Bitcoin and Cryptocurrencies – Princeton

The course can be found on Coursera. I thought that it was really a rather good introduction to the subject. Though bear in mind that some of the content may seem a little dated, given that it was released long before the crypto boom.


1. Bitcoin Theory

Hash functions

Digital signatures

A centralised cryptocurrency

  1. Scrooge creates a new coin, writing a unique coin ID and signing. This is put into a block.
  2. To pay a coin, Scrooge creates a new block, which contains:
    1. a ‘pay to Alice’ statement (which he signs)
    2. a hash of the previous block (the creation block).
  3. Alice can now do the same thing to transfer the coin to other people, signing a transfer statement and including the hash of the previous block. What stops Alice from paying the same coin to many people (double spending)?
  4. Scrooge publishes and signs the blockchain, so anyone can see that their coins haven’t been double spent.

The problem is that this is centralised on Scrooge.



  1. The block reward:
    • The creator of a block can include a coin creation transaction, to send a bitcoin to an address of his choice.
    • But this block will only be valid if other nodes accept it – providing an incentive to behave honestly.
    • The block reward is a fixed value (now 25BTC) which halves every 4 years.
    • This is the only way new bitcoins are created, and there is a finite total supply.
  2. Transaction fees:
    • The creator of a transaction can make the output slightly less than the input, the difference being interpreted as a transaction fee.

In order to stop everyone competing for these rewards, and to reduce the likelihood of malicious sybil nodes, bitcoin uses a proof of work (POW) scheme, in which the next block creator is chosen based on computing power. Bitcoin uses hash puzzles:

The probability of winning the next block is equal to the fraction of global hash power that you have. Attacks on bitcoin are therefore infeasible unless you have more than half of the global hash power. Such an individual is called a 51% attacker.

2. Bitcoin mechanics

Bitcoin scripting language

Bitcoin uses a scripting language:

e.g <sig><pubkey> OP_DUP OP_HASH <pubkeyHash> OP_EQUALVERIFY OP_CHECKSIG

  1. Pushes signautre and public key onto stack
  2. Duplicates public key
  3. Hashes public key
  4. Push input public key hash onto the stack
  5. Check if the hashes are equal and consumes
  6. Check that the pub key signed the transaction.

Some special bitcoin tricks

Escrow transactions

Scenario: A wants to buy goods from B, but neither wants to be the first sender.


Green addresses

Scenario: B is offline, but needs to receive payment from A


Efficient micro-payments

Scenario: A wants to pay B per minute without incurring transaction fees.


time sent to B sent to A
t0 01 -> B 99 -> A
t1 02 -> B 98 -> A
t2 03 -> B 97 -> A
t43 42 -> B 58 -> A

Limitations to bitcoin

Key splitting

Let P be a large prime number (not necessarily secret). Let S be a secret key, $S \in [0,P)$. We want to split this key into N pieces such that K pieces are sufficient to reconstruct S. Let R be a secret random number such that $R \in [0,P)$.

e.g $K=2$. We will imagine S to be a point on the y-axis. Finding the coordinates of this point is equivalent to finding S. Now we imagine a line with gradient R, running through P. Any two points on this line are enough to find S, thus $K=2$. N can be anything, because we can supply arbitrarily many points on this line as ‘pieces’ of the key.

$K = 3$ Basically, we need a function that requires 3 points to specify the intercept. This is simply a quadratic.

$K > 3$ Just use higher order polynomials.

And you can supply as many sets of $(R_1, R_2, \ldots, R_k)$ as you like.

3. Bitcoin user interaction

Storing bitcoins

Bitcoin exchanges

The bitcoin exchange market

A simple transaction demand model (ignoring investors)

In one second $T/P made available. Therefore the price in equilibrium should be $TD/S$.

Transaction fees

4. Bitcoin Mining

Rough overview to the mining process

  1. Become a node in the network, and validate all proposed transactions.
  2. Listen for new blocks
  3. Assemble a new valid block
  4. Find the nonce to make your block valid
  5. Hope everyone accepts your block
  6. Pocket the 25btc block reward

The hard part is finding the nonce to make your block valid. Every two weeks, the difficulty is adjusted based on the time it took to mine the previous 2016 blocks (to maintain a constant 10 minute/block time). On average, it takes 9 minutes. Towards the end of the two week cycle, it takes 8 minutes.

Different mining hardware


Highly parallelised with high-throughput, can be optimised for SHA256.

Field Programmable Gate Area (FPGA)

Application Specific Integrated Circuits (ASICs)

Energy consumption

Mining pools

Mining incentives and strategies

5. Bitcoin community and politics


The bitcoin core and the Bitcoin Foundation

The roots of bitcoin

Bitcoin and governments

6. The Bitcoin platform: other applications of the bitcoin blockchain

The blockchain is an append-only log – we cannot take stuff off the blockchain. This can be useful for various applications. However, in general, there is no way to prevent people from writing arbitrary (even illegal) data to the blockchain.

Secure timestamping

Overlay coins

Bitcoins as ‘smart property’

Secure lotteries in bitcoin

Prediction markets

7. Altcoins

Alternative mining puzzles

Requirements for a mining puzzle:

ASIC resistant puzzles

Proof of useful work

Proof of stake

Some altcoins

Metric for comparing altcoins

Interaction between bitcoin and altcoins

8. The future of the blockchain and Bitcoin

The blockchain as a vehicle for decentralisation

Ways that you can use the blockchain

What can be decentralised?

Is decentralisation a good idea?