Bitcoin for Nonmathematicians Exploring the Foundations of Crypto Payments Slava Gomzin Universal-Publishers Boca Raton Bitcoin for Nonmathematicians: Exploring the Foundations of Crypto Payments Copyright © 2016 Slava Gomzin All rights reserved No part of this book may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without written permission from the publisher Universal-Publishers Boca Raton, Florida • USA 2016 ISBN-10: 1-62734-071-8 ISBN-13: 978-1-62734-071-7 www.universal-publishers.com Publisher’s Cataloging-in-Publication Data Names: Gomzin, Slava Title: Bitcoin for nonmathematicians : exploring the foundations of crypto payments / Slava Gomzin Description: Boca Raton, FL : Universal Publishers, 2016 | Includes bibliographical references and index Identifiers: LCCN 2016930001 | ISBN 978-1-62734-071-7 (pbk.) Subjects: LCSH: Bitcoin | Money | Electronic commerce | Mobile commerce | Cryptography Data processing | Data encryption (Computer science) | BISAC: BUSINESS & ECONOMICS / Money & Monetary Policy | BUSINESS & ECONOMICS / E-Commerce / General | COMPUTERS / Electronic Commerce | COMPUTERS / Security / Cryptography Classification: LCC HF5548.32 G659 2016 (print) | DDC: 332.4 dc23 To Svetlana and our daughters Alona, Aliza, and Arina About the Author Slava Gomzin is Director of Information Security at PCCI (Parkland Center for Clinical Innovation), a nonprofit research and development corporation delivering real time predictive analytics solutions Slava is also the author of Hacking Point of Sale: Payment Application Secrets, Threats, and Solutions (Wiley, 2014), and has written many articles on payment security and technology Prior to joining PCCI, Slava was a security and payments technologist at Hewlett-Packard, where he helped create products that are integrated into modern payment processing ecosystems Before HP, he worked as a security architect, corporate product security officer, and R&D and application security manager at Retalix, a division of NCR Retail As PCI ISA, he focused on security and PA-DSS, PCI DSS, and PCI P2PE compliance of POS systems, payment applications, and gateways Slava currently holds CISSP, PCIP, ECSP, and Security+ certifications He blogs about information security and technology at www.gomzin.com Credits Technical Editor Ken Westin Copy Editor Adaobi Obi Tutton Foreword Doug McClellan Publisher & CEO Jeff Young Photo Svetlana Gomzin Production Editor Christie Mayer Cover Design Ivan Popov Acknowledgments Writing a book is not easy and cannot succeed without help from other people First of all, I would like to thank Carol Long for convincing me to start writing another book right after the previous one was published And thanks to Jeff Young for bringing this project to reality Also, I would like to thank my ex-coworkers from HP, especially David White for his support and interest in such a controversial topic Thanks to Ken Westin for his enthusiastic support and contribution Thanks also go to VentureBeat editor, Morwenna Marshall, for the opportunity to share my ideas with a wider audience Thanks to Adaobi Obi Tulton for another great editorial effort Special thanks to Doug McClellan for his bright and sincere foreword And finally, I want to thank my wife, Svetlana, for her continuous support and understanding Contents at a Glance Foreword by Doug McClellan Introduction Part I From Coins to Crypto Chapter Traditional Money Chapter Digital Gold Chapter Centralized Digital Payments Chapter Cryptocurrencies Part II Bitcoin Cryptography Chapter Types of Encryption Chapter RSA Step by Step Chapter How Elliptic Curves Work Bonus Chapter Experimenting with the Code References Index Contents Foreword by Doug McClellan Introduction Part I From Coins to Crypto Chapter Traditional Money Commodities versus Gold Payment Cards Mobile Payments From Coins to Crypto Chapter Digital Gold Gold Standard E-gold e-Bullion Chapter Centralized Digital Payments DigiCash and ecash Online Currencies: Flooz and Beenz Liberty Reserve Online Payment Processors Chapter Cryptocurrencies Satoshi Nakamoto White Paper Double-Spending Problem Decentralization Privacy: Anonymity or Pseudonymity Blockchain Byzantine Generals’ Problem Mining Part I Summary Part II Bitcoin Cryptography Chapter Types of Encryption Symmetric Encryption One-Way Hash Functions One-Way Function and Message Digest Collision SHA-256 RIPEMD-160 Public-Key (Asymmetric) Cryptography Digital Signatures 28 Jane Martinson, “Flooz.com Expires after Suffering $300,000 Sting,” The Guardian, August 28, 2001, http://www.theguardian.com/technology/2001/aug/28/newmedia.business 29 “Notice of Finding that Liberty Reserve S.A Is a Financial Institution of Primary Money Laundering Concern,” Department of the Treasury, May 2013, p 4, http://www.fincen.gov/statutes_regs/files/311 LR-NoticeofFinding-Final.pdf 30 “Full Text of ‘Liberty Reserve Indictment,’” The Internet Archive, https://archive.org/stream/704540-liberty-reserve-indictment/704540-liberty-reserveindictment_djvu.txt 31 Liberty Reserve domain seized by law enforcement agencies, http://libertyreserve.com 32 BitTorrent is a technology that allows one to share and transfer files of just about any size quickly and efficiently It works by breaking files up into small pieces The file is downloaded piece by piece from one or many different sources It’s efficient because you get faster downloads using a lot less bandwidth More information can be found at http://www.bittorrent.com/help/faq/concepts 33 The list of seized domains associated with Liberty Reserve, The US Department of Justice, http://www.justice.gov/usao/nys/pressreleases/May13/LibertyReserveetalDocuments/Liberty%20R 34 Use PayPal to pay in store, PayPal, https://www.paypal.com/webapps/mpp/pay-in-stores 35 Dan Geer, “Cybersecurity as Realpolitik,” Keynote for Black Hat USA 2014 conference in Las Vegas, August 6, 2014, http://geer.tinho.net/geer.blackhat.6viii14.txt 36 Satoshi Nakamoto, “Bitcoin: A Peer-to-Peer Electronic Cash System,” Bitcoin.org, (2008), https://bitcoin.org/bitcoin.pdf 37 LikeInAMirror (blog), “Occam’s Razor: Who Is Most Likely to Be Satoshi Nakamoto?,” March 2014, https://likeinamirror.wordpress.com/2014/03/11/occams-razor-who-is-most-likely-to-be-satoshinakamoto/comment-page-1/ 38 Leah McGrath Goodman, “The Face Behind Bitcoin,” Newsweek, March 2014, 39 Andy Greenberg, “New Clues Suggest Craig Wright, Suspected Bitcoin Creator, May Be a Hoaxer,” Wired, December 2015, http://www.wired.com/2015/12/new-clues-suggest-satoshi-suspect-craigwright-may-be-a-hoaxer 40 Andy Cush, “The Strange Life and Death of Dave Kleiman, A Computer Genius Linked to Bitcoin’s Origins,” Gizmodo, December 2015, http://gizmodo.com/the-strange-life-and-death-of-davekleiman-a-computer-1747092460 41 Satoshi Nakamoto, “Bitcoin P2P e-cash paper,” Gmane, October 2008, http://article.gmane.org/gmane.comp.encryption.general/12588/match=bitcoin+peer+to+electronic 42 “How DigiCash Blew Everything,” NEXT, January 1999, http://cryptome.org/jya/digicrash.htm 43 Average Number of Transactions per Block, Blockchain Info, December 2015, https://blockchain.info/charts/n-transactions-per-block 44 Robert Churchhouse, Codes and Ciphers: Julius Caesar, the Enigma, and the Internet (Cambridge: Cambridge University Press, 2002), 92 45 Simon Singh, The Code Book: The Secret History of Codes and Codebreaking, (London: Fourth Estate, 2000), 120 46 NIST, “Advanced Encryption Standard (AES),” FIPS Publication 197, (June 2008), http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf 47 NIST, “Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher,” NIST Special Publication 800-67, (Revised January 2012), http://csrc.nist.gov/publications/nistpubs/80067-Rev1/SP-800-67-Rev1.pdf 48 American National Standards Institute, ANSI X9.62:2005, “Public-Key Cryptography for the Financial Services Industry, The Elliptic Curve Digital Signature Algorithm (ECDSA),” http://webstore.ansi.org/RecordDetail.aspx?sku=ANSI+X9.62%3A2005 49 Bruce Schneier, Applied Cryptography: Protocols, Algorithms, and Source Code in C, Second Edition (Hoboken, NJ: Wiley, 1996), 35, 355 50 Carolyn Watters, Dictionary of Information Science and Technology, (Academic Press, 1992) 51 Slava Gomzin, Hacking Point of Sale: Payment Application Secrets, Threats, and Solution, (Hoboken, NJ: Wiley, 2014), 101 52 FIPS, “Secure Hash Standard (SHS)”, FIPS Publication 180-4, (March 2012), http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf 53 The hash function RIPEMD-160, (2012), http://homes.esat.kuleuven.be/~bosselae/ripemd160.html 54 R.L Rivest, A Shamir, L Adleman, “A Method for Obtaining Digital Signatures and Public-Key Cryptosystems,” Communications of the ACM, vol 21, issue 2, (1978), http://dl.acm.org/citation.cfm?id=359342&dl=ACM 55 PKCS-1, RSA Security, 2015, ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.asn 56 Euler’s Totient Calculator, 2015, http://www.javascripter.net/math/calculators/eulertotientfunction.htm 57 Modular inversion, 2015, http://www.cs.princeton.edu/~dsri/modular-inversion-answer.php? n=7&p=120 58 Modular Multiplicative Inverse, 2015, http://planetcalc.com/3311/ 59 Secp256k1, Bitcoin wiki, March 2015, https://en.bitcoin.it/wiki/Secp256k1 60 Elliptic Curve Cryptography (ECC), Certicom, 2015, https://www.certicom.com/index.php/ecc 61 Neal Koblitz, “Elliptic Curve Cryptosystems,” Mathematics and Computations, vol 48, issue 177, (1987), http://www.ams.org/journals/mcom/1987-48-177/S0025-5718-1987-0866109-5 62 Taher ElGamal, “A Public-Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms”, Advances in Cryptology: Proceedings of CRYPTO 84, (New York: Springer, 1985), http://link.springer.com/chapter/10.1007%2F3-540-39568-7_2 Index A Advanced Encryption Standard See AES AES, 71 Amazon Payments, 44, 52, 53 anonymous, 20, 34, 45, 50, 56, 60, 77 API, 37, 38, 39, 52 application programming interface See API ATM, 29, 51 authenticity, 39, 61, 69, 71, 75, 78, 79 authorization, 56 availability, 58, 69 B back door, 73, 81 bank, 46, 47, 69, 73 accounts, 45, 52 acquiring, 31 checks, 34 computers, 44 deposits, 39 first, 33 issuing, 56, 57, 58, 79 signatures, 47 transfer, 40 bank identification number See BIN Beenz, 47, 48 BigInteger, 115 BIN, 73 bitcoin, 18, 21, 61, 69, 71 accept, 21 address, 60, 61 as money, 29 curve, 90 design principles, 55 digital signature scheme, 88 exchange, 33 first payment, 33 hashrate, 64 implementation, 61, 72, 77 invention, 55 mobile wallets, 32 network, 60 new privacy model, 59 node, 63 payment processing, 30 predecessors, 22 principles, 55 properties, 56 security, 78, 79 software, 61 target, 63 transaction, 31, 61, 63, 76 transactions, 20 vulnerability, 60 wallet, 60 BitTorrent, 51 block, 61, 62, 63, 71 hash value, 63 header, 63 block ciphers, 71 blockchain, 57, 59, 60, 61, 62, 63 brick-and-mortar, 21, 31, 34, 53 brute-force attack, 73 bullion, 18, 19 Byzantine Generals’ Problem, 62 C C#, 86, 108, 115 code, 116 operator, 115 Caesar shift cipher, 70 cash, 21, 34, 43 electronic, 60 centralization, 22 problems, 22, 23 centralized digital currency, 39 centralized payment systems, 51 chargeback, 57 Chaum, David, 45, 60 check digit, 73, 74, 75, 78 Chip and PIN See EMV ciphertext, 70, 71, 73, 86, 107, 108, 113 calculating, 123 decrypting, 124 coin, 18, 19 collector, 17, 19 copper, 19 first, 33 gold, 19 metal, 34 platinum, 19 silver, 19 collision, 74, 75 resistance, 75 commodity, 21, 28, 43 confidentiality, 38, 39, 58, 69, 78 credit card, 21, 31, 33, 34, 45, 48, 50, 51, 52, 53, 74, 78 cryptanalysis, 70, 71, 86 crypto payments, 22, 30, 43 crypto transaction, 23, 61 cryptocurrency, 20, 21, 22, 27, 30, 51, 69, 71, 78 principles, 58 cryptography, 22, 27, 29, 70, 71, 78, 79, 89, 102, 115 asymmetric, 77 elliptic curves, 114 public-key, 78, 79 symmetric, 77 currency, 18, 43, 69 digital, 30 digital gold, 48 gold, 37 Internet, 47 mainstream, 51 national, 37, 40 online, 33, 48 private, 36 virtual, 58 cybercurrency, 18 D Data Encryption Standard See DES decentralization, 58 decentralized digital currency, 39 decryption, 87, 108, 113, 114, 124 denominations, 19, 46 DES, 71 DigiCash, 45, 51, 52 digital currency, 33, 37, 39, 43, 44 digital gold currency, 36 digital money, 37, 52 digital signature, 22, 23, 39, 61, 71, 78, 79, 88 blind, 45 discrete logarithm problem, 102 double-and-add algorithm, 101 double-spending, 56 E EBT, 29 e-Bullion, 36, 40, 51 ecash, 45, 46, 47, 60 ECC, 77, 79, 89, 106, 114 ECDSA, 71, 79, 88 e-currency, 36 EFT, 17 e-gold, 33, 36, 37, 38, 39, 44, 50 Electronic Benefits Transfer See EBT electronic funds transfer See EFT electronic payments, 29 electrum See elektron elektron, 18 ElGamal, Taher, 107 elliptic curve cryptography See ECC elliptic curves, 78, 79, 89, 93, 96, 107, 115 discrete logarithm problem, 102 EMV, 29, 30 encryption, 70, 71, 73, 75, 78, 79, 83, 85, 86, 87, 88, 89, 107, 113, 114, 123 algorithm, 78 asymmetric, 79, 81 calculating, 123 public-key, 22, 23, 77, 89 RSA, 45 symmetric, 70 exchange, 21, 27, 32, 33, 60, 77 medium of, 39, 43 exchangers, 51 F factoring, 81, 82, 83 fallback, 56, 57 fiat currency See fiat money fiat money, 31, 35, 44, 52 fiduciary money See fiat money finite field, 105 Flooz, 48 fungibility, 28 G Garin, 35 Geer, Dan, 55 gold, 28, 36, 40, 48 e-Bullion, 40 Gold & Silver Reserve, 36 GPU, 64 graphic cards, 64 graphic processors See GPU H Hacking Point of Sale, v, 17 hash function, 22, 39, 73, 75, 76, 78 hashrate, 64 horizontal symmetry, 93, 96, 97, 105 Hyperboloid, 35 I information disclosure, 78 int See integer integer, 115 integrity, 23, 38, 39, 58, 61, 69, 71, 75, 78 IP address, 20, 60 K Kapitza, Sergei, 32 key size, 70, 71 Koblitz, Neal, 102 L laser, 35 ledger, 59 Liberty Reserve, 40, 44, 48, 49, 50, 51, 58 Luhn, 73 M magnetic stripe cards, 29 Martin, Felix, 43 MD5, 39 message digest, 73, 75 Miller, Victor, 102 miners, 62, 64 mining, 21, 35, 58, 61, 62, 64 pool, 64 mint, 56 mobile checkout, 32 mod 10, 73, 74, 75, 78 modular arithmetic, 85, 115 modular inversion, 86, 116, 119 modulo See modulus modulus, 83, 84, 85, 86, 87, 104, 105, 106 calculating, 115 compute, 119 operation, 116 money, 18, 27, 43 digital, 27, 30, 39 fiat, 35 units, 28 Mt Gox, 33 multiplication, 81, 83, 101, 107 of prime numbers, 83 point, 108, 109 scalar, 106 N Nakamoto, Satoshi, 55, 56, 59 Napster, 51 Near Field Communication See NFC NFC, 32 node, 58, 61, 62, 63 O one-time pad, 70, 71 one-time passwords See OTP one-way function, 73, 81, 102 online payment processors, 31, 43, 44, 50, 52, 53 OTP, 40 P palladium, 36 PAN, 73, 74, 78 payment card industry See PCI payment gateway, 56 payment processor, 31, 37, 51, 56 payment system, 18, 20, 21, 22, 31, 33, 37, 40, 43, 56, 57 defunct, 51 digital, 37 payment transaction, 45, 69 PayPal, 34, 39, 44, 52 PCI, 18, 22 peer-to-peer, 51, 56, 57 network, 58 phi function, 86, 87 PIN, 49, 71 code, 49 PKCS #1, 86 plaintext, 70, 71, 73, 86, 107, 113, 114, 123 original, 124 plastic cards See payment cards plastic payment cards See payment cards platinum, 36 point addition, 96, 97, 101, 102, 108, 110, 112, 116 addition calculating, 119 doubling, 96, 97, 98, 111, 119 doubling calculating, 119 intersection, 95, 96 multiplication, 109, 113 multiplication calculating, 121 operations, 93, 96, 101, 106, 118 scalar multiplication, 100 point of sale See POS portability, 28 POS, 31, 74 primary account number See PAN prime number, 83, 105 privacy, 30, 34, 45, 59 issue, 60 private exponent, 86, 87 private key, 46, 73, 77- 79, 81, 86- 88, 106-109, 111, 113, 124 proof of work, 22, 57, 61, 62, 63 pseudonymity, 60 pseudonymous, 34, 60 public exponent, 83, 85, 86 public key, 46, 73, 77-79, 83, 86, 88, 106-107, 109, 111-112, 122 Python, 115 Q QR code, 32 R RACE Integrity Primitives Evaluation Message Digest-160 See RIPEMD-160 RIPEMD-160, 72, 76 Rivest, Shamir, Adleman See RSA, See RSA RSA, 45, 77, 83, 86, 87, 88, 89, 105, 106, 114, 116 S scanner, 32 barcode, 32 Secure Hash Algorithm See SHA Secure Socket Layer See SSL, See SSL SHA, 63, 72, 75, 76, 78 SHA-256, 63, 72, 75, 76, 78 shared secret, 70, 77 silver, 18, 28, 36, 40 SSL, 39, 71 symmetric algorithm, 70, 71, 107 symmetric encryption, 71 T TDES, 71 tender, 20, 34, 55 TLS, 71 token, 31, 41 Tolstoy, Alexei, 35 Tolstoy, Leo, 21 totient See phi function Transport Layer Security See TLS trapdoor function See one-way function Triple DES See TDES two-factor authentication, 40 U US Mint, 19 V vault, 36 W WebMoney, 52 Front Matter 10 11 12 Cover Page Title Copyright Dedication About the Author Credits Acknowledgements Contents at a Glance Contents Foreword Introduction Part I - From Coins to Crypto 1 - Traditional Money 2 - Digital Gold 3 - Centralized Digital Payments 4 - Cryptocurrencies Part I Summary 13 Part II - Bitcoin Cryptography - Types of Encryption - RSA Step by Step - How Elliptic Curves Work Bonus Chapter - Experimenting with the Code Part II Summary 14 References 15 Index .. .Bitcoin for Nonmathematicians Exploring the Foundations of Crypto Payments Slava Gomzin Universal-Publishers Boca Raton Bitcoin for Nonmathematicians: Exploring... 2016 Slava Gomzin All rights reserved No part of this book may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information... Publisher’s Cataloging-in-Publication Data Names: Gomzin, Slava Title: Bitcoin for nonmathematicians : exploring the foundations of crypto payments / Slava Gomzin Description: Boca Raton, FL : Universal