The most interesting feature of Bitcoin is its decentralized environment. Bitcoin is an unstructured peer-to-peer (P2P) decentralized digital currency. As Transmission Control Protocol (TCP) connections are the basic communication structure, Bitcoin is built on them. Bitcoin was invented by Satoshi Nakamoto in 2009 . Transactions are carried out between Bitcoin users. All transactions over the Bitcoin network are recorded on a transaction log called “blockchain.” The key feature of a currency is robustness and security. Cryptocurrencies attain these properties through a decen- tralized approach and cryptographic techniques. A decentralized method overcomes issues such as single-point failure and single source of trust, and increases the dis- agreement among different parties. Nevertheless, cryptocurrency uses a distributed mechanism that allows the device to maintain an unambiguous view of its state in order to reach consensus among users.
Bitcoin and Blockchain 2.2 P2P NETWORK
A at or hierarchical organization structure is used in P2P network, which arranges the peer in a random graph. Peers are interconnected over an unencrypted TCP chan- nel. A peer or a node in a P2P network is a computer that has Bitcoin node software installed in it. This Bitcoin node software is added automatically in Bitcoin full cli- ent wallet. It is possible to view only the nodes which run full client, and not all the nodes can be seen while trying to locate a node in the network. If a peer is interested in entering the network, Domain Name System (DNS) server names and DNS seeds are rst inquired. Such DNS seeds are hardcoded in Bitcoin clients to nd the active nodes in the network. The DNS seeds return the peers’ IP addresses that are ready to accept new connections in response to the enquiry completed. A version message with block version number and current time of the sender peer is sent to make a con- nection between peers. The receiver peer sends its version message back to the sender peer. Once the connection is established between the two, they acknowledge it by sending verack message. After joining the network, peer discovery takes place on the basis of address propagation mechanism. In the mechanism of address propagation, peers can ask each other’s IP address using getaddr messages, and they can send their IP lists using addr messages. In order to nd the peers that have some useful data, P2P uses techniques like expanding ring, random walks, Time-to-Live (TTL) search, etc. Peers can possess a sum of 125 connections, of which 8 are outgoing connections and 117 are incoming connections. Firewalls or network address translation (NAT) cannot have incoming connections and can have only outgoing connections.
Every peer maintains their list of connections made. When a new block is generated, the miner broadcasts the information to its peers. The receiver validates the block and then passes it on to his peers. When a peer makes a transaction, it sends the message to its related peers. A peer sends an inv message to initiate a transaction. If the recipient responds with a getdata message, then the transaction is sent using tx code. If the trans- action is real, the transaction shall be communicated in the same manner as above. If any faulty messages are sent, the peer will be penalized by maintaining a penalty score. If the score reaches a threshold, the connection of the peer will be banned.
In general, the unstructured connections are easy to construct and strong in a dynamic environment, i.e., peers leave and join the network regularly. Searching a le in an unstructured network requires a ooding request as each peer would check on its local data. Due to a large number of copies of each question, there will be a huge overhead. Bitcoin network is, however, distinct from P2P le sharing networks. Bitcoin is not intended to nd speci c data objects to spread the data as quickly as possible and reach consensus over the network. P2P network structure is suited best for Bitcoin. Apart from this, the distributed model is used for data transmission, data storage, and data con rmation.
SUMMARY OF BITCOIN SYSTEM
The Bitcoin network is a worldwide decentralized consensus network built on a P2P architecture over the Internet. This network is formed across the world by indi- vidual nodes that run the Bitcoin core. Bitcoin core is an open-source software that
Exploring the Bitcoin Network 25
enables consensus using a process called “mining.” Through Bitcoin mining, the transactions are validated and recorded in an unchangeable, irreversible, distributed ledger called “blockchain.” Bitcoin network allows transfer of digital money among the users.
Bitcoin is a digital money based on account entries. Bitcoin, therefore, cannot be perceived as digital currency but as balance of Bitcoin account. Bitcoin account is a key pair based on elliptic curve cryptography. The Bitcoin account can be located based on its address. The Bitcoin address can be generated using a public key. Any user can send Bitcoins based on the public information available to every other user. But to spend the Bitcoins, one needs a private key. A special software named “wal- let” is used to create and manage this public–private key pair.
Payment happens between Bitcoin accounts through transactions. A Bitcoin transaction needs an input which is the source Bitcoin account’s address and an output which is the destination address. A transaction can have one or more inputs and one or more outputs. From each input address, the amount of Bitcoins to be transferred is mentioned in transactions. Similarly, the amount to be transferred to each account from the destination address will also be available in the transaction. The source address is enforced to spend the exact amount received from the earlier transaction. Each input must, therefore, include the previous transaction identi ca- tion number and the output index. As a result, at any point the output may either be spent or not spent. The output not expended is called Unspent Transaction Output (UTXO).
To authorize any transaction, the user of the input address must generate a digi- tal signature using his private key. This process is to ensure the ownership of the account. The user who is at the receiving end has to (i) validate the digital signature for its correctness and (ii) validate the Bitcoins are not spent in any previous transac- tions before agreeing to the payment.
Although the nodes in the Bitcoin network are all identical, they can play various roles in the network based on the functionality they support. A Bitcoin node is a data- base consisting of a ledger, routing functions, mining, and wallet services. Figure 2.1 shows a full node with all functionalities.
A node that holds the whole blockchain up-to-date is called “full node,” while few nodes only retain the blockchain subset and validate the transactions using a method called “simpli ed payment veri cation” or SPV. They are otherwise called as lightweight nodes. Mining nodes are aimed at creating new blocks to solve the proof-of-work (PoW) algorithm by having a special hardware. Some mining nodes are full nodes, while few are SPV nodes which are involved in pool mining. User wallets are nothing but Bitcoin clients and are part of full node. Wallets which are installed in resource-limited devices such as smart phones are considered as SPV nodes. Other than the main nodes, there are several other pro- tocols run by the servers and nodes. These protocols can be mining pool protocols or lightweight client access protocols. The different types of nodes are mentioned in Table 2.1.
Bitcoin and Blockchain
On a P2P network, contains a wallet, full blockchain database, miner, and a network routing node.
Full Blockchain Node
On a P2P network, contains full blockchain database and a network routing node.
On a P2P network, contains a miner with full blockchain database and a network routing node.
SPV (Lightweight) Wallet
On a P2P network, contains a wallet and a network routing node without a blockchain database.
On a P2P network, contains a miner without a blockchain and with other pool mining protocol nodes.
SPV Stratum Wallet
On a P2P network, contains a wallet and a network node without a blockchain on stratum protocol.
EXPERIMENTING WITH THE BITCOIN NETWORK
Connecting to the mainnet or the testnet is a good approach for learning about the Bitcoin network . Testnet is the global space for experimenting with the Bitcoin protocols and their scripting potential. It applies a unique blockchain called “Faucets” and gives free coins. Except for few parameter alterations, testnet copies the main- net and runs the same code as peers in Bitcoin. In contrast, more control is provided by local testing environment. Inbuilt with the Bitcoin reference software, a regres- sion test (regtest) can generate blocks on request and can provide coins with no real value. This provides a safe environment to test new features. Bitcoin-testnet-box 
Exploring the Bitcoin Network 27
is another similar approach. Both these approaches have been designed to use in cir- cumstances where communications with random nodes and blocks are not preferred. To simulate large-scale Bitcoin network, few simulation environments like simbit and Shadow are used. Both are discrete event simulators. Simbit literally exhibits the function of the Bitcoin client and a miner, and Shadow implements the Bitcoin software directly within the model system. It is identi ed that simulating exclusive blockchain functions and cryptographic operations prevents scalability of experi- ment. Therefore, only speci c parts of Bitcoin client can be simulated so that both
scalability and accuracy can be achieved as in real client behavior.
JOINING AND CONSERVING THE NETWORK
In the overlay, each peer in the Bitcoin network maintains a minimum of eight connections. Whenever this count is under run, the peer will actively try to make a connection with other peers. A peer can have more than eight connections if another peer tries to make a connection. The maximum number of connections a peer can handle is 125. The default port on which the peers receive incoming connection is 8333. To make a new connection, a peer implements an handshake by sending version and verack messages. Version message includes protocol version, timestamp for syn- chronization, and IP addresses. The peer node establishes a connection by responding with a verack message. The initial handshake between peers is shown in Figure 2.2.
If there are no messages for 90 minutes, the client will know the peer is of ine. Bitcoin peers can also record the list of peers that are not connected directly to the network. After 24hours in the network, every peer should send an addr message.
Bitcoin and Blockchain.
If there is no message from a node, then the peer is considered as of ine. The common way to explore the network is by exchanging the addr messages (during bootstrap). The addr message exchange is shown in Figure 2.3.
The peers must relay the address information for a maximum of ten addresses whenever an addr message is received. If a peer’s timestamp information is no more than 10 minutes, the peer may attempt to relay the correct address. The address will be forwarded to one or two neighbors based on the peer’s reachability in the network.
To nd the neighbors during bootstrap, the Bitcoin peer uses three methods: (i) Internet Relay Chat (IRC), (ii) DNS, and (iii) asking neighbors. However, DNS is the default bootstrap mechanism since Bitcoin version 0.6. In 2014, to know informa- tion about other peers, getaddr messages are sent to initial peers. The same proce- dure was repeated for every unknown peer. Initially, 11,475 IP addresses were able to nd, and after 37 rounds, 872,648 unique IP addresses were discovered. Studies have been able to locate network dimensions but not topology. In Ref. , AddressProbe, a technique to explore peer links, was developed. The getaddr message, given to a large network, helped to explore how the nodes learned from each other to map peers that were connected based on the timestamp.
TRANSACTION AND BLOCK PROPAGATION
In an unstructured network, the mechanism used to know information about the new transaction and block is simple, i.e., network will be lled with messages. Let us take an example of a transaction between peers and discuss in depth about the
Exploring the Bitcoin Network 29
Messages exchanged. The ow of messages between the peers is shown in Figure 2.4 below. Consider, user A has built a valid transaction. Prior to sending the transaction details like input and output, user A sends an inventory (inv) message to his neigh- boring peers, hinting that he is aware of new transactions. This inventory message contains a Transaction Ids list, but not the original transaction data. If the neighbor- ing peers are unaware of any transaction, a separate getdata message will be sent requesting data about that transaction. Through this pull-based mechanism, exces- sive records of transaction can be minimized, thereby reducing the network load. After receiving getdata message, user A will send the corresponding transaction detail to the neighbor. Once the transaction is veri ed, it will broadcast the same way as user A did, initiating with inv message.
Bitcoin randomly selects one of every four messages to send inv messages and holds the remaining transactions. Thus, every neighbor receives random transac- tions. Although trickling reduces overhead, as in mix networks, it makes traf c analysis more dif cult. It helps in hiding the creator of transactions. As messages are sent out for every 100 ms, there can be a delay in propagation of transactions. As Bitcoin trickling aims to transmit information as quickly as possible, it trades off overhead and piracy against the transaction of propagation. The user is responsible for his/her transaction. If a transaction does not get into a blockchain, then the user needs to rebroadcast the transaction and ensure that it gets added in the next block.
Three different types of relay patterns are detected from a highly connected peer. The most common relay pattern is (i) peer sending the transactions only once. The second relay pattern is (ii) receiving single or multiple transactions from the single peer. The third pattern includes (iii) multiple peers relaying a transaction and atleast one of them re-relays it. Knowledge of the transmission propagation helps to identify fraudulent users who pay with Bitcoin. For instance, consider a user wants to make a purchase using Bitcoins. The user wants to make a fast purchase without wasting
Bitcoin and Blockchain
time in waiting for con rmations from peer. At the same time, the seller wants to be assured that the products are delivered safely without having to worry about dou- ble spending. To address such situations, Bamert, Decker, Elsen, Wattenhofer, and Welten developed a propagation strategy for sellers on fast payments. As per , in such instances, the seller should not accept connection from the user as the only source of information. Rather, he has to connect to a large peer which, in turn, would force the user to broadcast the transaction. In this case, the seller should not relay the transactions. He would be able to recognize double spending as long as one genuine peer is connected to him.
Another approach is to signal the double spending attack by sending alert messages on a large number. The idea is that even if the opponent could trick the seller, some honest miners will immediately identify the crashing transactions and send warning messages over the network.