Mastering Bitcoin #5.pdf -

Please enable JavaScript to view the full PDF

Convidados desta edição Daniel Martins Narcélio Filho Mastering Bitcoin 1. Introduction 2. How Bitcoin Works 3. The Bitcoin Client 4. Keys, Addresses, Wallets 5. Transactions 6. The Bitcoin Network 7. The Blockchain 8. Mining and Consensus 9. Alternative Chains, Currencies, and Applications 10. Bitcoin Security Introduction Data structures that encode transfer of value between participants Each transaction is a public entry in the blockchain Transaction lifecycle Transaction creation, signed, broadcast to the network, nodes validating, propagation, verified by miner and included Funds allocated to a new owner can then be spent, extending the chain of ownership Creating transactions Transaction: instrument that expresses the intent to transfer money Can be created online or offline A transaction references a specific previous transaction as its source Once it is created, it is signed by the owner (or owners) of the source funds If it is formed and signed, it is now valid and Finally it has to reach the bitcoin network, so that it can be propagated until it reaches a miner for inclusion in the public ledger Broadcasting transactions to the bitcoin network Transaction needs to be delivered to the network to be propagated and included Sender don't need to trust the nodes Doesn't contain sensitive data Doesn’t matter how it is transmitted Can be transmitted over insecure networks, like Wifi, bluetooth, NFC, Chirp, copying and pasting into a web form Extreme cases: radio, satellite, shortwave Money into data structure! Propagating transactions on the bitcoin network Nodes valid receiving transactions If valid, it propagates it If invalid, node rejects it Network is p2p New validated transaction will be sent to 3 or 4 nodes it is connected -> ripples through the network To prevent spamming, dos attacks or other attacks, nodes validate it before propagating transactions Transaction structure Data structure Encodes transfer of value from a source of funds (input) To a destination (output) Inputs and outputs are not related to accounts or identities -> bitcoin amounts, chunks of bitcoins, locked with a secret table pag 113 Transaction locktime Define earliest time a transaction can be added to the blockchain 0 in most transactions to indicate immediate execution 0 <= t < 500.000.000 = block height (included only after this block) > 500.000.000 = unix timestamp, and included in this times Transaction outputs and inputs 1/2 Fundamental building block: UTXO (Unspent Transaction Output) Chunks of bitcoin locked to specific owner Network tracks all UTXOs There's no such thing as stored balance of bitcoin address or account Concept of user's bitcoin balance => wallet scans the blockchain and forms the "user's balance" UTXOs: arbitrary value as multiple of satoshis If UTXO > value of transaction, must be consumed and return change e.g. UTXO 20 bitcoin, 1 bitcoin to transfer = 19 bitcoins as change Transaction outputs and inputs 2/2 Wallet select user's available UTXO and compose transaction combine multiple or one greater than desired value UTXOs consumed = transaction inputs UTXOs created by a transaction = transaction outputs Transactions consume UTXOs unlocking it with signature of current owner and create UTXOs locking it to the bitcoin addres of new owner Exception: coinbase transaction Transaction outputs Every transaction creates outputs Send bitcoin = creating an UTXO UTXOs are tracked by every full node -> UTXO pool Consists of two parts: - amount of bitcoins - locking script (encumbrance) table pag 116 code pag 116 Transaction inputs Pointers to UTXO Reference to - tx hash - sequence number Also includes unlocking scripts (signature proving ownership) code pag 118 Once UXTO is selected, wallet produces unlocking scripts containing signatures for each of the UTXOs table pag 119 Transaction fees Incentive Compensate miners for securing the network Wallets calculate and include fees automatically Calculated based on size of transaction in kilobytes, not on the value Fees are set based on market forces At first fees had fixed size -> then market forces Adding fees to transactions There's no field for fees Implied by the difference: sum(inputs) - sum(outputs) You have to be careful to not tip too much! Transaction scripts and script language Clients validate transactions by executing a script Both locking script and unlocking script are written in this language Script construction (lock + unlock) Locking script: placed on an output specify conditions to spend the funds Unlocking script: satisfies the conditions to spend signature table pag 124 Scripting language Simple Stack-based language: push and pop Operators, OP_ADD, OP_EQUAL... Stack pag 126 ex: locking script = 3 OP_ADD 5 OP_EQUAL unlocking script = 2 Turing incompleteness Many operators but no loops Limited complexity Avoids attacks, denial-of-service Stateless verification No state saved No state prior to the execution of the script No state saved after Standard transactions isStandard() defines the types of scripts - Pay-to-Public-Key-Hash (P2PKH) - Public-Key - Multi-Signature (limited to 15 keys) - Pay-to-Script-Hash (P2SH) - Data-Output (OP_RETURN) Pay to public key hash (P2PKH) Most of transactions Contain locking script that encumbers the output with a public key hash (bitcoin address) Output locked by a P2PKH script can be unlocked by presenting: - public key - digital signature created by the corresponding private key Alice payment to Bob's Cafe: locking script = OP_DUP OP_HASH160 <Cafe Public Key Hash> OP_EQUAL OP_CHECKSIG unlocking script = <Cafe Signature> <Cafe Public Key> Must evaluate to TRUE Pay to public key Simpler form, shorter Now most often seen in coinbase transactions Locking script: <Public Key A> OP_CHECKSIG Unlocking script: <Signature from Private Key A> = <Signature from Private Key A> <Public Key A> OP_CHECKSIG Multi-signature N public keys are recorded in the script at least M of those must provide signatures M-of-N scheme e.g.: 2-of-3 Combinations: 1-of-1 ... 15-of-15 Locking script: 2 <Public Key A> <Public Key B> <Public Key C> 3 OP_CHECKMULTISIG Unlocking script: OP_0 <Signature B> <Signature C> Data Output (OP_RETURN) https://bitcoin.stackexchange.com/questions/29554/explanation-of-what-an-op-return-tra nsaction-looks-like https://www.blockchain.com/btc/tx/8bae12b5f4c088d940733dcd1455efc6a3a69cf9340e17 a981286d3778615684 Limit: 40 bytes charley loves heidi: 636861726c6579206c6f766573206865696469 http://www.unit-conversion.info/texttools/hexadecimal/ Blockchain bloat or just another use case? Pay to script hash (P2SH) Facilitates the use of multi-signatures Hash of locking script table pag 135 From “pay to this 5-key multi-signature script” To “pay to a script with this hash” Pay to script hash addresses Enconding a script hash as an address e.g.: Mohammed's complex script as an "address": 39RF6JqABiHdYHkfChV6USGMe6Nsr66Gzw 3 -> script Benefits of P2SH Reduce size of complex scripts, making a transaction smaller Scripts can be coded as addresses Recipient, not the sender, must deal with complexity Shifts transaction fee cost of a long script from sender to receiver (when spending it)