SoK: Research Perspectives and Challenges for Bitcoin and Cryptocurrencies

Bit coin has emerged as the most successful cryptographic currency in history. Within two years of its quiet launch in 2009, Bit coin grew to comprise billions of dollars of economic value despite only cursory analysis of the system's design. Since then a growing literature has identified hidden-but-important properties of the system, discovered attacks, proposed promising alternatives, and singled out difficult future challenges. Meanwhile a large and vibrant open-source community has proposed and deployed numerous modifications and extensions. We provide the first systematic exposition Bit coin and the many related crypto currencies or 'altcoins.' Drawing from a scattered body of knowledge, we identify three key components of Bit coin's design that can be decoupled. This enables a more insightful analysis of Bit coin's properties and future stability. We map the design space for numerous proposed modifications, providing comparative analyses for alternative consensus mechanisms, currency allocation mechanisms, computational puzzles, and key management tools. We survey anonymity issues in Bit coin and provide an evaluation framework for analyzing a variety of privacy-enhancing proposals. Finally we provide new insights on what we term disinter mediation protocols, which absolve the need for trusted intermediaries in an interesting set of applications. We identify three general disinter mediation strategies and provide a detailed comparison.

[1]  J. Neumann,et al.  Theory of Games and Economic Behavior. , 1945 .

[2]  J. Nash NON-COOPERATIVE GAMES , 1951, Classics in Game Theory.

[3]  A. Rapoport,et al.  The Game of Chicken , 1966 .

[4]  David Chaum,et al.  Blind Signatures for Untraceable Payments , 1982, CRYPTO.

[5]  Amos Fiat,et al.  Untraceable Electronic Cash , 1990, CRYPTO.

[6]  Tatsuaki Okamoto,et al.  Universal Electronic Cash , 1991, CRYPTO.

[7]  Moni Naor,et al.  Pricing via Processing or Combatting Junk Mail , 1992, CRYPTO.

[8]  Marvin A. Sirbu,et al.  NetBill: an Internet commerce system optimized for network-delivered services , 1995, IEEE Wirel. Commun..

[9]  Adi Shamir,et al.  PayWord and MicroMint: Two Simple Micropayment Schemes , 1996, Security Protocols Workshop.

[10]  Nick Szabo,et al.  Formalizing and Securing Relationships on Public Networks , 1997, First Monday.

[11]  Berry Schoenmakers,et al.  Security Aspects of the EcashTM Payment System , 1997, State of the Art in Applied Cryptography.

[12]  Stuart G. Stubblebine,et al.  Publicly Verifiable Lotteries: Applications of Delaying Functions , 1998, Financial Cryptography.

[13]  Amnon Ta-Shma,et al.  Auditable, anonymous electronic cash , 1999 .

[14]  Moti Yung,et al.  Blind, Auditable Membership Proofs , 2000, Financial Cryptography.

[15]  Richard M. Karp,et al.  Randomized rumor spreading , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[16]  Adam Back,et al.  Hashcash - A Denial of Service Counter-Measure , 2002 .

[17]  Emin Gün Sirer,et al.  KARMA : A Secure Economic Framework for Peer-to-Peer Resource Sharing , 2003 .

[18]  Ben Laurie,et al.  \Proof-of-Work" Proves Not to Work , 2004 .

[19]  Ronald L. Rivest,et al.  Peppercoin Micropayments , 2004, Financial Cryptography.

[20]  Jan Camenisch,et al.  Compact E-Cash , 2005, EUROCRYPT.

[21]  Michael Okun Agreement Among Unacquainted Byzantine Generals , 2005, DISC.

[22]  J. Aspnes,et al.  Exposing Computationally-Challenged Byzantine Impostors , 2005 .

[23]  Vijay S. Pande,et al.  Folding@Home and Genome@Home: Using distributed computing to tackle previously intractable problem , 2009, 0901.0866.

[24]  Burton Rosenberg,et al.  Handbook of Financial Cryptography and Security , 2010 .

[25]  Róbert Párhonyi,et al.  Micropayment Systems , 2010, Handbook of Financial Cryptography and Security.

[26]  Meni Rosenfeld,et al.  Analysis of Bitcoin Pooled Mining Reward Systems , 2011, ArXiv.

[27]  B. Laurie Decentralised Currencies Are Probably Impossible But Let ’ s At Least Make Them Efficient , 2011 .

[28]  Reuben Grinberg Bitcoin: An Innovative Alternative Digital Currency , 2011 .

[29]  B. Laurie An Efficient Distributed Currency , 2011 .

[30]  Sunny King,et al.  PPCoin: Peer-to-Peer Crypto-Currency with Proof-of-Stake , 2012 .

[31]  Jeremy Clark,et al.  CommitCoin: Carbon Dating Commitments with Bitcoin - (Short Paper) , 2012, Financial Cryptography.

[32]  Ghassan O. Karame,et al.  Double-spending fast payments in bitcoin , 2012, CCS.

[33]  Jörg Becker,et al.  Can We Afford Integrity by Proof-of-Work? Scenarios Inspired by the Bitcoin Currency , 2012, WEIS.

[34]  Elaine Shi,et al.  Bitter to Better - How to Make Bitcoin a Better Currency , 2012, Financial Cryptography.

[35]  Aviv Zohar,et al.  On bitcoin and red balloons , 2012, EC '12.

[36]  M. Rosenfeld Overview of Colored Coins , 2013 .

[37]  George Danezis,et al.  Pinocchio coin: building zerocoin from a succinct pairing-based proof system , 2013, PETShop '13.

[38]  Michael Bedford Taylor,et al.  Bitcoin and the age of Bespoke Silicon , 2013, 2013 International Conference on Compilers, Architecture and Synthesis for Embedded Systems (CASES).

[39]  Ghassan O. Karame,et al.  Evaluating User Privacy in Bitcoin , 2013, Financial Cryptography.

[40]  Aviv Zohar,et al.  Accelerating Bitcoin's Transaction Processing. Fast Money Grows on Trees, Not Chains , 2013, IACR Cryptol. ePrint Arch..

[41]  Malte Möser,et al.  An inquiry into money laundering tools in the Bitcoin ecosystem , 2013, 2013 APWG eCrime Researchers Summit.

[42]  Christian Decker,et al.  Information propagation in the Bitcoin network , 2013, IEEE P2P 2013 Proceedings.

[43]  Lear Bahack,et al.  Theoretical Bitcoin Attacks with less than Half of the Computational Power (draft) , 2013, IACR Cryptol. ePrint Arch..

[44]  Tyler Moore,et al.  Beware the Middleman: Empirical Analysis of Bitcoin-Exchange Risk , 2013, Financial Cryptography.

[45]  Nicolas Christin,et al.  Traveling the silk road: a measurement analysis of a large anonymous online marketplace , 2012, WWW.

[46]  Matthew Green,et al.  Zerocoin: Anonymous Distributed E-Cash from Bitcoin , 2013, 2013 IEEE Symposium on Security and Privacy.

[47]  Christian Decker,et al.  Have a snack, pay with Bitcoins , 2013, IEEE P2P 2013 Proceedings.

[48]  Eli Ben-Sasson,et al.  SNARKs for C: Verifying Program Executions Succinctly and in Zero Knowledge , 2013, CRYPTO.

[49]  S A R A H M E I K L E J O H N,et al.  A Fistful of Bitcoins Characterizing Payments Among Men with No Names , 2013 .

[50]  Joshua A. Kroll,et al.  The Economics of Bitcoin Mining, or Bitcoin in the Presence of Adversaries , 2013 .

[51]  Stefan Savage,et al.  Botcoin: Monetizing Stolen Cycles , 2014, NDSS.

[52]  Tyler Moore,et al.  Game-Theoretic Analysis of DDoS Attacks Against Bitcoin Mining Pools , 2014, Financial Cryptography Workshops.

[53]  Tyler Moore,et al.  Empirical Analysis of Denial-of-Service Attacks in the Bitcoin Ecosystem , 2014, Financial Cryptography Workshops.

[54]  Pedro Moreno-Sanchez,et al.  CoinShuffle: Practical Decentralized Coin Mixing for Bitcoin , 2014, ESORICS.

[55]  Jeremy Clark,et al.  Mixcoin: Anonymity for Bitcoin with Accountable Mixes , 2014, Financial Cryptography.

[56]  Pieter Wuille,et al.  Enabling Blockchain Innovations with Pegged Sidechains , 2014 .

[57]  Nicolas Courtois,et al.  On The Longest Chain Rule and Programmed Self-Destruction of Crypto Currencies , 2014, ArXiv.

[58]  Eli Ben-Sasson,et al.  Zerocash: Decentralized Anonymous Payments from Bitcoin , 2014, 2014 IEEE Symposium on Security and Privacy.

[59]  Nicolas Courtois,et al.  Optimizing SHA256 in Bitcoin Mining , 2014, CSS.

[60]  Jordi Herrera-Joancomartí,et al.  Research and Challenges on Bitcoin Anonymity , 2014, DPM/SETOP/QASA.

[61]  Iddo Bentov,et al.  Proof of Activity: Extending Bitcoin's Proof of Work via Proof of Stake [Extended Abstract]y , 2014, PERV.

[62]  Joseph J. LaViola,et al.  Byzantine Consensus from Moderately-Hard Puzzles : A Model for Bitcoin , 2014 .

[63]  Marcin Andrychowicz,et al.  Secure Multiparty Computations on Bitcoin , 2014, 2014 IEEE Symposium on Security and Privacy.

[64]  Cristina Pérez-Solà,et al.  The Bitcoin P2P Network , 2014, Financial Cryptography Workshops.

[65]  Emin Gün Sirer,et al.  Majority Is Not Enough: Bitcoin Mining Is Vulnerable , 2013, Financial Cryptography.

[66]  Brian Neil Levine,et al.  Sybil-Resistant Mixing for Bitcoin , 2014, WPES.

[67]  John Tromp,et al.  Cuckoo Cycle: a memory-hard proof-of-work system , 2014, IACR Cryptol. ePrint Arch..

[68]  David Schwartz,et al.  The Ripple Protocol Consensus Algorithm , 2014 .

[69]  Joshua A. Kroll,et al.  On Decentralizing Prediction Markets and Order Books , 2014 .

[70]  Ghassan O. Karame,et al.  Is Bitcoin a Decentralized Currency? , 2014, IEEE Security & Privacy.

[71]  Iddo Bentov,et al.  How to Use Bitcoin to Design Fair Protocols , 2014, CRYPTO.

[72]  Daniel Davis Wood,et al.  ETHEREUM: A SECURE DECENTRALISED GENERALISED TRANSACTION LEDGER , 2014 .

[73]  Jae Kwon,et al.  Tendermint : Consensus without Mining , 2014 .

[74]  Elaine Shi,et al.  Authenticated data structures, generically , 2014, POPL.

[75]  Rainer Böhme,et al.  Towards Risk Scoring of Bitcoin Transactions , 2014, Financial Cryptography Workshops.

[76]  Elaine Shi,et al.  Permacoin: Repurposing Bitcoin Work for Data Preservation , 2014, 2014 IEEE Symposium on Security and Privacy.

[77]  Ghassan O. Karame,et al.  On the privacy provisions of Bloom filters in lightweight bitcoin clients , 2014, IACR Cryptol. ePrint Arch..

[78]  Aron Laszka,et al.  When Bitcoin Mining Pools Run Dry - A Game-Theoretic Analysis of the Long-Term Impact of Attacks Between Mining Pools , 2015, Financial Cryptography Workshops.

[79]  Elaine Shi,et al.  Nonoutsourceable Scratch-Off Puzzles to Discourage Bitcoin Mining Coalitions , 2015, CCS.

[80]  Rainer Böhme,et al.  Trends, Tips, Tolls: A Longitudinal Study of Bitcoin Transaction Fees , 2014, Financial Cryptography Workshops.

[81]  Ittay Eyal,et al.  The Miner's Dilemma , 2014, 2015 IEEE Symposium on Security and Privacy.

[82]  A. Narayanan,et al.  Securing Bitcoin wallets via a new DSA / ECDSA threshold signature scheme , 2015 .

[83]  Aggelos Kiayias,et al.  The Bitcoin Backbone Protocol: Analysis and Applications , 2015, EUROCRYPT.

[84]  Eli Ben-Sasson,et al.  Secure Sampling of Public Parameters for Succinct Zero Knowledge Proofs , 2015, 2015 IEEE Symposium on Security and Privacy.

[85]  A. Poelstra Distributed Consensus from Proof of Stake is Impossible , 2015 .

[86]  Alex Biryukov,et al.  Bitcoin over Tor isn't a Good Idea , 2014, 2015 IEEE Symposium on Security and Privacy.

[87]  Marcin Andrychowicz,et al.  On the Malleability of Bitcoin Transactions , 2015, Financial Cryptography Workshops.

[88]  Luke Valenta,et al.  Blindcoin: Blinded, Accountable Mixes for Bitcoin , 2015, Financial Cryptography Workshops.

[89]  Simon Josefsson,et al.  The scrypt Password-Based Key Derivation Function , 2016, RFC.