Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Data Privacy Management

International Workshop on Cryptocurrencies and Blockchain Technology

DPM 2018, CBT 2018: Data Privacy Management, Cryptocurrencies and Blockchain Technology pp 38–56Cite as

On Symbolic Verification of Bitcoin’s script Language

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11025))

Abstract

Validation of Bitcoin transactions rely upon the successful execution of scripts written in a simple and effective, non-Turing-complete by design language, simply called script. This makes the validation of closed scripts, i.e. those associated to actual transactions and bearing full information, straightforward. Here we address the problem of validating open scripts, i.e. we address the validation of redeeming scripts against the whole set of possible inputs, i.e. under which general conditions can Bitcoins be redeemed? Even if likely not one of the most complex languages and demanding verification problems, we advocate the merit of formal verification for the Bitcoin validation framework. We propose a symbolic verification theory for open script, a verifier tool-kit, and illustrate examples of use on Bitcoin transactions. Contributions include (1) a formalisation of (a fragment of script) the language; (2) a novel symbolic approach to script verification, suitable, e.g. for the verification of newly defined and non-standard payment schemes; and (3) building blocks for a larger verification theory for the developing area of Bitcoin smart contracts. The verification of smart contracts, i.e. agreements built as transaction-based protocols, is currently a problem that is difficult to formalise and computationally demanding.

R. Klomp and A. Bracciali —This research has been partially supported by The DataLab, UK, and partially informed by collaborations within COST Action IC1406 cHiPSet research network. Authors would like to thank Flavio Pizzorno for interesting feedback on the work. Andrea Bracciali is a Research Affiliate to the UCL Centre for Blockchain Technologies.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   59.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   79.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    More precisely, constraints specify the required state of the stack for successful termination, after the execution of the input script. If constraints are satisfiable, a trivial input script pushing expected data on the stack always exists.

  2. 2.

    In this paper we refer to the settings where flags MANDATORY_SCRIPT_VERIFY_FLAGS and SCRIPT_VERIFY_DERSIG are enabled and all other flags are disabled.

  3. 3.

    Although there are multiple values equal to false and multiple values equal to true, the Bitcoin Core client always instantiates these as \(\epsilon \) and [0x01] respectively. Our symbolic verifier assumes the same representations.

  4. 4.

    It is important to remark here that some type definitions, and other features, may depend on how the Bitcoin client is initialised. For instance, checking the dimension of a key depends on an initialisation parameter. We assume in this paper that the checking is done. We defer the verification against different possible initialisations to future work, noting that it must be addressed as different settings can affect correctness in different ways.

  5. 5.

    Some operations may be more restrictive on the length of accepted keys, as well as their format. We will model this in the specific rules defining such operations, as appropriate. See Sect. 5.2.

  6. 6.

    With the added note that matching public keys must be provided in the same order as the signatures they match with. Additionally, each provided public key can at most be matched with one signature.

  7. 7.

    This is conforming to the Bitcoin Core client, which contains a bug resulting in this additional stack entry to be popped from the stack.

  8. 8.

    With ID: 75bb6417afc7500a6389201a67bfc2428a1241170a214bbf6833a389191036fe.

  9. 9.

    With ID: cd2dacbd05389580cb569985b3a8b1db67ea6cc84371223590e241a5026d0a8a.

  10. 10.

    Source: https://en.bitcoin.it/wiki/Contract.

References

  1. Github - bitcoin/bitcoin: Bitcoin core integration/staging tree. https://github.com/bitcoin/bitcoin/. Accessed 12 June 2018

  2. The gnu prolog web site. http://gprolog.org/. Accessed 18 June 2018

  3. Script - bitcoin wiki. https://en.bitcoin.it/wiki/Script

  4. Swi-prolog. http://www.swi-prolog.org/. Accessed 18 June 2018

  5. Andrychowicz, M., Dziembowski, S., Malinowski, D., Mazurek, Ł.: Modeling bitcoin contracts by timed automata. In: Legay, A., Bozga, M. (eds.) FORMATS 2014. LNCS, vol. 8711, pp. 7–22. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-10512-3_2

    Chapter  MATH  Google Scholar 

  6. Andrychowicz, M., Dziembowski, S., Malinowski, D., Mazurek, L.: Secure multiparty computations on bitcoin. In: 2014 IEEE Symposium on Security and Privacy (SP), pp. 443–458. IEEE (2014)

    Google Scholar 

  7. Bartoletti, M., Pompianu, L.: An empirical analysis of smart contracts: platforms, applications, and design patterns. In: Brenner, M., et al. (eds.) FC 2017. LNCS, vol. 10323, pp. 494–509. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70278-0_31

    Chapter  Google Scholar 

  8. Bartoletti, M., Zunino, R.: Bitml: a calculus for bitcoin smart contracts. Technical report, Cryptology ePrint Archive, Report 2018/122 (2018)

    Google Scholar 

  9. Bhargavan, K., et al.: Formal verification of smart contracts: short paper. In: Proceedings of the 2016 ACM Workshop on Programming Languages and Analysis for Security, pp. 91–96. ACM (2016)

    Google Scholar 

  10. Bonneau, J., Miller, A., Clark, J., Narayanan, A., Kroll, J.A., Felten, E.W.: Sok: Research perspectives and challenges for bitcoin and cryptocurrencies. In: 2015 IEEE Symposium on Security and Privacy (SP), pp. 104–121. IEEE (2015)

    Google Scholar 

  11. Delgado-Segura, S., Pérez-Sola, C., Navarro-Arribas, G., Herrera-Joancomartı, J.: Analysis of the bitcoin utxo set. In: The 5th Workshop on Bitcoin and Blockchain Research (2018)

    Google Scholar 

  12. Delmolino, K., Arnett, M., Kosba, A., Miller, A., Shi, E.: Step by step towards creating a safe smart contract: lessons and insights from a cryptocurrency lab. In: Clark, J., Meiklejohn, S., Ryan, P.Y.A., Wallach, D., Brenner, M., Rohloff, K. (eds.) FC 2016. LNCS, vol. 9604, pp. 79–94. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53357-4_6

    Chapter  Google Scholar 

  13. Gerard, D.: Smart contracts, stupid humans: new major ethereum erc-20 token bugs batchoverflow and proxyoverflow (2018). https://davidgerard.co.uk/blockchain/2018/04/26/smart-contracts-stupid-humans-new-major-erc-20-token-bugs-batchoverflow-and-proxyoverflow/

  14. Atzei, N., Bartoletti, M., Cimoli, T., Lande, S., Zunino, R.: SoK: unraveling bitcoin smart contracts. In: Bauer, L., Küsters, R. (eds.) POST 2018. LNCS, vol. 10804, pp. 217–242. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-89722-6_9

    Chapter  Google Scholar 

  15. Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system. Bitcoin project white paper (2009)

    Google Scholar 

  16. Szabo, N.: Formalizing and securing relationships on public networks. First Monday 2(9) (1997)

    Google Scholar 

  17. Wood, G.: Ethereum: a secure decentralised generalised transaction ledger. Ethereum Proj. Yellow Paper 151, 1–32 (2014)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computing Science and Mathematics, University of Stirling, Stirling, UK

    Rick Klomp & Andrea Bracciali

Authors
  1. Rick Klomp
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Andrea Bracciali
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Rick Klomp .

Editor information

Editors and Affiliations

  1. Télécom SudParis, Evry, France

    Joaquin Garcia-Alfaro

  2. Enginyeria de la Informacio I de les Com, Universitat Autonoma de Barcelona, Bellaterra, Spain

    Jordi Herrera-Joancomartí

  3. Università degli Studi di Milano, Crema, Italy

    Giovanni Livraga

  4. Universidad de Málaga, Málaga, Spain

    Ruben Rios

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Klomp, R., Bracciali, A. (2018). On Symbolic Verification of Bitcoin’s script Language. In: Garcia-Alfaro, J., Herrera-Joancomartí, J., Livraga, G., Rios, R. (eds) Data Privacy Management, Cryptocurrencies and Blockchain Technology. DPM CBT 2018 2018. Lecture Notes in Computer Science(), vol 11025. Springer, Cham. https://doi.org/10.1007/978-3-030-00305-0_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-00305-0_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-00304-3

  • Online ISBN: 978-3-030-00305-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation