On the Scalability and Security of Bitcoin - Volume 25

Since its inception in late 2008, Bitcoin has enjoyed a rapid growth, both in value and in the number of transactions. Its success is mostly due to innovative use of a peer-to-peer network to implement all aspects of a currency's lifecycle - from creation to its transfer between users. Bitcoin offers cash-like transactions that are near-instantaneous and non-refundable, while at the same time allowing truly global transactions, processed at the same speed as local ones. It offers a public transaction history, enabling trustless auditability, and it introduces many new and innovative use-cases such as smart property, micropayments, contracts, and escrow transactions for dispute mediation.However, the same features that make Bitcoin attractive for its end-users are also its main limitations. Its decentralized nature limits the number of transactions and the speed at which transactions can be performed and confirmed. The problem with the slow confirmations is compounded with the semantics of the confirmations which are not final, requiring multiple confirmations and further delaying acceptance of a transaction.In the first part of this book we analyze whether the current Bitcoin protocol scales and what the scalability limits are. We find that Bitcoin does not scale, because its synchronization mechanism, the blockchain, limits the maximum rate of transactions the network can process. In order to address the scalability problem we propose Duplex Micropayment Channels, which increase the rate at which Bitcoin transfers can be performed by several orders of magnitude, by moving the transfers off the blockchain and using the blockchain solely for dispute mediation.Another form of scalability problem is the fact that more and more blockchain based applications are being created, each with their own small isolated blockchain, and vulnerable to attacks. We present PeerCensus, a subsystem that acts as a certification authority, manages peer identities in a peer-to-peer network and does not store application specific data in the blockchain. Using PeerCensus, any number of applications can share a single blockchain, decoupling confirmations from block generation rate and enhancing Bitcoin and similar systems with strong consistency.Being a relatively new technology, Bitcoin has a number of new security challenges and innovative properties. We analyze these properties and challenges in the second part of the thesis. The first novel property is that the transaction history, in the form of the blockchain, is public and accessible by anyone. Making use of the open nature of the blockchain, we were able to dispell claims by MtGox, once the world's largest Bitcoin exchange, that a bug in the Bitcoin protocol was used in a large scale attack to defraud them. We then use the blockchain to build a prototype of an audit protocol that allows a fiduciary, such as a Bitcoin exchange, to demonstrate that its assets cover its liabilities, without resorting to trusted third parties.Bitcoin also shifts the responsibility of managing and securing funds from a trusted third party to the end-user, which may not have the necessary tools to protect her funds. We show how a merchant may accept fast-payments, i.e., transactions without waiting for confirmations, with reasonable security against doublespending attacks by observing how transactions propagate in the network. Finally, we present a prototype of a secure device that stores private keys in tamper resitant storage and allows the user to independently verify a payment before authorizing it.