ThePiachu (OP)
|
|
June 17, 2012, 09:45:37 AM Last edit: March 20, 2017, 07:24:15 AM by ThePiachu Merited by ABCbits (13), EFS (12) |
|
Hello everyone, I've been working on my master thesis for almost a year now and today I passed my exam. So, if anyone is interested in reading my dissertation, it's available here: https://dl.dropbox.com/u/3658181/PiotrPiasecki-BitcoinMasterThesis.pdfIts topic is “Design and security analysis of Bitcoin infrastructure using application deployed on Google Apps Engine.”. It mostly considers various security strengths and weaknesses of the Bitcoin protocol, standard client, third party apps and even Bitcoin users. I'll upload the code I developed for it some other time (it's not really that amazing). Hope you'll enjoy the reading. I'd like to apologize for the use of polish at the start (it was a requirement), and for some boring introduction of basic things (also a requirement). Donations welcome: 18zRT8jaHJUZe3foLcHkocV468dZ9sGiBq EDIT 2017-03-20: If the above link is not working, try: https://www.dropbox.com/s/i9i5bbaaa8wlj23/PiotrPiasecki-BitcoinMasterThesis.pdf?dl=0
|
|
|
|
Meni Rosenfeld
Donator
Legendary
Offline
Activity: 2058
Merit: 1054
|
|
June 17, 2012, 10:18:41 AM Merited by EFS (4), ABCbits (1) |
|
Wonderful. While academically it seems the intended focus was security analysis, it is comprehensive enough to be used as a reference general introduction to Bitcoin, to those willing to take the time to study it seriously. A few nitpicks: 1. "Bitcoin" and "satoshi", as units of currency, should only be capitalized if at the beginning of a sentence. "Dollar" isn't capitalized either. Bitcoin as the name of a project, a protocol, a software, an ecosystem and a community is of course capitalized. Also, I'd avoid using "bitcoins" in reference to the system - e.g., instead of "(b)Bitcoins offer much lower cost of transferring money" I'd say "Bitcoin offers". 2. You use http://pastehtml.com/view/awb1vg03r.html as a reference for currently used mining pool reward systems, but it's badly out of date, and even for its time it was vague at best - SMPPS pools are listed as PPS, different varieties of score-based methods are lumped together in a single category, etc.
|
|
|
|
sylkyx
Newbie
Offline
Activity: 42
Merit: 0
|
|
June 17, 2012, 11:15:36 AM |
|
Wow, that was genuinely a really good read, and whilst it does provide great academic depth into the subject, it is also a great explanation of how the whole system works, giving new users a good understanding of it. I was thinking of heading into a PhD in Computing as i have already gained my masters in cryptology, so this subject around the security of bitcoins is fascinating to me.
|
|
|
|
cypherdoc
Legendary
Offline
Activity: 1764
Merit: 1002
|
|
June 17, 2012, 03:11:11 PM |
|
in the very first paragraph i find something i would've stated differently:
"It relies on cryptographic algorithms in order to prevent abuse of the system."
shouldn't it say "...cryptographic and hashing algorithms..."?
i'm not an academic in this particular area so correct me if i'm wrong.
|
|
|
|
Meni Rosenfeld
Donator
Legendary
Offline
Activity: 2058
Merit: 1054
|
|
June 17, 2012, 03:19:51 PM |
|
in the very first paragraph i find something i would've stated differently:
"It relies on cryptographic algorithms in order to prevent abuse of the system."
shouldn't it say "...cryptographic and hashing algorithms..."?
i'm not an academic in this particular area so correct me if i'm wrong.
"Cryptography" is a general field encompassing encryption, digital signatures, hashing and more.
|
|
|
|
cypherdoc
Legendary
Offline
Activity: 1764
Merit: 1002
|
|
June 17, 2012, 03:22:07 PM |
|
in the very first paragraph i find something i would've stated differently:
"It relies on cryptographic algorithms in order to prevent abuse of the system."
shouldn't it say "...cryptographic and hashing algorithms..."?
i'm not an academic in this particular area so correct me if i'm wrong.
"Cryptography" is a general field encompassing encryption, digital signatures, hashing and more. my turn to nitpick. he used a small "c".
|
|
|
|
Meni Rosenfeld
Donator
Legendary
Offline
Activity: 2058
Merit: 1054
|
|
June 17, 2012, 03:43:03 PM |
|
in the very first paragraph i find something i would've stated differently:
"It relies on cryptographic algorithms in order to prevent abuse of the system."
shouldn't it say "...cryptographic and hashing algorithms..."?
i'm not an academic in this particular area so correct me if i'm wrong.
"Cryptography" is a general field encompassing encryption, digital signatures, hashing and more. my turn to nitpick. he used a small "c". "Cryptography" isn't capitalized when in the middle of a sentence.
|
|
|
|
cypherdoc
Legendary
Offline
Activity: 1764
Merit: 1002
|
|
June 17, 2012, 04:14:25 PM |
|
in the very first paragraph i find something i would've stated differently:
"It relies on cryptographic algorithms in order to prevent abuse of the system."
shouldn't it say "...cryptographic and hashing algorithms..."?
i'm not an academic in this particular area so correct me if i'm wrong.
"Cryptography" is a general field encompassing encryption, digital signatures, hashing and more. my turn to nitpick. he used a small "c". "Cryptography" isn't capitalized when in the middle of a sentence. hmmm, this is confusing. "Hash functions" can also be defined as a broad category with "cryptographic hashing functions" as a subset. http://en.wikipedia.org/wiki/Hash_functionif you use "Cryptography" as you defined it, i would think you'd capitalize it even in the middle of a sentence. even more confusing is that in my discussions with theymos, as well as has been commented here on this forum by several prominent members, it's been said that Bitcoin does not rely on "encryption" per se. i always understood this to mean that the SHA-256 hashing algorithm effectively makes miners "guess" at the target solution which reduces the process down to mathematical probabilities vs. certain miners having insider information, ie, a "cryptographic key solution". this is what makes Bitcoin "fair" to the masses that care to mine, like me, and would be analogous to the lotteries run by States. even the little guys line up around the block to buy their tickets despite knowing that larger players can buy up huge numbers of tickets for the ultimate prize. at least they have an equal chance on a ticket by ticket basis.
|
|
|
|
Meni Rosenfeld
Donator
Legendary
Offline
Activity: 2058
Merit: 1054
|
|
June 17, 2012, 04:48:01 PM |
|
if you use "Cryptography" as you defined it, i would think you'd capitalize it even in the middle of a sentence.
Scientific fields aren't capitalized. even more confusing is that in my discussions with theymos, as well as has been commented here on this forum by several prominent members, it's been said that Bitcoin does not rely on "encryption" per se.
Encryption is a one-to-one transformation for which the inverse can be computed by, and only by, someone who has the proper key. It is used to conceal data from everyone but intended recipients. That isn't used anywhere in the Bitcoin protocol, but it is used in wallet encryption in the client. Hashing is a transformation that is in general not one-to-one, and which ideally cannot be inverted by anyone. The ostensibly random nature of such transformations is used in making block finding artificially difficult (and directly proportional to computational power).
|
|
|
|
sylkyx
Newbie
Offline
Activity: 42
Merit: 0
|
|
June 17, 2012, 04:56:41 PM |
|
cryptography isn't capitalized, trust me, my masters degree was in cryptography
|
|
|
|
Meni Rosenfeld
Donator
Legendary
Offline
Activity: 2058
Merit: 1054
|
|
June 17, 2012, 05:04:46 PM |
|
Cryptography isn't capitalized, trust me, my masters degree was in cryptography
It is when in the beginning of a sentence. I agree of course but that's not really evidence, ThePiachu's master's thesis was in Bitcoin and he still didn't properly capitalize "bitcoins". I wonder if "bitcoinology" should be capitalized?
|
|
|
|
wachtwoord
Legendary
Offline
Activity: 2338
Merit: 1136
|
|
June 17, 2012, 05:07:04 PM |
|
How did this thread turn into a language discussion?
|
|
|
|
ThePiachu (OP)
|
|
June 17, 2012, 05:34:17 PM |
|
Thank you all for your comments. 1. "Bitcoin" and "satoshi", as units of currency, should only be capitalized if at the beginning of a sentence. "Dollar" isn't capitalized either. Bitcoin as the name of a project, a protocol, a software, an ecosystem and a community is of course capitalized. Also, I'd avoid using "bitcoins" in reference to the system - e.g., instead of "(b)Bitcoins offer much lower cost of transferring money" I'd say "Bitcoin offers".
As for the capitalization - I decided to capitalise every Bitcoin-related term for clarity. It works quite well in a lot of circumstances (especially when talking about Bitcoin Addresses and IP addresses in the same sentence, it should be there somewhere). As for the singular and plural, I guess I should review my uses of them. 2. You use http://pastehtml.com/view/awb1vg03r.html as a reference for currently used mining pool reward systems, but it's badly out of date, and even for its time it was vague at best - SMPPS pools are listed as PPS, different varieties of score-based methods are lumped together in a single category, etc. Hmm, didn't know it wasn't too accurate, but it was used only once as a general view of the pools. Unfortunately, I haven't found any other such wide comparison. in the very first paragraph i find something i would've stated differently:
"It relies on cryptographic algorithms in order to prevent abuse of the system."
shouldn't it say "...cryptographic and hashing algorithms..."?
i'm not an academic in this particular area so correct me if i'm wrong.
"Cryptography" is quite a general term that encompasses a lot of thing - encryption, hashing, message signing and so forth. even more confusing is that in my discussions with theymos, [...] it's been said that Bitcoin does not rely on "encryption" per se.
Bitcon Protocol does not rely on encryption. The Standard Client uses encryption for wallet encryption and bitcoind calls (SSL/TSL). You can use Bitcoin without encryption, but they are not necessary for Bitcoin Network to work. How did this thread turn into a language discussion?
Check around post number 4 .
|
|
|
|
Serith
|
|
June 17, 2012, 05:37:59 PM |
|
Section 5.3 Finney Attack It is also worth noting that on more than one occasion the double-spend attempt was detected by the website blockchain.info[202]. As such any service actively checking the website for such activity would be able to detect the malicious activity attempt. I think you described a regular double spend attack, where is Finney attack involves pre-mined block, and it is not detectable. Suppose the attacker is generating blocks occasionally. in each block he generates, he includes a transfer from address A to address B, both of which he controls.
To cheat you, when he generates a block, he doesn't broadcast it. Instead, he runs down to your store and makes a payment to your address C with his address A. You wait a few seconds, don't hear anything, and transfer the goods. He broadcasts his block now, and his transaction will take precedence over yours.
|
|
|
|
cypherdoc
Legendary
Offline
Activity: 1764
Merit: 1002
|
|
June 17, 2012, 06:47:18 PM |
|
the only reason i bring up the distinction btwn cryptography and hashing is for what i believe are public perception issues.
to me, the more we can describe Bitcoin as being based on "mathematics", which more aligns with the broader concept of hashing, the better it will be perceived, as opposed to being based on "cryptography" which is not only hard to understand but possibly convey a negative perception as if we have something to hide.
my two cents.
|
|
|
|
Meni Rosenfeld
Donator
Legendary
Offline
Activity: 2058
Merit: 1054
|
|
June 17, 2012, 06:56:13 PM |
|
the only reason i bring up the distinction btwn cryptography and hashing is for what i believe are public perception issues.
to me, the more we can describe Bitcoin as being based on "mathematics", which more aligns with the broader concept of hashing, the better it will be perceived, as opposed to being based on "cryptography" which is not only hard to understand but possibly convey a negative perception as if we have something to hide.
my two cents.
Cryptography is mathematics. Even if "cryptography" is assumed to mean "encryption", the public should be well aware of the important role of encryption in online commerce and banking.
|
|
|
|
cypherdoc
Legendary
Offline
Activity: 1764
Merit: 1002
|
|
June 17, 2012, 07:01:05 PM |
|
the only reason i bring up the distinction btwn cryptography and hashing is for what i believe are public perception issues.
to me, the more we can describe Bitcoin as being based on "mathematics", which more aligns with the broader concept of hashing, the better it will be perceived, as opposed to being based on "cryptography" which is not only hard to understand but possibly convey a negative perception as if we have something to hide.
my two cents.
Cryptography is mathematics. Even if "cryptography" is assumed to mean "encryption", the public should be well aware of the important role of encryption in online commerce and banking. sure. but when you're explaining how Bitcoin works to an average Joe, its much simpler to say it it based on math where 2+2 always equals 4. try explaining it using "cryptography". the discussion all of a sudden gets way more complicated to the point of the listener giving up.
|
|
|
|
muyuu
Donator
Legendary
Offline
Activity: 980
Merit: 1000
|
|
June 17, 2012, 08:40:20 PM |
|
I shall be reading this Where is the accompanying CD?
|
GPG ID: 7294199D - OTC ID: muyuu (470F97EB7294199D) forum tea fund BTC 1Epv7KHbNjYzqYVhTCgXWYhGSkv7BuKGEU DOGE DF1eTJ2vsxjHpmmbKu9jpqsrg5uyQLWksM CAP F1MzvmmHwP2UhFq82NQT7qDU9NQ8oQbtkQ
|
|
|
Flowz
Member
Offline
Activity: 114
Merit: 10
Bitcoin = Money for the people, by the people.
|
|
June 17, 2012, 08:42:28 PM |
|
I read a part of it, I enjoyed it. Will read further tomorrow! Good job.
|
|
|
|
ThePiachu (OP)
|
|
June 17, 2012, 08:48:41 PM |
|
I think you described a regular double spend attack, where is Finney attack involves pre-mined block, and it is not detectable.
Yeah, now that I reflect on it for a long while I believed that Finney attack is a double-spend attack, and that there are just two variations of it, which made things a bit confusing. sure. but when you're explaining how Bitcoin works to an average Joe, its much simpler to say it it based on math where 2+2 always equals 4.
try explaining it using "cryptography". the discussion all of a sudden gets way more complicated to the point of the listener giving up.
Well, it's not an article aimed at general public, but rather people that know a bit about computer science, or want to know more and are ready to look into some things they have doubts with. This kinda reminds me of this article: http://blogs.discovermagazine.com/badastronomy/2011/10/19/scientists-are-from-mars-the-public-is-from-earth/I shall be reading this Where is the accompanying CD? The accompanying CD is in my school's archive, and with three other printed copies of the thesis. As I said in the original post, I'll upload its contents eventually (it's mainly a lot of code in Google Go, a bit messy).
|
|
|
|
|