Bitcoin Beyond Payments

���1

Pierre Noizat PAYMIUM

• ..store and transfer value by yourself

• decide whether or not you wish to share your transaction data

• sell goods or services online

• reduce transaction costs

• facilitate access to financial services

Bitcoin can be used to..

���2

Why it’s a big deal..

���3

Debt Money vs. Commodity Money

6

Monnaie «commodité»Monnaie élastique

Generation Transaction Issuance of a debt Mathematical extraction

Money Supply Graph

Open source software/ Public Ledger

NO YES

���4

���5

Centralized vs. Decentralized

Google, Facebook, Amazon, Banks, etc.

Bitcoin, email, web, etc.

Bitcoin Address 1CC3X2gu58d6wXUWMffpuzN9JAfTUWu4Kj

Private Key K = 5Kb8kLf9zgWQnogidDA76MzPL6TsZZY36hWXMssSzNydYXYB9KF

The public key P is a point (x,y): P = K*G where G is a base point on the elliptic curve specified by Bitcoin: y2= x3+7. x and y are two 256-bit integers.

Public Key (x,y) = !04588D202AFCC1EE4AB5254C7847EC25B9A135BBDA0F2BC69EE1A714749FD77DC!9F88FF2A00D7E752D44CBE16E1EBCF0890B76EC7C78886109DEE76CCFC8445424

���6

Chain of Transactions

���7

Blockchain Simplified View

Source: Jan Vornberger

���8

Generation = 50 Total Fees = 6

Input = 25 Outputs = 24

Fee = 1

Inputs = 20+50 Outputs = 65

Fee = 5

���9

Proof of work: make a hash difficult to compute

Alice pays Bob 20 BTC, nonce is 00001 Hash = aaa3d179f4....

Alice pays Bob 20 BTC, nonce is 00381 d29d79158....

Alice pays Bob 20 BTC, nonce is 00942 cc36410c9....

Alice pays Bob 20 BTC, nonce is 02711 e54b06b6....

....

Alice pays Bob 20 BTC, nonce is 9443527 000006ba....

Difficulty

The Mining Challenge: !

Difficulty is increased if more computing power is added so that

a correct answer is found every ten minutes on average

���10

���11

A chain of proof of work becomes practically tamperproof

Alice pays Bob 20 BTC

nonce value = 9443527

000006ba....

Bob pays Chuck 10 BTC !

nonce value = 6639107

000006ba....

00000adf5....

Chuck pays Denis 6 BTC !

nonce value = 821139

00000adf5....

000008ce2....

Rewriting the first message entails rewriting all subsequent messages.

Hash Hash Hash

Message 1 Message 2 Message 3

!

!

• The bitcoin «group» payment address (e.g 1PierreFUi7RuFkkA812MQyRruDZhzzh7Y for Pierre’s birthday party) is generated by the organizer and published on social networks.

• All donators can follow the payments sent to that address (e.g via blockchain.info): no sign up is required.

• Each donator can get a proof of payment and sign a greetings message with the private key that was used to pay.

• Only the organizer can spend the donated bitcoins.

=

Group Payments

���12

Bitcoin Contracts: Crowdfunding

���13

Contract example: crowdfunding 100 BTC

1. To make a pledge, you create a new transaction spending some of your coins to the announced crowdfunding address, but you do not broadcast it.

2. There cannot be any change: spend the desired amount to one of your own addresses.

3. The input script signature is signed with SIGHASH_ALL | SIGHASH_ANYONECANPAY.

4. The output value is set to 100 BTC: this is not yet a valid transaction because the output value is larger than the input value.

5. Do not broadcast the transaction: simply upload it to the entrepreneur's server.

6. The entrepreneur saves it and updates its count of how many coins have been pledged.

7. Once the server has enough coins, it merges the separate transactions together into a new transaction and broadcast it. The new transaction has the same output as the output on each contributed transaction. The inputs to the transaction are collected from the contributed pledges.

The SIGHASH_ALL flag is the default and means « sign all of the outputs ». SIGHASH_ANYONECANPAY is an additional modifier that means the signature only covers the input it’s found in - the other inputs can be anything.By combining these flags together, you are able to create a signature that is valid even when other inputs are added, but breaks if the outputs or other properties of the transaction are changed.

���14

���15

Source: Oleg Andreev

���16

Source: Oleg Andreev

Crowdfunding 100 BTC

pierre.noizat@paymium.com

���17

Pierre Noizat PAYMIUM