Bitcoin and Cryptocurrencies – Princeton

The course can be found on Coursera. I thought that it was really a rather good introduction to the subject. Though bear in mind that some of the content may seem a little dated, given that it was released long before the crypto boom.

1. Bitcoin Theory

Hash functions

• A hash function takes any string as an input, and maps it to a finite output, e.g 256 bytes. Essential properties:

Prediction markets

• In bitcoin we can implement a mechanism to bet or hedge on certain results using smart contracts.
• In theory, a prediction market should reveal all of the current public information.
• To make a decentralised prediction market, we need:
• decentralised payment and enforcement
• decentralised arbitration
• decentralised order book
• Decentralised payment and enforcement can be dealt with by using escrow transactions.
• We have no real way of improving over the current arbitration scheme – we still need a trusted party to arbitrate
• A centralised order book gives the opportunity for book makers to profit off the spread. We can change this by just giving the whole spread to the miner, which neutralises front-running.

7. Altcoins

Alternative mining puzzles

Requirements for a mining puzzle:

• cheap to verify
• chance of winning proportional to hash power, but even small players can be compensated

ASIC resistant puzzles

• We might want ASIC resistant mining puzzles, in order to reduce oligopolies etc.
• One strategy is to use memory-hard puzzles. Computer memory (RAM) has grown exponentially, but not as fast as processor speed. Therefore it levels the playing field.
• e.g scrypt:
• constant time/memory tradeoff, meaning that it can be computed with a smaller amount of memory at the cost of time.
• scrypt is used in Litecoin.
• scrypt starts by filling a large block of memory with random value, where each memory entry is the hash of the previous one. Then, we read the values in a pseudorandom order, XORing and hashing as we go. The output is the result after N iterations.
• the problem is that checking also requires N steps and N memory.
• e.g cuckoo hash cycles:
• we have N nodes, and draw a line between two nodes cased on hashing an input X plus some i. We then ask if there is a cycle of size K, which is memory-hard.

Proof of useful work

• Any work would have to be useful to the public and not the individual, otherwise it would equally promote attempted subversion.
• It would be good if all the computational effort could be used for something that benefitted the public, like solving the problem of protein folding, but it is difficult to make these conform to the puzzle requirements.

Proof of stake

• Instead of mining with hardware, you mine by using the money that you would have spent on mining directly on the system. ‘Mining’ is sending money to a special address, then the system will distribute a reward based on the amount sent.
• It is a form of virtual mining.
• Lower overall costs, and no harm to the environment.
• Stakeholders should have an interest in the stability of the currency.
• POS reduces the risk of a 51% attacker, because you can’t just create hash power with fiat currency, you must first buy into the crypto.
• Variations of virtual mining:
• a proof of stake where the stake grows as a coin is unused – incentive to hold currency
• proof of burn: when mining, you send coins to an unspendable address.
• proof of deposit: you ‘deposit’ a coin (temporarily unable to spend it).
• proof of activity: you have to be online to receive

Some altcoins

• Namecoin, a decentralised replacement for the domain name system:
• to maintain a domain, you send a Namecoin to the network.
• a transaction transfers ownership of a domain and namecoins
• Litecoin, one of the largest alternatives (‘silver to bitcoin’s gold’).
• memory hard mining puzzle
• 4x faster block rate compared to BTC.
• Peercoin, which is a hybrid between proof-of-stake and proof-of-work
• you can mine by spending stake or by solving puzzles, but only the former will write onto the blockchain.
• peercoin admins regularly publish ‘checkpoints’ with their special public key. Good for safety, but not decentralised.
• Dogecoin, which has random block rewards
• light-hearted culture oriented towards tipping and charity
• the random block reward implementation was flawed, because the block bonus was a function of the previous block hash. Miners know the next reward and can switch their resources to mining another altcoin if the reward is low.

Metric for comparing altcoins

• Market cap (price * number of coins)
• overestimate, because you can’t sell without moving the price
• doesn’t account for lost coins
• Exchange volume
• this can be moved deliberately by people changing coins between accounts
• Total hashpower
• Merchant support

Interaction between bitcoin and altcoins

• A small mining pool on a large network can use their hash power to demolish an altcoin.
• e.g CoiledCoin was killed by a mining pool – they mined blocks that reversed transactions, or blocks that were blank.
• Merge mining is when computations for one coin are also valid attempts for another coin. This is typically done by putting altcoin data into the bitcoin scriptSig field.
• Atomic cross chain swaps:
• at the start, A and B sign refunds
• for A to receive B’s coin, she needs to reveal x before time t + 1.
• if B learns x before time t + 2, he can take A’s coin.
• either both transactions complete, or neither do.

8. The future of the blockchain and Bitcoin

The blockchain as a vehicle for decentralisation

• Smart property, e.g car ownership
• A car is controlled by a cryptographic key pair. It has the public key hard coded, and can be activated by sending a message to it that is signed by the private key.
• We can improve this by saying that the public key of the car is not just any public key, but the public key that is the receiving address of some bitcoin transaction. This means that you can sign ownership of the car over to someone else.
• Representation and atomicity are the two major considerations regarding decentralisation – can we represent an arbitrary statement/transaction, and can we ‘couple’ each party to guarantee security.

Ways that you can use the blockchain

• Use it directly, e.g with multisigs etc
• easy to deploy
• limited representation and atomicity, or at least tedious atomicity.
• Using a block’s history (coloured coins).
• more complex representations possible
• we get the security of the bitcoin blockchain
• limited atomicity
• some people say that this puts unwanted bagging in the blockchain
• Merge mined side chains
• avoids polluting the blockchain
• Alternate platforms such as Ethereum.

What can be decentralised?

• Purely digital things:
• storage
• lotteries
• paying someone to prove that they know an x such that H(x) = c.
• Things that can be represented digitally:
• real world currency
• stocks
• Complex contracts:
• e.g interesting financial derivatives

Is decentralisation a good idea?

• Decentralisation is basically an alternative to existing legal, social, and financial institutions.
• Security is made up of preventive, detective, and corrective controls.
• Most real world security relies on the latter two: strong law enforcement.
• With cryptocurrencies, there is a lot of emphasis on the preventive controls.
• Dispute mediation is arguably better off with a centralised authority like a judge.