A Shallow Dive Into Bitcoin’s Blockchain Part 2 - Transactions
In the previous article, we discussed consensus in the Bitcoin network.
We said that there is an extra bit of security that prevents bad actors from getting funds from someone else’s wallet. This will be explained in this article.
Funds are kept in digital wallets. Or I should rather say tracked by digital wallets. There is a common misconception that your coins are stored in your wallet. Coins (or should rather say numbers) are actually stored into the blockchain in form of transactions; transactions that are created by digital wallets.
Digital wallets are nothing but a piece of code that tracks and calculates the owner’s balance by scanning transactions within the blocks of the blockchain.
One of the main wallets’ functionalities is to sign transactions on behalf of its owner.
They are a bit like real-world signatures, but much stronger. Digital signatures can:
- Prove that the owner of an account is the only one who authorized the spending of its funds
- Proof of authorization is undeniable (non-repudiation)
- Prove that the transaction has not and cannot be modified by anyone after it has been signed
Private/public keys and bitcoin addresses
To achieve this, each account owner in the network has to create a public/private key pair. They are considered a “pair” because the public key is derived from the private key. Your private key is nothing more but a number! A 256-bit number between 0–2²⁵⁶(remember in the digital world everything is represented in bits). That’s a huge range of numbers, which makes it statistically infeasible for 2 people getting the same keys (there are 10⁷⁷ keys available).
These keys are based on mathematical functions that have a special property: it is easy to calculate them, but hard to calculate their inverse.
A public key is a mathematical result of its associated private key. And even if you know the mathematical function that created it, you can’t infer its private key.
It’s good to mention here that your Bitcoin address is derived from your public key through the use of a one-way cryptographic hash. Your address is the way to transact with the rest of the bitcoin owners. It just represents the destination where bitcoins need to be sent.
The way you create your private key though is super important. You would never choose the number 1 as your private key. That’s too dangerous! Anyone, using the same mathematical functions, can infer a bitcoin address from a private key. And if that bitcoin address owns coins, they can easily be stolen.
In fact, if you run a script that tries every number (private key), counting from the number 1 to 100,000, you will find (in some seconds) dozens of usable bitcoin addresses! In order to find if an address is usable (an address owning some coins in the bitcoin network), one has to iterate through the entire blockchain and if a reference to that account is found, Boom! One can steal all the coins from it using that weakly generated number (private key).
In fact, the bitcoin address derived from the private key number 1 is usable: 1EHNa6Q4Jz2uvNExL497mE43ikXhwF6kZm.
If you click the link you will see that whatever comes into this address is withdrawn within a few seconds! As soon as money comes in, someone can quickly create a transaction (using his own address as the destination), sign it with the private key number 1, and propagate it to the rest of the network!
Great! Why don’t just everyone do the same then?
The reason is that checking all possible private key numbers is a very difficult task. For example, it would require about 3×10⁵¹ years for fifty supercomputers (that check a quintillion keys per second!) to exhaust the whole 2²⁵⁶ keyspace.
Poor private key generation algorithms
Some wallets used to create private keys (essentially numbers) using passwords provided by humans. Hackers, however, can easily check weak or commonly used passwords pretty quickly (this range is much smaller).
Examples of accounts with stolen private keys (derived from weak passwords):
asd — 1G4Mt5JLtrdj4hM6MkyaQpHmZzVoojLFX3
cat — 162TRPRZvdgLVNksMoMyGJsYBfYtB4Q8tM
hello — 1HoSFymoqteYrmmr7s3jDDqmggoxacbk37
password — 16ga2uqnF1NqpAuQeeg7sTCAdtDUwDyJav
test — 1HKqKTMpBTZZ8H5zcqYEWYBaaWELrDEXeE
fuckyou — 1LdgTMX2MEqdfT3VcDpX4GyD1mqCP8LkYe
1–12AKRNHpFhDSBDD9rSn74VAzZSL3774PxQ
icecream — 1CwjHYsPUc4Du8dx7AkdBJj4ebWC8bxkF3
alfanumerico — 19JsLFDRxuTsAjapE79FgoVNdNdB2hNU5M
[empty string] — 1HZwkjkeaoZfTSaJxDw6aKkxp45agDiEzN
Digital signatures
The process of signing transactions involves a mathematical function that depends both on the message (the transaction details), and your private key.
sign(message, private key) = signature
The result is a signature that can be verified using your public key and the message (the transaction details).
verify(message, signature, public key) = [true or false]
All 3 together, private, public keys and signatures are mathematically correlated.
The verification process determines beyond doubt that the transaction could have only come from someone with the private key that corresponds to their public key. Thus all participants of the network receiving a transaction are sure that it could have only been approved by the private key owner!
The owner can also be sure that nobody can alter the signed parts of his transaction. That’s because a simple change would invalidate his transaction and thus dropped by all network participants.
The Importance of Randomness in Signatures
Focusing on weak random number generators used for transactions, hackers can still gain control of an address’s coins.
The mathematical basis used to create the signature of a message uses a random number (see formula below). If the same random number is used to sign two different messages (transactions), then someone, using the two resulted signatures can extract the private key number.
The mathematical formula generating a signature is calculated this way:
S = k-1 (Hash(m) + dA * R) mod p
where:
k is the random number
R is the x coordinate derived form the random number k
dA is the signing private key
m is the transaction data
p is the prime order of the elliptic curve
People actually had funds stolen because of the inadvertent reuse of this random number.
To avoid this vulnerability, wallets have to follow the industry-standard algorithm for deterministic initialization of this random number as defined in RFC 6979.
Now that you’ve got all the necessary details in mind let’s go through the journey of a transaction:
- Your wallet is an application that serves as a user interface. It shows your balance and asks your permission when sending money. In order to do that it tracks your incoming and outgoing transactions, sums up your spendable money and creates and signs transactions on your behalf.
- You start by specifying the amount and destination address of a bitcoin owner. Based on this info, your wallet constructs a transaction (as per the Bitcoin protocol) and signs it with your private key.
- Your wallet starts broadcasting your new transaction (containing transaction details, the signature and the public key) to the Bitcoin Network through its immediate peers, who hand it to their peers, etc. In a few seconds, the entire network has verified and passed on your transaction to every other node on the Bitcoin network.
4. Every participant on the network that receives your transaction checks its validity. They check whether the signature is okay, if there are any errors, whether you are trying to perform a double-spend, etc. If your transaction fails any of the criteria, it is ignored by the participant entirely. Otherwise, the participant keeps your transaction in a temporary memory called mempool.
5. Transactions with a fee less than minrelaytxfee variable (0.00001 bitcoin) are treated as free and are only relayed if there is space in the mempool; otherwise, they are dropped. If the fee attached is smaller than the average competing transactions’ fee (normally calculated by your wallet but you can also specify the fees) miners/mining pools will give your transaction lower priority when creating a block.
6. Eventually, your transaction reaches the mining pools and the wallet of the recipient of your transaction. The latter will see the new transaction in their wallets and store a copy of it indefinitely, but it will appear as zero confirmations. Mining pools construct a candidate block by aggregating transactions off the mempool. Depending on your fee, they will eventually include yours in a future block.
7. The pool splits the work of searching for the nonce that satisfies the block’s difficulty level to its pool miners. The miners don’t know anything about your transaction. Their job is to crunch numbers, not to check for block validity, as that’s a task for the pool.
8. Eventually, your transaction is included in a block that gets solved. It gets broadcasted through the Bitcoin network and everyone stores it to their local blockchain(s) (if there are transaction conflicts they will fork their existing blockchain and keep both chains of blocks). Now your transaction has one confirmation (one valid block accepted by the network).
9. The block creation process continues, and as more and more blocks build on top of the block where your transaction is included, it gains more confirmations. When it reaches 6 or more confirmations, it is considered to be fully confirmed. The more confirmations elapse, the harder it becomes to invalidate a transaction with an attack.
Transactions are much more complicated structures. They look very different behind the scenes. They have inputs and outputs which are being accompanied by scripts that lock and unlock the values of bitcoin.
But that’s for another article; a deeper dive into transactions. :)
Follow me on social media:
