Unit 3 - Cryptocurrency

Fundamentals – II
Text Book:
Mastering Blockchain
Unlocking the Power of Cryptocurrencies and Smart Contracts
Authors
Lorne Lantz & Daniel Cawrey
Custody, Blockchain Wallet & Its Types and Variations

Anshuman Kalla 2
 Custody and Blockchain Wallet
• Custody in general means the protective care or responsibility of care and maintenance
• In financial services, custody refers to the ability to hold, move, and protect your
financial assets
• Digital wallet is an software application that allows to store funds, make digital
transactions, track payments, and perform more financial operations related to your
account
• Blockchain wallet or crypto wallet
• stores securely your cryptographic keys
• allows secure access to your digital assets or cryptos
• allows secure exchange or transfer of digital assets by sending out digitally signed transactions
• allows to track your accounts and balances
• allows to interact with decentralized applications (dApps)
• can be web or mobile application
 Custodial v/s Noncustodial Wallets
Custodial Wallet
• In custodial wallets, the user’s private key is stored and hold by a trusted entity
(for example an exchange)
• A user registers with such a trusted entity and their system stores user’s
information
• User login to their system to access his/her funds or make a transaction
• User always access blockchain via such a trusted entity
• Example – If you create a wallet using the services of Coinbase company
• Advantage: User need not worry about safe-keeping of the account and key
• Disadvantage: If the exchange goes bankrupt or runs away with the funds, the
user cannot do anything as s/he does not directly own or control the keys.
• Thus, trust is the issue since user has to trust such services that provides
custodial wallets
 Custodial v/s Noncustodial Wallets
Noncustodial Wallet
• In noncustodial wallet, the user’s private key is stored and hold by the user
himself or herself
• A user does not need to register anywhere and thus no need to provide
information such as email ID or mobile number for SMS
• User directly accesses blockchain without any entity in between
• Example – if you create wallet using Matamask
• Advantage: It gives complete control of keys to the users
• Disadvantage: Use is entirely responsible for securing their private keys
• Thus, if a user looses the key(s), that could result in complete and total
inaccessibility of his/her funds.
 Wallet Type Variations
• Two primary wallet types (custodial and noncustodial) can be implemented in a
variety of ways as shown in the following figure

Source of Figure: https://101blockchains.com/hot-wallet-vs-cold-wallet-key-differences/

 Hot Wallet and Cold Wallet
Hot Wallet
• These are blockchain wallets that store cryptographic keys on the systems which
are connected to internet
• Due to permanent Internet connectivity, the hot wallets are faster
• Easy or convenient to move funds with hot wallets
• Many custodial wallets are hot wallet, including exchange and web wallets
• However, Metamask is hot wallet as well as noncustodial wallet
Cold wallet
• Private keys are completely stored offline (out of the reach of online attackers)
• May be on piece of paper or some other physical device (disconnected from internet)
• Large cryptocurrency companies use cold wallets as they tend to be more secure
Hot Wallet and Cold Wallet
• Hot wallets are less secure than cold
wallets
• Hot wallets are easy to set-up and
access than cold wallet
• Hot wallets are free but cold wallets are
not
• Hot wallets are used for frequent
exchange of funds whereas cold wallets
are used for long-term holding
• Recovery of keys is possible in hot
wallets but not possible in cold wallets.
 Hardware Wallet
• A hardware wallet, often a small plug-in device, is a portable key to access your crypto
assets safely from anywhere
• Usually, user has a Personal Identification Number (PIN) to unlock hardware wallet once it is
plugged in the computer
• Noncustodial wallet, not connected to internet, so safer storage of cryptocurrency keys
• Ledger and KeepKey, supports dozens of kinds of crypto assets
Advantages:
• Supports multiple assets
• Great cold storage for large amounts of value
Disadvantages:
• Not easy to use
• Funds are not as readily accessible
Additional Source: https://medium.com/radartech/hardware-wallets-explained-da8bd93ce801
 Paper Wallet
• Paper wallet, which is a type of noncustodial wallet, the private key is printed on
a paper and stored physically safe
• Usually, printed out as QR code (two-dimensional matrix barcode) that is to be
scanned at the time of using the wallet
• Once the keys are printed on the paper, they are removed from the application
• Walletgenerator.net (Bitcoin) and MyEtherWallet (Ethereum)
Advantages:
• Great long-term cold storage method
• Keys are offline, so online theft is minimal
Disadvantages:
• Funds are not as readily accessible as with online wallets
• Physical damage could occur if keys (printed on paper) are not stored properly
 Web Wallet
• Web wallet is simply the website-based wallet accessed via a browser
• Coinbase (Custodial) and Blockchain.com (Noncustodial) → Thus can be both
custodial and noncustodial
Advantages:
• Very easy to access from any computer
• May have buy/sell capability
Disadvantages:
• User doesn’t usually have control of keys (custodial)
• Must trust website operator for security
 Desktop Wallet
• Desktop wallet is a software that user installs on a desktop computer (Windows,
Mac or Linux)
• The private key is stored securely on the hard drive of the computer
• Example - Electrum (Bitcoin)
Advantages:
• User controls keys
• Can be used mostly offline for better security
Disadvantages:
• No one desktop wallet is best for all cryptocurrencies
• Desktop security must be maintained by the user
 Mobile Wallet
• Mobile wallet is simply an app-based wallet and found in the app store on both
Android or iOS
• Examples: Mycelium (Bitcoin) and Edge (dozens of assets)
Advantages:
• Great for sending transactions from anywhere
• Many mobile wallets offer control of keys
Disadvantages:
• Security implications if someone were to get access to the user’s device
• Not a great method for storing large amounts of value
Security Fundamentals

Anshuman Kalla 14
 Security Fundamentals
• Most important aspect is to keep private keys safe and secure
• If an attacker somehow gets access to your private key, then s/he can sign
transactions on your behalf and empty your wallet
• One of the main reasons of crypto frauds is authentication issues
• Means exposure of either private keys or password associated with wallets.
• There are certain ways to help prevent this from happening:
• Identity verification
• Two-factor authentication
 Security Fundamentals
Identity Verification:
• Due to wide use of digital services, especially different messaging services, it is difficult
to say that the person other side is actually the same you are expecting
• Thus, it is important to verify a person with some personally known information or
other way
• Especially if someone starts making strange requests – asking for cryptocurrency
Two-factor Authentication:
• Turning on two-factor authentication in addition to password is suggested
• Two-factor authentication requires another source for verification
• One way is to use SMS verification using app like Authy or Google authenticator
(however this option is susceptible to porting)
• Second way is to use hardware device like the YubiKey.
Security Fundamentals - Type of Security Attacks

Anshuman Kalla 17
 Type of Security Attacks
Cell Phone Porting:
• Porting is when an attacker takes over your cell phone’s number to intercept incoming
messages
• To do so, the attacker calls the service provider by giving user’s personal information
• Thus, using SMS for two-factor authentication is at times not good idea
• Alternate option is to set up a portable VoIP phone number like Google Voice
Phishing:
• Attacker pretends to be familiar and trusted organization (e.g., government agency/
well known company) and sends link via messages to collect user’s personal information
• Spoofed email (from your boss or parentis) is one of the popular ways of phishing
• Although it may not look that serious attack but actually it is a most effective way to
obtain personal information
• Best way to defend is not to give personal information
Recovery Seed

Anshuman Kalla 19
 Recovery Seed (Mnemonic)
• Recovery seed is a series of words that can be used to retrieve a private key
stored in a noncustodial wallet
• Here series of words implies → string of random numbers and letters
• Seed is commonly used as a memory aid as private key is difficult to remember
• Seed phrases usually store enough information to allow the user to recover
their wallet
• Example of recovery seed phrase:
➢ witch collapse practice feed shame open despair creek road again ice least
• The recovery seed phrase is actually your “wallet,” and an attacker can easily
access your funds if s/he gets access to recovery seed phrase
• Thus it is utmost important when using noncustodial wallets to keep safe your
recovery seed
 Recovery Seed (Mnemonic) – Important Tips
• If you record your recovery seed on paper, be
sure to laminate or make sure writing does
not fade away
• Etched metal recover seed storage device can
look like as shown in the figure
• The fact is that cryptocurrency can and has
been lost
• Use secure communication tools, set up two-
factor authentication, have a PIN with a
cellular carrier, and be aware of phishing
• Cryptocurrency once gone out of your wallet
cannot be retrieved!
 Mining and Its Incentives
• Mining is process of generating new block and minting new coins which are awarded to the
miner who successfully generates that new block.
• Mining started as hobby -- Early supporters of Bitcoin, simply downloaded and ran Bitcoin software
• In 2010, miner used to get 50 BTC as reward to mine a new block
• In 2010 since 1 BTC was $0.30, a wining miner would ear $15
• Soon the price of BTC went rocket high and mining become serious profession
• With greater mining rewards → the difficulty of mining a new block also went up
• Jump from regular computer to → Graphics Processing Units (GPUs) → Application Specific
Integrated Circuits (ASICs)
• With access to cheap power and computing facilities, today we are seeing enterprise level
large-scale data center based mining
• Mining turned into gold rush!
• In Bitcoin, after every 2,10,000 (aprox. 4 years) the new BTC generated is reduced by 50%
 Mining and Its Incentives

• As like the price of BTC is volatile so is the mining revenue (rewards + transaction
fee)
 Block Generation – Mining and Difficulty
• In Bitcoin blockchain a block is generated
every 10 minutes
• Bitcoin uses Proof-of-Work (PoW) consensus
algorithm
• A miner who wants to create a new block
needs to provide a proof of the sufficient
work done
• The work here is a cryptographic puzzle which
miners needs to do (i.e., solve)
• The solution of that cryptographic puzzle by a
miner is considered as proof of the effort • The difficulty in Bitcoin is adjusted every
made 2016 blocks
• The computing power and the difficulty to • Difficulty acts as a controlling knob to
solve the cryptographic puzzle is rapidly ensure that a new block is mined every 10
increasing with time. minutes irrespective of number of
participating miners
 Consensus Mechanism and Its Need
• Consensus mechanism is a way to establish an agreement between various
participants (nodes in the blockchain network) who have shared values and goals
• The agreement is on the state of the distributed digital ledger

• An important component of how blockchain networks succeed

• Blockchain allows changes to be made in append-only mode
• Thus change is performed by adding a new block in the ledger

• So all or at least majority of the nodes need to agree on

• which new block is to be added to the ledger and
• who (i.e., which node) is allowed to add that new block such that all the remaining nodes
follow and add this new block.
 Consensus Mechanism and Its Need
• Establishing agreement is not easy in a decentralized and democratic
environment because of the following three reasons:
1. Large number of nodes participating at any given point of time,
2. Inevitable churn in blockchain P2P network, i.e., dynamic number of nodes participating
at any given time
3. Nodes are not trustworthy and can be malfunctioning or malicious

• Thus, to ensure consistency of the data stored on blockchain, consensus

mechanism is required.
• In other words, it guarantees that all the participating nodes stores exactly the same copy
of the ledger
 Types of Consensus Mechanism

Consensus
Mechanisms

Proof-Based Voting-Based

• Because of the focus on cryptocurrency and mining, next we discuss PoW and how it applies
to bitcoin.
• Note: Enterprise applications that use blockchain usually do not use PoW and do not require
miners. Anshuman Kalla
28
 Proof-of-Work (PoW)
• It enables cryptocurrency transactions to be confirmed and blocks to be
published on the Bitcoin blockchain
• First described in paper by Markus Jakobsson of Bell Labs and Ari Juels of RSA
Laboratories,
• Proof-of-Work (PoW) was initially created to bind economic value via computer processing
to otherwise free services, like email, in order to stop spam.
• As PoW requires computing power, it reduces the incentive to attack or flood a
system.
• The economic value provided in PoW is directly correlated to the price of the
electric power that is used in the mining process.
 Proof-of-Work (PoW)
• In PoW mining, hashing is the
computational work.
• A hash is output on the blockchain as
public proof using a hash algorithm
• The computer speed at which this is
done is known as the hash rate
(hashes/sec).
• With many cryptocurrencies, the power
used by PoW has become quite
substantial
• Massive computation and the related
power is what secures the network
• Although hash rates fluctuate, Bitcoin
has surpassed 70 million terahashes per
second in the past
 Block Discovery
• About every 10 minutes, a new block is confirmed by a wining miner
• As there are thousands of miners participating at any time, the network needs to
achieve consensus on which miner gets the right to confirm the new block
• To create a new block, a miner has to generate a Bitcoin block hash that is
considered valid by the network, using the following criteria:
➢ It is a hash of a valid (new) block header
➢ The resulting block hash is a number that is lower than the current network target
• target – constantly changing number – valid block hash need to be smaller than
this number.
• difficulty – average number of attempts required to discover a valid block hash.
• network hash rate – how many times per second the miners collectively attempt
to generate a valid block hash.
 Block Discovery
• The goal for the Bitcoin blockchain network, set in bitcoin’s initial parameters, is
as follows:
➢ A new valid block should be discovered approximately every 10 minutes.
• Over time, the number of miners using computer processing power to discover a
block, changes along with variables like electricity use and processing power,
among other factors.
• The processing power they are consuming is called the hash power.
• The miners are consuming this power to try to generate a valid Bitcoin block
hash.
 Block Discovery
• The increase in hash power implies (collectively) higher computer processing
power is available to generate a valid block hash
• Obviously, blockchain network (of miners) with more hash power will take less
time for the network to discover a new block
• Therefore, in order to maintain an average of 1 block being discovered every 10
minutes, the Bitcoin network changes the network target to make it more or less
difficult for the network of miners to discover a valid block hash
• The initial target value set for generating the first Bitcoin block was:
➢00000000ffff0000000000000000000000000000000000000000000000000000 → Eight zeros

• The actual block hash of first block was smaller than the target value set:
➢Initial target (8 zeros) - 00000000ffff0000000000000000000000000000000000000000000000000000
➢Block #0 hash (10 zeros) - 000000000019d6689c085ae165831e934ff763ae46a2a6c172b3f1b60a8ce26f
 Block Discovery
• When block #0 was discovered, there was little competition in the Bitcoin
network to discover a block → So, the target value was high (meaning easier)
• The difficulty at that moment was 1, meaning that on average it would require 1
attempt to generate a valid hash.
• Ten years later, there are thousands of miners consuming significantly more hash
power to discover a block. Therefore, the target 10 years later is a lower value,
requiring more attempts.

Compare the target (18 zeros)

with a valid block hash (21
zeros) from July 28, 2019
 Block Discovery
• A new target recalculated by all the nodes in the network every 2,016 blocks
(approximately 14 days)
• The idea is to find a new target value such that → this new target value would
have generated the previous 2,016 blocks at intervals of exactly 10 minutes
• This way Bitcoin blockchain network self-corrects the difficulty
• The reason behind this self-correcting mechanism for difficulty is to ensure the
supply of bitcoin is predictable & follows a specific schedule (see fig. in next slide)
• When a new block is created --> new bitcoins are also minted for rewards
• This reward is also getting halved approximately every 4 year or after 210,000
blocks are created
• By year 2140, roughly 21 million total bitcoins will have been mined, after that no
more supply of new bitcoins
Bitcoin Predictable Supply
 The Mining Process – Proof-of-Work (PoW)
• At any given time, several miners participate and compete to create a new block
• Miners’ motivation is to get the block rewards plus the transaction fees
• While creating a new valid block, the miners need to make sure that
1. Block hash is of valid block header (i.e. all the fields are corrected) and
2. The block hash is smaller than the current target value
❑ The fields of the block header
is as shown in this figure.
❑ All the fields except for the
nonce are taken from public
sources of information
❑ Different values for nonce is
tried in iterative manner
(from 0 to all 1’s for 32 bits)
 The Mining Process – Proof-of-Work (PoW)

Start with
nonce = 0
 Proof-of-Stake (PoS) Consensus
• PoW requires heavy computation and huge power due to the mining process which
involves cryptographical operations
• Proof-of-Stake (PoS) does not require mining; the mining is replaced by staking in PoS
• PoS was first used in 2012 by virtual currency Peercoin
– Latter used by other virtual currencies like Blockcoin and ShadowCoin

• Nodes willing to participate in block creation process stake an amount of their coins
– Meaning some amount of coins /token are deposited by each participating node as collateral and is locked
by system

• Higher the stake, higher is the chance that a node gets to create a new block
• Thus, in PoS the node which gets change add a new block is called as validator (not
miner)
Source: https://maxthake.medium.com/what-is-proof-of-stake-pos-479a04581f3a by Max Thake 40
 Proof-of-Stake (PoS) Consensus
• If a node (i.e., validator) tries to add an illegal block then that will be self-
destruction
• Usually, the incentive to be paid to the validator comes from transaction fees
• The nodes in PoS are selected based on different staking criteria such as:
– Size of the stake: How much amount of the coins a node has staked to get chance to
create new block?
– Age: For how long a node has been holding the coin it has staked?
– Wealth: Which node has being holding the staked coins for more than X duration of time?
– Randomization: Selecting randomly one node to become validator out of the nodes
which have staked their coins

41
 Proof-of-Stake (PoS) Consensus
• Advantages of PoS compared to PoW
– Since there is no mining thus less computation and hence less power is required to run
PoS → low carbon footprints
– PoS gives more control to the nodes which have been participating (and are invested) in
the network for long time

• Disadvantages of PoS
– Provided with that fact that → the control of the system lies with the nodes that have
been participating for long and are rich → this results in making the network centralized
(defeating the aim that blockchain should be decentralized)
– PoS creates more divide between rich and poor nodes (rich nodes get more chance to add
new block and become richer) → Rich becomes more rich and poor become more poor

42
 Proof-of-Stake (PoS) Consensus
• To ensure fairness in block creation and to avoid the situation where rich nodes
becomes richer, PoS follows different techniques
• The idea is to add randomness
• One of the popular ways is ‘Coin Age’
– Product of the token/coin staked by a node and the holding time (combined with random
selection)
– The node with highest coin age becomes the validator to add a new block
– Once, the winning node creates a new block its coin age is reset so that it cannot mine another
block for some time

• Another method of securely introducing randomness is by using the RANDAO -

random number generator and verifiable delay functions (VDFs) together

Source: https://maxthake.medium.com/what-is-proof-of-stake-pos-479a04581f3a by Max Thake 43