Abstract
We propose a formal model of Bitcoin transactions, which is sufficiently abstract to enable formal reasoning, and at the same time is concrete enough to serve as an alternative documentation to Bitcoin. We use our model to formally prove some well-formedness properties of the Bitcoin blockchain, for instance that each transaction can only be spent once. We release an open-source tool through which programmers can write transactions in our abstract model, and compile them into standard Bitcoin transactions.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
- 3.
- 4.
This feature, specified in the BIP 141 and activated on August 24th 2017, implies that witnesses are not used in the computation of transaction hashes.
- 5.
- 6.
References
Andrychowicz, M., Dziembowski, S., Malinowski, D., Mazurek, Ł.: Fair two-party computations via Bitcoin deposits. In: Böhme, R., Brenner, M., Moore, T., Smith, M. (eds.) FC 2014. LNCS, vol. 8438, pp. 105–121. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44774-1_8
Andrychowicz, M., Dziembowski, S., Malinowski, D., Mazurek, L.: Secure multiparty computations on Bitcoin. In: IEEE Symposium on Security and Privacy, pp. 443–458 (2014)
Atzei, N., Bartoletti, M., Cimoli, T., Lande, S., Zunino, R.: SoK: unraveling Bitcoin smart contracts. In: Bauer, L., Küsters, R. (eds.) POST 2018. LNCS, vol. 10804, pp. 217–242. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-89722-6_9
Banasik, W., Dziembowski, S., Malinowski, D.: Efficient zero-knowledge contingent payments in cryptocurrencies without scripts. In: Askoxylakis, I., Ioannidis, S., Katsikas, S., Meadows, C. (eds.) ESORICS 2016. LNCS, vol. 9879, pp. 261–280. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45741-3_14
Bartoletti, M., Zunino, R.: Constant-deposit multiparty lotteries on Bitcoin. In: Brenner, M., et al. (eds.) FC 2017. LNCS, vol. 10323, pp. 231–247. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70278-0_15
Bentov, I., Kumaresan, R.: How to use Bitcoin to design fair protocols. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8617, pp. 421–439. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44381-1_24
Bonneau, J., Miller, A., Clark, J., Narayanan, A., Kroll, J.A., Felten, E.W.: SoK: research perspectives and challenges for Bitcoin and cryptocurrencies. In: IEEE S & P, pp. 104–121 (2015)
Cachin, C., Caro, A.D., Moreno-Sanchez, P., Tackmann, B., Vukolić, M.: The transaction graph for modeling blockchain semantics. Cryptology ePrint Archive, Report 2017/1070 (2017). https://eprint.iacr.org/2017/1070
Kumaresan, R., Bentov, I.: How to use Bitcoin to incentivize correct computations. In: ACM CCS, pp. 30–41 (2014)
Kumaresan, R., Moran, T., Bentov, I.: How to use Bitcoin to play decentralized poker. In: ACM CCS, pp. 195–206 (2015)
Miller, A., Bentov, I.: Zero-collateral lotteries in Bitcoin and Ethereum. In: EuroS&P Workshops, pp. 4–13 (2017)
Möser, M., Eyal, I., Gün Sirer, E.: Bitcoin covenants. In: Clark, J., Meiklejohn, S., Ryan, P.Y.A., Wallach, D., Brenner, M., Rohloff, K. (eds.) FC 2016. LNCS, vol. 9604, pp. 126–141. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53357-4_9
Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2008). https://bitcoin.org/bitcoin.pdf
O’Connor, R., Piekarska, M.: Enhancing bitcoin transactions with covenants. In: Brenner, M., et al. (eds.) FC 2017. LNCS, vol. 10323, pp. 191–198. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70278-0_12
Szabo, N.: Formalizing and securing relationships on public networks. First Monday 2(9) (1997). http://firstmonday.org/htbin/cgiwrap/bin/ojs/index.php/fm/article/view/548
Acknowledgments
The authors thank the anonymous reviewers of Financial Cryptography 2018 and A. S. Podda for their insightful comments. This work is partially supported by Aut. Reg. Sardinia project P.I.A. 2013 “NOMAD”. Stefano Lande gratefully acknowledges Sardinia Regional Government for the financial support of his PhD scholarship (P.O.R. Sardegna F.S.E. Operational Programme of the Aut. Reg. Sardinia, European Social Fund 2014–2020).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Proofs
A Proofs
Proof of Lemma 1
By Definition 13, 
is a consistent update of 
. The thesis follows from condition (2) of Definition 12. \(\square \)
Proof of Theorem 1
Let 
be consistent. By contradiction, assume that there exist \(i < j\) and \(i',j'\) such that 
. By consistency, there exist \(h,h'\) such that 
. Since 
, then by item (2) of Definition 12 it must be 
. Hence, by Definition 11 it follows that 
is already spent in 
. Since 
, by item (1) of Definition 12, 
must be unspent—contradiction. \(\square \)
Proof of Lemma 2
Let 
be consistent. By contradiction, assume that 
, with 
(and so, 
). By Definition 10 it must be 
, hence in particular 
. There are two cases. If 
, then by Definition 10 
is not a blockchain, since \(i \ne j\). Hence, 
. By Theorem 1, this cannot happen because 
is consistent—contradiction. \(\square \)
Proof of Lemma 3
Straightforward from Lemma 2, taking 
. \(\square \)
Proof of Theorem 2
Let 
. By contradiction, there exists some \(i<n\) such that, given 
:
Let \(U_i\) and \(U_{i+1}\) be the UTXOs of 
and of 
, respectively, and let \(U = U_i \cap U_{i+1}\). Since \( val {(U_i)} < val {(U_{i+1})}\), then it must be \( val {(U_i \setminus U)} < val {(U_{i+1} \setminus U)}\). The set \(U_i \setminus U\) contains the outputs redeemed by 
, while the set \(U_{i+1} \setminus U\) contains exactly the outputs in 
. Since 
is consistent, then 
. Then, by Definition 12, for each 
, there exists a unique \(j \le i\) such that, given 
and 
:
Then, by item (3) of Definition 12:
while we assumed \( val {(U_i \setminus U)} < val {(U_{i+1} \setminus U)}\)—contradiction. \(\square \)
Rights and permissions
Copyright information
© 2018 International Financial Cryptography Association
About this paper
Cite this paper
Atzei, N., Bartoletti, M., Lande, S., Zunino, R. (2018). A Formal Model of Bitcoin Transactions. In: Meiklejohn, S., Sako, K. (eds) Financial Cryptography and Data Security. FC 2018. Lecture Notes in Computer Science(), vol 10957. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-58387-6_29
Download citation
DOI: https://doi.org/10.1007/978-3-662-58387-6_29
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-58386-9
Online ISBN: 978-3-662-58387-6
eBook Packages: Computer ScienceComputer Science (R0)