Bitcoin as a Transaction Ledger: A Composable Treatment

Christian Badertscher, Ueli Maurer, Daniel Tschudi, Vassilis Zikas

Research output: Chapter in Book/Report/Conference proceedingConference contribution


Bitcoin is one of the most prominent examples of a distributed cryptographic protocol that is extensively used in reality. Nonetheless, existing security proofs are property-based, and as such they do not support composition.

In this work we put forth a universally composable treatment of the Bitcoin protocol. We specify the goal that Bitcoin aims to achieve as a ledger functionality in the (G)UC model of Canetti et al. [TCC’07]. Our ledger functionality is weaker than the one recently proposed by Kiayias, Zhou, and Zikas [EUROCRYPT’16], but unlike the latter suggestion, which is arguably not implementable given the Bitcoin assumptions, we prove that the one proposed here is securely UC realized under standard assumptions by an appropriate abstraction of Bitcoin as a UC protocol. We further show how known property-based approaches can be cast as special instances of our treatment and how their underlying assumptions can be cast in (G)UC without restricting the environment or the adversary.
Original languageEnglish
Title of host publicationAdvances in Cryptology – CRYPTO 2017
EditorsJ. Katz, H. Shacham
Number of pages33
ISBN (Electronic)978-3-319-63688-7
ISBN (Print)978-3-319-63687-0
Publication statusPublished - 29 Jul 2017
EventCRYPTO 2017: 37th Annual International Cryptology Conference - University of California, Santa Barbara, Santa Barbara, United States
Duration: 20 Aug 201624 Aug 2017

Publication series

NameLecture Notes in Computer Science
PublisherSpringer Verlag
ISSN (Print)0302-9743


ConferenceCRYPTO 2017
Abbreviated titleCRYPTO 2017
Country/TerritoryUnited States
CitySanta Barbara
Internet address


Dive into the research topics of 'Bitcoin as a Transaction Ledger: A Composable Treatment'. Together they form a unique fingerprint.

Cite this