### Bitcoin as a Transaction Ledger: A Composable Treatment

Christian Badertscher, Ueli Maurer, Daniel Tschudi, and Vassilis Zikas

##### Abstract

Bitcoin is perhaps the most prominent example of a distributed cryptographic protocol that is extensively used in reality. Nonetheless, existing security proofs are property-based, and as such they do not support composition. In this work we put forth a universally composable treatment of the Bitcoin protocol. We specify the goal that Bitcoin aims to achieve as a ledger functionality in the (G)UC model of Canetti et al. (TCC'07). Our ledger functionality is weaker than the one recently proposed by Kiayias, Zhou, and Zikas (EUROCRYPT'16), but unlike the latter suggestion, which is arguably not implementable given the Bitcoin assumptions, we prove that the one proposed here is securely UC realized under standard assumptions by an appropriate abstraction of Bitcoin as a UC protocol. We further show how known property-based approaches can be cast as special instances of our treatment and how their underlying assumptions can be cast in (G)UC without restricting the environment or the adversary.

Note: This new version is a major makeover. The structure has been improved to convey the model and the analysis in a cleaner way.

Available format(s)
Publication info
A major revision of an IACR publication in CRYPTO 2017
Contact author(s)
History
2019-02-16: last of 9 revisions
See all versions
Short URL
https://ia.cr/2017/149

CC BY

BibTeX

@misc{cryptoeprint:2017/149,
author = {Christian Badertscher and Ueli Maurer and Daniel Tschudi and Vassilis Zikas},
title = {Bitcoin as a Transaction Ledger: A Composable Treatment},
howpublished = {Cryptology ePrint Archive, Paper 2017/149},
year = {2017},
note = {\url{https://eprint.iacr.org/2017/149}},
url = {https://eprint.iacr.org/2017/149}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.