# 程序代写 COMP90088: Cryptocurrencies and decentralised ledgers Semester 1 2022 – cscodehelp代写

COMP90088: Cryptocurrencies and decentralised ledgers Semester 1 2022
Homework 2
due: Thursday 2022-04-07 22:00 AEDT
1. Multi-judge escrow service: In class we saw how to use 2-out-of-3 multisig to build an escrow service where Alice can buy a product from Bob and, if all goes well, Alice gets the product and Bob gets paid. Otherwise a judge can adjudicate the dispute. One issue with that protocol is that the judge may demand a service fee and the participants, Alice and Bob, have no choice but to pay. In this question your goal is to design an escrow system where, ahead of time, Alice and Bob agree on the set of three judges so that during adjudication they can choose any one of the three to adjudicate. We are assuming that the three judges are honest and consistent, that is, all three will always rule the same way.

a. Show how to implement a three-judge escrow system using a single standard multisig transaction to a multisig address that Alice and Bob agree on ahead of time. Your design must ensure that even if the three judges collude, they cannot steal the funds that Alice sends to Bob. Recall that if all goes well then the parties need not involve the judges. If something goes wrong, then any one of the three judges can adjudicate.
Hint: You will need to use more than 5 keys in the multisig transaction. Alice and Bob will
use more than one key each.
b. Your solution from part (a) uses a standard multisig transaction, but the script must list
more than five public keys. Write a script to achieve the same thing where each party is only assigned one key (only five keys total are listed in the redeem script).
Hint: you¡¯ll need to use logical operations (e.g. OP_IF, OP_OR) in a non-standard script
2. Network propagation: Assume a simple model for how quickly Bitcoin blocks propagate through the network: after t seconds, a group of miners controlling a proportion ¦Á(t) of the mining power has heard about the transaction, up to some point tmax after which all miners will have heard about it. That is, ¦Á(t)=1 for all t¡Ýtmax. Further assume that ¦Á(0)=0 and ¦Á(t) is monotonically increasing in t. Assume that blocks are found in a Poisson process with a mean time to find a block of ¦Â=600 seconds (¦Ë=1/600). A stale block (likely to become an orphan block) occurs if some miner finds a block before news of the most recent block reaches them.
a. Given the design of the Bitcoin P2P network, explain why an exponential propagation model (i.e. ¦Á(t)¡Øbt for some b) is a plausible model.
Hint: Recall that the derivative of an exponential is another exponential function.
b. Suppose ¦Á(t)=2t/30-1, that is, an exponentially increasing proportion of the mining power hears about a new block up until tmax= 30 seconds, at which point all have heard. What is the probability of at least one stale block being found?
Note: You do not need to solve the integral analytically. You may use a computer.
c. If we lowered ¦Â to 60 seconds to make transactions post faster, how would this affect your answer from part (b)? What problems might this cause?
d. One could argue that the increased rate of stale blocks identified in part (c) isn¡¯t really a problem as miners will still be paid at the same rate. Explain why this argument may not hold in practice. In particular, explain why the model for ¦Á(t) from part(b) is incomplete.

3. Power consumption: In this exercise we¡¯ll look at two ways to estimate the power consumption of the Bitcoin network. Assume in your answers that the difficulty of finding a bitcoin block is d=275, the exchange rate is 1BTC= US\$40,000 and that there are no transaction fees (only the fixed block reward of 12.5 BTC). Recall that energy is measured in joules (J) and power is in watts (W), where 1 W = 1 J/s.
a. First, estimate the power consumption of the network assuming all mining rewards are spent on electricity. Assume all electricity is purchased at US industrial rates, which are about US\$0.10/kWH (and recall that 1 kWh = 3.6 MJ).
b. Why might your estimate in part (a) be too high? Why might it be too low?
c. Next, estimate the power consumption of the entire network assuming all mining is being done with recent ASICs. Assume these devices can perform about 240 SHA-2562
computations per 1 J of electricity.
d. Why might your estimate in part (c) be too low? Why might it be too high?
4. Feather forking: In class we learned about feather forking: a coalition of miners controlling a fraction ¦Á of the total mining power attempts to censor transactions by announcing: ¡°if we see a block containing a transaction from our blacklist B, we will attempt to fork until we are 3 blocks behind the main chain.¡± This strategy can be shown in a probabilistic state machine:
a. What is the probability that the censorship attack will succeed in terms of ¦Á? Hint: Express the probability of the fork succeeding from each active state in the state machine above as p0, p1, and p2. You can now express each probability in terms of the others and solve a system of three equations for p1, the probability of the attack succeeding from the start state, in terms of ¦Á.
b. On expectation, for how long (expressed as a number of blocks found) will the system be in a forked state after the attack is launched before it either succeeds or fails?
Hint: You can solve this problem using a similar system of equations as above, noting that every time a transition is taken the fork lasts one additional block. Make sure that, as a sanity check, the attack is expected to resolve in 2 blocks for both ¦Á¡ú0 and ¦Á¡ú1.