900A24DD47F569FD4193AF5DE762C58704A2192968D8655D6A935BEAF2CA23
E3FB87A3495E7AF308EDF08DAC3C1FCBFC2C75B4B0F4D0B1B70CD2423657738C0C2B1D5CE65C97D7
8D0E34224858008E8B49047E63248B75DB7379BE9CDA8CE5751D16485F431E46117B9D0C1837C9D5
737812F393DA7D4420D7E1A9162F0279CFC10F1E8E8F3020DECDBC3C0DD389D99779650421D65CBD
7149B255382ED7F78E946580657EE6FDA162A187543A9D85BAAA93A4AB3A8F044DADA618D0872274
40645ABE8A35DA8C5B73997AD343BE5C2AFD94A5043752580AFA1ECED3C68D446BCAB69AC0BA7D
F5
0D56231BE0AABF1FDEEC78A6A45E394BA29A1EDF518C022DD618DA774D207D137AAB59E0B000EB7E
D238F4D800 5 CHECKMULTISIG
P2SH Script

● Solves issues of a multisig script

● In P2SH payments, the complex locking script is replaced with its
digital fingerprint, a cryptographic hash.
● When a transaction attempting to spend the UTXO is presented
later, it must contain the script that matches the hash, in addition to
the unlocking script.
P2SH Script

● P2SH means “pay to a script matching this hash, a script that

will be presented later when this output is spent.”
● Locking script that is replaced by a hash is referred to as the
redeem script because it is presented to the system at
redemption time rather than as a locking script.
Working of P2SH Script
Advantages of P2SH Script
● Complex scripts replaced by shorter fingerprints in the
transaction output, making the transaction smaller.
● P2SH shifts the burden of constructing the script to the recipient,
not the sender.
● P2SH shifts the burden in data storage for the long script from the
output (which is in the UTXO set) to the input (stored on the
blockchain).
● P2SH shifts the burden in data storage for the long script from the
present time (payment) to a future time (when it is spent).
● P2SH shifts the transaction fee cost of a long script from the
sender to the recipient,who has to include the long redeem script
to spend it.
Hash Lock Script
■ A txn output is locked until a specified data is revealed
■ It can be used in applications like atomic swaps where both
parties cannot swap their funds until a secret used to lock the txn,
is exchanged between them.
■ Output Script:
– OP_HASH160 <Hash value> OP_EQUALVERIFY OP_DUP OP_hash160 <hash
of public key> OP_EQUALVERIFY OP_CHECKSIG
■ Input Script:
– Sender has to reveal the secret such that its hash results in the hash
mentioned in the output lock.
– <Size of signature> <Signature> <Public key> <secret>
Time Lock Script
■ A txn output is locked until a specified time or a block height.
■ It can be used in applications like investing bitcoins until a point in
time.
■ Output Script:
– Script to lock bitcoins until specified expiry time. After that the funds can be
spent by signing the output with the specified public key in the script
– <expiry time> OP_CHECKLOCKTIMEVERIFY OP_DROP OP_DUP
OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG
■ Input Script:
– Spent only after waiting for the expiry time to be reached.
– <Signature> <Public key>
Pay to Taproot (P2TR)
■ Taproot is a major Bitcoin upgrade rolled out in Aug, 2021.
■ Introduction of P2TR txns and Schnorr digital signatures in
Bitcoin.
■ P2TR allows script path or key path spending of a txn output.
■ If a P2TR output is unlocked using key spending path, the
possibility of spending through a script path is not even revealed.
■ In case if a particular script path is used to unlock the output, the
other scripts are not revealed.
■ Saves space and transaction fee on the unused conditions to be
specified by the spending party in txn.
■ Increases the privacy of a contract between parties.
Features of P2TR
■ Indistinguishable locking and unlocking for spending bitcoins
using key or script path.
■ Alternative signature scheme- Schnorr signatures.
– Allows aggregation of public keys for multisignature txn,
making it appear as a single party signature on-chain.
■ Specifying txn spending paths in the form of a data structure
called Merkelized Abstract Syntax Tree(MAST).
■ Batch verification of multiple signatures. It saves time in individual
verification of each signature.
P2TR Transaction
■ Output locking script:
<Witness version 1> <32 Bytes Taproot Output Key>
■ Taproot output key: Q = P + hash(P || M) * G
Here,
P = Taproot internal key corresponding to key path spending. It can
be the public key whose signature is required for spending the
output. In case of a multisig txn, it can an aggregate public key.
M = Root of merkle tree whose leaves represent possible ways to
unlock the output.
G = Generator point of elliptic curve.
P2TR Transaction
■ Script Tree:
– All possible script paths for locking an output are
arranged in a merkle tree.
– Scripts are arranged as merkle tree leaf nodes.
P2TR Transaction
■ Key path spending, unlocking script:
<signature corresponding to taproot internal key, P>
■ Script path spending, unlocking script consists of following
elements:
– Taproot internal key
– Script which is used to spend the output
– Inputs for successful execution of the script
– Merkle path from the unlocking script to the merkle tree
root - This confirms the presence of script in the tree
Blockchain 2.0

Blockchain applications also called as dApps (Decentralized

Applications) other than cryptocurrencies:
■ Supply chain management
■ Land Registry
■ Healthcare
and many more...
Blockchain in Healthcare

■ Blockchain allows for secure recording and sharing of

medical information in a ledger to:
– Verify integrity of patient health information.
– Perform unchangeable medical audits.
– Prove the integrity of clinical research results.
– Ensure data safety.
– Detect fraudulent drug dealers.
Blockchain 2.0: Smart Contract

Code that facilitates, verifies, or enforces the negotiation or

execution of a digital contract.
A trusted entity must run this code.
Blockchain 2.0: Smart Contract

■ Ethereum is one decentralized platform designed to run

smart contracts.
■ Smart contracts in Ethereum react to external world when
poked by Transactions.
■ written in languages: Solidity, Vyper
Blockchain 2.0: Solidity

Documentation: https://solidity.readthedocs.io/en/v0.7.0/

Editors:
Remix- https://remix.ethereum.org/
Visual Studio Code- extensions available for solidity
Ethereum Development Framework
Ethereum Development Framework

Set of APIs, SDKs and tools Ethereum

to develop web3 apps. development
environment for
professionals.
Ethereum Development Framework
Ethereum Networks

■ Main network: Primary, public Ethereum production

blockchain.
■ Test network: Used by protocol developers or smart
contract developers for simulations in a production-like-
environment before deployment on mainnet.
– Sepolia- recommended default testnet for application
development.
– Goerli- testnet for validating and staking.
Blockchain 2.0:
Solidity

Coin.sol
A simple smart contract to
mint and send coins of a
cryptocurrency.
Attacks in Smart Contracts

If the code written in smart contract is not secure, it may lead to

some attacks:
■ Reentrancy Attacks:
– recursive calls to call.value() of the smart contract.
– happened in famous DAO hack in Ethereum in 2016.
– DAO is decentralized autonomous organization intended
to act as an automated company.
Attacks in Smart Contracts

■ Reentrancy Attacks:
– Less than 3 months after its launch, DAO was hacked and
$60M of ether was stolen.
 Attacks in Smart Contracts
Contract code with DAO vulnerability: Contract code exploiting DAO vulnerability:
withdrawBalance() calls itself again and again:

withdrawBalance() function called multiple

times to empty the account as the account
balance is reduced after this call.
Attacks in Smart Contracts

If the code written in smart contract is not secure, it may lead to

some attacks:
■ Overflow Attack: Ethereum smart contracts don't support
values greater than 2256. Buffer overflow attacks might be
created by having a really large value.
■ Forcible Balance Transfer: If the contract is vulnerable,
forcible balance transfer can be done and limits can be
exceeded.
■ DoS Attacks: Smart contract can be written with malicious
intent causing denial of service.
Ethereum Token Standards

■ Tokens are digital representation of a real world/virtual

asset
■ They are created on top of another pre-existing blockchain
platform.
■ They can represent any asset which is tradeable.
– Fungible token: divisible, non-unique asset.
– Non-fungible token (NFT): unique, non-divisible asset.
one-of-a-kind.
■ Tokens are governed by a smart contract.
Ethereum Token Standards

■ ERC-20: Standard interface for fungible tokens.

– ex. Voting tokens, Stablecoins, Reward point tokens
■ ERC-721: Standard interface for non-fungible tokens.
– ex. Deed for artwork or music, title of ownership of a
property, flight ticket
■ ERC-1155: Interface to create both fungible and non-
fungible tokens.
– Bundles creation of tokens, saving costs.
Ethereum Accounts

1. Externally-Owned Account (EOA)

■ represents individual user
■ identified by 20-byte address
■ holds an amount of ether as its state
1. Contract Account
■ holds bytecode of a deployed smart contract.
■ identified by 20-byte contract address
■ holds an amount of ether as its state
Ethereum Txn

Each txn in Ethereum requires some “gas”.

These are the ethers charged as txn fees.

Types of Txns:
■ Funds transfer between EOA.
■ Deploy contract on Ethereum blockchain.
■ Execute a function on a contract account.
 Ethereum Txn
From: Txn sender
who initiates this
txn.

Gas: Max no. of

computational steps
allowed in a txn.
To avoid infinite loops.

Gas Price: Fee sender

pays per computation.
In Wei

Input: Signature and

encoded arguments of
functions included in
smart contract.

To: Recipient of txn.

0X0 means new
contract is deployed.
 State Change in Ethereum
Consider it as a world computer with state changing when a txn
occurs:
State is the
information Change in state of Ethereum when
about each txn is made.
Ethereum
account.

Eth Account 1

Eth Account 2

Eth Account 3

Eth Account 4
Ethereum Txn
Client interacts with
DApp deployed on application on
Ethereum blockchain. blockchain.
Cost Ethers. Cost Ethers.
A txn results in change of
Ethereum state.
Validated by miners.
Permissioned Blockchain

■ Permissioned blockchain controls:

– which user can join the network
– which user can participate in consensus and validate txns
and blocks
■ Such blockchains are preferred by the centralized
organizations.
■ Users cannot:
– easily join the network
– view the history and issue txns
Hyperledger

■ Hyperledger is an open
source, enterprise-grade
suite of tools and
frameworks for a
permissioned blockchain
solution development.
■ Hyperledger Fabric:
Framework for
developing blockchain
apps with a modular
architecture.
Hyperledger

■ Hyperledger Aries: Used for developing digital credential

solutions.
■ Hyperledger Indy: Tools and libraries for creating and using
independent digital identities.
■ Hyperledger Cacti: Blockchain integration tool for securely
integrating different blockchains.
■ Hyperledger Besu: Java-based Ethereum client.
Privacy Preserving Blockchain
Monero
Pseudo-anonymity: Lack of privacy in Bitcoin.
Monero, another cryptocurrency which enhances user privacy
using:
■ Stealth, single-use addresses
■ Ring signatures
■ Confidential txns
Monero- Stealth Addresses
Provides Unlinkability:
Linkability:
Ability to link all
addresses held by a
single person by
analyzing txns.

Both output
addresses belong to
Charlie, but unlinkable
to network.

Use of different address

for Charlie in each txn.
Monero- Stealth Addresses

■ A different destination address for each output is derived

from one Monero address of the user.
■ Only the owner of that Monero address knows that output is
for him (using View Keys).
■ Nobody can tell these outputs are going to the same person.
Monero- Ring Signatures
Provides Untraceability:
Traceability:
Ability to trace
funds held by
same person by
analyzing txn data.

Monero provides
untraceability by
using Ring
signatures.
Monero- Ring Signatures
Inputs in a txn-
■ Atleast one real participant and other mixins.
■ Mixins are outputs from some previous txns.
■ Ring signature created to sign the txn.

For a verifier, no way to tell who is the real participant, all appears valid
Monero- Ring Signatures

■ Find some outputs in the blockchain with the same amount X

as the output A you want to spend.
■ These other outputs are called “mixins”. All mixins of same
value.
■ You can use 4-25 mixins in a txn.
■ You sign this txn using a ring signature.
Monero- Ring Signatures

■ It is easy to verify that at least one user from inputs have

signed this ring txn.
■ Not easy to find which user has signed the txn.
 Monero- Ring Signatures
All inputs: mixins and real input are of same value.

Mixin 1

Real Input

Mixin 2

Mixin 3

Verifier cannot know that Output O is the real

spender in this txn.