Module 3

Consensus algorithm and Bitcoin

 Public Key Cryptography
(asymmetric cryptography)
Terminology Related to Asymmetric Encryption
Asymmetric Keys
• Two related keys, a public key and a private key, that are used to perform
complementary operations, such as encryption and decryption or signature
generation and signature verification.

Public Key Certificate

• A digital document issued and digitally signed by the private key of a Certification
Authority that binds the name of a subscriber to a public key.
• The certificate indicates that the subscriber identified in the certificate has sole
control and access to the corresponding private key
Terminology Related to Asymmetric
Encryption
Public Key (Asymmetric) Cryptographic Algorithm
• A cryptographic algorithm that uses two related keys, a public key and a private
key.
• The two keys have the property that deriving the private key from the public key
is computationally infeasible.
Public Key Infrastructure (PKI)
• A set of policies, processes, server platforms, software and workstations used for
the purpose of administering certificates and public-private key pairs,
including the ability to issue, maintain, and revoke public key
certificates.
Terminology Related to Asymmetric
Encryption
• Plaintext: This is the readable message or data that is fed into the algorithm as input.
• Encryption algorithm: The encryption algorithm performs various transformations on the
plaintext.
• Public and private keys: This is a pair of keys that have been selected so that if one is used for
encryption, the other is used for decryption. The exact transformations performed by the
algorithm depend on the public or private key that is provided as input.
• Ciphertext: This is the scrambled message produced as output. It depends on the plaintext and
the key. For a given message, two different keys will produce two different ciphertexts.
• Decryption algorithm: This algorithm accepts the ciphertext and the matching key and
produces the original plaintext.
Steps followed:
1. Each user generates a pair of keys to be used for the encryption and
decryption of messages.
2. Each user places one of the two keys in a public register or other
accessible file. This is the public key. The companion key is kept
private. Each user maintains a collection of public keys obtained from
others.
3. If Bob wishes to send a confidential message to Alice, Bob encrypts
the message using Alice’s public key.
4. When Alice receives the message, she decrypts it using her private
key. No other recipient can decrypt the message because only Alice
knows Alice’s private key.
Conventional and Public-Key Encryption
Conventional Encryption Public-Key Encryption

• Needed to Work: • Needed to Work:

1. The same algorithm with the same key 1. One algorithm is used for encryption
is used for encryption and decryption. and decryption with a pair of keys, one for
encryption and one for decryption.
2. The sender and receiver must share the
algorithm and the key. 2. The sender and receiver must each have
one of the matched pair of keys (not the
• Needed for Security:
same one).
1. The key must be kept secret. • Needed for Security:
2. It must be impossible or at least
1. One of the two keys must be kept
impractical to decipher a message if no
secret.
other information is available.
2. It must be impossible or at least
3. Knowledge of the algorithm plus
impractical to decipher a message if no
samples of ciphertext must be insufficient
other information is available.
to determine the key.
3. Knowledge of the algorithm plus one of
the keys plus samples of ciphertext must
be insufficient to determine the other key.
Basic elements of number theory
• Prime numbers
• Congruence in modular arithmetic
• Fermat’s theorem
• Euler’s totient function
 Basic elements of number theory
• Congruence in modular arithmetic

Eg: 9(mod 2) = 1(mod 2) , so we can write as 9 1(mod 2)

Eg: Check whether 49 11(mod 19)
Basic elements of number theory
• Fermat’s theorem

• Let a = 4, p = 3,

a ^ p-1 = 4 ^ 2 = 16  to check whether 16 1(mod 3)

16(mod 3) = 1 = 1(mod 3)
Therefore 16 1(mod 3)
Basic elements of number theory
• Euler’s totient function
Basic elements of number theory
• (4) = ?
• (6) = ?
Basic elements of number theory
• Two integers are relatively prime (or coprime) if there is no integer
greater than one that divides them both (that is, their greatest
common divisor is one)
Basic elements of number theory
Basic elements of number theory
Basic elements of number theory
Basic elements of number theory
RSA algorithm
• RSA algorithm is an asymmetric cryptography algorithm
• Developed in 1977 by Ron Rivest, Adi Shamir, and Len Adleman at
MIT and first published in 1978
• The RSA scheme is a block cipher in which the plaintext and
ciphertext are integers between 0 and n - 1 for some n.
• A typical size for n is 1024 bits, or 309 decimal digits. That is, n is less
than 21024.
RSA (Ron Rivest, Adi Shamir, and Len Adleman )
Micro project 3
• Implement RSA in Python/Java/C
Digital Signature
• A digital signature is an authentication mechanism that enables the
creator of a message to attach a code that acts as a signature.
• Typically the signature is formed by taking the hash of the message
and encrypting the message with the creator’s private key.
• The signature guarantees the source and integrity of the message.
• Digital signatures provide a means of associating a message with an
entity from which the message has originated.
• Digital signatures are used to provide data origin authentication and
non-repudiation.
 Digital Signature
• Message authentication protects two parties who exchange messages
from any third party.
• However, it does not protect the two parties against each other.
• Several forms of dispute between sender and receiver are possible.
• Two such cases are source repudiation and destination repudiation
• In situations where there is not complete trust between sender and
receiver, something more than authentication is needed.
• The most attractive solution to this problem is the digital signature.
Digital signature in blockchain
• Digital signatures are used in blockchains, where transactions are
digitally signed by senders using their private key, before the sender
broadcasts the transaction to the network.
• This digital signing proves that the sender is the rightful owner of the
asset; for example, bitcoins.
• These transactions are verified again by other nodes on the network to
ensure that the funds indeed belong to the node (user) who claims to
be the owner.
RSA digital signature algorithms
• RSA-based digital signature algorithms are calculated using the two steps listed
here.
• Fundamentally, the idea is to first compute the hash of the data and then sign it
with the private key:
1. Calculate the hash value of the data packet.
• This will provide the data integrity guarantee, as the hash can be computed at the
receiver’s end again and matched with the original hash to check whether the data
has been modified in transit.
• Technically, message signing can work without hashing the data first, but that is
not considered secure.
2. Sign the hash value with the signer's private key.
• As only the signer has the private key, the authenticity of the signature and the
signed data is ensured.
Properties of digital signature
• Authenticity means that the digital signatures are verifiable by a receiving party.
• Non-repudiation : The unforgeability property ensures that only the sender of the message
can use the signing functionality using the private key.
• Digital signatures must provide protection against forgery.
• Forgery means an adversary fabricating a valid signature for a message without any access
to the legitimate signer's private key.
• In other words, unforgeability means that no one else can produce the signed message
produced by a legitimate sender
• This is also called the property of non-repudiation.
• Non-reusability means that the digital signature cannot be separated from a message and
used again for another message
• In other words, the digital signature is firmly bound to the corresponding message and
cannot be simply cut from its original message and attached to another.
 RSA digital signature algorithms
• If a sender wants to send an authenticated message to a receiver, there are two methods
that can be used: sign then encrypt and encrypt then sign.
• Sign then encrypt
• Sender digitally signs the data using the private key, appends the signature to the data, and
then encrypts the data and the digital signature using the receiver's public key.
• This is considered a more secure scheme compared to the encrypt then sign scheme
• Encrypt then sign
• With this method, the sender encrypts the data using the receiver's public key and then
digitally signs the encrypted data.
• A digital certificate that contains the digital signature is issued by a Certificate Authority
(CA) that associates a public key with an identity
ELLIPTIC CURVE ARITHMETIC
• An elliptic curve is defined by an equation in two variables with coefficients.
• For cryptography, the variables and coefficients are restricted to elements in a
finite field, which results in the definition of a finite abelian group.
• Elliptic curves are not ellipses.
• They are so named because they are described by cubic equations, similar to those
used for calculating the circumference of an ellipse.
• In general, cubic equations for elliptic curves take the following form, known as a
Weierstrass equation

• a,b,c,d,e are real numbers and and and take on values in the real
numbers
 ELLIPTIC CURVE ARITHMETIC
• Above equations are said to be cubic, or of degree 3, because the highest exponent they
contain is a 3.
• Also included in the definition of an elliptic curve is a single element denoted O and
called the point at infinity or the zero point
• To plot such a curve, we need to compute

• Thus, each curve is symmetric about y=0.

ELLIPTIC CURVE ARITHMETIC
Elliptive curve cryptography
ELLIPTIC
CURVE
CRYPTOGR
APHY
 Elliptic Curve Encryption/Decryption
.
Secure Hash Algorithm (SHA)
• most widely used hash function
• Developed by the National Institute of Standards and
Technology (NIST) and published as a federal
information processing standard (FIPS 180) in 1993.
• SHA is based on the hash function MD4 (a cryptographic
hash function)
• SHA-0 in 1993 then SHA-1 in 1995
• In 2002, SHA-256, SHA-384, SHA-512 introduced ,
together known as SHA-2
SECURE HASH ALGORITHM (SHA) : SHA-512
• Step 1 Append padding bits. The message is padded so that its length is congruent to 896
modulo 1024 . Padding is always added, even if the message is already of the desired
length. The padding consists of a single 1 bit followed by the necessary number of 0 bits.
• Step 2 Append length. A block of 128 bits is appended to the message. This block
contains the length of the original message (before the padding). Expanded message is
represented as the sequence of 1024-bit blocks, M1, M2, so that the total length of the
expanded message is N * 1024 bits.
• Step 3 Initialize hash buffer. A 512-bit buffer is used to hold intermediate and final results
of the hash function. The buffer can be represented as eight 64-bit registers (a, b, c, d, e, f,
g, h).These registers are initialized to the following 64-bit integers (hexadecimal values):
• Step 4 Process message in 1024-bit (128-word) blocks. The heart of the algorithm is a
module that consists of 80 rounds; this module is labeled F in figure 11.8. The logic is
illustrated in Figure 11.9.
• Step 5 Output. After all N 1024-bit blocks have been processed, the output from the Nth
stage is the 512-bit message digest.
SHA-512 Processing of a Single 1024-Bit
Block
SHA-512 Round Function
Elementary SHA-512 Operation (single
round)
Input Sequence for SHA-512 Processing
SHA-256 algorithm

• The SHA-256 algorithm is a part of the SHA-2

• Step 1 Append padding bits: The total length of our message must be a
multiple of 512. In this step, we append bits to the end of our message
such that the final length of the message must be 64 bits less than a
multiple of 512. The first bit that we append is 1 followed by all 0 bits.
• Step 2 Append length: we take the modulus of the original message with
232 to get 64 bits of data. Appending this to the padded message makes our
processed message an exact multiple of 512.
• The image below illustrates the final message after step one is completed.
SHA-256

M + P + 64 = n x 512
i.e M = length of original message
P = padded bits

• Step 3 Initialize hash buffer: Before we begin carrying out computations on

the message, we need to initialize some buffer values. The default eight buffer
values are shown below. These are hard-coded constants representing hash
values.
 SHA-256

• Step 4: Compression function: The main part of the hashing algorithm lies in
this step. The entire message block that we have ‘n x 512’ bits long is divided
into ‘n’ chunks of 512 bits and each of these 512 bits, are then put through 64
rounds of operations and the output obtained is fed as input for the next round
of operation.
 SHA-256

• In the image above we can clearly see the 64 rounds of operation that is
performed on a 512 bit message. We can observe that two inputs that we send
in are W(i) & K(i), for the first 16 rounds we further break down 512 bit
message into 16 parts each of 32 bit but after that we need to calculate the
value for W(i) at each step.
SHA-256
• Step 5: output : The output from every round acts as an input for the
next round and this process keeps on continuing till the last bits of the
message remains and the result of the last round for the nᵗʰ part of the
message block will give us the result i.e. the hash for the entire
message. The length of the output is 256 bits.
Applications of cryptographic hash functions

• There are various constructs that have been built using basic cryptographic parameters
to solve different problems in computing.
• These constructs are also used in blockchains to provide various protocol-specific
services.
• Following are applications of hash functions in blockchains are to provide various
security services:
• Hash functions are used in cryptographic puzzles such as the Proof of Work (PoW)
mechanism in Bitcoin.
• Bitcoin's PoW makes use of the SHA-256 cryptographic hash function.
Applications of cryptographic hash functions

• The generation of addresses in blockchains.

• For example, in Ethereum, blockchain accounts are represented as addresses.
• These addresses are obtained by hashing the public key with the Keccak-256 hash
algorithm and then using the last 20 bytes of this hashed value.
• Message digests in digital signatures.
• For example, hash functions are used to build Merkle trees, which are used to
efficiently and securely verify large amounts of data in distributed systems.
• The creation of Merkle trees to guarantee the integrity of transaction structure in the
blockchain.
• Merkle trees are the core building blocks of all blockchains
• For example, Bitcoin and Ethereum.
Merkle trees

• The concept of Merkle trees was introduced by Ralph Merkle.

• A diagram of a Merkle tree is shown here.
• Merkle trees enable the secure and efficient verification of large datasets:
Merkle trees
• A Merkle tree is a binary tree in which the inputs are first placed at the leaves (nodes with no children), and
then the values of pairs of child nodes are hashed together to produce a value for the parent node (internal
node),until a single hash value known as a Merkle root is achieved.
• This structure helps to quickly verify the integrity of the entire tree (entire dataset), but just by verifying the
Merkle root on top of the Merkle tree, because if any change occurs in any of the hashes in the tree, the
Merkle root will also change.
• This is the reason why the integrity of the system can be verified quickly by just looking at the Merkle root.
• Another advantage of Merkle trees is that there is no requirement of storing large amounts of data, only the
hashes of the data, which are fixed-length digests of the large dataset.
• Due to this property, the storage and management of Merkle trees is easy and efficient as it takes a very
small amount of space for storage.
• Also, due to the fact that the tree is storage efficient, the relevant proofs for integrity are also smaller in size
and quick to transmit over the network, thus making them bandwidth efficient over the network.
Distributed hash tables
• A Distributed Hash Table (DHT) is a decentralized, distributed system that provides a way to store and
retrieve key-value pairs across a network of nodes efficiently.
• A hash table is a data structure that is used to map keys to values.
• Internally, a hash function is used to calculate an index into an array of buckets from which the required
value can be found.
• Buckets have records stored in them using a hash key and are organized into a particular order.
• With the definition provided earlier in mind, we can think of a Distributed Hash Table (DHT) as a data
structure where data is spread across various nodes, and nodes are equivalent to buckets in a peer-to-peer
network.
• In the preceding diagram, data is passed through a hash function, which then generates a compact key. This
key is then linked with the data (values) on the peer-to-peer network.
• When users on the network request the data (via the filename), the filename can be hashed again to produce
the same key, and any node on the network can then be requested to find the corresponding data.
• A DHT provides decentralization, fault tolerance, and scalability.
 Bitcoin : definition

• Bitcoin is built on decades of cryptographic research such as the research in

Merkle trees, hash functions, public key cryptography, and digital signatures.
• Bitcoin can be defined in various ways; it's a protocol, a digital currency, and
a platform.
• It is a combination of peer-to-peer network, protocols, software that facilitate
the creation and usage of the digital currency named bitcoin
• Nodes in this peer-to-peer network talk to each other using the Bitcoin
protocol.
Elements in Bitcoin

•Digital keys
•Addresses
•Transactions
•Blockchain
•Miners
•The Bitcoin network
•Wallets (client software)
Cryptographic keys
• On the Bitcoin network, possession of bitcoins and transfer of value
via transactions is reliant upon private keys, public keys, and
addresses.
• Elliptic Curve Cryptography (ECC) is used to generate public and
private key pairs in the Bitcoin network.
 Private keys in Bitcoin
• Private keys are required to be kept safe and normally resides only
on the owner's side.
• Private keys are used to digitally sign the transactions proving the
ownership of the bitcoins.
• Private keys are fundamentally 256-bit numbers and letters
• Private keys are usually encoded using Wallet Import Format
(WIF) in order to make them easier to copy and use.
• Wallet Import Format (WIF) is a standardized method for
displaying Bitcoin private keys using the Base58Check encoding
scheme. (https://en.bitcoin.it/wiki/Wallet_import_format)
Public Keys in Bitcoin
• Public keys exist on the blockchain and all network participants can
see them.
• Public keys are derived from private keys due to their special
mathematical relationship with those private keys
• Once a transaction signed with the private key is broadcast on the
Bitcoin network, public keys are used by the nodes to verify that the
transaction has indeed been signed with the corresponding private key.
• This process of verification proves the ownership of the bitcoin.
• Bitcoin uses Elliptic Curve Digital Signature Algorithm (ECDSA)
• Public keys can be represented in uncompressed or compressed
format, and are fundamentally x and y coordinates on an elliptic curve.
Addresses in Bitcoin
• A Bitcoin address is a unique identifier that serves as a virtual location where the
cryptocurrency can be sent
• A Bitcoin address is created by taking the corresponding public key of a private key and
hashing it twice, first with the SHA256 algorithm and then with RIPEMD160.
• The resultant 160-bit hash is then prefixed with a version number and finally encoded
with a Base58Check encoding scheme.
• The Bitcoin addresses are 26-35 characters long and begin with digits 1 or 3.
• 1

• Addresses are also commonly encoded in a QR code for easy distributionAN

• Addresses should not be used more than once
 Bitcoin address types
• P2PKH Address
• pay-to-public-key-hash (P2PKH) addresses, start with the number one and
lock your bitcoins to your public key.
• an example of a P2PKH
address: 15f12gEh2DFcHyhSyu7v3Bji5T3CJa9Smn

• P2SH Address

• pay-to-script-hash (P2SH) addresses, start with the number three.

• an example of a P2SH
address: 36JKRghyuTgB7GssSTdfW5WQruntTiWr5Aq
Bitcoin address types
• Vanity addresses
• As Bitcoin addresses are based on Base58 encoding, it is possible to generate addresses
that contain human-readable messages.
• An example is shown as follows—note that in the first line, the name BasHir appears:
Bitcoin address types
• Multi-signature addresses
• As the name implies, these addresses require multiple private keys.
• In practical terms, this means that in order to release the coins, a certain set
number of signatures is required.
• This is also known as M of N multisig.
• Here, M represents the threshold or minimum number of signatures required from
N number of keys to release the Bitcoins.
Transactions
• Transactions are at the core of the Bitcoin ecosystem.
• Transactions are not encrypted and are publicly visible on the blockchain.
• Blocks are made up of transactions, and these can be viewed using any online blockchain
explorer.
• The transaction lifecycle
1. A user/sender sends a transaction using wallet software (Wallet software is a digital
application that allows users to store, send, receive, and manage cryptocurrencies or digital
assets securely. It interacts with blockchain networks to facilitate transactions and keep
track of balances) or some other interface.
2. The wallet software signs the transaction using the sender's private key.
3. The transaction is broadcasted to the Bitcoin network using a flooding algorithm.
4. Mining nodes (miners) who are listening for the transactions verify and include this
transaction in the next block to be mined. Just before the transactions are placed in the
block, they are placed in a special memory buffer called the transaction pool.
 Transactions

5. Next, the mining starts, which is the process through which the blockchain is secured and
new coins are generated as a reward for the miners who spend appropriate computational
resources. Once a miner solves the PoW problem, it broadcasts the newly mined block to the
network. The nodes verify the block and propagate the block further, and confirmations start
to generate.
6. Finally, the confirmations start to appear in the receiver's wallet and after approximately
three confirmations, the transaction is considered finalized and confirmed. However, three to
six is just a recommended number; the transaction can be considered final even after the first
confirmation. The key idea behind waiting for six confirmations is that the probability of
double spending is virtually eliminated after six confirmations.
Tutorial 4

1. Wallet Import Format used in Bitcoin

2. How a payment transaction can be sent from one user to another on the
Bitcoin network.
3. Familiarise with any one online blockchain explorer
4. Script language and Types of scripts in bitcoin
5. Commonly used opcodes in Bitcoin
6. Minscript in bitcoin
Transaction pool
• Also known as memory pools
• pools are basically created in local memory (computer RAM) by nodes (Bitcoin clients)
in order to maintain a temporary list of transactions that have not yet been added to a
block
• Miners pick up transactions from these memory pools to create candidate blocks.
• Miners select transactions from the pool after they pass the verification and validity
checks.
• The selection of which transactions to choose is based on the fee and their place in the
order of transactions in the pool.
• Miners prefer to pick up transactions with higher fees.
• To send transactions on the Bitcoin network, the sender needs to pay a fee to the miners.
• This fee is an incentive mechanism for the miners.
Transaction fees
• Transaction fees are charged by the miners.
• The fee charged is dependent upon the size and weight of the transaction.
• Transaction fees are calculated by subtracting the sum of the outputs from the sum of the inputs.
• A simple formula can be used:
fee = sum(inputs) – sum(outputs)
• The fees are used as an incentive for miners to encourage them to include users' transactions in the block
the miners are creating.
• All transactions end up in the memory pool, from where miners pick up transactions based on their priority
to include them in the proposed block.
• The time for transaction confirmation usually ranges from 10 minutes to over 12 hours in some cases.
• Transaction time is dependent on transaction fees and network activity.
• If the network is very busy, then naturally, transactions will take longer to process, and if you pay a higher
fee then your transaction is more likely to be picked by miners first due to the additional incentive of the
higher fee.
Transaction fees

• Fee rate
• Miners prioritize transactions based on satoshis per byte (sat/B).
• The effective fee rate is:
• Fee Rate=Transaction Fee/
Transaction Size in Bytes(in satoshis per byte)
• If the network is congested, users pay higher fees to get included in
the next block.
• If the network is less congested, lower fees may still result in fast
confirmations.
Transaction fees
• Example Calculation:
• Input: 0.5 BTC
• Output: 0.499 BTC
• Transaction Size: 250 bytes
• Transaction Fee=0.5−0.499=0.001 BTC
• Convert to satoshis (1 BTC = 100,000,000 satoshis):
• Transaction Fee=100,000 satoshi
• Fee Rate=100,000/250=400 sat/B
• Miners prefer transactions with higher sat/B because they maximize their rewards.
The transaction data structure
• A transaction on the Bitcoin network is represented by a data structure that consists of
several fields.
• A transaction at a high level contains metadata, inputs, and outputs.
• Transactions are combined to create a block's body.
The transaction data structure
• Metadata
• This part of the transaction contains values such as the size of the transaction, the
number of inputs and outputs, the hash of the transaction, and a lock_time field.
• Inputs
• Generally, each input spends a previous output.
• Each output is considered an Unspent Transaction Output (UTXO) until an
input consumes it.
• A UTXO is an unspent transaction output that can be spent as an input to a new
transaction.
transaction input data structure
The transaction data structure
• Outputs
• Outputs have three fields, and they contain instructions for sending bitcoins.
• The first field contains the amount of Satoshis, whereas the second field contains
the size of the locking script.
• Finally, the third field contains a locking script that holds the conditions that need
to be met in order for the output to be spent.
• Verification
• Verification is performed using Bitcoin's scripting language
 Coinbase transactions

• A coinbase transaction or generation transaction is the first transaction in a block.

• It is a unique type of bitcoin transaction that can be created by a miner.
• The miners use it to collect the block reward for their work and any other transaction
fees collected by the miner are also sent in this transaction.
• It is used to create new coins.
• It includes a special field, also called the coinbase, which acts as an input to the
coinbase transaction.
• This transaction also allows up to 100 bytes of arbitrary data storage.
• A coinbase transaction input has the same number of fields as a usual transaction
input, but the structure contains the coinbase data size and fields instead of the
unlocking script size and fields.
• Also, it does not have a reference pointer to the previous transaction.
Coinbase transactions
• These transactions have an entry, unlike the other
cryptocurrency transactions the entry is not linked with
the address of any other holder or sender.
• This entry is called the coinbase and this is responsible
for the generation of new currencies as a reward to the
miner within the blockchain.
• And to output the newly generated currencies this
special type of transaction named coinbase transaction
happens.
• This transaction points to the cryptocurrency wallet
address of the miner and as per the choice of the miner,
it can point to more than one wallet address.
• The block reward is collected including the fees charged
by the user for every transaction.
Coinbase transactions
Transaction validation
• This verification process is performed by Bitcoin nodes.
• There are three main things that nodes check when verifying a transaction:
1. That transaction inputs are previously unspent. This validation step prevents
double spending by verifying that the transaction inputs have not already been spent
by someone else.
2. That the sum of the transaction outputs should not exceed the total sum of the
transaction inputs. However, both input and output sums can be the same, or the
sum of the input (total value) could be more than the total value of the outputs.
3. That the digital signatures are valid, which ensures that the script is valid.
Transaction bugs
• Transaction malleability
• A Bitcoin attack that was introduced due to a bug in the Bitcoin implementation.
• Due to this bug, it became possible for an adversary to change the transaction ID
of a transaction, thus resulting in a scenario where it would appear that a certain
transaction has not been executed.
• This can allow scenarios where double deposits or withdrawals can occur.
• In other words, this bug allows the changing of the unique ID of a Bitcoin
transaction before it is confirmed.
• If the ID is changed before confirmation without making the transaction invalid, it
would seem that the transaction did not occur at all, which can then give the false
impression that the transaction has not been executed, thus allowing double-
deposit or withdrawal attacks.
Value overflow
• On 15 August 2010, a transaction was discovered that created roughly
184 billion bitcoins.
• This problem occurred due to the integer overflow bug where the
amount field in the Bitcoin code was defined as a signed integer
instead of an unsigned integer.
• This bug means that the amount can also be negative, and resulted in a
situation where the outputs were so large that the total value resulted
in an overflow.
• To the validation logic in Bitcoin code, all appeared to be correct, and
it looked like the fee was also positive (after the overflow).
Consensus algorithms

• Consensus is a fundamental problem in distributed systems

• A consensus is a way of coming to an agreement.
• Blockchain is a distributed system that relies upon a consensus mechanism, which
ensures the safety and liveness of the blockchain network
• A consensus algorithm is a procedure through which all the peers of the
Blockchain network reach a common agreement about the present state of the
distributed ledger.
• The algorithm sets a threshold, or the number of member machines that must
reach consensus or agreement.
Consensus algorithms
• A consensus algorithm must be able to satisfy the safety and liveness properties.
• Safety is usually based on some safety requirements of the algorithms, such as
agreement, validity, and integrity.
• Liveness means that the protocol can make progress even if the network conditions are
not ideal.
• Safety: This requirement generally means that nothing bad happens. There are usually
three properties within this class of requirements, which are listed as follows:
• Agreement. The agreement property requires that no two processes decide on different
values.
• Validity. Validity states that if a process has decided a value, that value must have been
proposed by a process. In other words, the decided value is always proposed by
an honest process and has not been created out of thin air.
Consensus algorithms
• Integrity. A process must decide only once.
• Liveness: This requirement generally means that something
good eventually happens.
• Termination. This liveness property states that each honest
node must eventually decide on a value.
Byzantine generals problem
• The problem of reaching agreement in the presence of faults or Byzantine consensus
was first formulated by M. Pease, R. Shostak, and L. Lamport
• In distributed systems, a common goal is to achieve consensus (agreement) among
nodes on the network even in the presence of faults.
• The Byzantine Generals Problem is a game theory problem, which describes the
difficulty decentralized parties have in arriving at consensus without relying on a
trusted central party.
• In a network where no member can verify the identity of other members, how can
members collectively agree on a certain truth?
Byzantine generals problem
The Byzantine generals problem metaphorically depicts a situation where a
Byzantine army, divided into different units, is spread around a city.

A general commands each unit, and they can only communicate with each
other using a messenger.

To be successful, the generals must coordinate their plan and decide whether
to attack or retreat.

The problem is that any generals could potentially be disloyal and act
maliciously to obstruct agreement upon a united plan.

The requirement now becomes that every honest general must somehow
agree on the same decision even in the presence of treacherous generals.
• The game theory analogy behind the Byzantine Generals Problem is that
several generals have surrounded the city, but they must collectively decide
when to attack.
• If all generals attack at the same time, they will win, but if they attack at
different times, they will lose.
• The generals have no secure communication channels with one another because
any messages they send or receive may have been intercepted or deceptively
sent by defenders.
• How can the generals organize to attack at the same time?
Fault Tolerance
• A fundamental requirement in a consensus mechanism is that it must
be fault-tolerant.
• In other words, it must be able to tolerate a number of failures in a
network and should continue to work even in the presence of faults.
Types of fault-tolerant consensus
• Fault-tolerant algorithms can be divided into two types of fault-tolerance.
• The first is Crash fault-tolerance (CFT) and the other is Byzantine faulttolerance
(BFT).
• CFT covers only crash faults or, in other words, benign faults.
• In contrast, BFT deals with the type of faults that are arbitrary and can even be malicious.
• Replication is a standard approach to make a system fault-tolerant.
• Replication results in a synchronized copy of data across all nodes in a network.
• This technique improves the fault tolerance and availability of the network.
• This means that even if some of the nodes become faulty, the overall system/network
remains available due to the data being available on multiple nodes.
 Classification

• The consensus algorithms can be classified into two broad categories:

• Traditional—voting-based consensus
• Lottery-based—Nakamoto and post-Nakamoto consensus
• Explain the working of AES algorithm.
• Explain public and private keys. Perform encryption and decryption
using RSA for
a)p=3, q=11, e= 7 and M=5.
b)p=5, q=11, e=3, M=9
c)In a public key cryptosystem using RSA, assume the ciphertext
C=10 sent to a user whose public key is e=5, n=35, what is
plaintext, M?

• Illustrate and explain how blockchain works using a neat diagram.

• Describe the various fields that make up a transaction in Bitcoin.
• Explain RSA algorithm and RSA digital signature algorithm