Content deleted Content added
m Reverted 2 edits by 91.139.176.129 (talk) to last revision by David Gerard (TW) |
m →Race attack: HTTP to HTTPS for Cornell University |
||
| (352 intermediate revisions by more than 100 users not shown) | |||
Line 1:
{{Short description|Rules that govern the functioning of Bitcoin}}
{{Use dmy dates|date=November 2021}}
{{broader|Bitcoin}}
[[File:Bitcoin Transaction Visual.svg|thumb|A diagram of a bitcoin transfer]]
The '''bitcoin protocol''' is the [[Communication protocol|set of rules]] that govern the functioning of [[bitcoin]]. Its key components and principles are: a [[peer-to-peer]] decentralized network with no central oversight; the [[blockchain]] technology, a public [[ledger]] that records all bitcoin transactions; [[Mining (cryptocurrency)|mining]] and [[proof of work]], the process to create new bitcoins and verify transactions; and cryptographic security.
Users broadcast [[digital signature|cryptographically signed]] messages to the network using bitcoin [[cryptocurrency wallet]] software. These messages are proposed transactions, changes to be made in the ledger. Each node has a copy of the ledger's entire transaction history. If a transaction violates the rules of the bitcoin protocol, it is ignored, as transactions only occur when the entire network reaches a consensus that they should take place. This "full network consensus" is achieved when each node on the network verifies the results of a [[proof-of-work]] operation called ''mining''. Mining packages groups of transactions into blocks, and produces a [[Hash function|hash code]] that follows the rules of the bitcoin protocol. Creating this hash requires expensive [[energy]], but a network node can verify the hash is valid using very little energy. If a miner proposes a block to the network, and its hash is valid, the block and its ledger changes are added to the blockchain, and the network moves on to yet unprocessed transactions. In case there is a dispute, then the longest chain is considered to be correct. A new block is created every 10 minutes, on average.
Changes to the bitcoin protocol require consensus among the network participants. The bitcoin protocol has inspired the creation of numerous other digital currencies and blockchain-based technologies, making it a foundational technology in the field of [[Cryptocurrency|cryptocurrencies]].
==Blockchain==
[[Blockchain]] technology is a decentralized and secure digital ledger that records transactions across a network of computers. It ensures transparency, immutability, and tamper resistance, making data manipulation difficult. Blockchain is the underlying technology for cryptocurrencies like bitcoin and has applications beyond finance, such as supply chain management and smart contracts.<ref>{{Cite web |last=Hut |first=Moody |title=What is Blockchain Technology and How Does it Work |date=18 December 2023 |url=https://moodyhut.com/blockchain-technology/ }}</ref>
===Transactions===
[[File:blockchain.svg|thumb|110px|The best chain {{color box|black}} consists of the longest series of transaction records from the genesis block {{color box|#448e73}} to the current block or record. Orphaned records {{color box|#9865c3}} exist outside of the best chain.]]
The network requires minimal structure to share transactions. An [[ad hoc]] decentralized network of volunteers is sufficient. Messages are broadcast on a [[Best-effort delivery|best-effort]] basis, and nodes can leave and rejoin the network at will. Upon reconnection, a node downloads and verifies new blocks from other nodes to complete its local copy of the blockchain.<ref name="whitepaper">{{cite web |last=Nakamoto |first=Satoshi |date=24 May 2009 |title=Bitcoin: A Peer-to-Peer Electronic Cash System |url=http://bitcoin.org/bitcoin.pdf |url-status=dead |archive-url=https://web.archive.org/web/20100704213649/https://bitcoin.org/bitcoin.pdf |archive-date=4 July 2010 |access-date=20 December 2012}}</ref><ref name=UCPaper>{{cite book
|chapter=Bitter to Better – how to make Bitcoin a better currency
|title=Financial Cryptography and Data Security
|chapter-url=http://crypto.stanford.edu/~xb/fc12/bitcoin.pdf
|publisher=[[Springer Publishing]]
|year=2012
|author1=Barber, Simon |author2=Boyen, Xavier |author3=Shi, Elaine |author3-link= Elaine Shi |author4=Uzun, Ersin |series=Lecture Notes in Computer Science
|volume=7397
|pages=399–414
|name-list-style=amp |doi=10.1007/978-3-642-32946-3_29
|isbn=978-3-642-32945-6
}}</ref>
==Mining==
[[File:AustrianBitCoinMiningRig.jpg|thumb|[[GPU]]-based mining rig, 2012]]
[[File:
Bitcoin uses a proof-of-work system or a proof-or-transaction to form a distributed timestamp server as a [[Proof-of-work system|peer-to-peer network]].<ref name=UCPaper /> This work is often called ''bitcoin mining''. During mining, practically all of the computing power of the bitcoin network is used to solve cryptographic tasks, which is proof of work. Their purpose is to ensure that the generation of valid blocks involves a certain amount of effort so that subsequent modification of the blockchain, such as in the 51% attack scenario, can be practically ruled out. Because of the difficulty, miners form "[[Mining pool|mining pools]]" to get payouts despite these high power requirements, costly hardware deployments, and hardware under control. As a result of the Chinese ban on bitcoin mining in 2021, the United States currently holds the largest share of bitcoin mining pools.<ref>{{Cite web |last=Sigalos |first=MacKenzie |date=2021-06-15 |title=China is kicking out more than half the world's bitcoin miners – and a whole lot of them could be headed to Texas |url=https://www.cnbc.com/2021/06/15/chinas-bitcoin-miner-exodus-.html |access-date=2023-12-05 |website=CNBC |language=en}}</ref><ref>{{Cite web |title=Cambridge Bitcoin Electricity Consumption Index (CBECI) |url=https://ccaf.io/cbnsi/cbeci/mining_map |access-date=2023-12-05 |website=ccaf.io |language=en}}</ref>
Requiring a proof of work to accept a new block to the blockchain was [[Satoshi Nakamoto]]'s key innovation. The mining process involves identifying a block that, when hashed twice with [[SHA-256]], yields a number smaller than the given difficulty target. While the average work required increases in inverse proportion to the difficulty target, a hash can always be verified by executing a single round of double SHA-256.
For the bitcoin timestamp network, a valid proof of work is found by incrementing a [[Cryptographic nonce|nonce]] until a value is found that gives the block's hash the required number of leading zero bits. Once the [[hash function|hashing]] has produced a valid result, the block cannot be changed without redoing the work. As later blocks are chained after it, the work to change the block would include redoing the work for each subsequent block. If there is a deviation in consensus then a [[Fork (blockchain)|blockchain fork]] can occur.
Majority consensus in bitcoin is represented by the longest chain, which required the greatest amount of effort to produce. If a majority of computing power is controlled by honest nodes, the honest chain will grow fastest and outpace any competing chains. To modify a past block, an attacker would have to redo the proof-of-work of that block and all blocks after it and then surpass the work of the honest nodes. The probability of a slower attacker catching up diminishes exponentially as subsequent blocks are added.<ref name=UCPaper />
[[File:
To compensate for increasing hardware speed and varying interest in running nodes over time, the difficulty of finding a valid hash is adjusted roughly every two weeks. If blocks are generated too quickly, the difficulty increases and more hashes are required to make a block and to generate new bitcoins.<ref name=UCPaper />
===Difficulty and mining pools===
{{Further|Mining pool}}
{{multiple image
|total_width=480
|image1=Minage de crypto-monnaie (2).jpg
|caption1=Early bitcoin miners [[General-purpose computing on graphics processing units|used GPUs for mining]], as they were better suited to the [[proof-of-work]] algorithm than [[central processing unit|CPUs]].<ref>{{cite web |title=Bitcoin mania is hurting PC gamers by pushing up GPU prices |date=30 January 2018 |url=https://www.theverge.com/2018/1/30/16949550/bitcoin-graphics-cards-pc-prices-surge |url-status=live |archive-url=https://web.archive.org/web/20180202070911/https://www.theverge.com/2018/1/30/16949550/bitcoin-graphics-cards-pc-prices-surge |archive-date=2 February 2018 |access-date=2 February 2018}}</ref>
|image2=USB Erupter.jpg
|caption2=Later amateurs mined bitcoins with specialized [[Field-programmable gate array|FPGA]] and [[Application-specific integrated circuit|ASIC]] chips. The chips pictured have become obsolete due to increasing difficulty.
|image3=Cryptocurrency Mining Farm.jpg
|caption3=Today, bitcoin mining companies [[Data center|dedicate facilities]] to housing and operating large amounts of high-performance mining hardware.<ref name="worldoil">{{cite web |date=26 January 2018 |title=Cryptocurrency mining operation launched by Iron Bridge Resources |url=http://www.worldoil.com/news/2018/1/26/cryptocurrency-mining-operation-launched-by-iron-bridge-resources |url-status=live |archive-url=https://web.archive.org/web/20180130091353/http://www.worldoil.com/news/2018/1/26/cryptocurrency-mining-operation-launched-by-iron-bridge-resources |archive-date=30 January 2018 |website=World Oil}}</ref>
}}
[[File:Bitcoin mining pools by ___location (country) – Mining pool distributions of Bitcoin blockchain.webp|thumb|The largest Bitcoin mining pools as of April 2020 by nation in which the pools are based]]
Bitcoin mining is a competitive endeavor. An "[[arms race]]" has been observed through the various hashing technologies that have been used to mine bitcoins: basic [[central processing unit]]s (CPUs), high-end [[graphics processing unit]]s (GPUs), [[field-programmable gate array]]s (FPGAs) and [[application-specific integrated circuit]]s (ASICs) all have been used, each reducing the profitability of the less-specialized technology. Bitcoin-specific ASICs are now the primary method of mining bitcoin and have surpassed GPU speed by as much as 300-fold. The difficulty of the mining process is periodically adjusted to the mining power active on the network. As bitcoins have become more difficult to mine, computer hardware manufacturing companies have seen an increase in sales of high-end ASIC products.<ref>{{cite news|date=4 January 2014 |url=http://www.taipeitimes.com/News/biz/archives/2014/01/04/2003580449 |title=Bitcoin boom benefiting TSMC: report |newspaper=Taipei Times}}</ref>
Computing power is often bundled together or "[[Mining pool|pooled]]" to reduce variance in miner income. Individual mining rigs often have to wait for long periods to confirm a block of transactions and receive payment. In a pool, all participating miners get paid every time a participating server solves a block. This payment depends on the amount of work an individual miner contributed to help find that block, and the payment system used by the pool.<ref>{{cite book|last1=Rosenfeld|first1=Meni|title=Analysis of Bitcoin Pooled Mining Reward Systems|date=November 17, 2011|arxiv=1112.4980|bibcode=2011arXiv1112.4980R}}</ref>
=== Environmental effects ===
{{excerpt|Environmental effects of Bitcoin}}
[[File:Avalon-An ASIC base bitcoin machine.jpg|thumb|right|Avalon [[Application-specific integrated circuits|ASIC]]-based mining machine]]
===Mined bitcoins===
[[File:Bitcoinpaymentverification.png|thumb|left|Diagram showing how bitcoin transactions are verified]]
By convention, the first transaction in a block is a special transaction that produces new bitcoins owned by the creator of the block. This is the incentive for nodes to support the network.<ref name="whitepaper" /> It provides
{{cite book
| last1 = Antonopoulos | first1 = Andreas M
| title = Mastering bitcoin: programming the open blockchain
| date = 1 July 2017
| edition = 2nd
| publisher = O'Reilly Media
| ___location = Sebastopol, California, USA
| oclc = 953432201
| isbn = 978-1-4919-5438-6
| pages = 239
}}
</ref>
==Payment verification==
{{main|Online transaction processing}}
Each miner can choose which transactions are included in or exempted from a block.<ref name="bmg">{{Cite journal |last=Houy |first=N. |date=2016 |title=The Bitcoin Mining Game |journal=Ledger |volume=1
As noted in Nakamoto's whitepaper, it is possible to verify bitcoin payments without running a full network node (simplified payment verification, SPV). A user only needs a copy of the block headers of the longest chain, which are available by querying network nodes until it is apparent that the longest chain has been obtained; then, get the [[Merkle tree]] branch linking the transaction to its block. Linking the transaction to a place in the chain demonstrates that a network node has accepted it, and blocks added after it further establish the confirmation.<ref name="whitepaper" />
== Protocol features ==
=== Security ===
Various potential attacks on the bitcoin network and its use as a payment system, real or theoretical, have been considered. The bitcoin protocol includes several features that protect it against some of those attacks, such as unauthorized spending, double spending, forging bitcoins, and tampering with the blockchain. Other attacks, such as theft of private keys, require due care by users.<ref name=quantitative>{{cite web |title=Quantitative Analysis of the Full Bitcoin Transaction Graph |url=http://eprint.iacr.org/2012/584.pdf |publisher=Cryptology ePrint Archive |access-date=18 October 2012 |author=Ron Dorit |author2=Adi Shamir |year=2012}}</ref><ref name="primer">{{cite web |url=http://mercatus.org/sites/default/files/Brito_BitcoinPrimer.pdf |title=Bitcoin: A Primer for Policymakers |publisher=George Mason University |work=Mercatus Center |year=2013 |access-date=22 October 2013 |author1=Jerry Brito |author2=Andrea Castillo |name-list-style=amp |archive-date=21 September 2013 |archive-url=https://web.archive.org/web/20130921060724/http://mercatus.org/sites/default/files/Brito_BitcoinPrimer.pdf |url-status=dead }}</ref>
==== Unauthorized spending ====
Unauthorized spending is mitigated by bitcoin's implementation of public-private key cryptography. For example, when Alice sends a bitcoin to Bob, Bob becomes the new owner of the bitcoin. Eve, observing the transaction, might want to spend the bitcoin Bob just received, but she cannot sign the transaction without the knowledge of Bob's private key.<ref name="primer" />
==== Double spending ====
A specific problem that an internet payment system must solve is [[double-spending]], whereby a user pays the same coin to two or more different recipients. An example of such a problem would be if Eve sent a bitcoin to Alice and later sent the same bitcoin to Bob. The bitcoin network guards against double-spending by recording all bitcoin transfers in a ledger (the blockchain) that is visible to all users, and ensuring for all transferred bitcoins that they have not been previously spent.<ref name="primer" />{{rp|4}}
====
If Eve offers to pay Alice a bitcoin in exchange for goods and signs a corresponding transaction, it is still possible that she also creates a different transaction at the same time sending the same bitcoin to Bob. By the rules, the network accepts only one of the transactions. This is called a [[Race condition|race attack]], since there is a race between the recipients to accept the transaction first. Alice can reduce the risk of race attack stipulating that she will not deliver the goods until Eve's payment to Alice appears in the blockchain.<ref name="cornell4220">{{cite web |url=https://blogs.cornell.edu/info4220/2013/03/29/bitcoin-and-the-double-spending-problem/ |title=Bitcoin and the Double-spending Problem |publisher=Cornell University |date=29 March 2013 |access-date=22 October 2014 |author=Erik Bonadonna}}</ref>
A variant race attack (which has been called a Finney attack by reference to Hal Finney) requires the participation of a miner. Instead of sending both payment requests (to pay Bob and Alice with the same coins) to the network, Eve issues only Alice's payment request to the network, while the accomplice tries to mine a block that includes the payment to Bob instead of Alice. There is a positive probability that the rogue miner will succeed before the network, in which case the payment to Alice will be rejected. As with the plain race attack, Alice can reduce the risk of a Finney attack by waiting for the payment to be included in the blockchain.<ref>{{cite journal |title=Two Bitcoins at the Price of One? Double-Spending Attacks on Fast Payments in Bitcoin |url=http://eprint.iacr.org/2012/248.pdf |last1=Karame |first1=Ghassan O. |last2=Androulaki |first2=Elli |last3=Capkun |first3=Srdjan |publisher=International Association for Cryptologic Research |website=iacr.org |year=2012 |access-date=22 October 2014}}</ref>
==== History modification ====
Each block that is added to the blockchain, starting with the block containing a given transaction, is called a confirmation of that transaction. Ideally, merchants and services that receive payment in bitcoin should wait for at least a few confirmations to be distributed over the network before assuming that the payment was done. The more confirmations that the merchant waits for, the more difficult it is for an attacker to successfully reverse the transaction—unless the attacker controls more than half the total network power, in which case it is called a 51% attack, or a majority attack.<ref name="51%">{{cite news |author1=Michael J. Casey |author2=Paul Vigna |title=Short-Term Fixes To Avert "51% Attack" |url=https://blogs.wsj.com/moneybeat/2014/06/16/bitbeat-a-51-attack-what-is-it-and-could-it-happen/ |access-date=30 June 2014 |work=Money Beat |publisher=Wall Street Journal |date=16 June 2014}}</ref>
Although more difficult for attackers of a smaller size, there may be financial incentives that make history modification attacks profitable.<ref>{{cite book |url=https://doi.ieeecomputersociety.org/10.1109/SP46215.2023.00016 |last1=Bar-Zur|first1=Roi |last2=Abu-Hanna |first2=Ameer |last3=Eyal |first3=Ittay |last4=Tamar |first4=Aviv |title=2023 IEEE Symposium on Security and Privacy (SP) |publisher=IEEE Computer Society |year=2023 |doi=10.1109/SP46215.2023 |isbn=978-1-6654-9336-9 |access-date=15 May 2023}}</ref>
=== Scalability ===
{{excerpt|Bitcoin scalability problem}}
===
==== Deanonymisation of clients ====
[[Deanonymisation]] is a strategy in data mining in which anonymous data is cross-referenced with other sources of data to re-identify the anonymous data source. Along with transaction graph analysis, which may reveal connections between bitcoin addresses (pseudonyms),<ref name=quantitative /><ref name=reid>{{cite book |last1=Reid |first1=Fergal |last2=Harrigan |first2=Martin |chapter=An Analysis of Anonymity in the Bitcoin System |title=Security and Privacy in Social Networks |date=2013 |pages=197–223|___location=New York, NY |doi=10.1007/978-1-4614-4139-7_10 |isbn=978-1-4614-4138-0 |arxiv=1107.4524 }}</ref> there is a possible attack<ref name=dep2p>{{cite journal |last1=Biryukov |first1=Alex |last2=Khovratovich |first2=Dmitry |last3=Pustogarov |first3=Ivan |title=Deanonymisation of clients in Bitcoin P2P network |journal=ACM Conference on Computer and Communications Security |date=2014 |url=http://orbilu.uni.lu/handle/10993/18679 |arxiv=1405.7418 |bibcode=2014arXiv1405.7418B |isbn=9781450329576 |access-date=16 May 2017 |archive-date=22 May 2017 |archive-url=https://web.archive.org/web/20170522151641/http://orbilu.uni.lu/handle/10993/18679 |url-status=dead }}</ref> which links a user's pseudonym to its [[IP address]]. If the peer is using [[Tor (anonymity network)|Tor]], the attack includes a method to separate the peer from the Tor network, forcing them to use their real IP address for any further transactions. The cost of the attack on the full bitcoin network was estimated to be under €1500 per month, as of 2014.<ref name="dep2p" />
== See also ==
* [[Lists of network protocols]]
{{Clear}}
==References==
{{Reflist|2}}
===Works cited===
* {{Cite journal |last1=de Vries |first1=Alex |last2=Gallersdörfer |first2=Ulrich |last3=Klaaßen |first3=Lena |last4=Stoll |first4=Christian |date=16 March 2022 |title=Revisiting Bitcoin's carbon footprint |journal=[[Joule (journal)|Joule]] |volume=6 |issue=3 |pages=498–502 |doi=10.1016/j.joule.2022.02.005 |s2cid=247143939 |issn=2542-4351|doi-access=free |bibcode=2022Joule...6..498D }}
{{Bitcoin|state=expanded}}
{{Cryptocurrencies}}
{{Portal bar|Economics|Free and open-source software|Internet}}
{{Authority control}}
[[Category:Bitcoin]]
| |||