Bit coin Decentralization

1
 2
Limitation of Scoorge Coin

 Despite of ledger based cryptocurrency, Scoorge lacks in decentralization

 Bit coin achieves decentralization through technical and clever incentive

engineering
 E-mail is fundamentally a decentralized system based on a standardized protocol,
SMTP, and anyone who wishes can operate an email server of their own
 Similarly, while the Bitcoin protocol is decentralized, services like Bitcoin
exchanges, where you can convert Bitcoin into other currencies, and wallet
software, or software that allows people to manage their bitcoins may be
centralized or decentralized to varying degrees
 3
Bitcoin Protocol on Decentralization

 Who maintains the ledger of transactions?

 Who has authority over which transactions are valid?

 Who creates new bitcoins?

 Who determines how the rules of the system change?

 How do bitcoins acquire exchange value?

 4
Aspects of Decentralization in Bitcoin

 Peer to peer decentralized network

Open to anyone, low barrier to entry

 Mining

Open to anyone, but huge capital cost for infrastructure

 Updates to Software

Core developers trusted by community have privilege

 5
Why distributed Consensus Protocol??

 Bitcoin Key Challenge

Key technical challenge of deceteralized e-cash: distributed consensus

 Reliability in distributed systems – Facebook, Google, Twitter etc.,

Each piece of information must be recorded on several different nodes in this

backend, and the nodes must be in sync about the overall state of the system
 The reach of distributed consensus protocol is beyond traditional application

 Distributed key-value store enable various application such as DNS, Public key
directory, Stock trades etc.,
 Distributed Consensus Protocol 6

There are n nodes that each have an input value. Some of these nodes are
faulty or malicious. A distributed consensus protocol has the following two
properties:

● It must terminate with all honest nodes in agreement on the value

● The value must have been generated by an honest node

 7
Bitcoin – Peer-to-Peer System

When Alice wants to pay Bob, what she actually does is broadcast a transaction to
all of the Bitcoin nodes that comprise the peer‐to‐peer network

Bob computer/node is no where in the frame, but still Bob can receive
 8
How Consensus work in Bitcoin?

At any given time

All nodes have a sequence of block of transactions they have reached consensus on

Each node has set of outstanding transactions its heard about

 9
How Consensus work in Bitcoin

Okay to select any block, even if proposed by only one node

 10
Why Consensus is hard?

 Nodes may crash

 Nodes may be malicious

Network is imperfect
 not all pairs of node connected
 faults in network
 Latency --- no global time
 11
Many impossibility results

 Byzantine General problem

 Fischer- Lynch- Patterson ( Deterministic nodes):

 Consensus impossible even with a single faulty nodes

 One of the better known among these protocols is Paxos

 Paxos makes certain compromises but never produces an inconsistent result

 Rarely, the protocol can get stuck and fail to make any progress.
 12
Breaking Traditional Assumptions

 Ironically, with the current state of research, consensus in Bitcoin works

better in practice than in theory
 That is, we observe consensus working, but have not developed the theory
to fully explain why it works
 But developing such a theory is important as it can help us predict
unforeseen attacks and problems
 When we have a strong theoretical understanding of how Bitcoin consensus

works will we have strong guarantees Bitcoin’s security and stability.

 13
Consensus without Identity using a block chain

 Identity is hard in P2P system – Sybil attack

 Pseudonymity is a goal of bitcoin (important property and central feature)

 14
Key idea: Implicit Consensus

 In each round, random node is picked

 This node proposes the next block in the chain

Other nodes implicitly accepts/rejects this block

 By either extending it

 Or ignoring it and extending chain from earlier block

Every block contains hash of the block it extends

 15
Bit coin Algorithm simplified

This algorithm is simplified in that it assumes the ability to select a random node in a
manner that is not vulnerable to Sybil attacks
New transactions are broadcast to all nodes

Each node collects new transactions into a block

 In each round a random node gets to broadcast its block

 Other nodes accept the block only if all transactions in it are valid (unspent, valid
signatures)
Nodes express their acceptance of the block by including its hash in the next block
they create
 16
Working of Consensus Algorithm
Assume – Alice a malicious node may be able to subvert this process

Stealing Bitcoin :
Can Alice simply steal bitcoins belonging to another user at an address she doesn’t control?

No. Even if it is Alice’s turn to propose the next block in the chain, she cannot steal other
users’ bitcoins
Doing so would require Alice to create a valid transaction that spends that coin

 This would require Alice to forge the owners’ signatures which she cannot do if a secure
digital signature scheme is used
So as long as the underlying cryptography is solid, she’s not able to simply steal bitcoins
 17

Denial of service attack

Alice really dislikes Bob, Alice can then decide that she will not include any transactions
originating from Bob’s address in any block that she proposes to get onto the block chain
In other words, she’s denying service to Bob

While this is a valid attack that Alice can try to mount, luckily it’s nothing more than a
minor annoyance
If Bob’s transaction doesn’t make it into the next block that Alice proposes, he will just
wait until an honest node gets the chance to propose a block and then his transaction will get
into that block
 18
Double spend attack
Alice is a customer of a website run by Bob, who provides some online service in exchange for
payment in bitcoins
Let’s say Bob’s service allows the download of some software

Alice adds an item to her shopping cart on Bob’s website and the server requests payment

Then Alice creates a Bitcoin transaction from her address to Bob’s and broadcasts it to the network

Let’s say that some honest node creates the next block, and includes this transaction in that block

So there is now a block that was created by an honest node that contains a transaction that represents
a payment from Alice to the merchant Bob
 19

 Transaction is a data structure that contains Alice’s signature, an instruction to

pay to Bob’s public key, and a hash
 This hash represents a pointer to a previous transaction output that Alice received
and is now spending
 That pointer must reference a transaction that was included in some previous
block in the consensus chain
 There are two different types of hash pointers here that can easily be confused

 Blocks include a hash pointer to the previous block that they’re extending

 Transactions include one or more hash pointers to previous transaction outputs

that are being redeemed
 How Alice Launch a double spending attack 20

 The latest block was generated by an honest node and includes a transaction in which Alice pays Bob
for the software download
 Upon seeing this transaction included in the block chain, Bob concludes that Alice has paid him and
allows Alice to download the software
 Suppose the next random node that is selected in the next round happens to be controlled by Alice

 Now since Alice gets to propose the next block, she could propose a block that ignores the block that
contains the payment to Bob and instead contains a pointer to the previous block
 Furthermore, in the block that she proposes, Alice includes a transaction that transfers the very coins
that she was sending to Bob to a different address that she herself controls
 This is a classic double‐spend pattern. Since the two transactions spend the same coins, only one of
them can be included in the block chain
 If Alice succeeds in including the payment to her own address in the block chain, then the transaction
in which she pays Bob is useless as it can never be included later in the block chain.
 21
A double spend attempt
 22
Is double spending going to succeed or not?

 It depends on which block will ultimately end up on the long‐term consensus chain — the
one with the Alice → Bob transaction or the one with the Alice → Alice transaction
 What determines which block will be included? Honest nodes follow the policy of
extending the longest valid branch, so which branch will they extend?
 There is no right answer! At this point, the two branches are the same length — they only
differ in the last block and both of these blocks are valid
 The node that chooses the next block then may decide to build upon either one of them,
and this choice will largely determine whether or not the double‐spend succeeds
 23
Moral point of View

 There is a clear difference between the block containing the transaction that pays
Bob and the block containing the transaction in which Alice double spends those
coins to her own address
 But this distinction is only based on our knowledge of the story that Alice first paid
Bob and then attempted to double spend
 From a technological point of view, however, these two transactions are completely
identical and both blocks are equally valid
 The nodes that are looking at this really have no way to tell which is the morally
legitimate transaction.
 24
 In practice, nodes often follow a heuristic of extending the block that they first heard about on the
peer‐to‐peer network
 But it’s not a solid rule, due to network latency, it could easily be that the block that a node first
heard about is actually the one that was created second
 So there is at least some chance that the next node that gets to propose a block will extend the block
containing the double spend
 Alice could further try to increase the likelihood of this happening by bribing the next node to do so

 If the next node does build on the double ‐spend block for whatever reason, then this chain will now
be longer than the one that includes the transaction to Bob
 At this point, the next honest node is much more likely to continue to build on this chain since it is
longer
 This process will continue, and it will become increasingly likely that the block containing the
double‐spend will be part of the long‐term consensus chain
 The block containing the transaction to Bob, on the other hand, gets completely ignored by the
network, and this is now called an orphan block .
 25
Bob-the Merchant Point of View
 26

 Understanding how Bob can protect himself from this double‐spending attack is a key part of understanding Bitcoin security

 When Alice broadcasts the transaction that represents her payment to Bob, Bob is listening on the network and hears about
this transaction even before the next block is created
 If Bob was even more foolhardy than we previously described, he can complete the checkout process on the website and
allow Alice to download the software right at that moment hat’s called a zero‐confirmation transaction

 This leads to an even more basic double spend attack than the one described before

 Previously, for the double‐spend attack to occur, we had to assume that a malicious actor controls the node that proposes the
next block

 But if Bob allows Alice to download the software before the transaction receives even a single confirmation on the block
chain, then Alice can immediately broadcast a double‐spend transaction, and an honest node may include it in the next block
instead of the transaction that pays Bob.
 27

 On the other hand, a cautious merchant would not release the software to Alice
even after the transaction was included in one block, and would continue to wait
 If Bob sees that Alice successfully launches a double‐spend attack, he realizes
that the block containing Alice’s payment to him has been orphaned
 He should abandon the transaction and not let Alice download the software

 Instead, if it happens that despite the double‐spend attempt, the next several nodes
build on the block with the Alice → Bob transaction, then Bob gains confidence
that this transaction will be on the long‐term consensus chain.
 28

 In general, the more confirmations a transaction gets, the higher the probability that
it is going to end up on the long‐term consensus chain
 Recall that honest nodes’ behavior is always to extend the longest valid branch that
they see
 The chance that the shorter branch with the double spend will catch up to the longer
branch becomes increasingly tiny as it grows longer than any other branch
 This is especially true if only a minority of the nodes are malicious — for a shorter
branch to catch up, several malicious nodes would have to be picked in close
succession
 29
Incentives and Proof of work

Incentive to nodes
Assumption of honesty is problematic

We unable to penalize the node that has cheated, because nodes doesn’t have identities

Reward the honest nodes that created all the blocks that end up on the long-term consensus chain

We don't have node identity, so we can't mail them cash to their home addresses, we can use Bit
in order to incentivize the nodes to behave honestly
 30

Incentive1: block reward

a node gets the block award regardless of whether it proposes a block with only
valid transactions, or it behaves maliciously
The node will collect the reward only if this block ends up on the long-term
consensus branch
The creation transaction also becomes valid only if it belongs to a long-term
consensus branch.
31
 32

Incentive2 : Transaction Fees

The creator of any transaction can choose to make the output value of that
coin less than the input value

Transaction value = Output value - Input Value

This transaction fee is purely voluntary

It is not mandatory to include a fee in a transaction, but as the block reward
starts to run out, it will become almost mandatory for nodes to include a
transaction fee in order to get a reasonable quality of service
 33
Problems in bitcoin protocol

 How can we pick a random node to insert the new block?

 After introducing incentives, everyone probably wants to run a bitcoin

node in order to get a reward
 An adversary might try to create a whole bunch of Sybil nodes in order to
try to subvert this consensus process
 34
Blockchain Validator Selection

Different blockchain protocols adopt different methodologies for selecting the

validator from available pool of nodes
PoW (Proof of Work) - Computing power

PoS (Proof of Stake) - Rich in the system

Proof of Activity - Hybrid

Proof of Elapsed Time

Proof of Burn
 Hash Puzzle Problem Difficulty - Nonce 35

 In order to add a block, the node that proposes it has to find a number: a nonce

 This nonce concatenated with the hash of the previous block and the transactions
Merkle Tree hash, must have an hash that falls into a small target space
 The space is small in relation to the entire output space of the hash function

H(Nonce||hahs_prev_block_hash_transaction) ϵ { target_set}

Problem Difficulty
 It must be moderately difficult to find a nonce that satisfies this required property,
which is that hashing the whole block together including that nonce is going to
result in a particular type of output
 If the target space was just 1% of the overall output space, it would be necessary to
try about 100 nonces before one gets lucky
 The real target space is much smaller, so the attempt to find a correct hash will be
many more
 36
Proof of Work Properties

The proof-of-work function of an hash puzzle must be:

Difficult to compute
 It is necessary to compute about 1020 hashes to be able to insert a new
block, so the size of the target space is only around 1/ 1020 of the output space
of the hash function
So only some nodes of the network with high computing power actively
compete in the block creation process
This process of repeatedly trying and solving these hash puzzles is known
as Bitcoin mining , and we call the participating nodes miners
 37

Parameterizable cost
Always not a fixed cost for all time

 The Bitcoin peer‐to‐peer network will automatically recalculate the target,

that is the size of the target space as a fraction of the output space, every 2016
blocks
In other words, the recalculation of the target happens roughly every two
weeks
Recalculation of the target in such a way that the average time between
successive blocks produced in the Bitcoin network is about 10 minutes
 38

Trivial to verify
It is trivial to verify that a node has computed proof of work correctly

Even if it takes a node, on average, 1020 tries to find a nonce that makes the
block hash fall below the target, that nonce must be published as part of the block
It is thus trivial for any other node to look at the block contents, hash them all
together, and verify that the output is less than the target
Any node or any miner can instantly verify that a block found by another miner
satisfies this proof‐of‐work property.
 Cost of Mining 39

Mining Economics
The current difficulty level, finding a single block takes computing about 1020 hashes and the
block reward is about 6.25 Bitcoins, which is a sizable amount of money at the current
exchange rate

The mining reward that the miner gets is in terms of the block reward and transaction fees

 The miner asks himself how it compares to the total expenditure, which is the hardware and
electricity cost
 40
 The hardware cost is a fixed cost whereas the electricity cost is a variable cost that is incurred over time

 Another complication is that the reward that miners get depends upon the rate at which they find blocks, which
depends on not just the power of their hardware, but on the ratio of their hash rate to the total global hash rate
 A third complication is that the costs that the miner incurs are typically denominated in dollars or some other
traditional currency, but their reward is denominated in bitcoin
 So this equation has a hidden dependence on Bitcoin’s exchange rate at any given time

 So far we’ve assumed that the miner is interested in honestly following the protocol, but the miner might choose
to use some other mining strategy instead of always attempting to extend the longest valid branch
 So this equation doesn’t capture all the nuances of the different strategies that the miner can employ

 Actually analyzing whether it makes sense to mine is a complicated game theory problem that’s not easily
answered
 41
How to Store and Use Bitcoin

 To spend a bitcoin you need to know some public information and some secret
information
 The public information is what goes on the block chain — the identity of the
coin, how much it's worth, and so on
 The secret information is the secret key of the owner of the bitcoin (that’s you)

 There are 3 goals connected to storing and managing bitcoin viz., availability,
security and convenience
 42
Important Pre-conditions

 Availability - being able to actually spend your coins when you want to

 Security – making sure that nobody else can spend your coins

 Convenience - key management should be relatively easy to do

 43
Possible Approaches
Storing the keys could be put them on a local device, such as a computer/smart phone

+ convenience: the money could be accessible just pushing a button

- availability: if the device crashes or you lose it, the money is lost with it

- security: if someone manages to break into the device the security is broken
 44
Wallet Software
To avoid these problems, we would typically use a wallet software:

+ convenience: keeps track of the money and provides a nice user interface

It is also possible to reach an higher level of anonymity or privacy, using a whole

bunch of different keys and addresses

Store and manage them taken care by software

To receive money it is possible to provide the third party an address belonging to

your wallet through a string or a QR Code

+ availability: It is possible to connect from every device with the personal account

+ security: It depends on software security, vulnerable to break in, but it is typically

more secure than a personal device
45
 46
Hot and Cold Storage
 hot storage is online: examples of hot storage is using a local device or an
online wallet to store the keys; there's a high availability and convenience,
but the security is not so strong
 cold storage is offline: it is not connected to the Internet and it's more
secure
 It's similar to keep the money in a safe, instead that in a wallet

 The security is higher but both the availability and convenience are lower
47
48
 Moving Bitcoins between hot and cold storage 49

 To move coins back and forth between the two sides, both must know the address the other
one is using; So each side knows its own secret key and the receiving address of the other
side
 Even if the cold storage is offline most of the time, it sometimes needs to connect to transfer
money and to check if its balance is changed
 Since hot storage is operating and that the cold one is offline, when the amount in the hot
storage becomes too high, it knows the address of the cold storage. So it can send to the cold
storage the coins anyway
 Next time the cold storage connects, it will receive from the blockchain the information
about the new transactions
 Manage hot and cold storage addresses 50

 For privacy and security reasons we would like to change receiver address every
time. So, whenever there's a transfer of coins from the hot side to the cold side,
we would like to use a fresh cold address.
 How can the hot wallet know the new address even if the cold side is not online?

 A simple solution could be to have the cold side generate a whole bunch of
addresses all at once ( Worst Solution – not advisable )
 The hot wallet could use one of them per transaction and whenever the cold side
reconnect could send new addresses if necessary
 51
Hierarchical Wallets

 The effective solution is to use a hierarchical wallet, which allows the cold
side to use an essentially unbounded number of addresses and the hot side
to know about these addresses
 Need a only a short, one-time communication between the two sides, that
can be attained through cryptographic trickery
 A function called generateKeys that generates a public key (which acts as
an address) and a secret key
 52
Key Generation in Hierarchical Wallets

Scheme of Hierarchical Wallet

 53

 In a hierarchical wallet, key generation works differently

 Instead of generating a single address we generate what we'll call address

generation info, and rather than a private key we generate what we'll call private
key generation info
 Given the address generation info ,we can generate a sequence of addresses: we
apply an address generation function that takes as input the address generation
info and any integer i and generates the i 'th address in the sequence
 Similarly we can carryout for private keys using the private key generation info
 54
How to store cold information?
 Information stored in device, device locked in a safe

 2nd Method : Brain wallet, encrypt info under passphrase that user remembers - online guessing –
offline guessing ; password cracking – random 80-bit number- turning that number into a passphrase in
such a way that different numbers result in different passphrases

 3rd Method: Paper wallet, print info an a paper and lock the same - Typical paper wallets encode
both the public and private keys in two ways: as a two dimensional barcode and in base-58 notation

 4th Method: Tamper proof device , device will sign things for you, but don’t disclose keys - put
the key into the device or the device generates the key - One advantage: if the device is lost or stolen we’ll know it,
and the only way the key can be stolen is if the device is stolen. This is different from storing your key on a laptop
 55
Bitcoin Paper Wallet
 Splitting and Sharing Keys 56

Idea: split secret into n pieces, such that given any k pieces, can construct the secret;
while having fewer than k pieces, we'll not be able to know anything about the
original key

Example with N=2, K=2

a large prime number P

S is the secret and has to be in the range [0,P-1]

R a random value, which is also in the range [0,P-1]

we split the secret S in the following way:

X1 = (S+R) mod P

X2= (S+2R) mod P

Reconstruction : (2X1 - X2) mod P = (2S+2R-S-2R) mod P = S mod P = S

 57
Splitting and Sharing Keys

Example:

Breaking:

N=2, K=2, p=29, s=13, r =11

X1= (s+r) mod p (13+11) mod 29 =24

X2 = (s+2r) mod p (13+2× 11) mod 29 =6

Reconstruction:

(2×X1 - X2) mod p =s (2×24 – 6) mod 29 42 mod 29 =13

 58
Splitting and Sharing Keys

 Good: Store shares separately, adversary must compromise several shares to

get the key
 Bad: To sign, need to bring shares together, reconstruct the key ( vulnerable)
 59
Online Wallet and Exchanges

Online wallets
Like a local wallet “ but in the cloud”

This application will store the keys, encrypted with a password that only the
owner knows, but it is necessary to trust the security of the website
60
 61

Advantages:
it is not necessary to install software to use a web based wallet, or a simple
app on the phone
it works across multiple devices, even if a device is lost, the wallet will still be
available

Disadvantages:
if the website or app is malicious or gets compromised somehow, the bitcoins
can be lost. It is necessary to trust the website as more secure than oneself
 62
Bitcoin Exchanges

Bitcoin exchanges are businesses that, at least from a user interface point of
view, are similar to banks
accept deposits of Bitcoins and fiat currency (es. $, €, ...)

enable to send and receive Bitcoins

buy and sell Bitcoins for fiat currency. Typically they try to match Bitcoin
buyers and sellers. So they find some customer who wants to buy bitcoins
with dollars/euros and some other customer who wants to sell bitcoins for
dollars/euros and try to match them up.
 63
Exchange buy and sell process
Now let's see what happens when you buy and sell Bitcoins in an Exchange:

suppose that you own an account of 5000$ in some Exchange

you place an order for 2 Bitcoins which costs 580$ each

if the exchange finds someone who wants to sell 2 Bitcoins, it matches the two transactions

the result is that in your account now you see 3840$ and 2BTC

The important thing to note, is that the exchange doesn't need to commit an actual transaction on
the blockchain. The only thing that is changed is that the Exchange now promises to you 3840$
and 2BTC. No actual movement of money through dollar economy or Bitcoin blockchain was
necessary.
 64

Exchange Risks:
risk of bank run

Ponzi scheme

cyber attack
65
 66
Bank Regulations

For traditional banks, government typically:

Imposes minimum reserve requirements

Regulates behaviour

Investments

Insures depositors against losses

 67
Proof of Reserve – Bit coin Exchanges

 To increase the customers' amount of comfort, the exchange can do some

cryptographic trick called Proof of Reserve

For example it could have the 25% of the deposits, that people made, available
for withdrawal

The Proof of Reserve is made of two pieces:

 prove how much reserve it's holding.

 prove how many demand deposits the group holds

With these two things, it enough to divide those to numbers to obtain the
amount of fractional reserve.
 68

Prove the Reserve Amount:

The company publishes a valid payment-to-self transaction of that amount

For example, if it declares to own 100000 BTC, it creates a valid transaction that pays
100000 BTC to itself.

Then it signs, with the same private key used for the payment-to-self transaction, a
random string generated by some impartial party

This proves that someone who knew the private key was participant in the proof of reserve

This shows that whoever owns 100000 BTC is willing to cooperate to the process.
 69

Prove the number of deposits

we use a trick related to Merkle tree.

It's a binary tree built with hash pointers

Its pointers tell where to find the information and its hash

We can add to every hash pointer a label with the total monetary value in Bitcoin of
all the things underneath that pointer in the tree

At the bottom we can place all the customers' accounts and combine them in a Merkle
tree, so that the hashpointer coming out of each node is labeled with the sum of the two
haspointers below
70
 71
 The root of the Merkle tree will correspond to the total deposit amount

 The exchange can sign the root of the tree, making a claim that it's valid

 Now each customer can ask to see that they are included in the tree

 The exchange can show the path to the customer account and the customer
can check that the hash pointers are consistent all the way down and that
starting with its deposit the amount add up to the total
 If everybody does it, then every branch of the tree is explored and verified.
 72

If the two pieces of the proof gets correctly verified, then the exchange has proven that:
they own an amount of at least X Bitcoin of reserve

the total deposits of the customers correspond to Y

So the reserve fraction would be X/Y, and it can be compared to what's declared by the
company

These information can be independently verified by anybody, so it's a proof that can
increase the trust in the exchange.

 
 73
Payment Services
Scenario – Merchant accepts bitcoin

Merchants want to
To receive dollars

Simple deployment

Low risk( tech risk, security risk, exchange rate risk)

The goal of payment service is to satisfy both customer and merchant to carry
out their task with ease
 74
Merchant collaboration with Payment Service
 75

Payment process involving a user, merchant, and payment service

 76

Summary

Customer: pays bitcoin

Merchant: gets dollars, minus a small percentage

Payment Service:

gets bitcoin

pays dollars ( keep small percentage)

absorb risk ( security, exchange rate)

need to exchange bitcoins in dollars, in volume

 77
Transaction Fees
It cost resources for
Peers to relay your transaction

Miners to record your transaction

Transaction fee compensate for some of these costs

Generally, higher fee means and transaction will be forwarded and recorded faster

Transaction fee= value of inputs – value of outputs

This fee goes to miner who records the transaction

a transaction fee is just defined to be the difference between the total value of coins that go into a transaction
minus the total value of coins that come out

https://www.youtube.com/watch?v=DWq5jdyRAAs
 78

Satoshi
One Satoshi is the smallest unit of Bitcoin, each Bitcoin is divisible to the 8th
decimal place, so each Bitcoin can be split into 100,000,000 units. Each unit
of bitcoin, or 0.00000001 bitcoin, is a Satoshi.
 79
How are transaction fee set today?
no fee if:
 the transaction is less than 1000bytes in total size

 all the outputs of the transaction are at least 0.01 BTC

 the priority of the transaction is large enough, where Priority = (input_age1 *

input_value1 + input_age2 * input_value2 + ... + input_ageN * input_valueN) /

transaction_size
A fee of 0.0001 Bitcoins every 1000 Bytes of the transaction

The transaction size is approximately 148 bytes per each input plus about 34 bytes per
each output plus about 10 bytes for other information
 80

 Most miners enforce the consensus fee structure.

 If you don’t pay the consensus fee, your transaction will take longer to be recorded

 Miners prioritize transactions based on fees and the priority formula

Wallet software and payment exchanges include the consensus fee structure for every
bitcoin involved transactions
 81
Currency Exchange Markets

Reading Assignment