 Are now fit for the next talk We have here Kai Hamacher and Stefan Katzmeister who are going to talk about Bitcoin one of the Most exciting topics of the last year and so please welcome them Huge round of applause and let's go Hi everybody. Good morning This is a talk well already mentioned about Bitcoin and thanks a lot for having us here and all well The huge audience in this beautiful room today. Well, we will present an overview of several results that finally converge more or less to some of the problems and some of the interesting aspects of Bitcoin But before going into that let us briefly introduce ourselves and you know to motivate why why we actually doing this Bitcoin stuff And let me introduce Stefan who is working at Darmstadt University on IT security And especially on a concept called privacy by design so that the technology already provides for privacy He had already a talk on day one of the Congress probably have already Looked at it on the video stream or whatever Got already nice press coverage So can trains be hacked interesting stuff and we were teamed together because there are a lot of effects and networks and Well, there's obviously a security issue and last year we were presenting some results of networks of telecommunications Graphs and that led actually to well a talk Yeah, last year here and a paper about why telecommunications data retention is not that good an idea Yeah, and let me let me introduce Kai. So Kai is the only colleague of mine is actually Active in three departments at our university. So in the physics department biology department and computer science department He's one of his core research interests is simulation and also information theory and that's the reason why we found together at some point in time and We also use those tools today to look at Bitcoin So First let's ask the question. I mean why why Bitcoin why is this interesting at all? And I think they are at least from my point of view. There are two reasons for that The first reason is that it's probably the first Digital currency that seems to fly right? I mean cryptographers had this idea of paying by digital means in the early 80s Think of papers by by Shaum that were published like I think 84 83 already And so far we haven't seen any digital currency or digital payment system that really Made it to the to the to the well to to big audience groups And in my opinion Bitcoin seems to be the first one that actually achieved this or is about to achieve it And the second point that we'll see later on Bitcoin is a very interesting playground for network analysis Yeah, because you can look at all the Bitcoin transactions that have been performed since since the start of this network and Gives a lot of information you can do all Nice kind of analysis there So it gives you a really really big set of of empirical data on how people interact Yeah, and so far I haven't seen this big amount of data out there for any other payment system Good, let me start a little bit with a question on what is Bitcoin at all So if you look it up into in the well perceived probably the only source of Information these days if you look it up in Wikipedia It says Bitcoin is a decentralized electronic cash system using P2P networking digital signatures and cryptographic proofs And enables payments between parties without relying on trust and Notes broadcast transactions a network which records them in a public history after validating them using a proof of work system So the so the whole concept was was was designed by Satoshi Nakamoto in 2009 this is probably absurd on him. So we still don't know But yeah, I think the slides Summarize some eyes it pretty well what Bitcoin actually is but let's go a little bit more to detail onto the technical Details of Bitcoin So how does Bitcoin work with a client interface? We just call the wallet and this wallet can be used by clients to actually make transactions and this wallet contains public and private key pairs of special signature scheme so of elliptic cursed curve DSA and The public addresses. So this this those public keys formal Bitcoin Names an address an address is essentially a pseudo name of a person or a certain of an entity That can authorize payments that can receive payments And if someone wants to make a payment all he does is he takes one of his addresses So every party or a user can have multiple addresses, but we'll see later And actually make a transaction and sign a statement like okay. I'm owner of this address I want to transfer X bitcoins to a certain other address and This science statement is somewhat broadcast to a peer-to-peer network And this peer-to-peer network has the task of actually validating all the transactions So if you look at this basic principle you see immediately that there are two problems that Bitcoin needs to solve right one is The problem how can we prevent double-spending? So how can we be sure that? One person that owns an address can only spend the amount of bitcoins that he has that they can't double-spend The same Bitcoin twice or three times or whatever And this is done by actually verifying all transactions in a distributed manner so all the clients somehow run some kind of distributed consensus protocol and Once enough clients actually agree that this transaction is valid then it gets permanent And the second problem that we have is what about anonymity? Yeah, so you broadcast To the world actually who is paying how much bitcoins to which person? So what about certain names or what about what about anonymity right? I mean there was a huge fuss about Swift data Exchange and now here we have something similar right. I mean everyone can see who is paying what Bitcoin tried to solve this by introducing certain names certain names are essentially public keys of a signature System and those public keys Contrary to classical signatures are not certified So everyone every user can generate a number of those public public keys And any public key uses can be used as an identifier and as long as you don't know the linkage between this public key And real person then you can assume that you have some form of anonymity Yeah, so the crypto community calls this absurd absurd on them so You make transaction under under a certain name, but no one's actually able to link this name with With a real identity So what about all those transactions? So I mentioned before that all those transactions are broadcasted into a p2p network and what actually happens is that Multiple clients will actually verify a transaction and they do this by taking all the unverified Actions so far or at least most of them and Hash them together with some kind of nonce. So in nonce. It's just a random string you know that some are randomized the hash and But what the client actually then publishes is the list of transactions together with this hash and the nice thing or the nice feature of Of bitcoins is is that the person actually does this work? I mean this this requires some kind of significant CPU usage get some kind of reward, right? So everyone who does this verification get some get some bitcoins out of this mere fact that they actually verified the transaction and Bitcoin wants to limit the amount of new bitcoins that are traded this way and therefore What the client has to do is he has not only to hash this this list But he has to find a nonce in such a way that the resulting hash now has some kind of preceding zeros so the hash should start with a certain number of zero bits Yeah, so actually needs to find a nonce through brute force Such a way that this hash of the nuns together with the list gives you a hash that starts with lots of zeros And by selecting the number of zeros you you require you can actually Make this process of verification harder, right? Because it just requires more trials until you find such a nonce that that that has this property, right? All of us of course assuming that the hash function which is shout with the six is is cryptographically stable Yeah, and what's enough clients verify the transaction it finally gets definite Good I've already talked about this so there's this this reward model That's called mining everyone who verifies a transaction is able to actually mine a Bitcoin and this difficulty of work is actually adjusted by selecting this Number of of of zeros that the hash needs to have and this essentially meets the amount of bits coins available and at the moment we are At the situation where no single computers actually able or realistically able to verify those transactions anymore So this the amount of work that you need to spend is so large that at the moment a single PC is actually not not capable of doing it anymore yeah, and this brings us immediately to Well, what is it good for right and a lot of people are Discussed what Bitcoin could be good for and probably is a lot of visual thinking Involved here, but I think two two major things need to be mentioned. So there was Rick which who is if you don't know the founder of the Swedish pirate party and he has well put this blog post Why I'm putting all my savings into Bitcoin and you already see savings bitcoins Well, it's an economical argument, but it's about savings, right on the other end just recently there was an arse technica Block post Saying that it Bitcoin not really is a currency which is definitely true from legal point of view But rather a meter currency that is a medium of exchange. So replacing Western Union, for example Probably also for the bad guys doing all this Nigeria scams but anyway and There's a slight a slight change in the the reasoning why Bitcoin might be a good idea and the first one is by By here we learn that that on the one hand, it's good as storage of value the reason why it is as you know substantial or Sustainable storage is actually kind of cynical argument if you read the blog post because He claims that the value maintenance so to speak is Due to the fact that we do a lot of transactions and that you if you just take the economy the black market economy of drug trafficking Then this is already so big that Bitcoin or there are not enough bitcoins basically to at least cover a fraction of drug trafficking So the value comes actually from the transaction and the the utility that you get from the transactions here The same is here, but he has really focused on that is only about transactions Right, it's not really that you store and save money even make money by interest or whatever, but rather store stuff And transmit that to some other place where you then convert it to a local currency all that is The start for our economic analysis. So I mean Bitcoin is an adaptive complex system a network with interesting dynamics But in the end The people who invented it and put it forward and are working on it want to have it as an economic tool So is it really fulfilling the economic promises? Well, first let me do some philosophical remarks when you read all the the Bitcoin blog posts and then The forums and so on you get basically two major ideas. So there's no central control, right? There's no government no politicians, which might be a good thing. Well, I don't know but it's really about that nobody could control what you are doing and There's another misconception. There's no surveillance, which is definitely not true. We come to that later and at the same time a Rather economic argument that you get rid of the banking business model So you don't have all these bank bankers around, right? We basically live on our savings on our work on our efforts and that is the good thing about Bitcoin But what nobody really thought about probably I mean in this community Probably the Tobin text is very popular But if you think about that if Bitcoin really, you know scales up and becomes really popular There is no way in the current protocol that you can implement all the leftist ideas on control of the banking system So there will probably new bankers, but you know, they can avoid the Tobin text if you do it by bit by using Bitcoin, right? the same or Kind of a different argument, but it puts also forward the idea that we need to change the protocol Because really the system doesn't scale you have this huge history file and there's some ballpark figure What kind of net or what bandwidth you would need to really, you know, be in the network up to date all the time And that means you cannot really scale unless you become a special Provider of services for Bitcoin, which is basically a bank, right? So probably it's not called a bank, but it's the same concept Okay, that was just some economic remarks on well national economy or global economy But now really into the microeconomical stuff There is a concept in economics called elasticities and the elasticity of a Good or whatever a service is basically the change in the quantity You get or is provided Up on price changes So you have a delta in the amount that is produced that is available that someone gives would give Voluntarily to you while there is a change in the price The problem is this really depends on the units you choose, right? And as we are talking about a replacement of currencies, blah, blah, blah It's probably not good to have this this ratio here expressed in US dollars euros, whatever So what what people came up with is really a relative fraction So what you do is the relative change in the quantity on the market available Divided over the absolute quantity at that particular point and that then divided by the relative change in the price And you can do some algebra on that that is basically boils down as an approximation Then of this funny formula So the elasticity is the partition derivative just to be annoying here and Insisting on mathematics the partition derivative of the logarithm of the price With respect to the pattern to the logarithm of and the quantity with respect to the logarithm of the price So if you do that now and there's a grain of salt here. I use the data of mount cox, which is a Service that transfers bitcoins to dollars or dollars to bitcoins and I use the public available data on transactions there Assuming that this is really the demand and the supply on the market Bitcoin versus US dollars I'm so the the the service of the quantity here. The good is the Bitcoin and the price is expressed in dollars So there is no equilibrium in economics never ever so it's it's an approximation But anyway, you end up with an elasticity of minus two point something that tells you a lot, right? So we need a reference and people did that for all the major currencies So the euro the yen the pound sterling whatever and they came up with roughly minus point four So the Bitcoin currency so to speak is currently much more elastic than Other currencies among each other Meaning that it is rather Substitutable that is an economic term so you can easily substitute Bitcoin for something else It doesn't tell you what but it tells you in the market There is something going on that is a replacement of Bitcoin might be another currency might be gold. I don't know While it's not that easy to replace say the euro In comparison to the US dollar or you know the yen whatever that is a histogram, you know of all the elasticities in small portions so in weeks and you see it's really always negative and it's going down to minus 15 so it's really Substitutable and And then there's another funny thing it changes the sign So that that was the average if you do this now per month over the time here and then the red dots are the Situations where the elasticity is negative and the black ones are the one where it's positive Then you see that it's well a rather mixture. It's it's a logarithmic scale So it's really going up down up down up down all the time and changing signs and that is funny because a positive elasticity If you go back to the Defining equation when this is positive that means then the supply or No, the demand. Sorry the demand changes or goes up when the price goes up so if gas becomes more expensive you don't Visit the gas station more frequently. Do you so in the end that tells you that Bitcoin? At least at the black spots is something like a luxury got a good like diamonds or you know Gold or whatever so people buy it or there's a bubble right people buy it just for the sake because it's going up So it's more value. So I need it right it's like like more psychological effect And then there is another economic argument the Design of Bitcoin was meant to basically implement a deflation or at least a state a static picture the static Availability of bitcoins so that in the end We cannot be taxed because inflation is a tax on the middle class, right? Because you lose your money when there is inflation while big guys who own a company don't lose the money So to get rid of inflation they designed the protocol that over time and Stefan mentioned that there is this creation of new bitcoins That this goes up and saturates at some level which is 21 million bitcoins in the end over time But that is a rather naive picture probably you have as Bad luck as I have I had several hard disk crashes in my lifetime And what happens if your wallet where your bitcoins are stored and your private key? Venous then your bitcoins are probably still in the system so to speak so they are somewhat you know Identifiable in all the transactions, but they are not accessible So they are enough no economic value anymore You can exchange them because you cannot access them or think more in the future right someone dies but His family doesn't know the password No economic value in those bitcoins anymore. They cannot be used for any exchange anymore and That happens or that is the amount of bitcoins When just a fraction per year vanish for different fractions, right? So the blue one curve is if 5% of all the bitcoins per year vanish or you know by whatever means, right? There could be other mechanisms, but if 5% then it's basically down 2030 if it's 5% well, that's not that bad, but Green green is 1% No point 1% point 1% Then then that would be probably good So what is really this queue right the probability that you lose a fraction of the bitcoins available and I try to get that from the data So this is the probability on the left scale When or what was a delta time so the last time It's referenced to today when a Bitcoin was used or transferred to some other entity and Well, this is accumulated What it tells you basically is that if you set an arbitrary threshold of say roughly two years And if you say every Bitcoin that was not transferred to some other entity within two years You regard as lost because nobody is really doings anything with it I mean there might be a guy saving it, but that is now the approximation. We are doing here If you have said that roughly to two years and then you end up with a fraction of 1% of lost bitcoins per year So a relative measure right 1% of the bitcoins existing at that particular time or a year are basically lost or not accessible And that means this is the right curve again, right? This is Q 1% that Bitcoin Ultimately will vanish. There is no way right you can argue about the probabilities You could argue that it is 10 to the minus 10 or whatever, but conceptually Bitcoin will vanish one day So this Q actually was the best case scenario as we learned in the financial crisis because This probability Was obtained under the assumption that one Bitcoin is not correlated to any other Bitcoin in the network But that is mature Think about a big guy with a lot of money Then that one Bitcoin of him and this one is lost the same time, right? And there are you know correlations and the assumption of uncorrelated Events or dynamics is not true as we learned in the financial crisis On the default risk and then there is another huge correlation risk, right a systematic risk, which would it be called? So think about the crypto wars if you get them again under the pretext of terrorism or whatever, right? Then well probably a whole country cannot use Bitcoin anymore at least legally that means that at least a fraction of people And even if it's one guy right there and one guy in that country that is correlated risk So the Q will actually increase even more than my ballpark figure here And then there might be some reform whatever political idea that correlates all the events. So in the end that means when it vanish Somehow the protocol must be improved to detect lost bitcoins, right? And then doing something about it, but doing something about it means increasing the supply of bitcoins And that is inflation which you want to avoid, right? And then at the same time you need central information centralized information because you need this this estimate How much is vanished, but that is a central issue somehow, right? And then well you could say okay everything that wasn't used for 50 years that is now invalid By whatever technical means you do that, but then this is a democratic consensus of the participants But that means basically a collectivism, you know on the property of individuals. Hmm not good Okay, that was the economic side, but does the protocol itself really? You know conform to the concept that were proposed So there is the implemented a self-adjustment that the whole network creates 2016 bitcoins per week and It's assumed that this process follows a Poisson distribution, which means uncorrelated events So the probability to get one Bitcoin today, right? It's the same as yesterday and it doesn't really you know correlate like in the lottery actually And there is a self-adjustment implemented in the code Well, and at the same time Your PC is probably not good enough anymore. So people joining into pools and this mining pools actually correlate now the the production basically of bitcoins, right and if you look how many bitcoins per week are Created then well, this is rather arbitrary here But I would like to distinguish an early phase where there are just a few participants and the later phase where The number of bitcoins on the y-axis over time is rather well more or less the same, right? Okay, does this really follow a Poisson distribution as was claimed by the people implementing the protocol? And this is not the graph for the early and for the late phase And this is the the time between blocks appearing, right? And that must follow if it's Poisson process this Poisson distribution Which is basically an exponential Forget the details here. So it's not really a difference between the black and the the red curve So the the mean is more or less the same, right? It's the same shape. Well, anyhow Now is it a Poisson process? Hardly hardly hardly because there is Well, a theory more probably too much But you know some result that tells you that the expectation value the mean is the best estimator on the Poisson distribution And that tells me if I just take the data, it's 528 compared to 600 what it should be according to the protocol So somehow this whole process creates more bitcoins than the 600 Because the time in between is smaller in the average, right then the 600 which was proposed If you do a different fit So you fit now to this data a Poisson distribution and then you get an estimate of what really the parameter is Which in the end is again the mean here you even get a Different and even worse result. It's 200 seconds. So meaning the best estimator doesn't agree with The parameter of the distribution and that is a contradiction and that is only only really solvable that problem by You know saying okay, that is not a Poisson distribution. Whatever happens here. It's not a Poisson distribution and you see it This is time and this is the difference between what you see whether what you expect and Well, here is a structure. There were only a few people forget that that's a relaxation phenomena But here in the end in the last year There's structure in it and the structure in this plot means that there is correlation And that is probably because of the mining pools the self-adjustment just doesn't work that way people assumed it All right this huge mining pools go into a kind of a resonance phenomena I don't know but this provides for correlation and therefore for resonance and therefore for the structure Okay, and this was a global picture on the dynamics now. We get a detailed picture on the network of the transactions Okay, let's go to the next part So what we're also trying to do is to analyze the network of bitcoins So network analysis is a very hot topic in in various fields of science So it's it's it's topic in physics is also a topic in computer science What people actually look at is how do people interact like so there are lots of papers on how that for example On how the telephone network is structured. So how many participants are they how they're connected? There's studies on like Facebook relations How does this graph look like they study on co-authorship networks all kind of different things and the nice thing about Bitcoin is that Well, you actually see all the transactions, right and you can do All the redo all the stuff that that that we've invented or that one has invented in this field of metal analysis And to apply to Bitcoin and see whether we get some interesting results there So from now I would like to see Bitcoin as a network So I hope that everyone is familiar with the graph is so a graph is something like this here Right, it has notes and it has it has edges and the notes essentially Correspond to all the addresses. So each note is essentially a public key that some party has generated And there is some kind of connection between those between those two We are between two nodes where there was any transaction in the past We don't care about how much money how much Bitcoin there was Transfer is just there's an edge if there was any relationship between those two addresses. Yeah, so What the transaction actually is When you authorize a transaction, you can take a couple of addresses. Yeah, where you take money from and you Take a couple of addresses where you supply money money to and you can essentially Specify how much money you take from address one how much money from address to how much money from address n and how much you You give to this green address one etc. So if you look look at this as a graph It looks like this, right? I mean essentially every address would be a red as address on the left side would be connected with With every green address on the right side and now you think of the whole thing Like we take all the hundreds of thousand Bitcoin transactions that we have make this huge graph out of it You can't really look at this graph anymore, but you can do some kind of statistics on it Actually can see this graph or you can see the raw data Right if you go to the website that's called block explorer comm You can actually see all the transactions that have been authorized at some point in time in the Bitcoin network Yeah, so if you go today to the main site, you can see all the blocks So one block is essentially a list of transactions that has been Authorized and you can see there is each block has a number It is a timestamp it lists a number of transactions that it actually contained And it lists the total amount of amount of bitcoins that Were spent or transferred and if you click on this on this link in the first in the first column Then you can see much much more data I guess you can't see it in the back, but what you get here is for example, you get the table of all the transactions you have in each Row you have like Listed the Bitcoin addresses where money was transferred from and the amount and you have to addresses where money was transferred to And if you look very closely here at the beginning There is this hash value of the whole of the whole block and you can nicely see it really starts with a few zeros as I promised before And so all the data is out there what we what it did actually what a bachelor student of ours RSD he went through this went through this site grabbed all the data and constructed this huge network So the first thing that we could can look at is how connected is this graph? Yeah, and therefore we can plot the following histogram So we take all the notes, you know that they are in the graph Huge this graph is huge there are lots and lots of notes And for each note we just count the number of edges incoming or outgoing edges And this is the parameter K for one note and then we can plot the histogram like we can we can count Yeah, how many notes have? Degree one so how many notes have only one single edge incoming outgoing? How many notes have two incoming and outgoing edges and so on and so on so we can you can actually Just count right and we did this for different points in time of Bitcoin And what we did is we just plotted this data on a double logarithmic scale Yeah, so the x-axis is this k parameter. Yeah, and the y-axis tells you how many Notes in that graph they're aware that had this specific degree K and you can see lots of lines in this in this plot so the so the Brighter lines They they correspond to the other days of Bitcoin and the more darker lines correspond to the later days of Bitcoin So what you can see is the other days this plot was a bit strange, right? There's lots of fluctuations But as time goes by we get some kind of nicely a nice curve which is actually a slope Yeah So the whole thing somehow converges to a very nice graph which is actually a slope So so so a line that has a certain slope So this tells us so this tells network people that actually the distribution follows this nice mathematical formula So the probability At a note that there is a note With K with degree K follows this law K to the K to the power of minus alpha At least for well modern times of Bitcoin And I would try to to see is where this parameter changed over time Yeah, so what you see here is now on the on the y-axis this parameter alpha so the slope of that line Depending on well the time, right? So we started in 2009 and we ended essentially this year this year And what you can see is actually so disregard the the beginning that there's probably not enough data there but but what it can see is that this parameter actually increases and An increasing alpha means that this slope gets steeper Yeah, which means that There are less and less notes that have many incoming and outgoing edges which in turn means That addresses are less and less frequently used that means again Bitcoin users increasingly start to generate new public keys and private keys new pseudonyms Yeah, so the surnames are Used less frequently now, which is a good thing for a new material of course because that tells us or We can at least hope that it's much harder to to identify people if they use lots and lots of different surnames for different transactions The same result you can get if you do another analysis So what we try to do here is to compute the diameter of the graph so the diameter But I know this is now some kind of math lecture here So the diameter of a graph you can compute by taking all the pairs of of nodes of the graph Yeah, so you take take a pair and then you compute the minimal distance Between those pairs between the pair in the graph so the number of transactions that link or that that had Needed to be performed to transform or one Certain of bitcoins from one address to another one Yeah, and then you do this for all the all the possible pairs of of nodes Yeah, you compute the smallest distance between them and then you take the maximum of the whole thing and this is the diameter Yeah, so this is somehow the the maximum Minimal distance between two nodes in the graph we chose you somehow where the network is very much connected Yeah, or whether they are nodes that are some somewhere far out and someone not not connected with the rest and it's Surprising to see that this diameter increases So there were two Outliers, so this is again a logarithmic scale. Yeah, so so those outliers are actually huge Yeah, so we have no idea why they are there But even if you disregard those outliers you can see that this the data nicely fits and because this is a logarithmic scale Like a line in a logarithmic scale is actually an exponential increase. Yeah, so the diameter increases exponentially again This tells us that the network gets loosely and loosely connected Yeah, somehow so again this tells us that there is increasing anonymity present. Yeah Good this was a structure of the network and we also looked a little bit about on the on the on the on the transactions themselves So the first thing that that that we looked at is how was the transaction volume that people actually? well did at at Bitcoin and if you plot the histogram of all the transactions, yeah, so again you You say how many times was it? So this is again the rhythmic. So how many times were 100 bitcoins transferred? Okay, it's like Zero dot whatever eight So it's it's normal as frequency So you see that most of the transactions are between 100 bitcoins and between Zero dot zero one bitcoins. Yeah, but there is this strange little outlier on the far left So which actually tells us there were many transactions with with very very little Bitcoin value In that network In fact those those amount of 2.5% of all the transactions that occurred in Bitcoin Yeah, they were transactions that Transferred the least possible Bitcoin amount which is 10 to the minus 8 bitcoins. Yeah And of course we asked ourselves the question. I mean was this an accident was this an attack or what was that? And it was somehow strange because it was always from one specific Bitcoin address. So we tried to see Whether we can actually do something there or see what's the reason behind it and to answer this question We tried to do another analysis Namely we looked at how anonymous is Bitcoin as such right? So we talked lots lots about users of pseudonyms and they can transfer money using different surnames and when they change Frequently then it's probably hard to link that the transactions, but there is one big problem within with the Bitcoin namely if you have a transaction right that takes bitcoins from multiple addresses and Transfers them to one or more Bitcoin addresses then you actually know All those transactions must all those Amounts were authorized by the same person which means that those addresses I'm sure belong to the same person or at least for the same entity whatever this whatever this means Yeah, and you can actually see this again in the block explorer There are transactions like this one where you have a lots and lots of different sender sender addresses and only a Few recipient addresses and what you can immediately learn from this is that those addresses here Belong to the same entity So are somewhat connected and in our graph This means that all the nodes that correspond to those individual addresses are actually not different nodes But they can can be contracted into one single note because this is one person one entity controlling something behind them So there's one person who has this big pot of money That was just distributed over over different of different pseudonyms, but he needs to pull them to pay to pay something out of And when we tried to look at those strange Transactions that had a very very small amount Yeah, and what we can see here is a histogram of all those transactions So how many transactions below ten to the minus six bitcoins were Transferred over over this over this period of time and if you do this contraction idea So if you collapse all the all the addresses Yeah, that we know belong to the same person because they were used in some transaction, right together Then you end up with a with a with this plot on the right So the red curve now shows the same thing But not the number of addresses involved but the number of But the number of entities involved in this in this in those small transactions and you can see this bike is suddenly gone Right this essentially tells us that this this huge spike here Yeah, even though they use different addresses to do this to do this thing We're actually controlled by one single by one single guy So this somewhat confirms the hypothesis that's also been mentioned in the in one of the Bitcoin forums that this was a Potential DOS attack on the system, right? So someone just tried to Authorize lots and lots of different transactions with very very small volumes Because you have to keep in mind that all the transactions are stored, right? And every each and every bit client needs to needs to store all the transactions that he's actually able to verify new transactions right so alone with with this with this with this flood of of of new transactions of useless transactions this guy Increased this this this data pool of transactions that every user needs to store by a tremendous amount Good just in the last five minutes that I still have let me Strive a little bit on the topic of anonymity so What we've already seen is that? Well, many people believe Bitcoin is anonymous right if you again go to Wikipedia the ultimate source of knowledge, right? People say well unlike regular banking which preserves customer privacy by keeping transaction records privates Transactional anonymity is accomplished by Bitcoin in keeping the ownership of addresses private one at the same time publishing all transactions So this is the big myth that's out there about Bitcoin I mean, I'm actually private when I do this and unfortunately is not really true So the following slides that I'm going to present Is taken from research work of read and harrigan that did an analysis of the anonymity of the Bitcoin system So that paper is at this ArcScive repository. I can really recommend you this paper So what they did is they looked at again at this at this Bitcoin network and all those addresses and they tried to identify or re-identify addresses This seems to be tough with the first the first glance because every user just generates public public keys and those public keys Don't have a structure, right? It's just random numbers essentially But still there are a number of sources on the internet We can try to link addresses to some kind of personally identifiable information And one of this one of these sources are Bitcoin faucets where I can redistribute bitcoins in small amounts and to prevent fraud They somehow record who actually transferred or which address actually transferred money And they also record the IP address where they where the connection came from so if you can mine this thing So if you can download all the data, you can immediately Link all those addresses Bitcoin addresses with the IP addresses. Yeah, so you're not anonymous anymore What you can also do is you can you could look at forums blocks tweets people frequently just denounce Well, hey, here's my Bitcoin address. Just give me money. I'm doing this cool stuff And if you can link somehow this address with Well with some kind of personal Identifiable information such as an IP address you are again linkable And if you look into this paper what they try to do is they try to analyze the WikiLeaks transactions so WikiLeaks accepts bitcoins as well and They again claim of course perfectly secure perfectly private. No one knows who you are And you can actually visualize which address is actually transferred money to Bitcoin I'm not sure now where this is the addresses or it is the entities, but it doesn't really matter so Bitcoin is this is this bubble in the middle the screen bubble there and The bigger the bubble the more bitcoins were transferred, right and you can immediately visualize Well all the entities that that that transferred money and if you read that paper they also actually claim that they could identify by this simple trick of Going through forums going to through Bitcoin forces. They were able to identify a number of those points So they were able to identify a few people who actually donated money to to WikiLeaks even though they claim it's actually it's actually anonymous Okay, we also looked at some other anonymity stuff So we asked us the question. I mean do Bitcoin use actually are they aware of the anonymity problems? Yeah, do they use addresses multiple addresses for different transactions? Yeah, so if you only generate one Bitcoin address or if a couple of them and you always use them in your transactions Then this is a bad thing right because all those transactions are eventually linkable So we asked ourselves the question. How many addresses are used by one entity? and again, we Look at all the graph that we had and we just counted the number of addresses that are used by each entity And again, you can compute the histogram So the x-axis is the number of entities or the number of addresses one entity has and the y-axis is the number of such entities Right, so again histogram again in a in a logarithmic scale And what you can see is that we have this nice formula again. So this is again a parallel Which means that there are a number of people who are actually very privacy sensitive So they have and many many addresses, but most of the Bitcoin users lie somewhere here Which means that they use only a few Bitcoin addresses. So most Bitcoin users are actually not really privacy or Anonymous conscious only a few of them are because they use a lot of a lot of Bitcoin addresses By doing this trick of actually collapsing all the all the addresses that belong to the same entity We're able to reduce so So if you look at the raw data of Bitcoin of blog Explorer, then at the time when we look at this it had 882 1,500 editors in the blockchain and if you just did the simple trick by Contracting the addresses that occurred in the same transaction as a sender. We ended up with 162,000 Entities, you know, so there's a drastic reduction of anonymity just by this sink simple linking trick that anyone can do So this last plot promise This shows actually the scaling parameter So let me go back So again saw that that this p of s has this power law again There is this scaling parameter over there Which is the slope of this of this fitted line of this red fitted line there and we again looked at the question How does the scaling behavior change over time? Yeah, and this plot shows you how this parameter changes So the y-axis is this slope and the x-axis are the different time intervals that we that we looked at and what you can actually see is that This parameter While decreases but it's below zero so the absolute value actually increases which means that the slope gets much much narrower Yeah, which again means that entities command over less addresses. So people are actually privacy Conscious there Yeah, so then and fun final words this brings us just to illustrate really the problem to make you aware of well Referring to that WikiLeaks stuff that this is not anonymous and that this is from an economical point of view a really huge problem We show some data which is publicly available of a well-known block Probably a few of you have looked onto it at least over the last week and that block is asking for bitcoins and Well, it doesn't really pay to be a blogger That guy has made at least from Bitcoin 16 dollars exchange rate from November 29th So you could really see that you know what happened on different days even up to the second How many bitcoins were going in and out of that address? What was? The US dollar flow taking the mount cocks exchange rate and well accumulate that And you can even learn something about that and that makes even the anonymity Much more problematic look at the first transactions They were rather funny right there was the same amount and more or less the same amount went out And it was a strange times right was within 30 seconds There was something going in and then in the middle of the night typical hacker time right The stuff went out and I'm pretty sure that this guy probably is in the audience Tested his address right by sending something into that address and then Pulling it out afterwards after he confirmed. See it's it's roughly what? 11 hours later. So 11 hours later to confirmed. Oh, I really received that stuff. It's working So I cannot put it on my block right and that means, you know This money had to come from someone and this pattern here is so suspicious. I mean, it's not proof, right? It's not In a real court you probably wouldn't Provide that as evidence, but it's a hint right and somehow that money has you know been Transferred from some other address. So I know this guy here, right? I know his block I know that most likely he tested his Bitcoin address that he published on the block and I could now go into the transaction history and find out From what addresses this test was started, right? So I knew the additional Addresses that this person might use or at least some of his acquaintances and friends, right? So I get really to dig into that if I can Assign one address. Oh a lot of people are now taking pictures because there seems there's the address Okay, anyway It's public knowledge So I could now assign when I have one data point, right? I can assign one address of Bitcoin to one person then I can work all the way through the chain learn a lot and If you were against the data retention telecommunications data retention You should be really aware what you're doing in Bitcoin and most likely a lot of you guys probably are pissed off by the swift scandal Where all the transaction data from banks are transferred to some other country well It's not even necessary to convince some politician to do that. It's available, right? And this is basically I think one of the biggest problem why Bitcoin would not be really something for companies You know because this is basically full disclosure of the financial state or status of a company, right? You can learn How what is the amount? What is how high is the price for some service for some good? What what is actually the rebate that some company for gifts to another company? You can learn that all and you can actually get also from the patterns a lot of information on the behavior of a person right Think about that that person was most likely if it's was a test which I'm pretty sure it was was Awake at 5 p.m. And it was awake at the next day and 4 p.m 11 hours probably didn't even get sleep in between well kind of funny there are a lot of transactions which Tend to the something then this is this funny Transaction here, which is basically probably Something I would like to get rid of all my bitcoins or something so you can really learn a lot about the behavior as we already Showed last year about the telecommunications data retention network. You can now learn that even more Publicly so to speak from Bitcoin network. Okay to sum things up and as a take-home message So the protocols somehow need to be improved, right? There is this vanishing problem There is if you want if you follow a political agenda with your Tobin text or whatever Then you need to change the protocol Bitcoin is not anonymous and therefore it's probably not the stuff that Larger companies would like to use in particular the financial industry will never ever use that for that reason There is probably an application But you have to be really sure that the deflation thing is not really well It's really deflation because you lose bitcoins. So in the end when you change the protocol you might have inflation And with this full disclosure of financial data, you open the doors for industrial espionage, right? There's interesting network dynamics all the funny histograms we have shown right this is really an interesting network Probably more or less unique. We have all the data with all the stuff In other areas, we don't have that but here we can really look into that. So as a basic research thing That's very interesting and therefore. It's a really an ideal test batch You can learn a lot about the physics of complex systems here. You can learn a lot about Adaptability and evolvability of you know social entities and how that complex dynamics arises And as a final application note What we are thinking about is so why did we present that and did all these analysis? Think about that if you would like to provide a laundry service So there are some available you they claim that you can put in some, you know bitcoins and they somehow you know mix them up and Give them then to the final address First of all, you trust an anonymous person here, right? Well more or less an anonymous person that he actually transfers your Bitcoin afterwards to some other entity So you don't trust banks where you can at least see a person where you know where the office is But you trust some money laundering guy on the internet funny and At the same time whenever this person or the his service her service Is deviating from all the statistics we have shown I can identify that All right, so you have to fulfill at least all these statistical things to really design an effective and ideal Bitcoin laundry if you in one of those aspects deviate from that That is a signal to be detected and you know to attack that laundry service and that is well project upcoming paper I'll probably to avoid that and deal with all that stuff and that is really the last you know more or less the outlook of our Up to now research and with the final words. I would like to wish you a merry crisis and a happy new fear Okay, we have now very short time for a few questions So please line up at the microphones in the two alleys and ask your question go ahead so my question is about the idea that Transactional anonymity or rather like the privacy of your transactions is actually important the You said it's a big problem, but the one of the charts that you had Seemed to show that as big for the Bitcoin network grows More and more entities in the network are having fewer and fewer addresses that seem at least it seems to me that that Represents that newbies people using Bitcoin for the first time because there's the network has been growing a lot Really don't give a shit about if everyone can see their transactions because they're using a very small number of keys Anyway, and and it seems to me that like services like PayPal kind of bear that out Like that's what everyone that does digital payments is using now and that's come, you know, that's that it's out there It's out there for the government to mine and download What how do you reconcile the fact that the put the the permanent record of everyone's transactions is a big problem But all the new users don't like seem to be using small number of addresses anyway, so To answer that in two parts. So the first thing is While obviously there are a lot of problems I'm not claiming or we are not claiming that any other services of some established company The one you mentioned with the P at the beginning is better, right? So this might be better than what is available. Okay, first thing second thing you you can slightly address this concern that That you mentioned or that is the core of your question by normalizing to the numbers of users or to an estimate of the number of users and So you basically divide the average there are some statistical problems here But anyway, we didn't show that so if you have so many of these plots, right? And it seems that the effect of the growing number of users is not completely an explanation So it doesn't really compensate the the exp it cannot work. It can't basically not Compensate the exponential increase in the diameter alone plus the scaling stuff that we have shown afterwards So it's probably it's probably a combination of both right many newbies who only actually have a few addresses and People that become more more privacy. I mean, definitely. They are newbies definitely and even more sure But even if you try to calculate them out or compensate for them There is a signature Okay, time is running out We can only take one more question from over there and may I remind you to please be seated until the question and answer session Is over because it's very impolite if you just go up and leave People want to listen to the questions. Go ahead. So regarding the deflation of the currency You basically mentioned that if at a later point the protocol is changed so that more Bitcoin is added to the pool That would make it an inflationary currency. Can you explain why that is exactly? That is Issue why why it would not be possible to add bitcoins and still keeping the currency deflation So you you could just compensate for so if if there is the loss of bitcoins, right? You could compensate for that definitely but how much that's the problem That is a centralized information gathering which by design is not included and which is quite the opposite to what economy is, right? Economy is a decentralized effort to get into transactions So you in theory you could do that and provide for it still 21 million active whatever bitcoins But for that you need to change the protocol to that someone and who is Aware of how many active or accessible bitcoins are there and then someone has that is in the second step someone has to do something about that and Then and whenever you have that central person, right? He might follow a different agenda and So the ultimate Stuff would be if you see down if you see a slow down People would typically react as the normal bankers do right. Oh my god the economy So in that part people would say oh my god the Bitcoin economy and then it would just start to print new print not new Allow new bitcoins. So they will overshoot. There's There must be the tendency to overshoot because if they don't do people will leave bitcoins because they cannot do any transactions anymore, so they Well, that is prediction Probably all the people in the Bitcoin network are more enlightened than the bankers probably but the overshooting stuff will lead to at least a Temporary inflation and then the whole idea is basically broken, right? I mean the appeal of that was that you don't have inflation Okay, time's over. I don't know. Maybe you'll stick around and answer some questions outside the door So please put your hands together and thank the two