CS6262 Lecture 15 - New and Alternative Cryptocurrencies

In Bitcoin, what must a valid transaction include besides the transaction information?

It must include a signature signed by the owner’s private key

Why is key management critical in Bitcoin?

Because losing or compromising the private key results in losing access to all associated bitcoins

How can storing your private key on a computer or phone be risky?

If the device is lost or compromised, all bitcoins associated with that key can be lost or stolen

In Bitcoin, what does your public key represent?

It serves as your ID or address in Bitcoin

How does an attacker steal bitcoins if they obtain your private key?

They can claim ownership of the associated public key and transfer the bitcoins to an address they control

What is a hot Bitcoin wallet?

A wallet connected to the internet

What is a cold Bitcoin wallet?

A wallet stored offline

What is the main advantage and disadvantage of hot storage for Bitcoin keys?

Convenience but less security

What is the main advantage and disadvantage of cold storage for Bitcoin keys?

Strong security but less convenience

How can users balance security and convenience when managing Bitcoin keys?

Use cold storage for long-term funds and hot storage for daily use

Why do hot and cold storage require separate keys when transferring coins between them?

To ensure cold storage remains secure even if hot storage is compromised

Why might a user want to receive each Bitcoin at a separate address?

For privacy and security

What is a simple method for the hot side to learn new addresses from the cold side?

The cold side generates a batch of addresses and periodically sends them

What is a better solution than manually sending addresses from cold to hot storage?

Use a hierarchical wallet to manage addresses automatically

Which digital signature scheme used by Bitcoin supports hierarchical key generation?

Elliptic curve digital signature scheme

How does the cold side manage hierarchical keys?

It stores private key information and sends address generation information to the hot side once

How does the hot side use hierarchical key generation information?

It derives new addresses sequentially when needed

How does the cold side check for received coins?

By generating addresses sequentially and checking the blockchain

What are some ways to keep cold storage safe?

Encrypt with a passphrase, print to paper, or use a tamperproof device

What is the primary function of a Bitcoin exchange?

Accept deposits, facilitate transfers, and allow buying and selling of bitcoins

What minimum requirement should Bitcoin exchanges meet to assure customers?

Hold a fraction of deposits in reserve

What is the goal of proof of reserve for Bitcoin exchanges?

To show customers that the exchange holds the bitcoins it claims

How can an exchange prove the amount of reserve it is holding?

By publishing a valid payment-to-self transaction of the claimed reserve

What is the purpose of constructing a Merkle tree in a Bitcoin exchange?

To prove how many deposits the exchange holds

How does a Merkle tree help verify the total value of user deposits?

Each node holds the sum of values in its subtree and the root shows total deposits

How can a customer verify that their deposit is included correctly in a Merkle tree?

The exchange provides a path to the root for user verification

What does the root value of the Merkle tree represent?

Total customer deposits or liabilities

How does a Bitcoin exchange prove its reserve fraction?

By proving it has X in reserve and users have at most Y deposited

What does anonymity literally mean?

Without a name

In Bitcoin, what acts as a user's ID?

An address derived from a public key hash

What is pseudonymity in Bitcoin?

Using a public-key-based address instead of a real identity

What is unlinkability in Bitcoin?

Making it difficult to link multiple transactions to the same user

Why is it recommended to use a fresh address for each transaction?

To reduce linkability between transactions and addresses

What happens when a transaction uses input from multiple addresses?

The addresses become linked as controlled by the same user

How can an attacker link Bitcoin addresses to the same user?

By analyzing multi-input transactions and change addresses

How might a Bitcoin address reveal a user’s real identity?

If the address is used through a regulated provider or published publicly

What is CoinJoin?

A decentralized mixing technique combining multiple users’ inputs into a single transaction

What is the goal of a CoinJoin transaction?

To make linking inputs and outputs difficult for observers

How are signatures handled in a CoinJoin transaction?

Each signature is independent for each input

What must each participant verify before signing a CoinJoin transaction?

That their correct output address and amount is included

What can attackers see from a CoinJoin transaction?

Inputs and outputs but not their mapping

What is the first step in creating a CoinJoin transaction?

Participants find peers who want to mix coins

How must participants exchange addresses for CoinJoin?

Through an anonymous communication method such as Tor

How can Bitcoin be used for secure timestamping?

By proving knowledge of data at time t without revealing the data

What does publishing a cryptographic hash of a value signify?

A commitment to the value without revealing it

Why is a cryptographic hash function suitable for timestamping?

It is one-way and collision-resistant

What is OP_RETURN in Bitcoin?

An instruction that embeds data in a transaction output

How many bytes can OP_RETURN store?

80 bytes

Why is 80 bytes sufficient for timestamping?

It can hold a hash such as SHA-256

How do websites batch timestamp requests using Bitcoin?

They combine commitments into a Merkle tree and publish the root

What is an overlay currency in Bitcoin?

A new currency built on Bitcoin that uses its blockchain but adds its own logic

Why doesn’t Bitcoin validate overlay currency rules?

Miners only validate according to the Bitcoin protocol

Why don’t overlay currencies need a new consensus protocol?

They rely on Bitcoin’s blockchain for ordering and security

What can developers focus on when building an overlay currency?

New functionality such as smart contracts