MARK MCKENZIE REGULATORY GOVERNANCE & COMPLIANCE

EXPERTMARK MCKENZIE CONSULTING

FEBRUARY 18, 2014

BITCOIN MARKET DISRUPTION

TRANSACTION MALLEABILITY

Objective of Presentation

To discuss recent disruption of Mt. Gox and Bitstamp

To explain Malleability

Order of PresentationRecent Bitcoin Market Disruption

Explain Transaction Malleability

Known Exchanges AffectedMt Gox

Bitstamp

BTC-e

Bitcoin Market DisruptionDenial of services attack (DOSC)

Suspended withdrawals

Inability to handle the volume of traffic created by customers

Inherent flaw with the way bitcoin transactions work

Resulted in a plunge in bitcoin rates across the globe.

A graph of the transactions and prices of bitcoin on the virtual currency exchange MtGox. Courtesy MtGox

Who Is Really At Fault?MtGox Blames Bitcoin For Withdrawal

SuspensionBlamed the bitcoin source code for the

temporary stoppage of withdrawal power on its site.

The protocol for the currency has an inherent problem

The problem identified is not limited to affected exchanges

Affects all transactions where Bitcoins are being sent to a third party

Who Is Really At Fault?Transaction malleability has been around for

a whileIt was first identified in the bitcoin code in

2011. This fault in the code, according to the bitcoin

exchange, is why they were forced to suspend all withdrawal transactions since late last week. “MtGox has detected unusual activity on its bitcoin wallets and performed investigations during the past weeks. This confirmed the presence of transactions which need to be examined more closely,” MtGox stated.

Who Is Really At Fault?Core Developers Say Otherwise: The Bitcoin Foundation

a coalition of bitcoin businesses intent on propagating the virtual currency

“The issues that MtGox has been experiencing are due to an unfortunate interaction between MtGox’s implementation of their highly customized wallet software, their customer support procedures, and their unpreparedness for transaction malleability, a technical detail that allows changes to the way transactions are identified,” Gavin Andresen, chief scientist at the Bitcoin Foundation who is also a bitcoin core developer, said.

How Does Bitcoin Work? From a user perspective:

◦ Bitcoin is nothing more than a mobile app or computer program◦ Provides a personal Bitcoin wallet◦ Allows a user to send and receive bitcoins with them.

Behind the scenes: The Bitcoin network is sharing a public ledger called the "block

chain". ◦ This ledger contains every transaction ever processed,◦ Allowing a user's computer to verify the validity of each transaction.

The authenticity of each transaction is protected ◦ By digital signatures corresponding to the sending addresses, ◦ Allowing all users to have full control over sending bitcoins from their own

Bitcoin addresses.

How Does Bitcoin Work? In addition, anyone can process transactions using the computing power of specialized

hardware and earn a reward in bitcoins for this service.

This is often called "mining".

Approximately 11 million Bitcoin have been mined, 21 million Bitcoin in total.

“Miners” – supply Bitcoin network with computing power needed to maintain the security of the block chain (a distributed technology that acts as Bitcoin’s ledger)

Every single Bitcoin carries the entire history of the transactions it has undergone, and any transfer from one owner to another becomes part of the code

Bitcoin is stored in such a way that the new owner is the only person allowed to spend it.

Miners are rewarded with “blocks” of issued bitcoins (a “block” currently contains 25 bitcoins); this is how currency is issued

Price of Bitcoin fluctuates wildly. As of April 23, 2013, 1 bitcoin is worth $130 USD

How Difficult Is it To Make Bitcoin Payment?

Bitcoin payments are easier to make than debit or credit card purchases Can be received without a merchant account. Payments are made from a wallet application, either on your computer or

smartphone, by entering the recipient's address, the payment amount, and pressing send.

To make it easier to enter a recipient's address, many wallets can obtain the address by scanning a QR code or touching two phones together with NFC technology.

Bitcoin Block Chain Acts like a giant general ledger for the whole of the bitcoin network It keeps records of which bitcoin addresses sent funds to other

bitcoin addresses, and when. This gives it a complete record of how many bitcoins can be

attributed to which addresses on the network at any one time. When a bitcoin transaction is made, it includes information such as

the addresses that the bitcoins came from (the inputs), Where they are going (the outputs), the amounts transferred, and Which addresses sent those funds to the sender’s address.

Bitcoin Block Chain Bitcoin can also be seen as the most prominent triple entry

bookkeeping system in existence.◦ Momentum accounting and triple-entry bookkeeping is an alternative accountancy

system developed by Yuji Ijiri

◦ Changes in balances are the recognized events.

◦ E.g. an acceleration in revenue earning, such as a $1,000 per period increase of revenues from $10,000 per month to $11,000 per month, is a recordable event that would require three entries to implement.

Transaction ID (TX ID) Hashing Each transaction must be uniquely identified - Transaction ID (TX ID)

◦ For reference in the block chain

Produced by taking the information in the transaction, and Running it through a hash function

◦  A mathematical procedure that takes different pieces of data and

◦ Combines them to produce a shorter piece of information, known as a hash.

  Component of Transaction Hash The user’s digital signature Proves that the transaction came from them Allows user to digitally ‘sign’ the transaction.

Transaction ID (TX ID) Key qualities of a hashing function It is impossible to tell what the original information was simply by

looking at the hash It is also impossible to predict what the hash will be, based on the

pieces of information that you start with. If any small detail changes in any of those pieces of data, it will

change the hash in a completely unpredictable way.

Benefits of TX ID Hashing makes transaction IDs practically impossible to spoof. Each transaction should only have one possible hash. You can prove that a transaction is valid by simply running all of the

pieces of information that made up that transaction through the hashing function, to check that you get the same hash.

How does transaction malleability work?

The user’s digital signatures used as part of the hash to ‘sign’ the transaction are meant to be in a certain format.

That format wasn’t always properly checked.

This meant that a badly-formatted one could be introduced, and still accepted.

Altering the signature in this way makes it possible to create different hashes for the same transaction.

Conclusions Bitcoin and other virtual currencies has given rise to

emerging risks in the global financial including being exploited by criminal elements.

The recent Bitcoin market disruption is one more reason why state intervention in the form of formal regulations imminent.

Benjamin Lawsky, New York's financial services superintendent, said he believes regulation could add credibility to the still nascent, unstable currency.

Regulation is inevitable and imminent

• Bradbury, Danny. “What the ‘Bitcoin Bug’ Means: A Guide to Transaction Malleability.” February 12, 2014.

http://www.coindesk.com/bitcoin-bug-guide-transaction-malleability/

• Felten, Ed “Understanding Bitcoin’s transaction malleability problem.” February 12, 2014.

https://freedom-to-tinker.com/blog/felten/understanding-bitcoins-transaction-malleability-problem/

• Fuller, Cameron. “MtGox Blames Bitcoin For Withdrawal Suspension, Core Developers Say

Otherwise: Who Is Really At Fault?” February 11 2014.

http://www.ibtimes.com/mtgox-blames-bitcoin-withdrawal-suspension-core-developers-say-oth

erwise-who-really-fault-1554512

• Matthew, Jerin. “Singapore's ItBit Capitalises on Transaction Malleability Issue at Other Bitcoin

Exchanges.” February 17, 2014. http://

www.ibtimes.co.uk/singapores-itbit-capitalises-transaction-malleability-issue-other-bitcoin-exc

hanges-1436680

• Neal, Ryan W. “Silk Road 2 Hacked: Entire Bitcoin Wallet Drained, $2.7 Million Stolen.”

February 13 2014. http://

www.ibtimes.com/silk-road-2-hacked-entire-bitcoin-wallet-drained-27-million-stolen-1555433

• https://bitcoin.org/en/faq

Sources

Mark McKenzieRegulatory governance and compliance expert

markymmckenzie@rogers.com1-647-406-4622